Preserve current behaviour with a config flag
Add a configuration flag (default true to preserve current behaviour) to allow headscale to start without OIDC being able to initialise. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
dbe58e53e4
commit
fb25a06a66
2 changed files with 16 additions and 9 deletions
4
app.go
4
app.go
|
@ -192,7 +192,9 @@ func NewHeadscale(cfg *Config) (*Headscale, error) {
|
||||||
|
|
||||||
if cfg.OIDC.Issuer != "" {
|
if cfg.OIDC.Issuer != "" {
|
||||||
err = app.initOIDC()
|
err = app.initOIDC()
|
||||||
if err != nil {
|
if err != nil && cfg.OIDC.OnlyStartIfOIDCIsAvailable {
|
||||||
|
return nil, err
|
||||||
|
} else {
|
||||||
log.Warn().Err(err).Msg("failed to set up OIDC provider, falling back to CLI based authentication")
|
log.Warn().Err(err).Msg("failed to set up OIDC provider, falling back to CLI based authentication")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
21
config.go
21
config.go
|
@ -90,14 +90,15 @@ type LetsEncryptConfig struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type OIDCConfig struct {
|
type OIDCConfig struct {
|
||||||
Issuer string
|
OnlyStartIfOIDCIsAvailable bool
|
||||||
ClientID string
|
Issuer string
|
||||||
ClientSecret string
|
ClientID string
|
||||||
Scope []string
|
ClientSecret string
|
||||||
ExtraParams map[string]string
|
Scope []string
|
||||||
AllowedDomains []string
|
ExtraParams map[string]string
|
||||||
AllowedUsers []string
|
AllowedDomains []string
|
||||||
StripEmaildomain bool
|
AllowedUsers []string
|
||||||
|
StripEmaildomain bool
|
||||||
}
|
}
|
||||||
|
|
||||||
type DERPConfig struct {
|
type DERPConfig struct {
|
||||||
|
@ -174,6 +175,7 @@ func LoadConfig(path string, isFile bool) error {
|
||||||
|
|
||||||
viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"})
|
viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"})
|
||||||
viper.SetDefault("oidc.strip_email_domain", true)
|
viper.SetDefault("oidc.strip_email_domain", true)
|
||||||
|
viper.SetDefault("oidc.only_start_if_oidc_is_available", true)
|
||||||
|
|
||||||
viper.SetDefault("logtail.enabled", false)
|
viper.SetDefault("logtail.enabled", false)
|
||||||
viper.SetDefault("randomize_client_port", false)
|
viper.SetDefault("randomize_client_port", false)
|
||||||
|
@ -559,6 +561,9 @@ func GetHeadscaleConfig() (*Config, error) {
|
||||||
UnixSocketPermission: GetFileMode("unix_socket_permission"),
|
UnixSocketPermission: GetFileMode("unix_socket_permission"),
|
||||||
|
|
||||||
OIDC: OIDCConfig{
|
OIDC: OIDCConfig{
|
||||||
|
OnlyStartIfOIDCIsAvailable: viper.GetBool(
|
||||||
|
"oidc.only_start_if_oidc_is_available",
|
||||||
|
),
|
||||||
Issuer: viper.GetString("oidc.issuer"),
|
Issuer: viper.GetString("oidc.issuer"),
|
||||||
ClientID: viper.GetString("oidc.client_id"),
|
ClientID: viper.GetString("oidc.client_id"),
|
||||||
ClientSecret: viper.GetString("oidc.client_secret"),
|
ClientSecret: viper.GetString("oidc.client_secret"),
|
||||||
|
|
Loading…
Reference in a new issue