nixos/oauth2_proxy: actually pass provider-specific options
Syntax errors prevented important parameters from being passed to oauth2_proxy, which could have permitted unauthorised access to services behind the proxy.
This commit is contained in:
parent
17c8fe21fd
commit
8777174d60
@ -21,21 +21,20 @@ let
|
||||
'';
|
||||
|
||||
github = cfg: ''
|
||||
$(optionalString (!isNull cfg.github.org) "--github-org=${cfg.github.org}") \
|
||||
$(optionalString (!isNull cfg.github.team) "--github-org=${cfg.github.team}") \
|
||||
${optionalString (!isNull cfg.github.org) "--github-org=${cfg.github.org}"} \
|
||||
${optionalString (!isNull cfg.github.team) "--github-org=${cfg.github.team}"} \
|
||||
'';
|
||||
|
||||
google = cfg: ''
|
||||
--google-admin-email=${cfg.google.adminEmail} \
|
||||
--google-service-account=${cfg.google.serviceAccountJSON} \
|
||||
$(repeatedArgs (group: "--google-group=${group}") cfg.google.groups) \
|
||||
${repeatedArgs (group: "--google-group=${group}") cfg.google.groups} \
|
||||
'';
|
||||
};
|
||||
|
||||
authenticatedEmailsFile = pkgs.writeText "authenticated-emails" cfg.email.addresses;
|
||||
|
||||
getProviderOptions = cfg: provider:
|
||||
if providerSpecificOptions ? provider then providerSpecificOptions.provider cfg else "";
|
||||
getProviderOptions = cfg: provider: providerSpecificOptions.${provider} or (_: "") cfg;
|
||||
|
||||
mkCommandLine = cfg: ''
|
||||
--provider='${cfg.provider}' \
|
||||
|
Loading…
Reference in New Issue
Block a user