core/identity: dynamic authenticator registration (#5105)

authenticate/config.go

@@ -3,8 +3,8 @@ package authenticate
 import (
  "github.com/pomerium/pomerium/authenticate/events"
  "github.com/pomerium/pomerium/config"
- "github.com/pomerium/pomerium/internal/identity"
  identitypb "github.com/pomerium/pomerium/pkg/grpc/identity"
+ "github.com/pomerium/pomerium/pkg/identity"
 )
 
 type authenticateConfig struct {

authenticate/handlers.go

@@ -18,14 +18,14 @@ import (
  "github.com/pomerium/pomerium/internal/authenticateflow"
  "github.com/pomerium/pomerium/internal/handlers"
  "github.com/pomerium/pomerium/internal/httputil"
- "github.com/pomerium/pomerium/internal/identity"
- "github.com/pomerium/pomerium/internal/identity/oidc"
  "github.com/pomerium/pomerium/internal/log"
  "github.com/pomerium/pomerium/internal/middleware"
  "github.com/pomerium/pomerium/internal/sessions"
  "github.com/pomerium/pomerium/internal/telemetry/trace"
  "github.com/pomerium/pomerium/internal/urlutil"
  "github.com/pomerium/pomerium/pkg/cryptutil"
+ "github.com/pomerium/pomerium/pkg/identity"
+ "github.com/pomerium/pomerium/pkg/identity/oidc"
 )
 
 // Handler returns the authenticate service's handler chain.

authenticate/handlers_test.go

@@ -28,15 +28,15 @@ import (
  "github.com/pomerium/pomerium/internal/encoding/mock"
  "github.com/pomerium/pomerium/internal/handlers"
  "github.com/pomerium/pomerium/internal/httputil"
- "github.com/pomerium/pomerium/internal/identity"
- "github.com/pomerium/pomerium/internal/identity/oidc"
  "github.com/pomerium/pomerium/internal/sessions"
  mstore "github.com/pomerium/pomerium/internal/sessions/mock"
  "github.com/pomerium/pomerium/internal/testutil"
  "github.com/pomerium/pomerium/internal/urlutil"
  "github.com/pomerium/pomerium/pkg/cryptutil"
  configproto "github.com/pomerium/pomerium/pkg/grpc/config"
  "github.com/pomerium/pomerium/pkg/grpc/databroker"
+ "github.com/pomerium/pomerium/pkg/identity"
+ "github.com/pomerium/pomerium/pkg/identity/oidc"
 )
 
 func testAuthenticate() *Authenticate {

authenticate/identity.go

@@ -2,9 +2,9 @@ package authenticate
 
 import (
  "github.com/pomerium/pomerium/config"
- "github.com/pomerium/pomerium/internal/identity"
- "github.com/pomerium/pomerium/internal/identity/oauth"
  "github.com/pomerium/pomerium/internal/urlutil"
+ "github.com/pomerium/pomerium/pkg/identity"
+ "github.com/pomerium/pomerium/pkg/identity/oauth"
 )
 
 func defaultGetIdentityProvider(options *config.Options, idpID string) (identity.Authenticator, error) {

authenticate/state.go

@@ -15,11 +15,11 @@ import (
  "github.com/pomerium/pomerium/internal/encoding"
  "github.com/pomerium/pomerium/internal/encoding/jws"
  "github.com/pomerium/pomerium/internal/handlers"
- "github.com/pomerium/pomerium/internal/identity"
  "github.com/pomerium/pomerium/internal/sessions"
  "github.com/pomerium/pomerium/internal/sessions/cookie"
  "github.com/pomerium/pomerium/internal/urlutil"
  "github.com/pomerium/pomerium/pkg/cryptutil"
+ "github.com/pomerium/pomerium/pkg/identity"
 )
 
 type flow interface {

config/options.go

@@ -27,8 +27,6 @@ import (
  "github.com/pomerium/pomerium/internal/atomicutil"
  "github.com/pomerium/pomerium/internal/hashutil"
  "github.com/pomerium/pomerium/internal/httputil"
- "github.com/pomerium/pomerium/internal/identity/oauth"
- "github.com/pomerium/pomerium/internal/identity/oauth/apple"
  "github.com/pomerium/pomerium/internal/log"
  "github.com/pomerium/pomerium/internal/sets"
  "github.com/pomerium/pomerium/internal/telemetry"
@@ -38,6 +36,8 @@ import (
  "github.com/pomerium/pomerium/pkg/grpc/config"
  "github.com/pomerium/pomerium/pkg/grpc/crypt"
  "github.com/pomerium/pomerium/pkg/hpke"
+ "github.com/pomerium/pomerium/pkg/identity/oauth"
+ "github.com/pomerium/pomerium/pkg/identity/oauth/apple"
 )
 
 // DisableHeaderKey is the key used to check whether to disable setting header

config/options_test.go

@@ -25,9 +25,9 @@ import (
  "google.golang.org/protobuf/proto"
 
  "github.com/pomerium/csrf"
- "github.com/pomerium/pomerium/internal/identity/oauth/apple"
  "github.com/pomerium/pomerium/pkg/cryptutil"
  "github.com/pomerium/pomerium/pkg/grpc/config"
+ "github.com/pomerium/pomerium/pkg/identity/oauth/apple"
 )
 
 var cmpOptIgnoreUnexported = cmpopts.IgnoreUnexported(Options{}, Policy{})

config/policy.go

@@ -17,11 +17,11 @@ import (
  "google.golang.org/protobuf/types/known/durationpb"
 
  "github.com/pomerium/pomerium/internal/hashutil"
- "github.com/pomerium/pomerium/internal/identity"
  "github.com/pomerium/pomerium/internal/log"
  "github.com/pomerium/pomerium/internal/urlutil"
  "github.com/pomerium/pomerium/pkg/cryptutil"
  configpb "github.com/pomerium/pomerium/pkg/grpc/config"
+ "github.com/pomerium/pomerium/pkg/identity"
 )
 
 // Policy contains route specific configuration and access settings.

databroker/cache.go

@@ -17,9 +17,6 @@ import (
  "github.com/pomerium/pomerium/config"
  "github.com/pomerium/pomerium/internal/atomicutil"
  "github.com/pomerium/pomerium/internal/events"
- "github.com/pomerium/pomerium/internal/identity"
- "github.com/pomerium/pomerium/internal/identity/legacymanager"
- "github.com/pomerium/pomerium/internal/identity/manager"
  "github.com/pomerium/pomerium/internal/log"
  "github.com/pomerium/pomerium/internal/telemetry"
  "github.com/pomerium/pomerium/internal/version"
@@ -28,6 +25,9 @@ import (
  "github.com/pomerium/pomerium/pkg/grpc/databroker"
  "github.com/pomerium/pomerium/pkg/grpc/registry"
  "github.com/pomerium/pomerium/pkg/grpcutil"
+ "github.com/pomerium/pomerium/pkg/identity"
+ "github.com/pomerium/pomerium/pkg/identity/legacymanager"
+ "github.com/pomerium/pomerium/pkg/identity/manager"
 )
 
 // DataBroker represents the databroker service. The databroker service is a simple interface

internal/authenticateflow/authenticateflow.go

@@ -8,9 +8,9 @@ import (
 
  "google.golang.org/protobuf/types/known/structpb"
 
- "github.com/pomerium/pomerium/internal/identity"
  "github.com/pomerium/pomerium/pkg/grpc"
  "github.com/pomerium/pomerium/pkg/grpc/user"
+ "github.com/pomerium/pomerium/pkg/identity"
 )
 
 var outboundGRPCConnection = new(grpc.CachedOutboundGRPClientConn)

internal/authenticateflow/identityprofile.go

@@ -15,13 +15,13 @@ import (
  "google.golang.org/protobuf/types/known/timestamppb"
 
  "github.com/pomerium/pomerium/internal/httputil"
- "github.com/pomerium/pomerium/internal/identity"
- "github.com/pomerium/pomerium/internal/identity/manager"
  "github.com/pomerium/pomerium/internal/sessions"
  "github.com/pomerium/pomerium/internal/urlutil"
  "github.com/pomerium/pomerium/pkg/cryptutil"
  identitypb "github.com/pomerium/pomerium/pkg/grpc/identity"
  "github.com/pomerium/pomerium/pkg/grpc/session"
+ "github.com/pomerium/pomerium/pkg/identity"
+ "github.com/pomerium/pomerium/pkg/identity/manager"
 )
 
 // An "identity profile" is an alternative to a session, used in the stateless

internal/authenticateflow/stateful.go

@@ -17,8 +17,6 @@ import (
  "github.com/pomerium/pomerium/internal/encoding/jws"
  "github.com/pomerium/pomerium/internal/handlers"
  "github.com/pomerium/pomerium/internal/httputil"
- "github.com/pomerium/pomerium/internal/identity"
- "github.com/pomerium/pomerium/internal/identity/manager"
  "github.com/pomerium/pomerium/internal/log"
  "github.com/pomerium/pomerium/internal/sessions"
  "github.com/pomerium/pomerium/internal/urlutil"
@@ -28,6 +26,8 @@ import (
  "github.com/pomerium/pomerium/pkg/grpc/session"
  "github.com/pomerium/pomerium/pkg/grpc/user"
  "github.com/pomerium/pomerium/pkg/grpcutil"
+ "github.com/pomerium/pomerium/pkg/identity"
+ "github.com/pomerium/pomerium/pkg/identity/manager"
 )
 
 // Stateful implements the stateful authentication flow. In this flow, the

internal/authenticateflow/stateful_test.go

@@ -23,14 +23,14 @@ import (
  "github.com/pomerium/pomerium/config"
  "github.com/pomerium/pomerium/internal/encoding"
  "github.com/pomerium/pomerium/internal/encoding/mock"
- "github.com/pomerium/pomerium/internal/identity"
  "github.com/pomerium/pomerium/internal/sessions"
  mstore "github.com/pomerium/pomerium/internal/sessions/mock"
  "github.com/pomerium/pomerium/internal/urlutil"
  "github.com/pomerium/pomerium/pkg/cryptutil"
  "github.com/pomerium/pomerium/pkg/grpc/databroker"
  "github.com/pomerium/pomerium/pkg/grpc/databroker/mock_databroker"
  "github.com/pomerium/pomerium/pkg/grpc/session"
+ "github.com/pomerium/pomerium/pkg/identity"
  "github.com/pomerium/pomerium/pkg/protoutil"
 )
 

internal/authenticateflow/stateless.go

@@ -18,7 +18,6 @@ import (
  "github.com/pomerium/pomerium/internal/encoding/jws"
  "github.com/pomerium/pomerium/internal/handlers"
  "github.com/pomerium/pomerium/internal/httputil"
- "github.com/pomerium/pomerium/internal/identity"
  "github.com/pomerium/pomerium/internal/log"
  "github.com/pomerium/pomerium/internal/sessions"
  "github.com/pomerium/pomerium/internal/urlutil"
@@ -29,6 +28,7 @@ import (
  "github.com/pomerium/pomerium/pkg/grpc/session"
  "github.com/pomerium/pomerium/pkg/grpc/user"
  "github.com/pomerium/pomerium/pkg/hpke"
+ "github.com/pomerium/pomerium/pkg/identity"
 )
 
 // Stateless implements the stateless authentication flow. In this flow, the

pkg/grpc/session/session.go

@@ -11,8 +11,8 @@ import (
  "google.golang.org/protobuf/types/known/structpb"
  "google.golang.org/protobuf/types/known/timestamppb"
 
- "github.com/pomerium/pomerium/internal/identity"
  "github.com/pomerium/pomerium/pkg/grpc/databroker"
+ "github.com/pomerium/pomerium/pkg/identity"
  "github.com/pomerium/pomerium/pkg/protoutil"
  "github.com/pomerium/pomerium/pkg/slices"
 )

pkg/grpc/user/user.go

@@ -9,8 +9,8 @@ import (
  "google.golang.org/protobuf/types/known/structpb"
  timestamppb "google.golang.org/protobuf/types/known/timestamppb"
 
- "github.com/pomerium/pomerium/internal/identity"
  "github.com/pomerium/pomerium/pkg/grpc/databroker"
+ "github.com/pomerium/pomerium/pkg/identity"
  "github.com/pomerium/pomerium/pkg/slices"
 )
 

internal/identity/legacymanager/data.go → pkg/identity/legacymanager/data.go

@@ -7,9 +7,9 @@ import (
  "github.com/google/btree"
  "google.golang.org/protobuf/types/known/timestamppb"
 
- "github.com/pomerium/pomerium/internal/identity"
  "github.com/pomerium/pomerium/pkg/grpc/session"
  "github.com/pomerium/pomerium/pkg/grpc/user"
+ "github.com/pomerium/pomerium/pkg/identity"
 )
 
 const userRefreshInterval = 10 * time.Minute

internal/identity/legacymanager/manager.go → pkg/identity/legacymanager/manager.go

@@ -18,14 +18,14 @@ import (
  "github.com/pomerium/pomerium/internal/atomicutil"
  "github.com/pomerium/pomerium/internal/enabler"
  "github.com/pomerium/pomerium/internal/events"
- "github.com/pomerium/pomerium/internal/identity/identity"
  "github.com/pomerium/pomerium/internal/log"
  "github.com/pomerium/pomerium/internal/scheduler"
  "github.com/pomerium/pomerium/internal/telemetry/metrics"
  "github.com/pomerium/pomerium/pkg/grpc/databroker"
  "github.com/pomerium/pomerium/pkg/grpc/session"
  "github.com/pomerium/pomerium/pkg/grpc/user"
  "github.com/pomerium/pomerium/pkg/grpcutil"
+ "github.com/pomerium/pomerium/pkg/identity/identity"
  metrics_ids "github.com/pomerium/pomerium/pkg/metrics"
 )
 

internal/identity/legacymanager/manager_test.go → pkg/identity/legacymanager/manager_test.go

@@ -17,11 +17,11 @@ import (
  "google.golang.org/protobuf/types/known/timestamppb"
 
  "github.com/pomerium/pomerium/internal/events"
- "github.com/pomerium/pomerium/internal/identity/identity"
  "github.com/pomerium/pomerium/pkg/grpc/databroker"
  "github.com/pomerium/pomerium/pkg/grpc/databroker/mock_databroker"
  "github.com/pomerium/pomerium/pkg/grpc/session"
  "github.com/pomerium/pomerium/pkg/grpc/user"
+ "github.com/pomerium/pomerium/pkg/identity/identity"
  metrics_ids "github.com/pomerium/pomerium/pkg/metrics"
  "github.com/pomerium/pomerium/pkg/protoutil"
 )

internal/identity/manager/data.go → pkg/identity/manager/data.go

@@ -7,9 +7,9 @@ import (
 
  "google.golang.org/protobuf/types/known/timestamppb"
 
- "github.com/pomerium/pomerium/internal/identity"
  "github.com/pomerium/pomerium/pkg/grpc/session"
  "github.com/pomerium/pomerium/pkg/grpc/user"
+ "github.com/pomerium/pomerium/pkg/identity"
 )
 
 func nextSessionRefresh(

internal/identity/manager/manager.go → pkg/identity/manager/manager.go

@@ -18,13 +18,13 @@ import (
  "github.com/pomerium/pomerium/internal/atomicutil"
  "github.com/pomerium/pomerium/internal/enabler"
  "github.com/pomerium/pomerium/internal/events"
- "github.com/pomerium/pomerium/internal/identity/identity"
  "github.com/pomerium/pomerium/internal/log"
  "github.com/pomerium/pomerium/internal/telemetry/metrics"
  "github.com/pomerium/pomerium/pkg/grpc/databroker"
  "github.com/pomerium/pomerium/pkg/grpc/session"
  "github.com/pomerium/pomerium/pkg/grpc/user"
  "github.com/pomerium/pomerium/pkg/grpcutil"
+ "github.com/pomerium/pomerium/pkg/identity/identity"
  metrics_ids "github.com/pomerium/pomerium/pkg/metrics"
 )
 

internal/identity/manager/manager_test.go → pkg/identity/manager/manager_test.go

@@ -5,7 +5,7 @@ import (
 
  "golang.org/x/oauth2"
 
- "github.com/pomerium/pomerium/internal/identity/identity"
+ "github.com/pomerium/pomerium/pkg/identity/identity"
 )
 
 type mockAuthenticator struct {

internal/identity/mock_provider.go → pkg/identity/mock_provider.go

@@ -6,7 +6,7 @@ import (
 
  "golang.org/x/oauth2"
 
- "github.com/pomerium/pomerium/internal/identity/identity"
+ "github.com/pomerium/pomerium/pkg/identity/identity"
 )
 
 // MockProvider provides a mocked implementation of the providers interface.