You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A very common task when using dex is dynamically re-configuring it. Users install dex with static users then migrate to other connectors like LDAP. Doing this manually is often error prone but automating this process is hard without lots of YAML-foo.
Dex should take inspiration from Kubernetes' component config concept and start treating its configuration as a API that higher level config management systems (like Kubernetes) will have to interact with. This means formalizing, publishing, and versioning dex's configuration format. Possibly as a package, possibly as a JSON schema.
Use of json.RawMessage is problematic since it's by definition unstructured. We might consider modifying our config format to take more explicit fields.
typeConfigstruct {
Connectors []Connector`json:"connectors"`// ...
}
typeConnectorstruct {
Namestring`json:"name"`IDstring`json:"id"`// Enumerate connectors instead of using a RawMessage.LDAP*LDAPConnector`json:"ldap"`OIDC*OIDCConnector`json:"oidc"`SAML*SAMLConnector`json:"saml"`
}
Having certain fields be magically evaluated as ENV vars is somewhat inconsistent since this acts on the raw bytes instead of holding additional fields.
Like json.RawMessage we might consider more explicit fields where filling in a field from an alternative source would be useful:
A very common task when using dex is dynamically re-configuring it. Users install dex with static users then migrate to other connectors like LDAP. Doing this manually is often error prone but automating this process is hard without lots of YAML-foo.
Dex should take inspiration from Kubernetes' component config concept and start treating its configuration as a API that higher level config management systems (like Kubernetes) will have to interact with. This means formalizing, publishing, and versioning dex's configuration format. Possibly as a package, possibly as a JSON schema.
Useful links:
kubernetes/kubernetes#12245
Potential issues:
Like json.RawMessage we might consider more explicit fields where filling in a field from an alternative source would be useful:
cc @rithujohn191 @squat
The text was updated successfully, but these errors were encountered: