From 5f38cc1f0247957adc432564d7153d7c4c8285c0 Mon Sep 17 00:00:00 2001 From: iaean Date: Thu, 16 Mar 2023 17:30:52 +0100 Subject: [PATCH 1/2] Bump Dex 2.35 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ce760e9..fa0ce6e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM dexidp/dex:v2.33.0 +FROM dexidp/dex:v2.35.3 LABEL org.opencontainers.image.title="dns3l auth" LABEL org.opencontainers.image.description="An OIDC provider for DNS3L" From 146db4ba47a4240dbecf98519105f852b1419c95 Mon Sep 17 00:00:00 2001 From: iaean Date: Thu, 16 Mar 2023 17:34:35 +0100 Subject: [PATCH 2/2] Add client ID with trustedPeers --- config.docker.yaml | 11 ++++++++++- docker-entrypoint.sh | 28 ++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/config.docker.yaml b/config.docker.yaml index d36aac4..ab562ad 100644 --- a/config.docker.yaml +++ b/config.docker.yaml @@ -25,7 +25,7 @@ web: https: 0.0.0.0:5554 tlsCert: {{.Env.DEXPATH}}/tls.crt tlsKey: {{.Env.DEXPATH}}/tls.key - allowedOrigins: ['*'] + allowedOrigins: ['*'] # .Env.DNS3L_FQDN grpc: addr: 0.0.0.0:5557 @@ -71,6 +71,15 @@ staticClients: # https://tools.ietf.org/html/rfc6749#section-4.3 secret: {{.Env.DNS3L_API_SECRET}} name: 'DNS3L API' +- id: dns3ld + # dns3ld can only validate against a single client ID actually... + # https://github.com/dns3l/dns3l-core/issues/59 + secret: {{.Env.DNS3L_DAEMON_SECRET}} + name: 'DNS3L daemon validator' + trustedPeers: + - dns3l-app # new scope: audience:server:client_id:dns3ld + - dns3l-api # new scope: audience:server:client_id:dns3ld + - dns3l-cli # new scope: audience:server:client_id:dns3ld {{if eq .Env.production "false" -}} # Note: Prod SHOULD NOT provide mock and local diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index f72f86f..4c4ef86 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -45,12 +45,38 @@ function random_token() { tr -cd '[:alnum:]'