From 85f2ef794c59ffe374f9216c18159c9a9dc7a768 Mon Sep 17 00:00:00 2001
From: sbailey <1661003+spbsoluble@users.noreply.github.com>
Date: Mon, 13 May 2024 09:58:42 -0700
Subject: [PATCH] feat(kc): Add support for custom auth CA cert.

---
 auth_providers/auth_core.go                          | 9 ++++++++-
 auth_providers/keycloak/keycloak_auth_client_base.go | 8 +++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/auth_providers/auth_core.go b/auth_providers/auth_core.go
index 38d570e..cf22407 100644
--- a/auth_providers/auth_core.go
+++ b/auth_providers/auth_core.go
@@ -125,10 +125,17 @@ func (c *CommandAuthConfig) setClient() {
 func (c *CommandAuthConfig) updateCACerts() error {
 	// check if CommandCACert is set
 	if c.CommandCACert == "" {
-		return nil
+		// check if CommandCACert is set in environment
+		if caCert, ok := os.LookupEnv(EnvKeyfactorCACert); ok {
+			c.CommandCACert = caCert
+		} else {
+			return nil
+		}
 	}
 
+	// ensure client is set
 	c.setClient()
+
 	// Load the system certs
 	rootCAs, pErr := x509.SystemCertPool()
 	if pErr != nil {
diff --git a/auth_providers/keycloak/keycloak_auth_client_base.go b/auth_providers/keycloak/keycloak_auth_client_base.go
index e3f374f..dc545bf 100644
--- a/auth_providers/keycloak/keycloak_auth_client_base.go
+++ b/auth_providers/keycloak/keycloak_auth_client_base.go
@@ -27,6 +27,7 @@ import (
 const (
 	EnvKeyfactorAuthHostname = "KEYFACTOR_AUTH_HOSTNAME"
 	EnvKeyfactorAuthPort     = "KEYFACTOR_AUTH_PORT"
+	EnvAuthCACert            = "KEYFACTOR_AUTH_CA_CERT"
 )
 
 type CommandAuthConfigKeyCloak struct {
@@ -78,7 +79,12 @@ func (c *CommandAuthConfigKeyCloak) ValidateAuthConfig() error {
 func (c *CommandAuthConfigKeyCloak) updateCACerts() error {
 	// check if CommandCACert is set
 	if c.AuthCACert == "" {
-		return nil
+		// check environment for auth CA cert
+		if authCACert, ok := os.LookupEnv(EnvAuthCACert); ok {
+			c.AuthCACert = authCACert
+		} else {
+			return nil
+		}
 	}
 
 	// Load the system certs