k-space/dex
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

Add ability to set ID and Secret from environment variables for static clients

Browse Source 
Having ID and Secret in clear inside configuration files for static
clients is not ideal. This commit allows setting these from environment
variables.

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@gmx.fr>
This commit is contained in:
Yann Soubeyrand 2019-04-18 13:55:08 +02:00 committed by Lasse Højgaard
parent 30ea963bb6
commit 99c3ec6820
2 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
cmd/dex/serve.go
View File

@ -153,7 +153,28 @@ func serve(cmd *cobra.Command, args []string) error {
logger.Infof("config storage: %s", c.Storage.Type)
if len(c.StaticClients) > 0 {
for _, client := range c.StaticClients {
for i, client := range c.StaticClients {
if client.Name == "" {
return fmt.Errorf("invalid config: Name field is required for a client")
}
if client.ID == "" && client.IDEnv == "" {
return fmt.Errorf("invalid config: ID or IDEnv field is required for a client")
}
if client.IDEnv != "" {
if client.ID != "" {
return fmt.Errorf("invalid config: ID and IDEnv fields are exclusive for client %q", client.ID)
}
c.StaticClients[i].ID = os.Getenv(client.IDEnv)
}
if client.Secret == "" && client.SecretEnv == "" {
return fmt.Errorf("invalid config: Secret or SecretEnv field is required for client %q", client.ID)
}
if client.SecretEnv != "" {
if client.Secret != "" {
return fmt.Errorf("invalid config: Secret and SecretEnv fields are exclusive for client %q", client.ID)
}
c.StaticClients[i].Secret = os.Getenv(client.SecretEnv)
}
logger.Infof("config static client: %s", client.Name)
}
s = storage.WithStaticClients(s, c.StaticClients)

2
storage/storage.go
View File

@ -114,7 +114,9 @@ type Storage interface {
type Client struct {
// Client ID and secret used to identify the client.
ID string `json:"id" yaml:"id"`
IDEnv string `json:"idEnv" yaml:"idEnv"`
Secret string `json:"secret" yaml:"secret"`
SecretEnv string `json:"secretEnv" yaml:"secretEnv"`
// A registered set of redirect URIs. When redirecting from dex to the client, the URI
// requested to redirect to MUST match one of these values, unless the client is "public".