support client credentials

cmd/serve.go

@@ -5,6 +5,7 @@ import (
 	"github.com/spf13/viper"
 	"go.infratographer.com/x/echox"
 	"go.infratographer.com/x/events"
+	"go.infratographer.com/x/oauth2x"
 	"go.infratographer.com/x/otelx"
 	"go.infratographer.com/x/versionx"
 	"go.infratographer.com/x/viperx"
@@ -34,6 +35,7 @@ func init() {
 	serveCmd.PersistentFlags().StringSlice("events-topics", []string{}, "event topics to subscribe to")
 	viperx.MustBindFlag(viper.GetViper(), "events.topics", serveCmd.PersistentFlags().Lookup("events-topics"))
 
+	oauth2x.MustViperFlags(viper.GetViper(), serveCmd.Flags())
 	permissions.MustViperFlags(viper.GetViper(), serveCmd.Flags())
 }
 
@@ -56,9 +58,21 @@ func serve(cmd *cobra.Command, _ []string) {
 		logger.Fatalw("error initializing Metal client", "error", err)
 	}
 
+	permHTTPClient := permissions.DefaultHTTPClient
+
+	if config.AppConfig.OIDC.Client.ID != "" {
+		tokenSrc, err := oauth2x.NewClientCredentialsTokenSrc(cmd.Context(), config.AppConfig.OIDC.Client)
+		if err != nil {
+			logger.Fatalw("error initializing oauth2 client", "error", err)
+		}
+
+		permHTTPClient = oauth2x.NewClient(cmd.Context(), tokenSrc)
+	}
+
 	perms, err := permissions.NewClient("",
 		permissions.WithLogger(logger),
 		permissions.WithConfig(config.AppConfig.Permissions),
+		permissions.WithHTTPClient(permHTTPClient),
 	)
 	if err != nil {
 		logger.Fatalw("error initializing Permissions client", "error", err)