Add bind dev command and updage golang to fix linter

Signed-off-by: Mangirdas Judeikis <mangirdas@judeikis.lt>
On-behalf-of: @SAP mangirdas.judeikis@sap.com

Author: mjudeikis

.github/workflows/ci.yaml

@@ -30,7 +30,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
       with:
-        go-version: v1.24.0
+        go-version: v1.25.4
     - uses: actions/setup-node@v4
       with:
         node-version: '20'
@@ -45,7 +45,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
       with:
-        go-version: v1.24.0
+        go-version: v1.25.4
     - uses: actions/setup-node@v4
       with:
         node-version: '20'
@@ -60,7 +60,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
       with:
-        go-version: v1.24.0
+        go-version: v1.25.4
     - run: make test
 
   lint:
@@ -70,7 +70,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
       with:
-        go-version: v1.24.0
+        go-version: v1.25.4
     - run: make lint
 
   verify:
@@ -80,5 +80,5 @@ jobs:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
       with:
-        go-version: v1.24.0
+        go-version: v1.25.4
     - run: make verify

.github/workflows/docs-gen-and-push.yaml

@@ -34,7 +34,7 @@ jobs:
 
       - uses: actions/setup-go@v5
         with:
-          go-version: v1.24.0
+          go-version: v1.25.4
           cache: true
 
       - uses: actions/setup-python@v5

.github/workflows/goreleaser.yml

@@ -22,7 +22,7 @@ jobs:
         fetch-depth: 0
     - uses: actions/setup-go@v5
       with:
-        go-version: v1.24.0
+        go-version: v1.25.4
     - name: Delete non-semver tags
       run: 'git tag -d $(git tag -l | grep -v "^v")'
     - name: Run GoReleaser on tag

.github/workflows/image.yaml

@@ -19,7 +19,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
       with:
-        go-version: v1.24.0
+        go-version: v1.25.4
         check-latest: true
 
     # We need this to remove local tags that are not semver so goreleaser doesn't get confused.

.ko.yaml

@@ -1,5 +1,5 @@
 baseImageOverrides:
-  github.com/google/ko: golang:1.24.0
+  github.com/google/ko: golang:1.25.4
 
 builds:
 - id: konnector

Dockerfile

@@ -39,7 +39,7 @@ ENV VITE_BUILD_TARGET=docker
 RUN npm run build
 
 # Build Go binary with embedded UI assets
-FROM golang:1.24.0 AS go-build-env
+FROM golang:1.25.4 AS go-build-env
 WORKDIR /app
 
 # Accept build arguments for multi-arch support

Dockerfile.konnector

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.24.0 AS builder
+FROM golang:1.25.4 AS builder
 WORKDIR /app
 
 # Accept build arguments for multi-arch support

Makefile

@@ -171,11 +171,6 @@ fix-lint: $(GOLANGCI_LINT) ## Run golangci-lint with --fix
 	GOLANGCI_LINT_FLAGS="--fix" $(MAKE) lint
 .PHONY: fix-lint
 
-vendor: ## Vendor the dependencies
-	go mod tidy
-	go mod vendor
-.PHONY: vendor
-
 tools: $(GOLANGCI_LINT) $(CONTROLLER_GEN) $(YAML_PATCH) $(GOTESTSUM) $(CODE_GENERATOR) ## Install tools
 .PHONY: tools
 
@@ -364,7 +359,7 @@ verify-modules: modules  # Verify go modules are up to date
 	done
 
 .PHONY: verify
-verify: verify-modules verify-go-versions verify-imports verify-codegen verify-boilerplate ## verify formal properties of the code
+verify: verify-go-versions verify-imports verify-codegen verify-boilerplate ## verify formal properties of the code
 
 .PHONY: help
 help: ## Show this help

backend/oidc/oidc.go

@@ -22,9 +22,9 @@ import (
 	"fmt"
 	"net"
 	"os"
-	"path"
 	"time"
 
+	"github.com/davecgh/go-spew/spew"
 	"github.com/gorilla/mux"
 	"github.com/xrstf/mockoidc"
 )
@@ -34,7 +34,7 @@ type Server struct {
 	tlsConfig *tls.Config
 }
 
-func New(caBundleFile string, listener net.Listener) (*Server, error) {
+func New(caBundleFile string, listener net.Listener, addrOverride string) (*Server, error) {
 	// Add offline_access to supported scopes for refresh token support
 	ensureOfflineAccessScope()
 	var tlsConfig *tls.Config
@@ -49,8 +49,9 @@ func New(caBundleFile string, listener net.Listener) (*Server, error) {
 	}
 
 	server, err := mockoidc.NewServer(&mockoidc.ServerConfig{
-		TLSConfig: tlsConfig,
-		Listener:  listener,
+		TLSConfig:    tlsConfig,
+		Listener:     listener,
+		AddrOverride: addrOverride,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to create mock OIDC server: %w", err)
@@ -70,8 +71,9 @@ type Config struct {
 
 	CodeChallengeMethodsSupported []string
 
-	// CallbackURL is kube-bind specific and must match API server endpoints.
+	// CallbackURL and IssuerURL are kube-bind specific and must match API server endpoints.
 	CallbackURL string
+	IssuerURL   string
 }
 
 var ErrServerNotRunning = fmt.Errorf("embedded OIDC server is not running")
@@ -85,18 +87,21 @@ func (s *Server) AddRoutes(mux *mux.Router) {
 }
 
 // URL returns the base URL of the embedded OIDC server.
-func (s *Server) Config() (*Config, error) {
-	return &Config{
+func (s *Server) Config(callbackURL, issuerURL string) (*Config, error) {
+	c := &Config{
 		ClientID:     s.server.Config().ClientID,
 		ClientSecret: s.server.Config().ClientSecret,
-		Issuer:       s.server.Config().Issuer,
+		Issuer:       issuerURL, // This overrided default fake OIDC issuer URL. Must match what it is served at.
 
 		AccessTTL:  s.server.Config().AccessTTL,
 		RefreshTTL: s.server.Config().RefreshTTL,
 
 		CodeChallengeMethodsSupported: s.server.Config().CodeChallengeMethodsSupported,
-		CallbackURL:                   path.Join(s.server.Addr(), "api/callback"),
-	}, nil
+		CallbackURL:                   callbackURL,
+		IssuerURL:                     issuerURL,
+	}
+	spew.Dump(c)
+	return c, nil
 }
 
 func LoadTLSConfig(caFile string) (*tls.Config, error) {

backend/options/oidc.go

@@ -26,7 +26,15 @@ import (
 	"github.com/kube-bind/kube-bind/backend/oidc"
 )
 
+type OIDCType string
+
+const (
+	OIDCTypeEmbedded OIDCType = "embedded"
+	OIDCTypeExternal OIDCType = "external"
+)
+
 type OIDC struct {
+	Type               string
 	IssuerClientID     string
 	IssuerClientSecret string
 	IssuerURL          string
@@ -40,7 +48,9 @@ type OIDC struct {
 }
 
 func NewOIDC() *OIDC {
-	return &OIDC{}
+	return &OIDC{
+		Type: string(OIDCTypeExternal),
+	}
 }
 
 func (options *OIDC) AddFlags(fs *pflag.FlagSet) {
@@ -50,17 +60,18 @@ func (options *OIDC) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&options.CallbackURL, "oidc-callback-url", options.CallbackURL, "OpenID callback URL")
 	fs.StringVar(&options.AuthorizeURL, "oidc-authorize-url", options.AuthorizeURL, "OpenID authorize URL")
 	fs.StringVar(&options.CAFile, "oidc-ca-file", options.CAFile, "Path to a CA bundle to use when verifying the OIDC provider's TLS certificate.")
+	fs.StringVar(&options.Type, "oidc-type", options.Type, "Type of OIDC provider (embedded or external)")
 }
 
 func (options *OIDC) Complete(listener net.Listener) error {
-	if options.IssuerURL == "" {
-		oidcServer, err := oidc.New(options.CAFile, listener)
+	if options.Type == string(OIDCTypeEmbedded) {
+		oidcServer, err := oidc.New(options.CAFile, listener, options.IssuerURL)
 		if err != nil {
 			return err
 		}
 		options.OIDCServer = oidcServer
 
-		cfg, err := oidcServer.Config()
+		cfg, err := oidcServer.Config(options.CallbackURL, options.IssuerURL)
 		if err != nil {
 			return err
 		}