From e9b83e0a45b1b7b2b87237692cf58882d9531cec Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sat, 23 Jan 2021 18:17:07 +0100 Subject: [PATCH 1/2] chore: add a new basic config example The dev config example is used for documentation purposes, but it's also full of development specific configuration. This change adds a new config example that should serve as a default, empty config as well as documentation. The dev example should only contain the relevant configuration. Signed-off-by: Mark Sagi-Kazar --- .editorconfig | 3 ++ config.yaml.dist | 131 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+) create mode 100644 config.yaml.dist diff --git a/.editorconfig b/.editorconfig index 5cac4723..a47b7d48 100644 --- a/.editorconfig +++ b/.editorconfig @@ -16,3 +16,6 @@ indent_size = 2 [{Makefile,*.mk}] indent_style = tab + +[config.yaml.dist] +indent_size = 2 diff --git a/config.yaml.dist b/config.yaml.dist new file mode 100644 index 00000000..dd8056fc --- /dev/null +++ b/config.yaml.dist @@ -0,0 +1,131 @@ +# The base path of Dex and the external name of the OpenID Connect service. +# This is the canonical URL that all clients MUST use to refer to Dex. If a +# path is provided, Dex's HTTP service will listen at a non-root URL. +issuer: http://127.0.0.1:5556/dex + +# The storage configuration determines where Dex stores its state. +# Supported options include: +# - SQL flavors +# - key-value stores (eg. etcd) +# - Kubernetes Custom Resources +# +# See the documentation (https://dexidp.io/docs/storage/) for further information. +storage: + type: memory + + # type: sqlite3 + # config: + # file: /var/dex/dex.db + + # type: mysql + # config: + # host: 127.0.0.1 + # port: 3306 + # database: dex + # user: mysql + # password: mysql + # ssl: + # mode: "false" + + # type: postgres + # config: + # host: 127.0.0.1 + # port: 5432 + # database: dex + # user: postgres + # password: postgres + # ssl: + # mode: disable + + # type: etcd + # config: + # endpoints: + # - http://127.0.0.1:2379 + # namespace: dex/ + + # type: kubernetes + # config: + # kubeConfigFile: $HOME/.kube/config + +# HTTP service configuration +web: + http: 127.0.0.1:5556 + + # Uncomment to enable HTTPS endpoint. + # https: 127.0.0.1:5554 + # tlsCert: /etc/dex/tls.crt + # tlsKey: /etc/dex/tls.key + +# Dex UI configuration +# frontend: +# issuer: dex +# logoURL: theme/logo.png +# dir: web/ +# theme: light + +# Telemetry configuration +# telemetry: +# http: 127.0.0.1:5558 + +# logger: +# level: "debug" +# format: "text" # can also be "json" + +# gRPC API configuration +# Uncomment this block to enable the gRPC API. +# See the documentation (https://dexidp.io/docs/api/) for further information. +# grpc: +# addr: 127.0.0.1:5557 +# tlsCert: examples/grpc-client/server.crt +# tlsKey: examples/grpc-client/server.key +# tlsClientCA: examples/grpc-client/ca.crt + +# Expiration configuration for tokens, signing keys, etc. +# expiry: +# deviceRequests: "5m" +# signingKeys: "6h" +# idTokens: "24h" + +# OAuth2 configuration +# oauth2: +# # use ["code", "token", "id_token"] to enable implicit flow for web-only clients +# responseTypes: [ "code" ] # also allowed are "token" and "id_token" +# +# # By default, Dex will ask for approval to share data with application +# # (approval for sharing data from connected IdP to Dex is separate process on IdP) +# skipApprovalScreen: false +# +# # If only one authentication method is enabled, the default behavior is to +# # go directly to it. For connected IdPs, this redirects the browser away +# # from application to upstream provider such as the Google login page +# alwaysShowLoginScreen: false +# +# # Uncomment to use a specific connector for password grants +# passwordConnector: local + +# Static clients registered in Dex by default. +# +# Alternatively, clients may be added through the gRPC API. +# staticClients: +# - id: example-app +# redirectURIs: +# - 'http://127.0.0.1:5555/callback' +# name: 'Example App' +# secret: ZXhhbXBsZS1hcHAtc2VjcmV0 + +# Connectors are used to authenticate users agains upstream identity providers. +# +# See the documentation (https://dexidp.io/docs/connectors/) for further information. +# connectors: [] + +# Enable the password database. +# +# It's a "virtual" connector (identity provider) that stores +# login credentials in Dex's store. +enablePasswordDB: true + +# If this option isn't chosen users may be added through the gRPC API. +# A static list of passwords for the password connector. +# +# Alternatively, passwords my be added/updated through the gRPC API. +# staticPasswords: [] From 27a43669a734f7cc6f370b6285588aacff304608 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sat, 23 Jan 2021 18:25:47 +0100 Subject: [PATCH 2/2] chore: add new development configuration Signed-off-by: Mark Sagi-Kazar --- .editorconfig | 2 +- config.dev.yaml | 35 +++++++++++++++++++++++++++++++++++ examples/config-dev.yaml | 3 +++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 config.dev.yaml diff --git a/.editorconfig b/.editorconfig index a47b7d48..27917441 100644 --- a/.editorconfig +++ b/.editorconfig @@ -17,5 +17,5 @@ indent_size = 2 [{Makefile,*.mk}] indent_style = tab -[config.yaml.dist] +[{config.yaml.dist,config.dev.yaml}] indent_size = 2 diff --git a/config.dev.yaml b/config.dev.yaml new file mode 100644 index 00000000..dda65e08 --- /dev/null +++ b/config.dev.yaml @@ -0,0 +1,35 @@ +issuer: http://127.0.0.1:5556/dex + +storage: + type: sqlite3 + config: + file: var/sqlite/dex.db + +web: + http: 127.0.0.1:5556 + +telemetry: + http: 127.0.0.1:5558 + +grpc: + addr: 127.0.0.1:5557 + +staticClients: + - id: example-app + redirectURIs: + - 'http://127.0.0.1:5555/callback' + name: 'Example App' + secret: ZXhhbXBsZS1hcHAtc2VjcmV0 + +connectors: + - type: mockCallback + id: mock + name: Example + +enablePasswordDB: true + +staticPasswords: + - email: "admin@example.com" + hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" + username: "admin" + userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" diff --git a/examples/config-dev.yaml b/examples/config-dev.yaml index d894984d..1ca7aa66 100644 --- a/examples/config-dev.yaml +++ b/examples/config-dev.yaml @@ -1,3 +1,6 @@ +# DEPRECATED: use config.yaml.dist and config.dev.yaml examples in the repository root. +# TODO: keep this until all references are updated. + # The base path of dex and the external name of the OpenID Connect service. # This is the canonical URL that all clients MUST use to refer to dex. If a # path is provided, dex's HTTP service will listen at a non-root URL.