From bdcdfb74f97fe2341956315bc75951b03e387669 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Sat, 15 Jun 2019 11:12:21 +0200 Subject: [PATCH] Update docs and changelog --- CHANGELOG.md | 17 +++++++++++++++-- docs/configuration/configuration.md | 17 +++++++---------- 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c1bb1f..27c20a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ ## Breaking Changes +- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent + - This PR changes configuration options so that all flags have a config counterpart + of the same name but with underscores (`_`) in place of hyphens (`-`). + This change affects the following existing configuration options: + - The `proxy-prefix` option is now `proxy_prefix`. + - This PR changes environment variables so that all flags have an environment + counterpart of the same name but capitalised, with underscores (`_`) in place + of hyphens (`-`) and with the prefix `OAUTH2_PROXY_`. + This change affects the following existing environment variables: + - The `OAUTH2_SKIP_OIDC_DISCOVERY` environment variable is now `OAUTH2_PROXY_SKIP_OIDC_DISCOVERY`. + - The `OAUTH2_OIDC_JWKS_URL` environment variable is now `OAUTH2_PROXY_OIDC_JWKS_URL`. + - [#146](https://github.com/pusher/oauth2_proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field (@gargath) - This change modifies the contents of the `X-Forwarded-User` header supplied by the proxy for users where the auth response from the IdP did not contain a username. @@ -14,10 +26,11 @@ ## Changes since v3.2.0 +- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent (@JoelSpeed) - [#187](https://github.com/pusher/oauth2_proxy/pull/187) Move root packages to pkg folder (@JoelSpeed) - [#65](https://github.com/pusher/oauth2_proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via - the `-skip-jwt-bearer-token` options. - - Additional verifiers can be configured via the `-extra-jwt-issuers` flag if the JWT issuers is either an OpenID provider or has a JWKS URL + the `-skip-jwt-bearer-token` options. + - Additional verifiers can be configured via the `-extra-jwt-issuers` flag if the JWT issuers is either an OpenID provider or has a JWKS URL (e.g. `https://example.com/.well-known/jwks.json`). - [#180](https://github.com/pusher/outh2_proxy/pull/180) Minor refactor of core proxying path (@aeijdenberg). - [#175](https://github.com/pusher/outh2_proxy/pull/175) Bump go-oidc to v2.0.0 (@aeijdenberg). diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md index 016fe3a..dad9ea1 100644 --- a/docs/configuration/configuration.md +++ b/docs/configuration/configuration.md @@ -120,17 +120,14 @@ Multiple upstreams can either be configured by supplying a comma separated list ### Environment variables -The following environment variables can be used in place of the corresponding command-line arguments: +Every command line argument can be specified as an environment variable by +prefixing it with `OAUTH2_PROXY_`, capitalising it, and replacing hypens (`-`) +with underscores (`_`). This is particularly useful for storing secrets outside +of a configuration file or the command line. + +For example, the `--cookie-secret` flag becomes `OAUTH2_PROXY_COOKIE_SECRET` and +the `--set-authorization-header` flag becomes `OAUTH2_PROXY_SET_AUTHORIZATION_HEADER`. -- `OAUTH2_PROXY_CLIENT_ID` -- `OAUTH2_PROXY_CLIENT_SECRET` -- `OAUTH2_PROXY_COOKIE_NAME` -- `OAUTH2_PROXY_COOKIE_SECRET` -- `OAUTH2_PROXY_COOKIE_DOMAIN` -- `OAUTH2_PROXY_COOKIE_PATH` -- `OAUTH2_PROXY_COOKIE_EXPIRE` -- `OAUTH2_PROXY_COOKIE_REFRESH` -- `OAUTH2_PROXY_SIGNATURE_KEY` ## Logging Configuration