Merge pull request #669 from ericchiang/config-env
cmd/dex: only expand from env for storages and connectors
This commit is contained in:
commit
96fb0733fe
@ -4,6 +4,7 @@ import (
|
|||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"os"
|
||||||
|
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
|
|
||||||
@ -145,7 +146,8 @@ func (s *Storage) UnmarshalJSON(b []byte) error {
|
|||||||
|
|
||||||
storageConfig := f()
|
storageConfig := f()
|
||||||
if len(store.Config) != 0 {
|
if len(store.Config) != 0 {
|
||||||
if err := json.Unmarshal([]byte(store.Config), storageConfig); err != nil {
|
data := []byte(os.ExpandEnv(string(store.Config)))
|
||||||
|
if err := json.Unmarshal(data, storageConfig); err != nil {
|
||||||
return fmt.Errorf("parse storace config: %v", err)
|
return fmt.Errorf("parse storace config: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -199,7 +201,8 @@ func (c *Connector) UnmarshalJSON(b []byte) error {
|
|||||||
|
|
||||||
connConfig := f()
|
connConfig := f()
|
||||||
if len(conn.Config) != 0 {
|
if len(conn.Config) != 0 {
|
||||||
if err := json.Unmarshal([]byte(conn.Config), connConfig); err != nil {
|
data := []byte(os.ExpandEnv(string(conn.Config)))
|
||||||
|
if err := json.Unmarshal(data, connConfig); err != nil {
|
||||||
return fmt.Errorf("parse connector config: %v", err)
|
return fmt.Errorf("parse connector config: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -39,9 +39,8 @@ connectors:
|
|||||||
name: Google
|
name: Google
|
||||||
config:
|
config:
|
||||||
issuer: https://accounts.google.com
|
issuer: https://accounts.google.com
|
||||||
# Config values starting with a "$" will read from the environment.
|
clientID: foo
|
||||||
clientID: $GOOGLE_CLIENT_ID
|
clientSecret: bar
|
||||||
clientSecret: $GOOGLE_CLIENT_SECRET
|
|
||||||
redirectURI: http://127.0.0.1:5556/dex/callback/google
|
redirectURI: http://127.0.0.1:5556/dex/callback/google
|
||||||
|
|
||||||
enablePasswordDB: true
|
enablePasswordDB: true
|
||||||
@ -96,8 +95,8 @@ expiry:
|
|||||||
Name: "Google",
|
Name: "Google",
|
||||||
Config: &oidc.Config{
|
Config: &oidc.Config{
|
||||||
Issuer: "https://accounts.google.com",
|
Issuer: "https://accounts.google.com",
|
||||||
ClientID: "$GOOGLE_CLIENT_ID",
|
ClientID: "foo",
|
||||||
ClientSecret: "$GOOGLE_CLIENT_SECRET",
|
ClientSecret: "bar",
|
||||||
RedirectURI: "http://127.0.0.1:5556/dex/callback/google",
|
RedirectURI: "http://127.0.0.1:5556/dex/callback/google",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -9,7 +9,6 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/ghodss/yaml"
|
"github.com/ghodss/yaml"
|
||||||
@ -48,7 +47,6 @@ func serve(cmd *cobra.Command, args []string) error {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("read config file %s: %v", configFile, err)
|
return fmt.Errorf("read config file %s: %v", configFile, err)
|
||||||
}
|
}
|
||||||
configData = []byte(os.ExpandEnv(string(configData)))
|
|
||||||
|
|
||||||
var c Config
|
var c Config
|
||||||
if err := yaml.Unmarshal(configData, &c); err != nil {
|
if err := yaml.Unmarshal(configData, &c); err != nil {
|
||||||
|
@ -58,7 +58,7 @@ enablePasswordDB: true
|
|||||||
staticPasswords:
|
staticPasswords:
|
||||||
- email: "admin@example.com"
|
- email: "admin@example.com"
|
||||||
# bcrypt hash of the string "password"
|
# bcrypt hash of the string "password"
|
||||||
hash: "$2a$10$33EMT0cVYVlPy6WAMCLsceLYjWhuHpbz5yuZxu/GAFj03J9Lytjuy"
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
username: "admin"
|
username: "admin"
|
||||||
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user