From cfe4e75e8ee789cc3f9186ab0ecc321b76bed752 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20Dudr?= Date: Wed, 12 Mar 2025 16:52:35 +0100 Subject: [PATCH] fix: really assign string scp claim MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: VladimĂ­r Dudr --- flyteadmin/auth/authzserver/claims_verifier.go | 2 +- flyteadmin/auth/authzserver/claims_verifier_test.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/flyteadmin/auth/authzserver/claims_verifier.go b/flyteadmin/auth/authzserver/claims_verifier.go index c27ea06ee7..cf2bd8d67a 100644 --- a/flyteadmin/auth/authzserver/claims_verifier.go +++ b/flyteadmin/auth/authzserver/claims_verifier.go @@ -52,7 +52,7 @@ func verifyClaims(expectedAudience sets.String, claimsRaw map[string]interface{} case []interface{}: scopes = sets.NewString(interfaceSliceToStringSlice(sct)...) case string: - sets.NewString(fmt.Sprintf("%v", scopesClaim)) + scopes = sets.NewString(fmt.Sprintf("%v", scopesClaim)) default: return nil, fmt.Errorf("failed getting scope claims due to unknown type %T with value %v", sct, sct) } diff --git a/flyteadmin/auth/authzserver/claims_verifier_test.go b/flyteadmin/auth/authzserver/claims_verifier_test.go index 568b248ccd..05c8539ef3 100644 --- a/flyteadmin/auth/authzserver/claims_verifier_test.go +++ b/flyteadmin/auth/authzserver/claims_verifier_test.go @@ -79,12 +79,12 @@ func Test_verifyClaims(t *testing.T) { identityCtx, err := verifyClaims(sets.NewString("https://myserver", "https://myserver2"), map[string]interface{}{ "aud": []string{"https://myserver"}, - "scp": "all", + "scp": "my-scope", }) assert.NoError(t, err) assert.Equal(t, "https://myserver", identityCtx.Audience()) - assert.Equal(t, sets.NewString("all"), identityCtx.Scopes()) + assert.Equal(t, sets.NewString("my-scope"), identityCtx.Scopes()) }) t.Run("unknown scope", func(t *testing.T) { identityCtx, err := verifyClaims(sets.NewString("https://myserver", "https://myserver2"),