Open tuminoid opened 1 month ago
Since this is more or less known issue based on the comment in the code, it means you maintainers have probably an idea how it would be good to be fixed. Based on my debug conn.Config
is a structure, so just checking up a keyname for bindPW
and doing JSON illegal character replacing, but would at least need some sort of structure parsing etc, which feels hacky.
Let me know which solution would feel right here, I'll try fixing it!
Ping @nabokihms and @sagikazarmark, would need your advise here on the preferred solution.
Sorry for the long delay. I think it is ok to encode values using json marshal before templating.
Preflight Checklist
Version
2.29.0, main, doesn't matter
Storage Type
etcd
Installation Type
Binary
Expected Behavior
User can supply password (or other config via environment variable, while using DEX_EXPAND_ENV) in the config YAML, and the values would be safely converted into JSON.
Actual Behavior
Unmashaling JSON converted from connector YAML config fails:
Steps To Reproduce
config_test.go
:make test
with:Additional Information
These JSON illegal characters can appear in passwords, so the real use-case this came up was LDAP connector
bindPW
field. OIDC secret is used for reproduction as triggering it has a single line diff.Configuration
Logs