mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Switch to gomplate 

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
pull/1893/head
m.nabokikh 5 years ago
parent
891fa1785f
commit
e13aac4963
4 changed files with 81 additions and 46 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      Dockerfile
  2. 13
      entrypoint.sh
  3. 54
      examples/config-example.tmpl
  4. 44
      examples/config.tmpl

16
Dockerfile
Unescape View File

@ -27,11 +27,22 @@ FROM alpine:3.13.1
# experience when this doesn't work out of the box.
#
# OpenSSL is required so wget can query HTTPS endpoints for health checking.
ARG TARGETARCH
ARG TARGETVARIANT=""
ARG GOMPLATE_VERSION=v3.9.0
RUN apk add --no-cache --update ca-certificates openssl
RUN wget -O /usr/local/bin/gomplate \
"https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_linux-${TARGETARCH:-amd64}${TARGETVARIANT}" \
&& chmod +x /usr/local/bin/gomplate
RUN mkdir -p /var/dex
RUN chown -R 1001:1001 /var/dex
RUN mkdir -p /etc/dex
COPY examples/config-example.tmpl /etc/dex/config.tmpl
RUN chown -R 1001:1001 /etc/dex
# Copy module files for CVE scanning / dependency analysis.
COPY --from=builder /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/
COPY --from=builder /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/
@ -46,6 +57,7 @@ COPY --from=builder /usr/local/src/dex/web /web
USER 1001:1001
ENTRYPOINT ["dex"]
COPY entrypoint.sh /
CMD ["version"]
ENTRYPOINT ["/entrypoint.sh"]
CMD ["serve", "/etc/dex/config.tmpl"]

13
entrypoint.sh
Unescape View File

@ -0,0 +1,13 @@
#!/bin/sh -e
### Usage: /entrypoint.sh <command> <args>
set -e
command=$1
if [ "$command" == "serve" ]; then
file="$2"
gomplate -f "$file" -o "/etc/dex/config.yaml";
exec dex serve "/etc/dex/config.yaml"
else
exec dex $@
fi

54
examples/config-example.tmpl
Unescape View File

@ -0,0 +1,54 @@
issuer: {{ getenv "DEX_ISSUER" "http://127.0.0.1:5556/dex" }}
storage:
type: sqlite3
config:
file: {{ getenv "DEX_STORAGE_SQLITE3_CONFIG_FILE" "/etc/dex/dex.db" }}
web:
{{- if getenv "DEX_WEB_HTTPS" "" }}
https: {{ .Env.DEX_WEB_HTTPS }}
{{- if getenv "DEX_WEB_TLS_KEY" }}
tlsKey: {{ .Env.DEX_WEB_TLS_KEY }}
{{- else }}
{{- fail "$DEX_WEB_TLS_KEY is required" }}
{{- end }}
{{- if getenv "DEX_WEB_TLS_CERT" "" }}
tlsCert: {{ .Env.DEX_WEB_TLS_CERT }}
{{- else }}
{{- fail "$DEX_WEB_TLS_CERT is required" }}
{{- end }}
{{- end }}
http: {{ getenv "DEX_WEB_HTTP" "0.0.0.0:5556" }}
{{- if getenv "DEX_TELEMETRY_HTTP" "" }}
telemetry:
http: {{ .Env.DEX_TELEMETRY_HTTP }}
{{- end }}
expiry:
deviceRequests: {{ getenv "DEX_EXPIRY_DEVICE_REQUESTS" "5m" }}
signingKeys: {{ getenv "DEX_EXPIRY_SIGNING_KEYS" "6h" }}
idTokens: {{ getenv "DEX_EXPIRY_ID_TOKENS" "24h" }}
authRequests: {{ getenv "DEX_EXPIRY_AUTH_REQUESTS" "24h" }}
logger:
level: {{ getenv "DEX_LOGGER_LEVEL" "info" }}
format: {{ getenv "DEX_LOGGER_FORMAT" "text" }}
oauth2:
responseTypes: {{ getenv "DEX_OAUTH2_RESPONSE_TYPES" "[code]" }}
skipApprovalScreen: {{ getenv "DEX_OAUTH2_SKIP_APPROVAL_SCREEN" "false" }}
alwaysShowLoginScreen: {{ getenv "DEX_OAUTH2_ALWAYS_SHOW_LOGIN_SCREEN" "false" }}
{{- if getenv "DEX_OAUTH2_PASSWORD_CONNECTOR" "" }}
passwordConnector: {{ .Env.DEX_OAUTH2_PASSWORD_CONNECTOR }}
{{- end }}
enablePasswordDB: {{ getenv "DEX_ENABLE_PASSWORD_DB" "true" }}
connectors:
{{- if getenv "DEX_CONNECTORS_ENABLE_MOCK" "" }}
- type: mockCallback
id: mock
name: Example
{{- end }}

44
examples/config.tmpl
Unescape View File

@ -1,44 +0,0 @@
issuer: {{ default .Env.DEX_ISSUER "http://127.0.0.1:5556/dex" }}
storage:
type: sqlite3
config:
file: {{ default .Env.DEX_STORAGE_SQLITE3_CONFIG_FILE "/etc/dex/dex.db" }}
web:
{{- if .Env.DEX_WEB_HTTPS }}
https: {{ .Env.DEX_WEB_HTTPS }}
{{- else }}
http: {{ default .Env.DEX_WEB_HTTP "0.0.0.0:5556" }}
{{- end }}
{{- if .Env.DEX_WEB_TLS_KEY }}
tlsKey: {{ .Env.DEX_WEB_TLS_KEY }}
{{- end }}
{{- if .Env.DEX_WEB_TLS_CERT }}
tlsCert: {{ .Env.DEX_WEB_TLS_CERT }}
{{- end }}
{{- if .Env.DEX_TELEMETRY_HTTP }}
telemetry:
http: {{ .Env.DEX_TELEMETRY_HTTP }}
{{- end }}
expiry:
deviceRequests: {{ default .Env.DEX_EXPIRY_DEVICE_REQUESTS "5m" }}
signingKeys: {{ default .Env.DEX_EXPIRY_SIGNING_KEYS "6h" }}
idTokens: {{ default .Env.DEX_EXPIRY_ID_TOKENS "24h" }}
authRequests: {{ default .Env.DEX_EXPIRY_AUTH_REQUESTS "24h" }}
logger:
level: {{ default .Env.DEX_LOGGER_LEVEL "info" }}
format: {{ default .Env.DEX_LOGGER_FORMAT "text" }}
oauth2:
responseTypes: {{ default .Env.DEX_OAUTH2_RESPONSE_TYPES "[code]" }}
skipApprovalScreen: {{ default .Env.DEX_OAUTH2_SKIP_APPROVAL_SCREEN "false" }}
alwaysShowLoginScreen: {{ default .Env.DEX_OAUTH2_ALWAYS_SHOW_LOGIN_SCREEN "false" }}
{{- if .Env.DEX_OAUTH2_PASSWORD_CONNECTOR }}
passwordConnector: {{ .Env.DEX_OAUTH2_PASSWORD_CONNECTOR }}
{{- end }}
enablePasswordDB: {{ default .Env.DEX_ENABLE_PASSWORD_DB "true" }}
Write Preview
Loading…
Cancel
Save