Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable expand env for oidc discovery provider #5689

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
9 changes: 7 additions & 2 deletions support/oidc-discovery-provider/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"time"

"github.com/hashicorp/hcl"
"github.com/spiffe/spire/pkg/common/config"
"github.com/zeebo/errs"
)

Expand Down Expand Up @@ -185,12 +186,16 @@ type experimentalWorkloadAPIConfig struct {
NamedPipeName string `hcl:"named_pipe_name" json:"named_pipe_name"`
}

func LoadConfig(path string) (*Config, error) {
func LoadConfig(path string, expandEnv bool) (*Config, error) {
hclBytes, err := os.ReadFile(path)
if err != nil {
return nil, errs.New("unable to load configuration: %v", err)
}
return ParseConfig(string(hclBytes))
hclString := string(hclBytes)
if expandEnv {
hclString = config.ExpandEnv(hclString)
}
return ParseConfig(hclString)
}

func ParseConfig(hclConfig string) (_ *Config, err error) {
Expand Down
10 changes: 10 additions & 0 deletions support/oidc-discovery-provider/config_posix_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,16 @@ var (
address = "unix:///some/socket/path"
}
`
minimalEnvServerAPIConfig = `
domains = ["${SPIFFE_TRUST_DOMAIN}"]
acme {
email = "admin@${SPIFFE_TRUST_DOMAIN}"
tos_accepted = true
}
server_api {
address = "unix:///some/socket/path"
}
`

serverAPIConfig = &ServerAPIConfig{
Address: "unix:///some/socket/path",
Expand Down
22 changes: 20 additions & 2 deletions support/oidc-discovery-provider/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,32 @@ func TestLoadConfig(t *testing.T) {

confPath := filepath.Join(dir, "test.conf")

_, err := LoadConfig(confPath)
_, err := LoadConfig(confPath, false)
require.Error(err)
require.Contains(err.Error(), "unable to load configuration:")

err = os.WriteFile(confPath, []byte(minimalEnvServerAPIConfig), 0600)
require.NoError(err)

os.Setenv("SPIFFE_TRUST_DOMAIN", "domain.test")
config, err := LoadConfig(confPath, true)
require.NoError(err)

require.Equal(&Config{
LogLevel: defaultLogLevel,
Domains: []string{"domain.test"},
ACME: &ACMEConfig{
CacheDir: defaultCacheDir,
Email: "admin@domain.test",
ToSAccepted: true,
},
ServerAPI: serverAPIConfig,
}, config)

err = os.WriteFile(confPath, []byte(minimalServerAPIConfig), 0600)
require.NoError(err)

config, err := LoadConfig(confPath)
config, err = LoadConfig(confPath, false)
require.NoError(err)

require.Equal(&Config{
Expand Down
12 changes: 12 additions & 0 deletions support/oidc-discovery-provider/config_windows_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,18 @@ var (
}
}
`
minimalEnvServerAPIConfig = `
domains = ["${SPIFFE_TRUST_DOMAIN}"]
acme {
email = "admin@${SPIFFE_TRUST_DOMAIN}"
tos_accepted = true
}
server_api {
experimental {
named_pipe_name = "\\name\\for\\server\\api"
}
}
`

serverAPIConfig = &ServerAPIConfig{
Experimental: experimentalServerAPIConfig{
Expand Down
7 changes: 4 additions & 3 deletions support/oidc-discovery-provider/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
var (
versionFlag = flag.Bool("version", false, "print version")
configFlag = flag.String("config", "oidc-discovery-provider.conf", "configuration file")
expandEnv = flag.Bool("expandEnv", false, "expand environment variables in config file")
)

func main() {
Expand All @@ -35,14 +36,14 @@ func main() {
os.Exit(0)
}

if err := run(*configFlag); err != nil {
if err := run(*configFlag, *expandEnv); err != nil {
fmt.Fprintf(os.Stderr, "%+v\n", err)
os.Exit(1)
}
}

func run(configPath string) error {
config, err := LoadConfig(configPath)
func run(configPath string, expandEnv bool) error {
config, err := LoadConfig(configPath, expandEnv)
if err != nil {
return err
}
Expand Down
Loading