mirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-10-31 08:01:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Preserve current behaviour with a config flag

Browse Source 
Add a configuration flag (default true to preserve current behaviour) to
allow headscale to start without OIDC being able to initialise.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2022-09-26 09:57:28 +02:00
parent dbe58e53e4
commit fb25a06a66
No known key found for this signature in database
2 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app.go
View File

@ -192,7 +192,9 @@ func NewHeadscale(cfg *Config) (*Headscale, error) {
if cfg.OIDC.Issuer != "" { if cfg.OIDC.Issuer != "" {
err = app.initOIDC() err = app.initOIDC()
if err != nil { if err != nil && cfg.OIDC.OnlyStartIfOIDCIsAvailable {
return nil, err
} else {
log.Warn().Err(err).Msg("failed to set up OIDC provider, falling back to CLI based authentication") log.Warn().Err(err).Msg("failed to set up OIDC provider, falling back to CLI based authentication")
} }
} }

21
config.go
View File

@ -90,14 +90,15 @@ type LetsEncryptConfig struct {
} }
type OIDCConfig struct { type OIDCConfig struct {
Issuer string OnlyStartIfOIDCIsAvailable bool
ClientID string Issuer string
ClientSecret string ClientID string
Scope []string ClientSecret string
ExtraParams map[string]string Scope []string
AllowedDomains []string ExtraParams map[string]string
AllowedUsers []string AllowedDomains []string
StripEmaildomain bool AllowedUsers []string
StripEmaildomain bool
} }
type DERPConfig struct { type DERPConfig struct {
@ -174,6 +175,7 @@ func LoadConfig(path string, isFile bool) error {
viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"}) viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"})
viper.SetDefault("oidc.strip_email_domain", true) viper.SetDefault("oidc.strip_email_domain", true)
viper.SetDefault("oidc.only_start_if_oidc_is_available", true)
viper.SetDefault("logtail.enabled", false) viper.SetDefault("logtail.enabled", false)
viper.SetDefault("randomize_client_port", false) viper.SetDefault("randomize_client_port", false)
@ -559,6 +561,9 @@ func GetHeadscaleConfig() (*Config, error) {
UnixSocketPermission: GetFileMode("unix_socket_permission"), UnixSocketPermission: GetFileMode("unix_socket_permission"),
OIDC: OIDCConfig{ OIDC: OIDCConfig{
OnlyStartIfOIDCIsAvailable: viper.GetBool(
"oidc.only_start_if_oidc_is_available",
),
Issuer: viper.GetString("oidc.issuer"), Issuer: viper.GetString("oidc.issuer"),
ClientID: viper.GetString("oidc.client_id"), ClientID: viper.GetString("oidc.client_id"),
ClientSecret: viper.GetString("oidc.client_secret"), ClientSecret: viper.GetString("oidc.client_secret"),