forked from mystiq/dex
Merge pull request #1664 from lhotrifork/static-client-env-vars
storage/static.go: expand environment variables in client ID and secret
This commit is contained in:
commit
d820fd45d8
2 changed files with 26 additions and 3 deletions
|
@ -153,7 +153,28 @@ func serve(cmd *cobra.Command, args []string) error {
|
||||||
logger.Infof("config storage: %s", c.Storage.Type)
|
logger.Infof("config storage: %s", c.Storage.Type)
|
||||||
|
|
||||||
if len(c.StaticClients) > 0 {
|
if len(c.StaticClients) > 0 {
|
||||||
for _, client := range c.StaticClients {
|
for i, client := range c.StaticClients {
|
||||||
|
if client.Name == "" {
|
||||||
|
return fmt.Errorf("invalid config: Name field is required for a client")
|
||||||
|
}
|
||||||
|
if client.ID == "" && client.IDEnv == "" {
|
||||||
|
return fmt.Errorf("invalid config: ID or IDEnv field is required for a client")
|
||||||
|
}
|
||||||
|
if client.IDEnv != "" {
|
||||||
|
if client.ID != "" {
|
||||||
|
return fmt.Errorf("invalid config: ID and IDEnv fields are exclusive for client %q", client.ID)
|
||||||
|
}
|
||||||
|
c.StaticClients[i].ID = os.Getenv(client.IDEnv)
|
||||||
|
}
|
||||||
|
if client.Secret == "" && client.SecretEnv == "" {
|
||||||
|
return fmt.Errorf("invalid config: Secret or SecretEnv field is required for client %q", client.ID)
|
||||||
|
}
|
||||||
|
if client.SecretEnv != "" {
|
||||||
|
if client.Secret != "" {
|
||||||
|
return fmt.Errorf("invalid config: Secret and SecretEnv fields are exclusive for client %q", client.ID)
|
||||||
|
}
|
||||||
|
c.StaticClients[i].Secret = os.Getenv(client.SecretEnv)
|
||||||
|
}
|
||||||
logger.Infof("config static client: %s", client.Name)
|
logger.Infof("config static client: %s", client.Name)
|
||||||
}
|
}
|
||||||
s = storage.WithStaticClients(s, c.StaticClients)
|
s = storage.WithStaticClients(s, c.StaticClients)
|
||||||
|
|
|
@ -114,7 +114,9 @@ type Storage interface {
|
||||||
type Client struct {
|
type Client struct {
|
||||||
// Client ID and secret used to identify the client.
|
// Client ID and secret used to identify the client.
|
||||||
ID string `json:"id" yaml:"id"`
|
ID string `json:"id" yaml:"id"`
|
||||||
|
IDEnv string `json:"idEnv" yaml:"idEnv"`
|
||||||
Secret string `json:"secret" yaml:"secret"`
|
Secret string `json:"secret" yaml:"secret"`
|
||||||
|
SecretEnv string `json:"secretEnv" yaml:"secretEnv"`
|
||||||
|
|
||||||
// A registered set of redirect URIs. When redirecting from dex to the client, the URI
|
// A registered set of redirect URIs. When redirecting from dex to the client, the URI
|
||||||
// requested to redirect to MUST match one of these values, unless the client is "public".
|
// requested to redirect to MUST match one of these values, unless the client is "public".
|
||||||
|
|
Loading…
Reference in a new issue