func newAuthenticator(c *cli.Context, e *empire.Empire) auth.Authenticator { // an authenticator authenticating requests with a users empire acccess // token. authenticators := []auth.Authenticator{ auth.NewAccessTokenAuthenticator(e), } var client *github.Client // If a GitHub client id is provided, we'll use GitHub as an // authentication backend. Otherwise, we'll just use a static username // and password backend. if c.String(FlagGithubClient) == "" { log.Println("Using static authentication backend") // Fake authentication password where the user is "fake" and // password is blank. authenticators = append(authenticators, auth.StaticAuthenticator("fake", "", "", &empire.User{ Name: "fake", })) } else { config := &oauth2.Config{ ClientID: c.String(FlagGithubClient), ClientSecret: c.String(FlagGithubClientSecret), Scopes: []string{"repo_deployment", "read:org"}, } client = github.NewClient(config) client.URL = c.String(FlagGithubApiURL) log.Println("Using GitHub authentication backend with the following configuration:") log.Println(fmt.Sprintf(" ClientID: %v", config.ClientID)) log.Println(fmt.Sprintf(" ClientSecret: ****")) log.Println(fmt.Sprintf(" Scopes: %v", config.Scopes)) log.Println(fmt.Sprintf(" GitHubAPI: %v", client.URL)) // an authenticator for authenticating requests with a users github // credentials. authenticators = append(authenticators, github.NewAuthenticator(client)) } // try access token before falling back to github. authenticator := auth.MultiAuthenticator(authenticators...) // After the user is authenticated, check their GitHub Organization membership. if org := c.String(FlagGithubOrg); org != "" { authorizer := github.NewOrganizationAuthorizer(client) authorizer.Organization = org log.Println("Adding GitHub Organization authorizer with the following configuration:") log.Println(fmt.Sprintf(" Organization: %v ", org)) return auth.WithAuthorization( authenticator, // Cache the organization check for 30 minutes since // it's pretty slow. auth.CacheAuthorization(authorizer, 30*time.Minute), ) } return authenticator }
// NewServer builds a new empire.Empire instance and returns an httptest.Server // running the empire API. func NewServer(t testing.TB, e *empire.Empire) *Server { var opts server.Options opts.GitHub.Webhooks.Secret = "abcd" opts.Authenticator = auth.NewAccessTokenAuthenticator(e) opts.GitHub.Deployments.Environments = []string{"test"} opts.GitHub.Deployments.ImageBuilder = github.ImageFromTemplate(template.Must(template.New("image").Parse(github.DefaultTemplate))) return NewTestServer(t, e, opts) }