Skip to content

Commit

Permalink
Preserve current behaviour with a config flag
Browse files Browse the repository at this point in the history 
Add a configuration flag (default true to preserve current behaviour) to
allow headscale to start without OIDC being able to initialise.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
  • Loading branch information
@kradalby
kradalby committed Sep 26, 2022
1 parent dbe58e5 commit fb25a06
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 9 deletions.
4 changes: 3 additions & 1 deletion app.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,9 @@ func NewHeadscale(cfg *Config) (*Headscale, error) {

if cfg.OIDC.Issuer != "" {
err = app.initOIDC()
if err != nil {
if err != nil && cfg.OIDC.OnlyStartIfOIDCIsAvailable {
return nil, err
} else {
log.Warn().Err(err).Msg("failed to set up OIDC provider, falling back to CLI based authentication")
}
}
Expand Down
21 changes: 13 additions & 8 deletions config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,14 +90,15 @@ type LetsEncryptConfig struct {
}

type OIDCConfig struct {
Issuer string
ClientID string
ClientSecret string
Scope []string
ExtraParams map[string]string
AllowedDomains []string
AllowedUsers []string
StripEmaildomain bool
OnlyStartIfOIDCIsAvailable bool
Issuer string
ClientID string
ClientSecret string
Scope []string
ExtraParams map[string]string
AllowedDomains []string
AllowedUsers []string
StripEmaildomain bool
}

type DERPConfig struct {
Expand Down Expand Up @@ -174,6 +175,7 @@ func LoadConfig(path string, isFile bool) error {

viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"})
viper.SetDefault("oidc.strip_email_domain", true)
viper.SetDefault("oidc.only_start_if_oidc_is_available", true)

viper.SetDefault("logtail.enabled", false)
viper.SetDefault("randomize_client_port", false)
Expand Down Expand Up @@ -559,6 +561,9 @@ func GetHeadscaleConfig() (*Config, error) {
UnixSocketPermission: GetFileMode("unix_socket_permission"),

OIDC: OIDCConfig{
OnlyStartIfOIDCIsAvailable: viper.GetBool(
"oidc.only_start_if_oidc_is_available",
),
Issuer: viper.GetString("oidc.issuer"),
ClientID: viper.GetString("oidc.client_id"),
ClientSecret: viper.GetString("oidc.client_secret"),
Expand Down

0 comments on commit fb25a06

Please sign in to comment.