This is an automated email from the ASF dual-hosted git repository. lahirujayathilake pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
commit 857c280e40acc11f695cdc67c7612cf72665c78c Author: lahiruj <[email protected]> AuthorDate: Mon Apr 6 15:14:49 2026 -0400 Add defaultSubject support in dev mode configuration --- signer/config.example.yaml | 8 ++------ signer/internal/auth/oidc_validator.go | 10 ++++++++-- signer/internal/config/config.go | 5 +++-- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/signer/config.example.yaml b/signer/config.example.yaml index 1552f099c..7d79b1006 100644 --- a/signer/config.example.yaml +++ b/signer/config.example.yaml @@ -40,12 +40,8 @@ signer: jwks_max_providers: 10 timeout_seconds: 10 validation: - principal_validator: noop # "noop" or "comanage" - comanage: - registry_url: "" - api_path: /registry/co_people.json - timeout_seconds: 10 - verify_ssl: true + principal_validator: noop # fallback: "noop", "ldap", or "comanage" + cache_ttl_seconds: 300 # Vault credential cache TTL for validators dev_mode: enabled: false # env: DEV_MODE (disables OIDC validation) diff --git a/signer/internal/auth/oidc_validator.go b/signer/internal/auth/oidc_validator.go index b5b8632d3..7cc0f2229 100644 --- a/signer/internal/auth/oidc_validator.go +++ b/signer/internal/auth/oidc_validator.go @@ -41,6 +41,7 @@ type UserIdentity struct { type OIDCValidator struct { enabled bool defaultEmail string + defaultSubject string allowedIssuers []string cacheTTL time.Duration maxProviders int @@ -65,10 +66,15 @@ func NewOIDCValidator(cfg config.AuthConfig, devMode config.DevModeConfig) *OIDC if defaultEmail == "" { defaultEmail = "dev@localhost" } + defaultSubject := devMode.DefaultSubject + if defaultSubject == "" { + defaultSubject = "dev-user" + } v := &OIDCValidator{ enabled: enabled, defaultEmail: defaultEmail, + defaultSubject: defaultSubject, allowedIssuers: cfg.AllowedIssuers, cacheTTL: time.Duration(cfg.OIDC.JWKSCacheTTLSeconds) * time.Second, maxProviders: cfg.OIDC.JWKSMaxProviders, @@ -94,9 +100,9 @@ func (v *OIDCValidator) ValidateAccessToken(ctx context.Context, tokenString str if !v.enabled { return &UserIdentity{ Issuer: "dev-mode", - Subject: "dev-user", + Subject: v.defaultSubject, Email: v.defaultEmail, - Principal: "dev-user", + Principal: v.defaultSubject, }, nil } diff --git a/signer/internal/config/config.go b/signer/internal/config/config.go index 75db37905..29a1c64e9 100644 --- a/signer/internal/config/config.go +++ b/signer/internal/config/config.go @@ -38,8 +38,9 @@ type Config struct { // DevModeConfig disables OIDC token validation and returns a default identity // for all requests when enabled. type DevModeConfig struct { - Enabled bool `yaml:"enabled"` - DefaultEmail string `yaml:"default_email"` + Enabled bool `yaml:"enabled"` + DefaultEmail string `yaml:"default_email"` + DefaultSubject string `yaml:"default_subject"` } type CORSConfig struct {
