diff --git a/lib/auth/clt.go b/lib/auth/clt.go index c90d91ce651f9..7756ba2f44a5d 100644 --- a/lib/auth/clt.go +++ b/lib/auth/clt.go @@ -510,7 +510,7 @@ type IdentityService interface { UpsertOIDCConnector(ctx context.Context, connector types.OIDCConnector) error // GetOIDCConnector returns OIDC connector information by id GetOIDCConnector(ctx context.Context, id string, withSecrets bool) (types.OIDCConnector, error) - // GetOIDCConnectors gets OIDC connectors list + // GetOIDCConnectors gets valid OIDC connectors list GetOIDCConnectors(ctx context.Context, withSecrets bool) ([]types.OIDCConnector, error) // DeleteOIDCConnector deletes OIDC connector by ID DeleteOIDCConnector(ctx context.Context, connectorID string) error @@ -525,7 +525,7 @@ type IdentityService interface { UpsertSAMLConnector(ctx context.Context, connector types.SAMLConnector) error // GetSAMLConnector returns SAML connector information by id GetSAMLConnector(ctx context.Context, id string, withSecrets bool) (types.SAMLConnector, error) - // GetSAMLConnectors gets SAML connectors list + // GetSAMLConnectors gets valid SAML connectors list GetSAMLConnectors(ctx context.Context, withSecrets bool) ([]types.SAMLConnector, error) // DeleteSAMLConnector deletes SAML connector by ID DeleteSAMLConnector(ctx context.Context, connectorID string) error @@ -538,7 +538,7 @@ type IdentityService interface { // UpsertGithubConnector creates or updates a Github connector UpsertGithubConnector(ctx context.Context, connector types.GithubConnector) error - // GetGithubConnectors returns all configured Github connectors + // GetGithubConnectors returns valid Github connectors GetGithubConnectors(ctx context.Context, withSecrets bool) ([]types.GithubConnector, error) // GetGithubConnector returns the specified Github connector GetGithubConnector(ctx context.Context, id string, withSecrets bool) (types.GithubConnector, error) diff --git a/lib/auth/grpcserver.go b/lib/auth/grpcserver.go index 6431d23e09976..d1397fe166d6f 100644 --- a/lib/auth/grpcserver.go +++ b/lib/auth/grpcserver.go @@ -2828,7 +2828,7 @@ func (g *GRPCServer) GetOIDCConnector(ctx context.Context, req *types.ResourceWi return connector, nil } -// GetOIDCConnectors retrieves all OIDC connectors. +// GetOIDCConnectors retrieves valid OIDC connectors, errors from individual connectors are not forwarded. func (g *GRPCServer) GetOIDCConnectors(ctx context.Context, req *types.ResourcesWithSecretsRequest) (*types.OIDCConnectorV3List, error) { auth, err := g.authenticate(ctx) if err != nil { @@ -2917,7 +2917,7 @@ func (g *GRPCServer) GetSAMLConnector(ctx context.Context, req *types.ResourceWi return samlConnectorV2, nil } -// GetSAMLConnectors retrieves all SAML connectors. +// GetSAMLConnectors retrieves valid SAML connectors, errors from individual connectors are not forwarded. func (g *GRPCServer) GetSAMLConnectors(ctx context.Context, req *types.ResourcesWithSecretsRequest) (*types.SAMLConnectorV2List, error) { auth, err := g.authenticate(ctx) if err != nil { @@ -3006,7 +3006,7 @@ func (g *GRPCServer) GetGithubConnector(ctx context.Context, req *types.Resource return githubConnectorV3, nil } -// GetGithubConnectors retrieves all Github connectors. +// GetGithubConnectors retrieves valid GitHub connectors, errors from individual connectors are not forwarded. func (g *GRPCServer) GetGithubConnectors(ctx context.Context, req *types.ResourcesWithSecretsRequest) (*types.GithubConnectorV3List, error) { auth, err := g.authenticate(ctx) if err != nil { diff --git a/lib/services/identity.go b/lib/services/identity.go index 80888a974e685..8498765d79896 100644 --- a/lib/services/identity.go +++ b/lib/services/identity.go @@ -172,7 +172,8 @@ type Identity interface { // GetOIDCConnector returns OIDC connector data, withSecrets adds or removes client secret from return results GetOIDCConnector(ctx context.Context, id string, withSecrets bool) (types.OIDCConnector, error) - // GetOIDCConnectors returns registered connectors, withSecrets adds or removes client secret from return results + // GetOIDCConnectors returns valid registered connectors, withSecrets adds or removes client secret from return + // results. Invalid Connectors are simply logged but errors are not forwarded. GetOIDCConnectors(ctx context.Context, withSecrets bool) ([]types.OIDCConnector, error) // CreateOIDCAuthRequest creates new auth request @@ -190,7 +191,8 @@ type Identity interface { // GetSAMLConnector returns OIDC connector data, withSecrets adds or removes secrets from return results GetSAMLConnector(ctx context.Context, id string, withSecrets bool) (types.SAMLConnector, error) - // GetSAMLConnectors returns registered connectors, withSecrets adds or removes secret from return results + // GetSAMLConnectors returns valid registered connectors, withSecrets adds or removes secret from return results. + // Invalid Connectors are simply logged but errors are not forwarded. GetSAMLConnectors(ctx context.Context, withSecrets bool) ([]types.SAMLConnector, error) // CreateSAMLAuthRequest creates new auth request @@ -208,7 +210,7 @@ type Identity interface { // UpsertGithubConnector creates or updates a new Github connector UpsertGithubConnector(ctx context.Context, connector types.GithubConnector) error - // GetGithubConnectors returns all configured Github connectors + // GetGithubConnectors returns valid Github connectors, invalid Connectors are simply logged but errors are not forwarded. GetGithubConnectors(ctx context.Context, withSecrets bool) ([]types.GithubConnector, error) // GetGithubConnector returns a Github connector by its name diff --git a/lib/services/local/users.go b/lib/services/local/users.go index febea1f0de3c9..2657b3e62d4f0 100644 --- a/lib/services/local/users.go +++ b/lib/services/local/users.go @@ -1017,18 +1017,22 @@ func (s *IdentityService) GetOIDCConnectors(ctx context.Context, withSecrets boo if err != nil { return nil, trace.Wrap(err) } - connectors := make([]types.OIDCConnector, len(result.Items)) - for i, item := range result.Items { + var connectors []types.OIDCConnector + for _, item := range result.Items { conn, err := services.UnmarshalOIDCConnector( item.Value, services.WithExpires(item.Expires)) if err != nil { - return nil, trace.Wrap(err) + logrus. + WithError(err). + WithField("key", item.Key). + Errorf("Error unmarshaling OIDC Connector") + continue } if !withSecrets { conn.SetClientSecret("") conn.SetGoogleServiceAccount("") } - connectors[i] = conn + connectors = append(connectors, conn) } return connectors, nil } @@ -1135,12 +1139,16 @@ func (s *IdentityService) GetSAMLConnectors(ctx context.Context, withSecrets boo if err != nil { return nil, trace.Wrap(err) } - connectors := make([]types.SAMLConnector, len(result.Items)) - for i, item := range result.Items { + var connectors []types.SAMLConnector + for _, item := range result.Items { conn, err := services.UnmarshalSAMLConnector( item.Value, services.WithExpires(item.Expires)) if err != nil { - return nil, trace.Wrap(err) + logrus. + WithError(err). + WithField("key", item.Key). + Errorf("Error unmarshaling SAML Connector") + continue } if !withSecrets { keyPair := conn.GetSigningKeyPair() @@ -1149,7 +1157,7 @@ func (s *IdentityService) GetSAMLConnectors(ctx context.Context, withSecrets boo conn.SetSigningKeyPair(keyPair) } } - connectors[i] = conn + connectors = append(connectors, conn) } return connectors, nil } @@ -1275,16 +1283,20 @@ func (s *IdentityService) GetGithubConnectors(ctx context.Context, withSecrets b if err != nil { return nil, trace.Wrap(err) } - connectors := make([]types.GithubConnector, len(result.Items)) - for i, item := range result.Items { + var connectors []types.GithubConnector + for _, item := range result.Items { connector, err := services.UnmarshalGithubConnector(item.Value) if err != nil { - return nil, trace.Wrap(err) + logrus. + WithError(err). + WithField("key", item.Key). + Errorf("Error unmarshaling GitHub Connector") + continue } if !withSecrets { connector.SetClientSecret("") } - connectors[i] = connector + connectors = append(connectors, connector) } return connectors, nil }