make port optional

maltesander · maltesander · commit 4d10eaaaf8d0 · 2025-04-22T15:01:51.000+02:00
diff --git a/deploy/helm/opa-operator/crds/crds.yaml b/deploy/helm/opa-operator/crds/crds.yaml
@@ -149,10 +149,10 @@ spec:
                                     Must contain the fields `clientId` and `clientSecret`.
                                   type: string
                                 port:
-                                  default: 443
-                                  description: Port of the identity provider. Defaults to 443.
+                                  description: Port of the identity provider. If TLS is used defaults to `443`, otherwise to `80`.
                                   format: uint16
                                   minimum: 0.0
+                                  nullable: true
                                   type: integer
                                 tenantId:
                                   description: The Microsoft Entra tenant ID.
diff --git a/rust/operator-binary/src/crd/user_info_fetcher.rs b/rust/operator-binary/src/crd/user_info_fetcher.rs
@@ -128,9 +128,8 @@ pub mod versioned {
         #[serde(default = "entra_default_user_info_hostname")]
         pub user_info_hostname: HostName,
 
-        /// Port of the identity provider. Defaults to 443.
-        #[serde(default = "entra_default_port")]
-        pub port: u16,
+        /// Port of the identity provider. If TLS is used defaults to `443`, otherwise to `80`.
+        pub port: Option<u16>,
 
         /// The Microsoft Entra tenant ID.
         pub tenant_id: String,
@@ -139,7 +138,7 @@ pub mod versioned {
         // We do not use the flattened `TlsClientDetails` here since we cannot
         // default to WebPki using a default and flatten
         // https://github.com/serde-rs/serde/issues/1626
-        // This means we have to wrap `Tls` in `TlsClientDetails` to its
+        // This means we have to wrap `Tls` in `TlsClientDetails` to use its
         // method like `uses_tls()`.
         #[serde(default = "default_tls_web_pki")]
         pub tls: Option<Tls>,
@@ -178,10 +177,6 @@ fn entra_default_user_info_hostname() -> HostName {
     HostName::from_str("graph.microsoft.com").unwrap()
 }
 
-fn entra_default_port() -> u16 {
-    443
-}
-
 fn default_tls_web_pki() -> Option<Tls> {
     Some(Tls {
         verification: TlsVerification::Server(TlsServerVerification {
diff --git a/rust/user-info-fetcher/src/backend/entra.rs b/rust/user-info-fetcher/src/backend/entra.rs
@@ -166,11 +166,12 @@ impl EntraBackend {
     pub fn try_new(
         token_endpoint: &HostName,
         user_info_endpoint: &HostName,
-        port: u16,
+        port: Option<u16>,
         tenant_id: &str,
         uses_tls: bool,
     ) -> Result<Self, Error> {
         let schema = if uses_tls { "https" } else { "http" };
+        let port = port.unwrap_or_else(|| if uses_tls { 443 } else { 80 });
 
         let token_endpoint =
             format!("{schema}://{token_endpoint}:{port}/{tenant_id}/oauth2/v2.0/token");
@@ -223,7 +224,7 @@ mod tests {
         let entra = EntraBackend::try_new(
             &HostName::from_str("login.microsoft.com").unwrap(),
             &HostName::from_str("graph.microsoft.com").unwrap(),
-            443,
+            None,
             tenant_id,
             true,
         )
@@ -248,4 +249,38 @@ mod tests {
             .unwrap()
         );
     }
+
+    #[test]
+    fn test_entra_custom_id() {
+        let tenant_id = "1234-5678-1234-5678";
+        let user = "1234-5678-1234-5678";
+
+        let entra = EntraBackend::try_new(
+            &HostName::from_str("login.mock.com").unwrap(),
+            &HostName::from_str("graph.mock.com").unwrap(),
+            Some(8080),
+            tenant_id,
+            false,
+        )
+        .unwrap();
+
+        assert_eq!(
+            entra.oauth2_token(),
+            Url::parse(&format!(
+                "http://login.mock.com:8080/{tenant_id}/oauth2/v2.0/token"
+            ))
+            .unwrap()
+        );
+        assert_eq!(
+            entra.user_info(user),
+            Url::parse(&format!("http://graph.mock.com:8080/v1.0/users/{user}")).unwrap()
+        );
+        assert_eq!(
+            entra.group_info(user),
+            Url::parse(&format!(
+                "http://graph.mock.com:8080/v1.0/users/{user}/memberOf"
+            ))
+            .unwrap()
+        );
+    }
 }
