2016-07-26 01:30:28 +05:30
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
2016-11-04 03:02:23 +05:30
|
|
|
"encoding/json"
|
2016-07-26 01:30:28 +05:30
|
|
|
"fmt"
|
|
|
|
|
|
2016-08-11 11:01:42 +05:30
|
|
|
"github.com/coreos/dex/connector"
|
|
|
|
|
"github.com/coreos/dex/connector/github"
|
|
|
|
|
"github.com/coreos/dex/connector/ldap"
|
|
|
|
|
"github.com/coreos/dex/connector/mock"
|
|
|
|
|
"github.com/coreos/dex/connector/oidc"
|
2016-08-26 01:40:19 +05:30
|
|
|
"github.com/coreos/dex/server"
|
2016-08-11 11:01:42 +05:30
|
|
|
"github.com/coreos/dex/storage"
|
|
|
|
|
"github.com/coreos/dex/storage/kubernetes"
|
|
|
|
|
"github.com/coreos/dex/storage/memory"
|
2016-10-04 01:16:49 +05:30
|
|
|
"github.com/coreos/dex/storage/sql"
|
2016-07-26 01:30:28 +05:30
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Config is the config format for the main application.
|
|
|
|
|
type Config struct {
|
2016-11-04 03:02:23 +05:30
|
|
|
Issuer string `json:"issuer"`
|
|
|
|
|
Storage Storage `json:"storage"`
|
|
|
|
|
Connectors []Connector `json:"connectors"`
|
|
|
|
|
Web Web `json:"web"`
|
|
|
|
|
OAuth2 OAuth2 `json:"oauth2"`
|
|
|
|
|
GRPC GRPC `json:"grpc"`
|
2016-08-05 22:20:22 +05:30
|
|
|
|
2016-11-04 03:02:23 +05:30
|
|
|
Templates server.TemplateConfig `json:"templates"`
|
2016-08-26 01:40:19 +05:30
|
|
|
|
2016-10-06 05:20:02 +05:30
|
|
|
// StaticClients cause the server to use this list of clients rather than
|
|
|
|
|
// querying the storage. Write operations, like creating a client, will fail.
|
2016-11-04 03:02:23 +05:30
|
|
|
StaticClients []storage.Client `json:"staticClients"`
|
2016-10-06 05:20:02 +05:30
|
|
|
|
|
|
|
|
// If enabled, the server will maintain a list of passwords which can be used
|
|
|
|
|
// to identify a user.
|
2016-11-04 03:02:23 +05:30
|
|
|
EnablePasswordDB bool `json:"enablePasswordDB"`
|
2016-10-06 05:20:02 +05:30
|
|
|
|
|
|
|
|
// StaticPasswords cause the server use this list of passwords rather than
|
|
|
|
|
// querying the storage. Cannot be specified without enabling a passwords
|
|
|
|
|
// database.
|
2016-11-04 03:02:23 +05:30
|
|
|
StaticPasswords []storage.Password `json:"staticPasswords"`
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
|
|
|
|
|
2016-08-20 05:54:49 +05:30
|
|
|
// OAuth2 describes enabled OAuth2 extensions.
|
|
|
|
|
type OAuth2 struct {
|
2016-11-04 03:02:23 +05:30
|
|
|
ResponseTypes []string `json:"responseTypes"`
|
2016-10-08 00:23:01 +05:30
|
|
|
// If specified, do not prompt the user to approve client authorization. The
|
|
|
|
|
// act of logging in implies authorization.
|
2016-11-04 03:02:23 +05:30
|
|
|
SkipApprovalScreen bool `json:"skipApprovalScreen"`
|
2016-08-20 05:54:49 +05:30
|
|
|
}
|
|
|
|
|
|
2016-07-26 01:30:28 +05:30
|
|
|
// Web is the config format for the HTTP server.
|
|
|
|
|
type Web struct {
|
2016-11-04 03:02:23 +05:30
|
|
|
HTTP string `json:"http"`
|
|
|
|
|
HTTPS string `json:"https"`
|
|
|
|
|
TLSCert string `json:"tlsCert"`
|
|
|
|
|
TLSKey string `json:"tlsKey"`
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
|
|
|
|
|
2016-10-04 12:57:50 +05:30
|
|
|
// GRPC is the config for the gRPC API.
|
|
|
|
|
type GRPC struct {
|
|
|
|
|
// The port to listen on.
|
2016-11-04 03:02:23 +05:30
|
|
|
Addr string `json:"addr"`
|
|
|
|
|
TLSCert string `json:"tlsCert"`
|
|
|
|
|
TLSKey string `json:"tlsKey"`
|
|
|
|
|
TLSClientCA string `json:"tlsClientCA"`
|
2016-10-04 12:57:50 +05:30
|
|
|
}
|
|
|
|
|
|
2016-07-26 01:30:28 +05:30
|
|
|
// Storage holds app's storage configuration.
|
|
|
|
|
type Storage struct {
|
2016-11-04 03:02:23 +05:30
|
|
|
Type string `json:"type"`
|
|
|
|
|
Config StorageConfig `json:"config"`
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
|
|
|
|
|
2016-11-04 03:02:23 +05:30
|
|
|
// StorageConfig is a configuration that can create a storage.
|
|
|
|
|
type StorageConfig interface {
|
|
|
|
|
Open() (storage.Storage, error)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var storages = map[string]func() StorageConfig{
|
|
|
|
|
"kubernetes": func() StorageConfig { return new(kubernetes.Config) },
|
|
|
|
|
"memory": func() StorageConfig { return new(memory.Config) },
|
|
|
|
|
"sqlite3": func() StorageConfig { return new(sql.SQLite3) },
|
|
|
|
|
"postgres": func() StorageConfig { return new(sql.Postgres) },
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// UnmarshalJSON allows Storage to implement the unmarshaler interface to
|
|
|
|
|
// dynamically determine the type of the storage config.
|
|
|
|
|
func (s *Storage) UnmarshalJSON(b []byte) error {
|
|
|
|
|
var store struct {
|
|
|
|
|
Type string `json:"type"`
|
|
|
|
|
Config json.RawMessage `json:"config"`
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
2016-11-04 03:02:23 +05:30
|
|
|
if err := json.Unmarshal(b, &store); err != nil {
|
|
|
|
|
return fmt.Errorf("parse storage: %v", err)
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
2016-11-04 03:02:23 +05:30
|
|
|
f, ok := storages[store.Type]
|
|
|
|
|
if !ok {
|
|
|
|
|
return fmt.Errorf("unknown storage type %q", store.Type)
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
|
|
|
|
|
2016-11-04 03:02:23 +05:30
|
|
|
storageConfig := f()
|
|
|
|
|
if len(store.Config) != 0 {
|
|
|
|
|
if err := json.Unmarshal([]byte(store.Config), storageConfig); err != nil {
|
|
|
|
|
return fmt.Errorf("parse storace config: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
*s = Storage{
|
|
|
|
|
Type: store.Type,
|
|
|
|
|
Config: storageConfig,
|
|
|
|
|
}
|
|
|
|
|
return nil
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Connector is a magical type that can unmarshal YAML dynamically. The
|
|
|
|
|
// Type field determines the connector type, which is then customized for Config.
|
|
|
|
|
type Connector struct {
|
2016-11-04 03:02:23 +05:30
|
|
|
Type string `json:"type"`
|
|
|
|
|
Name string `json:"name"`
|
|
|
|
|
ID string `json:"id"`
|
2016-07-26 01:30:28 +05:30
|
|
|
|
2016-11-04 03:02:23 +05:30
|
|
|
Config ConnectorConfig `json:"config"`
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ConnectorConfig is a configuration that can open a connector.
|
|
|
|
|
type ConnectorConfig interface {
|
|
|
|
|
Open() (connector.Connector, error)
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-04 03:02:23 +05:30
|
|
|
var connectors = map[string]func() ConnectorConfig{
|
|
|
|
|
"mockCallback": func() ConnectorConfig { return new(mock.CallbackConfig) },
|
|
|
|
|
"mockPassword": func() ConnectorConfig { return new(mock.PasswordConfig) },
|
|
|
|
|
"ldap": func() ConnectorConfig { return new(ldap.Config) },
|
|
|
|
|
"github": func() ConnectorConfig { return new(github.Config) },
|
|
|
|
|
"oidc": func() ConnectorConfig { return new(oidc.Config) },
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// UnmarshalJSON allows Connector to implement the unmarshaler interface to
|
|
|
|
|
// dynamically determine the type of the connector config.
|
|
|
|
|
func (c *Connector) UnmarshalJSON(b []byte) error {
|
|
|
|
|
var conn struct {
|
|
|
|
|
Type string `json:"type"`
|
|
|
|
|
Name string `json:"name"`
|
|
|
|
|
ID string `json:"id"`
|
|
|
|
|
|
|
|
|
|
Config json.RawMessage `json:"config"`
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
2016-11-04 03:02:23 +05:30
|
|
|
if err := json.Unmarshal(b, &conn); err != nil {
|
|
|
|
|
return fmt.Errorf("parse connector: %v", err)
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
2016-11-04 03:02:23 +05:30
|
|
|
f, ok := connectors[conn.Type]
|
|
|
|
|
if !ok {
|
|
|
|
|
return fmt.Errorf("unknown connector type %q", conn.Type)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
connConfig := f()
|
|
|
|
|
if len(conn.Config) != 0 {
|
|
|
|
|
if err := json.Unmarshal([]byte(conn.Config), connConfig); err != nil {
|
|
|
|
|
return fmt.Errorf("parse connector config: %v", err)
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
|
|
|
|
}
|
2016-11-04 03:02:23 +05:30
|
|
|
*c = Connector{
|
|
|
|
|
Type: conn.Type,
|
|
|
|
|
Name: conn.Type,
|
|
|
|
|
ID: conn.ID,
|
|
|
|
|
Config: connConfig,
|
|
|
|
|
}
|
|
|
|
|
return nil
|
2016-07-26 01:30:28 +05:30
|
|
|
}
|
