From 2c9583dfe1791d73c8542b71f576b6f67d175479 Mon Sep 17 00:00:00 2001
From: Bethuel <bethuelmbaga12@gmail.com>
Date: Wed, 7 Jun 2023 17:00:04 +0300
Subject: [PATCH] Support authentication with client_secret (#936)

* add dashboard client_secret env

* add NETBIRD_AUTH_CLIENT_SECRET  env test
---
 .github/workflows/test-docker-compose-linux.yml      | 3 +++
 infrastructure_files/base.setup.env                  | 1 +
 infrastructure_files/docker-compose.yml.tmpl         | 1 +
 infrastructure_files/docker-compose.yml.tmpl.traefik | 1 +
 infrastructure_files/setup.env.example               | 1 +
 infrastructure_files/tests/setup.env                 | 1 +
 6 files changed, 8 insertions(+)

diff --git a/.github/workflows/test-docker-compose-linux.yml b/.github/workflows/test-docker-compose-linux.yml
index 4dd879ee7..ef57dbe60 100644
--- a/.github/workflows/test-docker-compose-linux.yml
+++ b/.github/workflows/test-docker-compose-linux.yml
@@ -46,6 +46,7 @@ jobs:
         env:
           CI_NETBIRD_DOMAIN: localhost
           CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
+          CI_NETBIRD_AUTH_CLIENT_SECRET: testing.client.secret
           CI_NETBIRD_AUTH_AUDIENCE: testing.ci
           CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
           CI_NETBIRD_USE_AUTH0: true
@@ -58,6 +59,7 @@ jobs:
         env:
           CI_NETBIRD_DOMAIN: localhost
           CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
+          CI_NETBIRD_AUTH_CLIENT_SECRET: testing.client.secret
           CI_NETBIRD_AUTH_AUDIENCE: testing.ci
           CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
           CI_NETBIRD_USE_AUTH0: true
@@ -77,6 +79,7 @@ jobs:
 
         run: |
           grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
+          grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
           grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
           grep AUTH_AUDIENCE docker-compose.yml | grep $CI_NETBIRD_AUTH_AUDIENCE
           grep AUTH_SUPPORTED_SCOPES docker-compose.yml | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
diff --git a/infrastructure_files/base.setup.env b/infrastructure_files/base.setup.env
index 3d3f92ef4..6fc85d63d 100644
--- a/infrastructure_files/base.setup.env
+++ b/infrastructure_files/base.setup.env
@@ -46,6 +46,7 @@ NETBIRD_TOKEN_SOURCE=${NETBIRD_TOKEN_SOURCE:-accessToken}
 # exports
 export NETBIRD_DOMAIN
 export NETBIRD_AUTH_CLIENT_ID
+export NETBIRD_AUTH_CLIENT_SECRET
 export NETBIRD_AUTH_AUDIENCE
 export NETBIRD_AUTH_AUTHORITY
 export NETBIRD_USE_AUTH0
diff --git a/infrastructure_files/docker-compose.yml.tmpl b/infrastructure_files/docker-compose.yml.tmpl
index af7f1af00..3e7eb1df6 100644
--- a/infrastructure_files/docker-compose.yml.tmpl
+++ b/infrastructure_files/docker-compose.yml.tmpl
@@ -14,6 +14,7 @@ services:
       # OIDC
       - AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
       - AUTH_CLIENT_ID=$NETBIRD_AUTH_CLIENT_ID
+      - AUTH_CLIENT_SECRET=$NETBIRD_AUTH_CLIENT_SECRET
       - AUTH_AUTHORITY=$NETBIRD_AUTH_AUTHORITY
       - USE_AUTH0=$NETBIRD_USE_AUTH0
       - AUTH_SUPPORTED_SCOPES=$NETBIRD_AUTH_SUPPORTED_SCOPES
diff --git a/infrastructure_files/docker-compose.yml.tmpl.traefik b/infrastructure_files/docker-compose.yml.tmpl.traefik
index 9c1e0fd03..6d3710816 100644
--- a/infrastructure_files/docker-compose.yml.tmpl.traefik
+++ b/infrastructure_files/docker-compose.yml.tmpl.traefik
@@ -14,6 +14,7 @@ services:
       # OIDC
       - AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
       - AUTH_CLIENT_ID=$NETBIRD_AUTH_CLIENT_ID
+      - AUTH_CLIENT_SECRET=$NETBIRD_AUTH_CLIENT_SECRET
       - AUTH_AUTHORITY=$NETBIRD_AUTH_AUTHORITY
       - USE_AUTH0=$NETBIRD_USE_AUTH0
       - AUTH_SUPPORTED_SCOPES=$NETBIRD_AUTH_SUPPORTED_SCOPES
diff --git a/infrastructure_files/setup.env.example b/infrastructure_files/setup.env.example
index 8d8a33c75..ca3725537 100644
--- a/infrastructure_files/setup.env.example
+++ b/infrastructure_files/setup.env.example
@@ -11,6 +11,7 @@ NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT=""
 NETBIRD_AUTH_AUDIENCE=""
 # e.g. netbird-client
 NETBIRD_AUTH_CLIENT_ID=""
+NETBIRD_AUTH_CLIENT_SECRET=""
 # if you want to use a custom claim for the user ID instead of 'sub', set it here
 # NETBIRD_AUTH_USER_ID_CLAIM=""
 # indicates whether to use Auth0 or not: true or false
diff --git a/infrastructure_files/tests/setup.env b/infrastructure_files/tests/setup.env
index 824831841..f28386eea 100644
--- a/infrastructure_files/tests/setup.env
+++ b/infrastructure_files/tests/setup.env
@@ -6,6 +6,7 @@ NETBIRD_DOMAIN=$CI_NETBIRD_DOMAIN
 NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://example.eu.auth0.com/.well-known/openid-configuration"
 # e.g. netbird-client
 NETBIRD_AUTH_CLIENT_ID=$CI_NETBIRD_AUTH_CLIENT_ID
+NETBIRD_AUTH_CLIENT_SECRET=$CI_NETBIRD_AUTH_CLIENT_SECRET
 # indicates whether to use Auth0 or not: true or false
 NETBIRD_USE_AUTH0=$CI_NETBIRD_USE_AUTH0
 NETBIRD_AUTH_AUDIENCE=$CI_NETBIRD_AUTH_AUDIENCE