diff options
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | server/auth/google/google.go | 2 | ||||
-rw-r--r-- | server/auth/google/google_test.go | 4 | ||||
-rw-r--r-- | server/config/config.go | 10 | ||||
-rw-r--r-- | server/signer/signer.go | 2 |
5 files changed, 11 insertions, 11 deletions
@@ -60,8 +60,8 @@ Configuration is divided into three sections: `server`, `auth`, and `ssh`. - `oauth_client_id` : string. Oauth Client ID. - `oauth_client_secret` : string. Oauth secret. - `oauth_callback_url` : string. URL that the Oauth provider will redirect to after user authorisation. The path is hardcoded to `"/auth/callback"` in the source. -- `google_opts` : object. Additional options for the `google` provider. -- `google_opts: { domain }` : string. Only allow users from this Google Apps domain. This is optional but leaving it unset will allow anyone with a Google account to obtain ssh certificates so don't do that. +- `provider_opts` : object. Additional options for the provider. +- `provider_opts: { domain }` : string. Applies to "google" provider. Only allow users from this Google Apps domain. This is optional but leaving it unset will allow anyone with a Google account to obtain ssh certificates so don't do that. ### ssh - `signing_key`: string. Path to the signing ssh private key you created earlier. diff --git a/server/auth/google/google.go b/server/auth/google/google.go index d464b14..231312b 100644 --- a/server/auth/google/google.go +++ b/server/auth/google/google.go @@ -35,7 +35,7 @@ func New(c *config.Auth) auth.Provider { Endpoint: google.Endpoint, Scopes: []string{googleapi.UserinfoEmailScope, googleapi.UserinfoProfileScope}, }, - domain: c.GoogleOpts["domain"].(string), + domain: c.ProviderOpts["domain"].(string), } } diff --git a/server/auth/google/google_test.go b/server/auth/google/google_test.go index 489aa1a..3a86610 100644 --- a/server/auth/google/google_test.go +++ b/server/auth/google/google_test.go @@ -44,8 +44,8 @@ func newGoogle() auth.Provider { OauthClientID: oauthClientID, OauthClientSecret: oauthClientSecret, OauthCallbackURL: oauthCallbackURL, - GoogleOpts: make(map[string]interface{}), + ProviderOpts: make(map[string]interface{}), } - c.GoogleOpts["domain"] = domain + c.ProviderOpts["domain"] = domain return New(c) } diff --git a/server/config/config.go b/server/config/config.go index 4011d82..49b0f2e 100644 --- a/server/config/config.go +++ b/server/config/config.go @@ -24,16 +24,16 @@ type Auth struct { OauthClientSecret string `mapstructure:"oauth_client_secret"` OauthCallbackURL string `mapstructure:"oauth_callback_url"` Provider string `mapstructure:"provider"` - GoogleOpts map[string]interface{} `mapstructure:"google_opts"` + ProviderOpts map[string]interface{} `mapstructure:"provider_opts"` JWTSigningKey string `mapstructure:"jwt_signing_key"` } // SSH holds the configuration specific to signing ssh keys. type SSH struct { - SigningKey string `mapstructure:"signing_key"` - Principals []string `mapstructure:"additional_principals"` - MaxAge string `mapstructure:"max_age"` - Permissions []string `mapstructure:"permissions"` + SigningKey string `mapstructure:"signing_key"` + AdditionalPrincipals []string `mapstructure:"additional_principals"` + MaxAge string `mapstructure:"max_age"` + Permissions []string `mapstructure:"permissions"` } // ReadConfig parses a JSON configuration file into a Config struct. diff --git a/server/signer/signer.go b/server/signer/signer.go index f897195..854d70e 100644 --- a/server/signer/signer.go +++ b/server/signer/signer.go @@ -82,7 +82,7 @@ func New(conf config.SSH) (*KeySigner, error) { return &KeySigner{ ca: key, validity: validity, - principals: conf.Principals, + principals: conf.AdditionalPrincipals, permissions: makeperms(conf.Permissions), }, nil } |