*: expand environment variables in config

Allow users to define config values which are read form environemnt
variables. Helpful for sensitive variables such as OAuth2 client IDs
or LDAP credentials.
This commit is contained in:
Eric Chiang 2016-10-22 13:36:31 -07:00
parent ba9f6c6cd6
commit a11db557b4
4 changed files with 15 additions and 6 deletions

View file

@ -7,6 +7,7 @@ import (
"log" "log"
"net" "net"
"net/http" "net/http"
"os"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"golang.org/x/net/context" "golang.org/x/net/context"
@ -44,6 +45,7 @@ func serve(cmd *cobra.Command, args []string) error {
if err != nil { if err != nil {
return fmt.Errorf("read config file %s: %v", configFile, err) return fmt.Errorf("read config file %s: %v", configFile, err)
} }
configData = []byte(os.ExpandEnv(string(configData)))
var c Config var c Config
if err := yaml.Unmarshal(configData, &c); err != nil { if err := yaml.Unmarshal(configData, &c); err != nil {

View file

@ -6,7 +6,6 @@ import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"os"
"strconv" "strconv"
"golang.org/x/net/context" "golang.org/x/net/context"
@ -32,8 +31,8 @@ func (c *Config) Open() (connector.Connector, error) {
redirectURI: c.RedirectURI, redirectURI: c.RedirectURI,
org: c.Org, org: c.Org,
oauth2Config: &oauth2.Config{ oauth2Config: &oauth2.Config{
ClientID: os.ExpandEnv(c.ClientID), ClientID: c.ClientID,
ClientSecret: os.ExpandEnv(c.ClientSecret), ClientSecret: c.ClientSecret,
Endpoint: github.Endpoint, Endpoint: github.Endpoint,
Scopes: []string{ Scopes: []string{
"user:email", // View user's email "user:email", // View user's email

View file

@ -5,7 +5,6 @@ import (
"errors" "errors"
"fmt" "fmt"
"net/http" "net/http"
"os"
"github.com/ericchiang/oidc" "github.com/ericchiang/oidc"
"golang.org/x/net/context" "golang.org/x/net/context"
@ -42,12 +41,12 @@ func (c *Config) Open() (conn connector.Connector, err error) {
scopes = append(scopes, "profile", "email") scopes = append(scopes, "profile", "email")
} }
clientID := os.ExpandEnv(c.ClientID) clientID := c.ClientID
return &oidcConnector{ return &oidcConnector{
redirectURI: c.RedirectURI, redirectURI: c.RedirectURI,
oauth2Config: &oauth2.Config{ oauth2Config: &oauth2.Config{
ClientID: clientID, ClientID: clientID,
ClientSecret: os.ExpandEnv(c.ClientSecret), ClientSecret: c.ClientSecret,
Endpoint: provider.Endpoint(), Endpoint: provider.Endpoint(),
Scopes: scopes, Scopes: scopes,
RedirectURL: c.RedirectURI, RedirectURL: c.RedirectURI,

View file

@ -37,6 +37,15 @@ connectors:
- type: mockCallback - type: mockCallback
id: mock id: mock
name: Example name: Example
# - type: oidc
# id: google
# name: Google
# config:
# issuer: https://accounts.google.com
# # Config values starting with a "$" will read from the environment.
# clientID: $GOOGLE_CLIENT_ID
# clientSecret: $GOOGLE_CLIENT_SECRET
# redirectURI: http://127.0.0.1:5556/dex/callback/google
# Let dex keep a list of passwords which can be used to login the user # Let dex keep a list of passwords which can be used to login the user
enablePasswordDB: true enablePasswordDB: true