feat(kc): Add support for custom auth CA cert.

Keyfactor · May 13, 2024 · 85f2ef7 · 85f2ef7
1 parent 40a8e21
commit 85f2ef7
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/auth_providers/auth_core.go b/auth_providers/auth_core.go
@@ -125,10 +125,17 @@ func (c *CommandAuthConfig) setClient() {
 func (c *CommandAuthConfig) updateCACerts() error {
 	// check if CommandCACert is set
 	if c.CommandCACert == "" {
-		return nil
+		// check if CommandCACert is set in environment
+		if caCert, ok := os.LookupEnv(EnvKeyfactorCACert); ok {
+			c.CommandCACert = caCert
+		} else {
+			return nil
+		}
 	}
 
+	// ensure client is set
 	c.setClient()
+
 	// Load the system certs
 	rootCAs, pErr := x509.SystemCertPool()
 	if pErr != nil {

diff --git a/auth_providers/keycloak/keycloak_auth_client_base.go b/auth_providers/keycloak/keycloak_auth_client_base.go
@@ -27,6 +27,7 @@ import (
 const (
 	EnvKeyfactorAuthHostname = "KEYFACTOR_AUTH_HOSTNAME"
 	EnvKeyfactorAuthPort     = "KEYFACTOR_AUTH_PORT"
+	EnvAuthCACert            = "KEYFACTOR_AUTH_CA_CERT"
 )
 
 type CommandAuthConfigKeyCloak struct {
@@ -78,7 +79,12 @@ func (c *CommandAuthConfigKeyCloak) ValidateAuthConfig() error {
 func (c *CommandAuthConfigKeyCloak) updateCACerts() error {
 	// check if CommandCACert is set
 	if c.AuthCACert == "" {
-		return nil
+		// check environment for auth CA cert
+		if authCACert, ok := os.LookupEnv(EnvAuthCACert); ok {
+			c.AuthCACert = authCACert
+		} else {
+			return nil
+		}
 	}
 
 	// Load the system certs