feat(dex): use postgresql as backend

.mockery.yaml

@@ -13,4 +13,7 @@ packages:
   sigs.k8s.io/controller-runtime/pkg/client:
     interfaces:
       Client:
-      SubResourceWriter:
+      SubResourceWriter:
+  github.com/dexidp/dex/storage:
+    interfaces:
+      Storage:

cmd/greenhouse/controllers.go

@@ -76,8 +76,10 @@ func startOrganizationReconciler(name string, mgr ctrl.Manager) error {
 	if v, ok := os.LookupEnv("POD_NAMESPACE"); ok {
 		namespace = v
 	}
+
 	return (&organizationcontrollers.OrganizationReconciler{
 		Namespace: namespace,
+		NetworkDB: postgresDB,
 	}).SetupWithManager(name, mgr)
 }
 

cmd/greenhouse/main.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/dexidp/dex/storage/sql"
 	flag "github.com/spf13/pflag"
 	"go.uber.org/zap/zapcore"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -58,6 +59,8 @@ var (
 	remoteClusterBearerTokenValidity,
 	renewRemoteClusterBearerTokenAfter time.Duration
 	kubeClientOpts clientutil.RuntimeOptions
+	// DB connection parameters
+	postgresDB sql.NetworkDB
 )
 
 func init() {
@@ -91,6 +94,12 @@ func main() {
 	flag.StringVar(&common.DNSDomain, "dns-domain", "",
 		"The DNS domain to use for the Greenhouse central cluster")
 
+	flag.StringVar(&postgresDB.Database, "database", clientutil.GetEnvOrDefault("DEX_POSTGRES_DATABASE", "dex"), "Database name")
+	flag.StringVar(&postgresDB.Host, "dbHost", clientutil.GetEnvOrDefault("DEX_POSTGRES_HOST", "localhost"), "Database host")
+	flag.Uint16Var(&postgresDB.Port, "dbPort", 5432, "Database port")
+	flag.StringVar(&postgresDB.User, "dbUser", clientutil.GetEnvOrDefault("DEX_POSTGRES_USER", "dex"), "Database user")
+	flag.StringVar(&postgresDB.Password, "dbPassword", clientutil.GetEnvOrDefault("DEX_POSTGRES_PASSWORD", "dex"), "Database password")
+
 	opts := zap.Options{
 		Development: true,
 		TimeEncoder: zapcore.RFC3339TimeEncoder,

cmd/idproxy/main.go

@@ -16,6 +16,7 @@ import (
 	"time"
 
 	"github.com/dexidp/dex/server"
+	"github.com/dexidp/dex/storage/sql"
 	"github.com/go-logr/logr"
 	"github.com/oklog/run"
 	"github.com/prometheus/client_golang/prometheus"
@@ -39,6 +40,9 @@ func main() {
 	var idTokenValidity time.Duration
 	var listenAddr, metricsAddr string
 	var allowedOrigins []string
+	// DB connection parameters
+	var postgresDB sql.NetworkDB
+
 	logger := slog.New(slog.NewJSONHandler(os.Stdout, nil))
 	// set default logger to be used by log
 	slog.SetDefault(logger)
@@ -48,6 +52,11 @@ func main() {
 	flag.StringVar(&kubeconfig, "kubeconfig", os.Getenv("KUBECONFIG"), "Use kubeconfig for authentication")
 	flag.StringVar(&kubecontext, "kubecontext", os.Getenv("KUBECONTEXT"), "Use context from kubeconfig")
 	flag.StringVar(&kubenamespace, "kubenamespace", os.Getenv("KUBENAMESPACE"), "Use namespace")
+	flag.StringVar(&postgresDB.Database, "database", os.Getenv("DB_NAME"), "Database name")
+	flag.StringVar(&postgresDB.Host, "dbHost", os.Getenv("DB_HOST"), "Database host")
+	flag.Uint16Var(&postgresDB.Port, "dbPort", 5432, "Database port")
+	flag.StringVar(&postgresDB.User, "dbUser", os.Getenv("DB_USER"), "Database user")
+	flag.StringVar(&postgresDB.Password, "dbPassword", os.Getenv("DB_PASSWORD"), "Database password")
 	flag.StringVar(&issuer, "issuer", "", "Issuer URL")
 	flag.StringVar(&listenAddr, "listen-addr", ":8080", "oidc listen address")
 	flag.StringVar(&metricsAddr, "metrics-addr", ":6543", "bind address for metrics")
@@ -58,7 +67,13 @@ func main() {
 	if issuer == "" {
 		log.Fatal("No --issuer given")
 	}
+	/*
+		sqlDexStorage, err := idproxy.NewPostgresStorage(sql.SSL{Mode: "disable"}, postgresDB, logger.With("component", "storage"))
+		if err != nil {
+			log.Fatalf("Failed to initialize postgres storage: %s", err)
+		}
 
+	*/
 	dexStorage, err := idproxy.NewKubernetesStorage(kubeconfig, kubecontext, kubenamespace, logger.With("component", "storage"))
 	if err != nil {
 		log.Fatalf("Failed to initialize kubernetes storage: %s", err)
@@ -78,6 +93,7 @@ func main() {
 		SkipApprovalScreen: true,
 		Logger:             logger.With("component", "server"),
 		Storage:            dexStorage,
+		// Storage:            sqlDexStorage,
 		AllowedOrigins:     allowedOrigins,
 		IDTokensValidFor:   idTokenValidity,
 		RefreshTokenPolicy: refreshPolicy,

go.mod

@@ -32,6 +32,8 @@ require (
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.10.0
+	github.com/testcontainers/testcontainers-go v0.35.0
+	github.com/testcontainers/testcontainers-go/modules/postgres v0.35.0
 	github.com/vladimirvivien/gexe v0.4.1
 	github.com/wI2L/jsondiff v0.6.1
 	go.uber.org/zap v1.27.0
@@ -55,35 +57,55 @@ require (
 	cloud.google.com/go/auth v0.9.2 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
 	dario.cat/mergo v1.0.1 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.12.6 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/containerd/errdefs v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/platforms v0.2.1 // indirect
+	github.com/cpuguy83/dockercfg v0.3.2 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/creack/pty v1.1.23 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/go-sql-driver/mysql v1.8.1 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mattn/go-sqlite3 v1.14.22 // indirect
 	github.com/miekg/dns v1.1.58 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
+	github.com/moby/sys/user v0.3.0 // indirect
+	github.com/moby/sys/userns v0.1.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/otiai10/mint v1.6.3 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/sergi/go-diff v1.3.1 // indirect
+	github.com/shirou/gopsutil/v3 v3.23.12 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/tidwall/gjson v1.18.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tidwall/sjson v1.2.5 // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
+	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
-	gotest.tools/v3 v3.5.1 // indirect
 )
 
 require (