Merge pull request #1664 from lhotrifork/static-client-env-vars

storage/static.go: expand environment variables in client ID and secret
This commit is contained in:
Nándor István Krácser 2020-03-03 11:05:08 +01:00 committed by GitHub
commit d820fd45d8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 3 deletions

View file

@ -153,7 +153,28 @@ func serve(cmd *cobra.Command, args []string) error {
logger.Infof("config storage: %s", c.Storage.Type) logger.Infof("config storage: %s", c.Storage.Type)
if len(c.StaticClients) > 0 { if len(c.StaticClients) > 0 {
for _, client := range c.StaticClients { for i, client := range c.StaticClients {
if client.Name == "" {
return fmt.Errorf("invalid config: Name field is required for a client")
}
if client.ID == "" && client.IDEnv == "" {
return fmt.Errorf("invalid config: ID or IDEnv field is required for a client")
}
if client.IDEnv != "" {
if client.ID != "" {
return fmt.Errorf("invalid config: ID and IDEnv fields are exclusive for client %q", client.ID)
}
c.StaticClients[i].ID = os.Getenv(client.IDEnv)
}
if client.Secret == "" && client.SecretEnv == "" {
return fmt.Errorf("invalid config: Secret or SecretEnv field is required for client %q", client.ID)
}
if client.SecretEnv != "" {
if client.Secret != "" {
return fmt.Errorf("invalid config: Secret and SecretEnv fields are exclusive for client %q", client.ID)
}
c.StaticClients[i].Secret = os.Getenv(client.SecretEnv)
}
logger.Infof("config static client: %s", client.Name) logger.Infof("config static client: %s", client.Name)
} }
s = storage.WithStaticClients(s, c.StaticClients) s = storage.WithStaticClients(s, c.StaticClients)

View file

@ -114,7 +114,9 @@ type Storage interface {
type Client struct { type Client struct {
// Client ID and secret used to identify the client. // Client ID and secret used to identify the client.
ID string `json:"id" yaml:"id"` ID string `json:"id" yaml:"id"`
IDEnv string `json:"idEnv" yaml:"idEnv"`
Secret string `json:"secret" yaml:"secret"` Secret string `json:"secret" yaml:"secret"`
SecretEnv string `json:"secretEnv" yaml:"secretEnv"`
// A registered set of redirect URIs. When redirecting from dex to the client, the URI // A registered set of redirect URIs. When redirecting from dex to the client, the URI
// requested to redirect to MUST match one of these values, unless the client is "public". // requested to redirect to MUST match one of these values, unless the client is "public".