Remove unused Dex fields/types (#4697)

replicatedhq · Jun 18, 2024 · d2f5896 · d2f5896
1 parent 7899b33
commit d2f5896
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 134 deletions.
diff --git a/pkg/dex/types/config.go b/pkg/dex/types/config.go
@@ -9,14 +9,11 @@ import (
 
 // Config is the config format for the main application.
 type Config struct {
-	Issuer    string    `json:"issuer"`
-	Storage   Storage   `json:"storage"`
-	Web       Web       `json:"web"`
-	Telemetry Telemetry `json:"telemetry"`
-	OAuth2    OAuth2    `json:"oauth2"`
-	GRPC      GRPC      `json:"grpc"`
-	Expiry    Expiry    `json:"expiry"`
-	Logger    logger    `json:"logger"`
+	Issuer  string  `json:"issuer"`
+	Storage Storage `json:"storage"`
+	Web     Web     `json:"web"`
+	OAuth2  OAuth2  `json:"oauth2"`
+	Expiry  Expiry  `json:"expiry"`
 
 	Frontend WebConfig `json:"frontend"`
 
@@ -31,11 +28,6 @@ type Config struct {
 	// If enabled, the server will maintain a list of passwords which can be used
 	// to identify a user.
 	EnablePasswordDB bool `json:"enablePasswordDB"`
-
-	// StaticPasswords cause the server use this list of passwords rather than
-	// querying the storage. Cannot be specified without enabling a passwords
-	// database.
-	StaticPasswords []StoragePassword `json:"staticPasswords"`
 }
 
 // Validate the configuration
@@ -46,14 +38,9 @@ func (c Config) Validate() error {
 		errMsg string
 	}{
 		{c.Issuer == "", "no issuer specified in config file"},
-		{!c.EnablePasswordDB && len(c.StaticPasswords) != 0, "cannot specify static passwords without enabling password db"},
 		{c.Web.HTTP == "" && c.Web.HTTPS == "", "must supply a HTTP/HTTPS  address to listen on"},
 		{c.Web.HTTPS != "" && c.Web.TLSCert == "", "no cert specified for HTTPS"},
 		{c.Web.HTTPS != "" && c.Web.TLSKey == "", "no private key specified for HTTPS"},
-		{c.GRPC.TLSCert != "" && c.GRPC.Addr == "", "no address specified for gRPC"},
-		{c.GRPC.TLSKey != "" && c.GRPC.Addr == "", "no address specified for gRPC"},
-		{(c.GRPC.TLSCert == "") != (c.GRPC.TLSKey == ""), "must specific both a gRPC TLS cert and key"},
-		{c.GRPC.TLSCert == "" && c.GRPC.TLSClientCA != "", "cannot specify gRPC TLS client CA without a gRPC TLS cert"},
 	}
 
 	var checkErrors []string
@@ -90,21 +77,6 @@ type Web struct {
 	AllowedOrigins []string `json:"allowedOrigins"`
 }
 
-// Telemetry is the config format for telemetry including the HTTP server config.
-type Telemetry struct {
-	HTTP string `json:"http"`
-}
-
-// GRPC is the config for the gRPC API.
-type GRPC struct {
-	// The port to listen on.
-	Addr        string `json:"addr"`
-	TLSCert     string `json:"tlsCert"`
-	TLSKey      string `json:"tlsKey"`
-	TLSClientCA string `json:"tlsClientCA"`
-	Reflection  bool   `json:"reflection"`
-}
-
 // Storage holds app's storage configuration.
 type Storage struct {
 	Type   string      `json:"type"`
@@ -168,12 +140,3 @@ type Expiry struct {
 	// DeviceRequests defines the duration of time for which the DeviceRequests will be valid.
 	DeviceRequests string `json:"deviceRequests"`
 }
-
-// logger holds configuration required to customize logging for dex.
-type logger struct {
-	// Level sets logging level severity.
-	Level string `json:"level"`
-
-	// Format specifies the format to be used for logging.
-	Format string `json:"format"`
-}
diff --git a/pkg/dex/types/logger.go b/pkg/dex/types/logger.go
diff --git a/pkg/dex/types/storage.go b/pkg/dex/types/storage.go
@@ -1,15 +1,6 @@
 // Note: This is a modified version of: https://github.com/dexidp/dex/blob/ed920dc27ad79c3593037ad658552e8e80bab928/storage/storage.go
 package types
 
-import (
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"os"
-
-	"golang.org/x/crypto/bcrypt"
-)
-
 // StorageClient represents an OAuth2 client.
 //
 // For further reading see:
@@ -30,66 +21,3 @@ type StorageClient struct {
 	Name    string `json:"name" yaml:"name"`
 	LogoURL string `json:"logoURL" yaml:"logoURL"`
 }
-
-// StoragePassword is an email to password mapping managed by the storage.
-type StoragePassword struct {
-	// Email and identifying name of the password. Emails are assumed to be valid and
-	// determining that an end-user controls the address is left to an outside application.
-	//
-	// Emails are case insensitive and should be standardized by the storage.
-	//
-	// Storages that don't support an extended character set for IDs, such as '.' and '@'
-	// (cough cough, kubernetes), must map this value appropriately.
-	Email string `json:"email"`
-
-	// Bcrypt encoded hash of the password. This package enforces a min cost value of 10
-	Hash []byte `json:"hash"`
-
-	// Optional username to display. NOT used during login.
-	Username string `json:"username"`
-
-	// Randomly generated user ID. This is NOT the primary ID of the Password object.
-	UserID string `json:"userID"`
-}
-
-func (p *StoragePassword) UnmarshalJSON(b []byte) error {
-	var data struct {
-		Email       string `json:"email"`
-		Username    string `json:"username"`
-		UserID      string `json:"userID"`
-		Hash        string `json:"hash"`
-		HashFromEnv string `json:"hashFromEnv"`
-	}
-	if err := json.Unmarshal(b, &data); err != nil {
-		return err
-	}
-	*p = StoragePassword{
-		Email:    data.Email,
-		Username: data.Username,
-		UserID:   data.UserID,
-	}
-	if len(data.Hash) == 0 && len(data.HashFromEnv) > 0 {
-		data.Hash = os.Getenv(data.HashFromEnv)
-	}
-	if len(data.Hash) == 0 {
-		return fmt.Errorf("no password hash provided")
-	}
-
-	// If this value is a valid bcrypt, use it.
-	_, bcryptErr := bcrypt.Cost([]byte(data.Hash))
-	if bcryptErr == nil {
-		p.Hash = []byte(data.Hash)
-		return nil
-	}
-
-	// For backwards compatibility try to base64 decode this value.
-	hashBytes, err := base64.StdEncoding.DecodeString(data.Hash)
-	if err != nil {
-		return fmt.Errorf("malformed bcrypt hash: %v", bcryptErr)
-	}
-	if _, err := bcrypt.Cost(hashBytes); err != nil {
-		return fmt.Errorf("malformed bcrypt hash: %v", err)
-	}
-	p.Hash = hashBytes
-	return nil
-}