forked from mystiq/dex
*: expand environment variables in config
Allow users to define config values which are read form environemnt variables. Helpful for sensitive variables such as OAuth2 client IDs or LDAP credentials.
This commit is contained in:
parent
ba9f6c6cd6
commit
a11db557b4
4 changed files with 15 additions and 6 deletions
|
@ -7,6 +7,7 @@ import (
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"os"
|
||||||
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
|
@ -44,6 +45,7 @@ func serve(cmd *cobra.Command, args []string) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("read config file %s: %v", configFile, err)
|
return fmt.Errorf("read config file %s: %v", configFile, err)
|
||||||
}
|
}
|
||||||
|
configData = []byte(os.ExpandEnv(string(configData)))
|
||||||
|
|
||||||
var c Config
|
var c Config
|
||||||
if err := yaml.Unmarshal(configData, &c); err != nil {
|
if err := yaml.Unmarshal(configData, &c); err != nil {
|
||||||
|
|
|
@ -6,7 +6,6 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
|
@ -32,8 +31,8 @@ func (c *Config) Open() (connector.Connector, error) {
|
||||||
redirectURI: c.RedirectURI,
|
redirectURI: c.RedirectURI,
|
||||||
org: c.Org,
|
org: c.Org,
|
||||||
oauth2Config: &oauth2.Config{
|
oauth2Config: &oauth2.Config{
|
||||||
ClientID: os.ExpandEnv(c.ClientID),
|
ClientID: c.ClientID,
|
||||||
ClientSecret: os.ExpandEnv(c.ClientSecret),
|
ClientSecret: c.ClientSecret,
|
||||||
Endpoint: github.Endpoint,
|
Endpoint: github.Endpoint,
|
||||||
Scopes: []string{
|
Scopes: []string{
|
||||||
"user:email", // View user's email
|
"user:email", // View user's email
|
||||||
|
|
|
@ -5,7 +5,6 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
|
||||||
|
|
||||||
"github.com/ericchiang/oidc"
|
"github.com/ericchiang/oidc"
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
|
@ -42,12 +41,12 @@ func (c *Config) Open() (conn connector.Connector, err error) {
|
||||||
scopes = append(scopes, "profile", "email")
|
scopes = append(scopes, "profile", "email")
|
||||||
}
|
}
|
||||||
|
|
||||||
clientID := os.ExpandEnv(c.ClientID)
|
clientID := c.ClientID
|
||||||
return &oidcConnector{
|
return &oidcConnector{
|
||||||
redirectURI: c.RedirectURI,
|
redirectURI: c.RedirectURI,
|
||||||
oauth2Config: &oauth2.Config{
|
oauth2Config: &oauth2.Config{
|
||||||
ClientID: clientID,
|
ClientID: clientID,
|
||||||
ClientSecret: os.ExpandEnv(c.ClientSecret),
|
ClientSecret: c.ClientSecret,
|
||||||
Endpoint: provider.Endpoint(),
|
Endpoint: provider.Endpoint(),
|
||||||
Scopes: scopes,
|
Scopes: scopes,
|
||||||
RedirectURL: c.RedirectURI,
|
RedirectURL: c.RedirectURI,
|
||||||
|
|
|
@ -37,6 +37,15 @@ connectors:
|
||||||
- type: mockCallback
|
- type: mockCallback
|
||||||
id: mock
|
id: mock
|
||||||
name: Example
|
name: Example
|
||||||
|
# - type: oidc
|
||||||
|
# id: google
|
||||||
|
# name: Google
|
||||||
|
# config:
|
||||||
|
# issuer: https://accounts.google.com
|
||||||
|
# # Config values starting with a "$" will read from the environment.
|
||||||
|
# clientID: $GOOGLE_CLIENT_ID
|
||||||
|
# clientSecret: $GOOGLE_CLIENT_SECRET
|
||||||
|
# redirectURI: http://127.0.0.1:5556/dex/callback/google
|
||||||
|
|
||||||
# Let dex keep a list of passwords which can be used to login the user
|
# Let dex keep a list of passwords which can be used to login the user
|
||||||
enablePasswordDB: true
|
enablePasswordDB: true
|
||||||
|
|
Loading…
Reference in a new issue