forked from argoproj/argo-cd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
114 lines (107 loc) · 3.25 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package dex
import (
"fmt"
"github.com/ghodss/yaml"
"github.com/argoproj/argo-cd/common"
"github.com/argoproj/argo-cd/util/settings"
)
func GenerateDexConfigYAML(settings *settings.ArgoCDSettings) ([]byte, error) {
if !settings.IsDexConfigured() {
return nil, nil
}
var dexCfg map[string]interface{}
err := yaml.Unmarshal([]byte(settings.DexConfig), &dexCfg)
if err != nil {
return nil, fmt.Errorf("failed to unmarshal dex.config from configmap: %v", err)
}
dexCfg["issuer"] = settings.IssuerURL()
dexCfg["storage"] = map[string]interface{}{
"type": "memory",
}
dexCfg["web"] = map[string]interface{}{
"http": "0.0.0.0:5556",
}
dexCfg["grpc"] = map[string]interface{}{
"addr": "0.0.0.0:5557",
}
dexCfg["oauth2"] = map[string]interface{}{
"skipApprovalScreen": true,
}
dexCfg["staticClients"] = []map[string]interface{}{
{
"id": common.ArgoCDClientAppID,
"name": common.ArgoCDClientAppName,
"secret": settings.DexOAuth2ClientSecret(),
"redirectURIs": []string{
settings.RedirectURL(),
},
},
{
"id": common.ArgoCDCLIClientAppID,
"name": common.ArgoCDCLIClientAppName,
"public": true,
"redirectURIs": []string{
"http://localhost",
},
},
}
connectors := dexCfg["connectors"].([]interface{})
for i, connectorIf := range connectors {
connector := connectorIf.(map[string]interface{})
connectorType := connector["type"].(string)
if !needsRedirectURI(connectorType) {
continue
}
connectorCfg := connector["config"].(map[string]interface{})
connectorCfg["redirectURI"] = settings.URL + "/api/dex/callback"
connector["config"] = connectorCfg
connectors[i] = connector
}
dexCfg["connectors"] = connectors
dexCfg = replaceMapSecrets(dexCfg, settings.Secrets)
return yaml.Marshal(dexCfg)
}
// replaceMapSecrets takes a json object and recursively looks for any secret key references in the
// object and replaces the value with the secret value
func replaceMapSecrets(obj map[string]interface{}, secretValues map[string]string) map[string]interface{} {
newObj := make(map[string]interface{})
for k, v := range obj {
switch val := v.(type) {
case map[string]interface{}:
newObj[k] = replaceMapSecrets(val, secretValues)
case []interface{}:
newObj[k] = replaceListSecrets(val, secretValues)
case string:
newObj[k] = settings.ReplaceStringSecret(val, secretValues)
default:
newObj[k] = val
}
}
return newObj
}
func replaceListSecrets(obj []interface{}, secretValues map[string]string) []interface{} {
newObj := make([]interface{}, len(obj))
for i, v := range obj {
switch val := v.(type) {
case map[string]interface{}:
newObj[i] = replaceMapSecrets(val, secretValues)
case []interface{}:
newObj[i] = replaceListSecrets(val, secretValues)
case string:
newObj[i] = settings.ReplaceStringSecret(val, secretValues)
default:
newObj[i] = val
}
}
return newObj
}
// needsRedirectURI returns whether or not the given connector type needs a redirectURI
// Update this list as necessary, as new connectors are added
// https://github.com/dexidp/dex/tree/master/Documentation/connectors
func needsRedirectURI(connectorType string) bool {
switch connectorType {
case "oidc", "saml", "microsoft", "linkedin", "gitlab", "github", "bitbucket-cloud":
return true
}
return false
}