Update option descriptions + prefer multiple singular options
Plus backwards compatability for legacy comma separated list options
This commit is contained in:
Thom Seddon
parent
93912f4a6e
commit
3cc9cd13e1
@ -311,10 +311,20 @@ func (c *CookieDomain) Match(host string) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (c *CookieDomain) UnmarshalFlag(value string) error {
|
||||
*c = *NewCookieDomain(value)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *CookieDomain) MarshalFlag() (string, error) {
|
||||
return c.Domain, nil
|
||||
}
|
||||
|
||||
// Legacy support for comma separated list of cookie domains
|
||||
|
||||
type CookieDomains []CookieDomain
|
||||
|
||||
func (c *CookieDomains) UnmarshalFlag(value string) error {
|
||||
// TODO: test
|
||||
if len(value) > 0 {
|
||||
for _, d := range strings.Split(value, ",") {
|
||||
cookieDomain := NewCookieDomain(d)
|
||||
|
||||
@ -23,31 +23,33 @@ type Config struct {
|
||||
LogLevel string `long:"log-level" env:"LOG_LEVEL" default:"warn" choice:"trace" choice:"debug" choice:"info" choice:"warn" choice:"error" choice:"fatal" choice:"panic" description:"Log level"`
|
||||
LogFormat string `long:"log-format" env:"LOG_FORMAT" default:"text" choice:"text" choice:"json" choice:"pretty" description:"Log format"`
|
||||
|
||||
AuthHost string `long:"auth-host" env:"AUTH_HOST" description:"Host for central auth login"`
|
||||
Config func(s string) error `long:"config" env:"CONFIG" description:"Config file"`
|
||||
CookieDomains CookieDomains `long:"cookie-domains" env:"COOKIE_DOMAINS" description:"Comma separated list of cookie domains"`
|
||||
AuthHost string `long:"auth-host" env:"AUTH_HOST" description:"Single host to use when returning from 3rd party auth"`
|
||||
Config func(s string) error `long:"config" env:"CONFIG" description:"Path to config file"`
|
||||
CookieDomains []CookieDomain `long:"cookie-domain" env:"COOKIE_DOMAIN" description:"Domain to set auth cookie on, can be set multiple times"`
|
||||
InsecureCookie bool `long:"insecure-cookie" env:"INSECURE_COOKIE" description:"Use insecure cookies"`
|
||||
CookieName string `long:"cookie-name" env:"COOKIE_NAME" default:"_forward_auth" description:"Cookie Name"`
|
||||
CSRFCookieName string `long:"csrf-cookie-name" env:"CSRF_COOKIE_NAME" default:"_forward_auth_csrf" description:"CSRF Cookie Name"`
|
||||
DefaultAction string `long:"default-action" env:"DEFAULT_ACTION" default:"auth" choice:"auth" choice:"allow" description:"Default Action"`
|
||||
Domains CommaSeparatedList `long:"domains" env:"DOMAINS" description:"Comma separated list of email domains to allow"`
|
||||
DefaultAction string `long:"default-action" env:"DEFAULT_ACTION" default:"auth" choice:"auth" choice:"allow" description:"Default action"`
|
||||
Domains []string `long:"domain" env:"DOMAIN" description:"Only allow given email domains, can be set multiple times"`
|
||||
LifetimeString int `long:"lifetime" env:"LIFETIME" default:"43200" description:"Lifetime in seconds"`
|
||||
Path string `long:"url-path" env:"URL_PATH" default:"_oauth" description:"Callback URL Path"`
|
||||
SecretString string `long:"secret" env:"SECRET" description:"*Secret used for signing (required)"`
|
||||
Whitelist CommaSeparatedList `long:"whitelist" env:"WHITELIST" description:"Comma separated list of email addresses to allow"`
|
||||
Path string `long:"url-path" env:"URL_PATH" default:"/_oauth" description:"Callback URL Path"`
|
||||
SecretString string `long:"secret" env:"SECRET" description:"Secret used for signing (required)"`
|
||||
Whitelist CommaSeparatedList `long:"whitelist" env:"WHITELIST" description:"Only allow given email addresses, can be set multiple times"`
|
||||
|
||||
Providers provider.Providers `group:"providers" namespace:"providers" env-namespace:"PROVIDERS"`
|
||||
Rules map[string]*Rule `long:"rules.<name>.<param>" description:"Rule definitions, see docs, param can be: \"action\", \"rule\""`
|
||||
Rules map[string]*Rule `long:"rules.<name>.<param>" description:"Rule definitions, param can be: \"action\" or \"rule\""`
|
||||
|
||||
// Filled during transformations
|
||||
Secret []byte
|
||||
Lifetime time.Duration
|
||||
|
||||
// Legacy
|
||||
ClientIdLegacy string `long:"client-id" env:"CLIENT_ID" group:"DEPs" description:"DEPRECATED - Use \"providers.google.client-id\""`
|
||||
ClientSecretLegacy string `long:"client-secret" env:"CLIENT_SECRET" description:"DEPRECATED - Use \"providers.google.client-id\""`
|
||||
PromptLegacy string `long:"prompt" env:"PROMPT" description:"DEPRECATED - Use \"providers.google.prompt\""`
|
||||
CookieSecureLegacy string `long:"cookie-secure" env:"COOKIE_SECURE" namespace:"DERPS" description:"DEPRECATED - Use \"insecure-cookie\""`
|
||||
CookieDomainsLegacy CookieDomains `long:"cookie-domains" env:"COOKIE_DOMAINS" description:"DEPRECATED - Use \"cookie-domain\""`
|
||||
CookieSecureLegacy string `long:"cookie-secure" env:"COOKIE_SECURE" description:"DEPRECATED - Use \"insecure-cookie\""`
|
||||
DomainsLegacy CommaSeparatedList `long:"domains" env:"DOMAINS" description:"DEPRECATED - Use \"domain\""`
|
||||
ClientIdLegacy string `long:"client-id" env:"CLIENT_ID" group:"DEPs" description:"DEPRECATED - Use \"providers.google.client-id\""`
|
||||
ClientSecretLegacy string `long:"client-secret" env:"CLIENT_SECRET" description:"DEPRECATED - Use \"providers.google.client-id\""`
|
||||
PromptLegacy string `long:"prompt" env:"PROMPT" description:"DEPRECATED - Use \"providers.google.prompt\""`
|
||||
}
|
||||
|
||||
func NewGlobalConfig() Config {
|
||||
@ -91,12 +93,20 @@ func NewConfig(args []string) (Config, error) {
|
||||
}
|
||||
c.InsecureCookie = !secure
|
||||
}
|
||||
if len(c.CookieDomainsLegacy) > 0 {
|
||||
c.CookieDomains = append(c.CookieDomains, c.CookieDomainsLegacy...)
|
||||
}
|
||||
if len(c.DomainsLegacy) > 0 {
|
||||
c.Domains = append(c.Domains, c.DomainsLegacy...)
|
||||
}
|
||||
|
||||
// Provider defaults
|
||||
c.Providers.Google.Build()
|
||||
|
||||
// Transformations
|
||||
c.Path = fmt.Sprintf("/%s", c.Path)
|
||||
if len(c.Path) > 0 && c.Path[0] != '/' {
|
||||
c.Path = "/" + c.Path
|
||||
}
|
||||
c.Secret = []byte(c.SecretString)
|
||||
c.Lifetime = time.Second * time.Duration(c.LifetimeString)
|
||||
|
||||
@ -250,10 +260,12 @@ func (r *Rule) Validate() {
|
||||
}
|
||||
}
|
||||
|
||||
// Legacy support for comma separated lists
|
||||
|
||||
type CommaSeparatedList []string
|
||||
|
||||
func (c *CommaSeparatedList) UnmarshalFlag(value string) error {
|
||||
*c = strings.Split(value, ",")
|
||||
*c = append(*c, strings.Split(value, ",")...)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@ -6,6 +6,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
/**
|
||||
@ -44,7 +45,7 @@ func TestConfigParseArgs(t *testing.T) {
|
||||
"--rule.two.action=auth",
|
||||
"--rule.two.rule=\"Host(`two.com`) && Path(`/two`)\"",
|
||||
})
|
||||
assert.Nil(err)
|
||||
require.Nil(t, err)
|
||||
|
||||
// Check normal flags
|
||||
assert.Equal("cookiename", c.CookieName)
|
||||
@ -82,9 +83,30 @@ func TestConfigFlagBackwardsCompatability(t *testing.T) {
|
||||
"--prompt=prompt",
|
||||
"--lifetime=200",
|
||||
"--cookie-secure=false",
|
||||
"--cookie-domains=test1.com,example.org",
|
||||
"--cookie-domain=another1.net",
|
||||
"--domains=test2.com,example.org",
|
||||
"--domain=another2.net",
|
||||
"--whitelist=test3.com,example.org",
|
||||
"--whitelist=another3.net",
|
||||
})
|
||||
assert.Nil(err)
|
||||
require.Nil(t, err)
|
||||
|
||||
// The following used to be passed as comma separated list
|
||||
expected1 := []CookieDomain{
|
||||
*NewCookieDomain("another1.net"),
|
||||
*NewCookieDomain("test1.com"),
|
||||
*NewCookieDomain("example.org"),
|
||||
}
|
||||
assert.Equal(expected1, c.CookieDomains, "should read legacy comma separated list cookie-domains")
|
||||
|
||||
expected2 := []string{"another2.net", "test2.com", "example.org"}
|
||||
assert.Equal(expected2, c.Domains, "should read legacy comma separated list domains")
|
||||
|
||||
expected3 := CommaSeparatedList{"test3.com", "example.org", "another3.net"}
|
||||
assert.Equal(expected3, c.Whitelist, "should read legacy comma separated list whitelist")
|
||||
|
||||
// Google provider params used to be top level
|
||||
assert.Equal("clientid", c.ClientIdLegacy)
|
||||
assert.Equal("clientid", c.Providers.Google.ClientId, "--client-id should set providers.google.client-id")
|
||||
assert.Equal("verysecret", c.ClientSecretLegacy)
|
||||
@ -111,7 +133,7 @@ func TestConfigParseIni(t *testing.T) {
|
||||
"--config=../test/config1",
|
||||
"--csrf-cookie-name=csrfcookiename",
|
||||
})
|
||||
assert.Nil(err)
|
||||
require.Nil(t, err)
|
||||
|
||||
assert.Equal("inicookiename", c.CookieName, "should be read from ini file")
|
||||
assert.Equal("csrfcookiename", c.CSRFCookieName, "should be read from ini file")
|
||||
@ -123,7 +145,7 @@ func TestConfigFileBackwardsCompatability(t *testing.T) {
|
||||
c, err := NewConfig([]string{
|
||||
"--config=../test/config-legacy",
|
||||
})
|
||||
assert.Nil(err)
|
||||
require.Nil(t, err)
|
||||
|
||||
assert.Equal("/two", c.Path, "Variable in legacy config file should be read")
|
||||
}
|
||||
@ -144,7 +166,7 @@ func TestConfigTransformation(t *testing.T) {
|
||||
"--secret=verysecret",
|
||||
"--lifetime=200",
|
||||
})
|
||||
assert.Nil(err)
|
||||
require.Nil(t, err)
|
||||
|
||||
assert.Equal("/_oauthpath", c.Path, "path should add slash to front")
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user