diff options
author | Rhys <rimmington@gmail.com> | 2017-07-17 08:03:51 +1000 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-07-21 00:27:06 +0200 |
commit | 8777174d60a7d5d001dc509f643afe04dc5f7619 (patch) | |
tree | 1130b00db80a259bf13d894277b2f1e67b718799 /nixos/modules | |
parent | 17c8fe21fd3bdda83d8261023d1675a9f0c9cb98 (diff) | |
download | nixlib-8777174d60a7d5d001dc509f643afe04dc5f7619.tar nixlib-8777174d60a7d5d001dc509f643afe04dc5f7619.tar.gz nixlib-8777174d60a7d5d001dc509f643afe04dc5f7619.tar.bz2 nixlib-8777174d60a7d5d001dc509f643afe04dc5f7619.tar.lz nixlib-8777174d60a7d5d001dc509f643afe04dc5f7619.tar.xz nixlib-8777174d60a7d5d001dc509f643afe04dc5f7619.tar.zst nixlib-8777174d60a7d5d001dc509f643afe04dc5f7619.zip |
nixos/oauth2_proxy: actually pass provider-specific options
Syntax errors prevented important parameters from being passed to oauth2_proxy, which could have permitted unauthorised access to services behind the proxy.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/security/oauth2_proxy.nix | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix index e292fd9851e3..3e5087766b1c 100644 --- a/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixos/modules/services/security/oauth2_proxy.nix @@ -21,21 +21,20 @@ let ''; github = cfg: '' - $(optionalString (!isNull cfg.github.org) "--github-org=${cfg.github.org}") \ - $(optionalString (!isNull cfg.github.team) "--github-org=${cfg.github.team}") \ + ${optionalString (!isNull cfg.github.org) "--github-org=${cfg.github.org}"} \ + ${optionalString (!isNull cfg.github.team) "--github-org=${cfg.github.team}"} \ ''; google = cfg: '' --google-admin-email=${cfg.google.adminEmail} \ --google-service-account=${cfg.google.serviceAccountJSON} \ - $(repeatedArgs (group: "--google-group=${group}") cfg.google.groups) \ + ${repeatedArgs (group: "--google-group=${group}") cfg.google.groups} \ ''; }; authenticatedEmailsFile = pkgs.writeText "authenticated-emails" cfg.email.addresses; - getProviderOptions = cfg: provider: - if providerSpecificOptions ? provider then providerSpecificOptions.provider cfg else ""; + getProviderOptions = cfg: provider: providerSpecificOptions.${provider} or (_: "") cfg; mkCommandLine = cfg: '' --provider='${cfg.provider}' \ |