Skip to content

Commit

Permalink
rename a few config options for consistency
Browse files Browse the repository at this point in the history
config:
  * proxy-prefix -> proxy_prefix
  * google_group -> google_groups
  * github_team  -> github_teams

flags:
  * tls-cert -> tls-cert-file
  * tls-key -> tls-key-file

flags always use dashes, config options always use underscores

flags are singular if they can be specified multiple times,
config options are plural if they take a list

inspired by oauth2-proxy/oauth2-proxy#186

Co-authored-by: Joel Speed <[email protected]>
  • Loading branch information
ploxiln and JoelSpeed committed May 27, 2020
1 parent 434122a commit b315d1b
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 28 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -321,8 +321,8 @@ Usage of oauth2_proxy:
-skip-oidc-discovery: Skip OIDC discovery (login-url, redeem-url and oidc-jwks-url must be configured)
-skip-provider-button: will skip sign-in-page to directly reach the next step: oauth/start
-ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS
-tls-cert string: path to certificate file
-tls-key string: path to private key file
-tls-cert-file string: path to certificate file
-tls-key-file string: path to private key file
-upstream value: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
-validate-url string: Access token validation endpoint
-version: print version string
Expand Down
7 changes: 4 additions & 3 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,13 @@ func mainFlagSet() *flag.FlagSet {
skipAuthRegex := StringArray{}
googleGroups := StringArray{}
gitlabGroups := StringArray{}
githubTeams := StringArray{}

flagSet.String("http-address", "127.0.0.1:4180", "[http://]<addr>:<port> or unix://<path> to listen on for HTTP clients")
flagSet.String("https-address", ":443", "<addr>:<port> to listen on for HTTPS clients")
flagSet.Bool("force-https", false, "redirect http requests to https")
flagSet.String("tls-cert", "", "path to certificate file")
flagSet.String("tls-key", "", "path to private key file")
flagSet.String("tls-cert-file", "", "path to certificate file")
flagSet.String("tls-key-file", "", "path to private key file")
flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path")
flagSet.Bool("set-xauthrequest", false, "set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)")
Expand All @@ -48,7 +49,7 @@ func mainFlagSet() *flag.FlagSet {
flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.")
flagSet.String("bitbucket-team", "", "restrict logins to members of this team")
flagSet.String("github-org", "", "restrict logins to members of this organisation")
flagSet.String("github-team", "", "restrict logins to members of this team (slug) (may be given multiple times)")
flagSet.Var(&githubTeams, "github-team", "restrict logins to members of this team (slug) (may be given multiple times)")
flagSet.Var(&gitlabGroups, "gitlab-group", "restrict logins to members of this group (full path) (may be given multiple times)")
flagSet.Var(&googleGroups, "google-group", "restrict logins to members of this google group (may be given multiple times)")
flagSet.String("google-admin-email", "", "the google admin to impersonate for api calls")
Expand Down
12 changes: 6 additions & 6 deletions options.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,26 +18,26 @@ import (

// Configuration Options that can be set by Command Line Flag, or Config File
type Options struct {
ProxyPrefix string `flag:"proxy-prefix" cfg:"proxy-prefix"`
ProxyPrefix string `flag:"proxy-prefix" cfg:"proxy_prefix"`
ProxyWebSockets bool `flag:"proxy-websockets" cfg:"proxy_websockets"`
HttpAddress string `flag:"http-address" cfg:"http_address"`
HttpsAddress string `flag:"https-address" cfg:"https_address"`
ForceHTTPS bool `flag:"force-https" cfg:"force_https"`
RedirectURL string `flag:"redirect-url" cfg:"redirect_url"`
ClientID string `flag:"client-id" cfg:"client_id" env:"OAUTH2_PROXY_CLIENT_ID"`
ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"OAUTH2_PROXY_CLIENT_SECRET"`
TLSCertFile string `flag:"tls-cert" cfg:"tls_cert_file"`
TLSKeyFile string `flag:"tls-key" cfg:"tls_key_file"`
TLSCertFile string `flag:"tls-cert-file" cfg:"tls_cert_file"`
TLSKeyFile string `flag:"tls-key-file" cfg:"tls_key_file"`

AuthenticatedEmailsFile string `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
AzureTenant string `flag:"azure-tenant" cfg:"azure_tenant"`
BitbucketTeam string `flag:"bitbucket-team" cfg:"bitbucket_team"`
EmailDomains []string `flag:"email-domain" cfg:"email_domains"`
WhitelistDomains []string `flag:"whitelist-domain" cfg:"whitelist_domains" env:"OAUTH2_PROXY_WHITELIST_DOMAINS"`
GitHubOrg string `flag:"github-org" cfg:"github_org"`
GitHubTeam string `flag:"github-team" cfg:"github_team"`
GitHubTeams []string `flag:"github-team" cfg:"github_teams"`
GitLabGroups []string `flag:"gitlab-group" cfg:"gitlab_groups"`
GoogleGroups []string `flag:"google-group" cfg:"google_group"`
GoogleGroups []string `flag:"google-group" cfg:"google_groups"`
GoogleAdminEmail string `flag:"google-admin-email" cfg:"google_admin_email"`
GoogleServiceAccountJSON string `flag:"google-service-account-json" cfg:"google_service_account_json"`
HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"`
Expand Down Expand Up @@ -272,7 +272,7 @@ func parseProviderInfo(o *Options, msgs []string) []string {
case *providers.BitbucketProvider:
p.SetTeam(o.BitbucketTeam)
case *providers.GitHubProvider:
p.SetOrgTeam(o.GitHubOrg, o.GitHubTeam)
p.SetOrgTeam(o.GitHubOrg, o.GitHubTeams)
case *providers.GitLabProvider:
p.SetGroups(o.GitLabGroups)
case *providers.GoogleProvider:
Expand Down
28 changes: 11 additions & 17 deletions providers/github.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,12 @@ import (
"path"
"regexp"
"strconv"
"strings"
)

type GitHubProvider struct {
*ProviderData
Org string
Team string
Org string
Teams []string
}

func NewGitHubProvider(p *ProviderData) *GitHubProvider {
Expand Down Expand Up @@ -56,10 +55,10 @@ func getGitHubHeader(accessToken string) http.Header {
return header
}

func (p *GitHubProvider) SetOrgTeam(org, team string) {
func (p *GitHubProvider) SetOrgTeam(org string, teams []string) {
p.Org = org
p.Team = team
if org != "" || team != "" {
p.Teams = teams
if org != "" || len(teams) > 0 {
p.Scope += " read:org"
}
}
Expand Down Expand Up @@ -149,7 +148,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {

pattern := regexp.MustCompile(`<([^>]+)>; rel="next"`)
var hasOrg bool
presentOrgs := make(map[string]bool)
var presentOrgs []string
var presentTeams []string

for i := 0; i < 10; i++ {
Expand All @@ -175,11 +174,10 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
}

for _, team := range teams {
presentOrgs[team.Org.Login] = true
presentOrgs = append(presentOrgs, team.Org.Login)
if p.Org == team.Org.Login {
hasOrg = true
ts := strings.Split(p.Team, ",")
for _, t := range ts {
for _, t := range p.Teams {
if t == team.Slug {
log.Printf("Found Github Organization:%q Team:%q (Name:%q)",
team.Org.Login, team.Slug, team.Name)
Expand All @@ -198,13 +196,9 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
}

if hasOrg {
log.Printf("Missing Team:%q from Org:%q in teams: %v", p.Team, p.Org, presentTeams)
log.Printf("Missing Team:%v from Org:%q in teams: %v", p.Teams, p.Org, presentTeams)
} else {
var allOrgs []string
for org, _ := range presentOrgs {
allOrgs = append(allOrgs, org)
}
log.Printf("Missing Organization:%q in %#v", p.Org, allOrgs)
log.Printf("Missing Organization:%q in %#v", p.Org, presentOrgs)
}
return false, nil
}
Expand All @@ -219,7 +213,7 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {

// if we require an Org or Team, check that first
if p.Org != "" {
if p.Team != "" {
if len(p.Teams) > 0 {
if ok, err := p.hasOrgAndTeam(s.AccessToken); err != nil || !ok {
return "", err
}
Expand Down

0 comments on commit b315d1b

Please sign in to comment.