Enable expand env for oidc discovery provider

support/oidc-discovery-provider/config.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/hcl"
+	"github.com/spiffe/spire/pkg/common/config"
 	"github.com/zeebo/errs"
 )
 
@@ -185,12 +186,16 @@ type experimentalWorkloadAPIConfig struct {
 	NamedPipeName string `hcl:"named_pipe_name" json:"named_pipe_name"`
 }
 
-func LoadConfig(path string) (*Config, error) {
+func LoadConfig(path string, expandEnv bool) (*Config, error) {
 	hclBytes, err := os.ReadFile(path)
 	if err != nil {
 		return nil, errs.New("unable to load configuration: %v", err)
 	}
-	return ParseConfig(string(hclBytes))
+	hclString := string(hclBytes)
+	if expandEnv {
+		hclString = config.ExpandEnv(hclString)
+	}
+	return ParseConfig(hclString)
 }
 
 func ParseConfig(hclConfig string) (_ *Config, err error) {

support/oidc-discovery-provider/config_test.go

@@ -23,14 +23,14 @@ func TestLoadConfig(t *testing.T) {
 
 	confPath := filepath.Join(dir, "test.conf")
 
-	_, err := LoadConfig(confPath)
+	_, err := LoadConfig(confPath, false)
 	require.Error(err)
 	require.Contains(err.Error(), "unable to load configuration:")
 
 	err = os.WriteFile(confPath, []byte(minimalServerAPIConfig), 0600)
 	require.NoError(err)
 
-	config, err := LoadConfig(confPath)
+	config, err := LoadConfig(confPath, false)
 	require.NoError(err)
 
 	require.Equal(&Config{

support/oidc-discovery-provider/main.go

@@ -25,6 +25,7 @@ import (
 var (
 	versionFlag = flag.Bool("version", false, "print version")
 	configFlag  = flag.String("config", "oidc-discovery-provider.conf", "configuration file")
+	expandEnv   = flag.Bool("expandEnv", false, "expand environment variables in config file")
 )
 
 func main() {
@@ -35,14 +36,14 @@ func main() {
 		os.Exit(0)
 	}
 
-	if err := run(*configFlag); err != nil {
+	if err := run(*configFlag, *expandEnv); err != nil {
 		fmt.Fprintf(os.Stderr, "%+v\n", err)
 		os.Exit(1)
 	}
 }
 
-func run(configPath string) error {
-	config, err := LoadConfig(configPath)
+func run(configPath string, expandEnv bool) error {
+	config, err := LoadConfig(configPath, expandEnv)
 	if err != nil {
 		return err
 	}