auth bearer config docs

2026-01-28 15:39:43 -06:00 · 2022-05-02 16:25:55 +02:00
parent 18296ceea7
commit b35178584b
3 changed files with 16 additions and 25 deletions
--- a/extensions/auth-bearer/pkg/command/command.go
+++ b/extensions/auth-bearer/pkg/command/command.go
@@ -106,17 +106,16 @@ func authBearerConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]i
 		"grpc": map[string]interface{}{
 			"network": cfg.GRPC.Protocol,
 			"address": cfg.GRPC.Addr,
-			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"authprovider": map[string]interface{}{
-					"auth_manager": cfg.AuthProvider,
+					"auth_manager": "oidc",
 					"auth_managers": map[string]interface{}{
 						"oidc": map[string]interface{}{
-							"issuer":    cfg.AuthProviders.OIDC.Issuer,
-							"insecure":  cfg.AuthProviders.OIDC.Insecure,
-							"id_claim":  cfg.AuthProviders.OIDC.IDClaim,
-							"uid_claim": cfg.AuthProviders.OIDC.UIDClaim,
-							"gid_claim": cfg.AuthProviders.OIDC.GIDClaim,
+							"issuer":    cfg.OIDC.Issuer,
+							"insecure":  cfg.OIDC.Insecure,
+							"id_claim":  cfg.OIDC.IDClaim,
+							"uid_claim": cfg.OIDC.UIDClaim,
+							"gid_claim": cfg.OIDC.GIDClaim,
 						},
 					},
 				},
--- a/extensions/auth-bearer/pkg/config/config.go
+++ b/extensions/auth-bearer/pkg/config/config.go
@@ -15,9 +15,8 @@ type Config struct {
 	TokenManager *TokenManager `yaml:"token_manager"`
 	Reva         *Reva         `yaml:"reva"`

-	SkipUserGroupsInToken bool          `yaml:"skip_user_groups_in_token"`
-	AuthProvider          string        `yaml:"auth_provider" env:"AUTH_BEARER_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"`
-	AuthProviders         AuthProviders `yaml:"auth_providers"`
+	SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"`
+	OIDC                  OIDC `yaml:"oidc"`
 }
 type Tracing struct {
 	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;AUTH_BEARER_TRACING_ENABLED" desc:"Activates tracing."`
@@ -49,14 +48,10 @@ type GRPCConfig struct {
 	Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
 }

-type AuthProviders struct {
-	OIDC OIDCProvider `yaml:"oidc"`
-}
-
-type OIDCProvider struct {
+type OIDC struct {
 	Issuer   string `yaml:"issuer" env:"OCIS_URL;AUTH_BEARER_OIDC_ISSUER"`
 	Insecure bool   `yaml:"insecure" env:"OCIS_INSECURE;AUTH_BEARER_OIDC_INSECURE"`
-	IDClaim  string `yaml:"id_claim"`
-	UIDClaim string `yaml:"uid_claim"`
-	GIDClaim string `yaml:"gid_claim"`
+	IDClaim  string `yaml:"id_claim" env:"AUTH_BEARER_OIDC_ID_CLAIM"`
+	UIDClaim string `yaml:"uid_claim" env:"AUTH_BEARER_OIDC_UID_CLAIM"`
+	GIDClaim string `yaml:"gid_claim" env:"AUTH_BEARER_OIDC_GID_CLAIM"`
 }
--- a/extensions/auth-bearer/pkg/config/defaults/defaultconfig.go
+++ b/extensions/auth-bearer/pkg/config/defaults/defaultconfig.go
@@ -29,13 +29,10 @@ func DefaultConfig() *config.Config {
 		Reva: &config.Reva{
 			Address: "127.0.0.1:9142",
 		},
-		AuthProvider: "ldap",
-		AuthProviders: config.AuthProviders{
-			OIDC: config.OIDCProvider{
-				Issuer:   "https://localhost:9200",
-				Insecure: false,
-				IDClaim:  "preferred_username",
-			},
+		OIDC: config.OIDC{
+			Issuer:   "https://localhost:9200",
+			Insecure: false,
+			IDClaim:  "preferred_username",
 		},
 	}
 }