Closed jphines closed 5 years ago
Merging #212 into master will decrease coverage by
1.14%
. The diff coverage is56.75%
.
@@ Coverage Diff @@
## master #212 +/- ##
==========================================
- Coverage 62.34% 61.19% -1.15%
==========================================
Files 49 50 +1
Lines 4002 4069 +67
==========================================
- Hits 2495 2490 -5
- Misses 1352 1392 +40
- Partials 155 187 +32
Impacted Files | Coverage Δ | |
---|---|---|
internal/auth/providers/google_admin.go | 0% <0%> (ø) |
:arrow_up: |
internal/proxy/proxy.go | 24.39% <0%> (-1.93%) |
:arrow_down: |
internal/auth/providers/test_provider.go | 0% <0%> (ø) |
:arrow_up: |
internal/auth/authenticator.go | 86.39% <100%> (-0.06%) |
:arrow_down: |
internal/proxy/proxy_config.go | 78.14% <100%> (+0.12%) |
:arrow_up: |
internal/auth/configuration.go | 49.73% <49.73%> (ø) |
|
internal/auth/providers/google.go | 59.2% <50%> (+1.16%) |
:arrow_up: |
internal/auth/mux.go | 75% <61.53%> (-0.72%) |
:arrow_down: |
internal/auth/options.go | 76.19% <73.58%> (-8.48%) |
:arrow_down: |
internal/proxy/options.go | 83.59% <80%> (-2%) |
:arrow_down: |
... and 2 more |
Below is a list of OLD_CONFIG
-> NEW_CONFIG
pairs to further aid and support anyone moving over to this new configuration set.
*
in PROVIDER_*_TYPE
and others represents a unique identifier grouping together a set of provider configs.
### SESSION
(NEW) -> SESSION_COOKIE_NAME
COOKIE_SECRET -> SESSION_COOKIE_SECRET
COOKIE_EXPIRE -> SESSION_COOKIE_EXPIRE
COOKIE_DOMAIN -> SESSION_COOKIE_DOMAIN
COOKIE_REFRESH -> SESSION_COOKIE_REFRESH
COOKIE_SECURE -> SESSION_COOKIE_SECURE
COOKIE_HTTP_ONLY -> SESSION_COOKIE_HTTPONLY
SESSION_LIFETIME_TTL -> SESSION_LIFETIME
AUTH_CODE_SECRET -> SESSION_KEY
### CLIENT
PROXY_CLIENT_ID -> CLIENT_PROXY_ID
PROXY_CLIENT_SECRET -> CLIENT_PROXY_SECRET
### PROVIDER CONFIG FOR GOOGLE
(NEW) -> PROVIDER_*_TYPE
(NEW) -> PROVIDER_*_SLUG
CLIENT_ID -> PROVIDER_*_CLIENT_ID
CLIENT_SECRET -> PROVIDER_*_CLIENT_SECRET
SCOPE -> PROVIDER_*_SCOPE
### GOOGLE SPECIFIC
GOOGLE_SERVICE_ACCOUNT_JSON -> PROVIDER_*_GOOGLE_CREDENTIALS
GOOGLE_ADMIN_EMAIL -> PROVIDER_*_GOOGLE_IMPERSONATE
### OKTA SPECIFIC
OKTA_ORG_URL -> PROVIDER_*_OKTA_URL
PROVIDER_SERVER_ID -> PROVIDER_*_OKTA_SERVER
### GROUP REFRESH
GROUPS_CACHE_REFRESH_TTL -> PROVIDER_*_GROUPCACHE_INTERVAL_REFRESH
GROUPS_CACHE_PROVIDER_TTL -> PROVIDER_*_GROUPCACHE_INTERVAL_PROVIDER
# SERVER CONFIG
(NEW) -> SERVER_SCHEME
HOST -> SERVER_HOST
PORT -> SERVER_PORT
REQUEST_TIMEOUT -> SERVER_TIMEOUT_REQUEST
TCP_WRITE_TIMEOUT -> SERVER_TIMEOUT_WRITE
TCP_READ_TIMEOUT -> SERVER_TIMEOUT_READ
# AUTHORIZE CONFIG
PROXY_ROOT_DOMAIN -> AUTHORIZE_PROXY_DOMAINS
SSO_EMAIL_DOMAIN -> AUTHORIZE_EMAIL_DOMAINS
SSO_EMAIL_ADDRESSES -> AUTHORIZE_EMAIL_ADDRESSES
# METRICS CONFIG
STATSD_PORT -> METRICS_STATSD_PORT
STATSD_HOST -> METRICS_STATSD_HOST
# LOGGING CONFIG
REQUSEST_LOGGING -> LOGGING_ENABLE
(NEW) -> LOGGING_LEVEL
Problem
We've been walking down the path to support multiple identity providers in several previous iterations. This last remaining stand is how to support configuration for multiple and different identity providers. The existing configuration structure is pretty inflexible and rigid when it comes to defining configuration, especially given our constraint to use environment variables.
We previously introduced
viper
to help solve some of these problems, but viper proved frustrating and lacking enough opinion to operate within. We roll that solution back here and instead use https://micro.mu/docs/go-config.htmlSolution
We introduced a new configuration component based on https://micro.mu/docs/go-config.html to build this new, more complicated configuration mechanism. This is a ground-up re-write of the configuration mechanism we use, found separately in
configuration.go
.Notes
This now looks like: