admin: Can use GRPC to manage password
This commit is contained in:
parent
77cdfdb355
commit
e23377329a
|
@ -35,7 +35,8 @@ func declarePasswordRoutes(router *gin.RouterGroup) {
|
||||||
c.JSON(http.StatusOK, gin.H{"password": passwd})
|
c.JSON(http.StatusOK, gin.H{"password": passwd})
|
||||||
})
|
})
|
||||||
router.GET("/dex.yaml", func(c *gin.Context) {
|
router.GET("/dex.yaml", func(c *gin.Context) {
|
||||||
cfg, err := genDexConfig()
|
_, staticpassword := c.Request.URL.Query()["staticpassword"]
|
||||||
|
cfg, err := genDexConfig(staticpassword)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
|
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
|
||||||
return
|
return
|
||||||
|
@ -44,7 +45,8 @@ func declarePasswordRoutes(router *gin.RouterGroup) {
|
||||||
c.String(http.StatusOK, string(cfg))
|
c.String(http.StatusOK, string(cfg))
|
||||||
})
|
})
|
||||||
router.POST("/dex.yaml", func(c *gin.Context) {
|
router.POST("/dex.yaml", func(c *gin.Context) {
|
||||||
if dexcfg, err := genDexConfig(); err != nil {
|
_, staticpassword := c.Request.URL.Query()["staticpassword"]
|
||||||
|
if dexcfg, err := genDexConfig(staticpassword); err != nil {
|
||||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
|
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
|
||||||
return
|
return
|
||||||
} else if err := ioutil.WriteFile(path.Join(pki.PKIDir, "shared", "dex-config.yaml"), []byte(dexcfg), 0644); err != nil {
|
} else if err := ioutil.WriteFile(path.Join(pki.PKIDir, "shared", "dex-config.yaml"), []byte(dexcfg), 0644); err != nil {
|
||||||
|
@ -135,6 +137,10 @@ storage:
|
||||||
file: /var/dex/dex.db
|
file: /var/dex/dex.db
|
||||||
web:
|
web:
|
||||||
http: 0.0.0.0:5556
|
http: 0.0.0.0:5556
|
||||||
|
{{ if .GRPC }}
|
||||||
|
grpc:
|
||||||
|
addr: 127.0.0.1:5557
|
||||||
|
{{ end }}
|
||||||
frontend:
|
frontend:
|
||||||
issuer: Challenge forensic
|
issuer: Challenge forensic
|
||||||
logoURL: {{ .LogoPath }}
|
logoURL: {{ .LogoPath }}
|
||||||
|
@ -210,16 +216,23 @@ type dexConfig struct {
|
||||||
Clients []dexConfigClient
|
Clients []dexConfigClient
|
||||||
Teams []*fic.Team
|
Teams []*fic.Team
|
||||||
LogoPath string
|
LogoPath string
|
||||||
|
GRPC bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func genDexConfig() ([]byte, error) {
|
func genDexConfig(withTeams bool) ([]byte, error) {
|
||||||
if OidcSecret == "" {
|
if OidcSecret == "" {
|
||||||
return nil, fmt.Errorf("Unable to generate dex configuration: OIDC Secret not defined. Please define FICOIDC_SECRET in your environment.")
|
return nil, fmt.Errorf("Unable to generate dex configuration: OIDC Secret not defined. Please define FICOIDC_SECRET in your environment.")
|
||||||
}
|
}
|
||||||
|
|
||||||
teams, err := fic.GetTeams()
|
var teams []*fic.Team
|
||||||
if err != nil {
|
var err error
|
||||||
return nil, err
|
|
||||||
|
// Should teams be included as static passwords, instead of being managed by GRPC
|
||||||
|
if withTeams {
|
||||||
|
teams, err = fic.GetTeams()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
b := bytes.NewBufferString("")
|
b := bytes.NewBufferString("")
|
||||||
|
@ -258,12 +271,20 @@ func genDexConfig() ([]byte, error) {
|
||||||
},
|
},
|
||||||
Teams: teams,
|
Teams: teams,
|
||||||
LogoPath: logoPath,
|
LogoPath: logoPath,
|
||||||
|
GRPC: !withTeams,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("An error occurs during template execution: %w", err)
|
return nil, fmt.Errorf("An error occurs during template execution: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Also generate team associations
|
// Also generate team associations
|
||||||
|
if !withTeams {
|
||||||
|
teams, err = fic.GetTeams()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for _, team := range teams {
|
for _, team := range teams {
|
||||||
if _, err := os.Stat(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err == nil {
|
if _, err := os.Stat(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err == nil {
|
||||||
if err = os.Remove(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err != nil {
|
if err = os.Remove(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err != nil {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user