proxy: optionally enable OIDC auth

This adds OIDC to the enabled optional auth methods
kcp-dev · Nov 7, 2022 · 044f9fc · 044f9fc
1 parent 31fc97c
commit 044f9fc
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/pkg/proxy/options/authentication.go b/pkg/proxy/options/authentication.go
@@ -51,6 +51,7 @@ func NewAuthentication() *Authentication {
 	auth := &Authentication{
 		BuiltInOptions: kubeoptions.NewBuiltInAuthenticationOptions().
 			WithClientCert().
+			WithOIDC().
 			WithServiceAccounts().
 			WithTokenFile(),
 		// when adding new auth methods, also update AdditionalAuthEnabled below
@@ -62,7 +63,11 @@ func NewAuthentication() *Authentication {
 
 // When configured to enable auth other than ClientCert, this returns true
 func (c *Authentication) AdditionalAuthEnabled() bool {
-	return c.tokenAuthEnabled() || c.serviceAccountAuthEnabled()
+	return c.tokenAuthEnabled() || c.serviceAccountAuthEnabled() || c.oidcAuthEnabled()
+}
+
+func (c *Authentication) oidcAuthEnabled() bool {
+	return c.BuiltInOptions.OIDC != nil && c.BuiltInOptions.OIDC.IssuerURL != ""
 }
 
 func (c *Authentication) tokenAuthEnabled() bool {