upload OIDC discovery data to disco backend

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>

Author: inteon

internal/cyberark/dataupload/dataupload.go

@@ -57,6 +57,15 @@ type Snapshot struct {
 	ClusterDescription string `json:"cluster_description,omitempty"`
 	// K8SVersion is the version of Kubernetes which the cluster is running.
 	K8SVersion string `json:"k8s_version"`
+	// OIDCConfig contains OIDC configuration data from the API server's
+	// `/.well-known/openid-configuration` endpoint
+	OIDCConfig map[string]any `json:"openid_configuration,omitempty"`
+	// OIDCConfigError contains any error encountered while fetching the OIDC configuration
+	OIDCConfigError string `json:"openid_configuration_error,omitempty"`
+	// JWKS contains JWKS data from the API server's `/openid/v1/jwks` endpoint
+	JWKS map[string]any `json:"jwks,omitempty"`
+	// JWKSError contains any error encountered while fetching the JWKS
+	JWKSError string `json:"jwks_error,omitempty"`
 	// Secrets is a list of Secret resources in the cluster. Not all Secret
 	// types are included and only a subset of the Secret data is included.
 	Secrets []runtime.Object `json:"secrets"`

pkg/client/client_cyberark.go

@@ -92,6 +92,25 @@ func baseSnapshotFromOptions(opts Options) dataupload.Snapshot {
 	}
 }
 
+// extractOIDCFromReading converts the opaque data from a DiscoveryData
+// data reading to allow access to the OIDC fields within.
+func extractOIDCFromReading(reading *api.DataReading, target *dataupload.Snapshot) error {
+	if reading == nil {
+		return fmt.Errorf("programmer mistake: the DataReading must not be nil")
+	}
+	data, ok := reading.Data.(*api.OIDCDiscoveryData)
+	if !ok {
+		return fmt.Errorf(
+			"programmer mistake: the DataReading must have data type *api.DiscoveryData. "+
+				"This DataReading (%s) has data type %T", reading.DataGatherer, reading.Data)
+	}
+	target.OIDCConfig = data.OIDCConfig
+	target.OIDCConfigError = data.OIDCConfigError
+	target.JWKS = data.JWKS
+	target.JWKSError = data.JWKSError
+	return nil
+}
+
 // extractClusterIDAndServerVersionFromReading converts the opaque data from a DiscoveryData
 // data reading to allow access to the Kubernetes version fields within.
 func extractClusterIDAndServerVersionFromReading(reading *api.DataReading, target *dataupload.Snapshot) error {
@@ -149,6 +168,7 @@ func extractResourceListFromReading(reading *api.DataReading, target *[]runtime.
 // and populates the relevant field(s) of the Snapshot based on the DataReading's data.
 // Deleted resources are excluded from the snapshot because they are not needed by CyberArk.
 var defaultExtractorFunctions = map[string]func(*api.DataReading, *dataupload.Snapshot) error{
+	"ark/oidc":      extractOIDCFromReading,
 	"ark/discovery": extractClusterIDAndServerVersionFromReading,
 	"ark/secrets": func(r *api.DataReading, s *dataupload.Snapshot) error {
 		return extractResourceListFromReading(r, &s.Secrets)