Skip to content

Commit d820fd4

Browse files
bonifaidobonifaido
authoredMar 3, 2020
Merge pull request dexidp#1664 from lhotrifork/static-client-env-vars
storage/static.go: expand environment variables in client ID and secret
·
v2.28.0api/v2.0.0
2 parents 30ea963 + 99c3ec6 commit d820fd4

File tree

2 files changed

+26
-3
lines changed

2 files changed

+26
-3
lines changed
 

‎cmd/dex/serve.go

+22-1
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,28 @@ func serve(cmd *cobra.Command, args []string) error {
153153
logger.Infof("config storage: %s", c.Storage.Type)
154154

155155
if len(c.StaticClients) > 0 {
156-
for _, client := range c.StaticClients {
156+
for i, client := range c.StaticClients {
157+
if client.Name == "" {
158+
return fmt.Errorf("invalid config: Name field is required for a client")
159+
}
160+
if client.ID == "" && client.IDEnv == "" {
161+
return fmt.Errorf("invalid config: ID or IDEnv field is required for a client")
162+
}
163+
if client.IDEnv != "" {
164+
if client.ID != "" {
165+
return fmt.Errorf("invalid config: ID and IDEnv fields are exclusive for client %q", client.ID)
166+
}
167+
c.StaticClients[i].ID = os.Getenv(client.IDEnv)
168+
}
169+
if client.Secret == "" && client.SecretEnv == "" {
170+
return fmt.Errorf("invalid config: Secret or SecretEnv field is required for client %q", client.ID)
171+
}
172+
if client.SecretEnv != "" {
173+
if client.Secret != "" {
174+
return fmt.Errorf("invalid config: Secret and SecretEnv fields are exclusive for client %q", client.ID)
175+
}
176+
c.StaticClients[i].Secret = os.Getenv(client.SecretEnv)
177+
}
157178
logger.Infof("config static client: %s", client.Name)
158179
}
159180
s = storage.WithStaticClients(s, c.StaticClients)

‎storage/storage.go

+4-2
Original file line numberDiff line numberDiff line change
@@ -113,8 +113,10 @@ type Storage interface {
113113
// * Public clients: https://developers.google.com/api-client-library/python/auth/installed-app
114114
type Client struct {
115115
// Client ID and secret used to identify the client.
116-
ID string `json:"id" yaml:"id"`
117-
Secret string `json:"secret" yaml:"secret"`
116+
ID string `json:"id" yaml:"id"`
117+
IDEnv string `json:"idEnv" yaml:"idEnv"`
118+
Secret string `json:"secret" yaml:"secret"`
119+
SecretEnv string `json:"secretEnv" yaml:"secretEnv"`
118120

119121
// A registered set of redirect URIs. When redirecting from dex to the client, the URI
120122
// requested to redirect to MUST match one of these values, unless the client is "public".

0 commit comments

Comments
 (0)
Please sign in to comment.