Expected content of `connectors` config is not intuitive, add validation and documentation

Question

Expected content of `connectors` config is not intuitive, add validation and documentation

Opened this issue 3 years ago · 1 comments

See discussion here. The connectors config implements the config like shown here, but it expects only the content inside the connectors key, not the entire connectors: [ ... ]. This is not intuitive and has caught a few users.

We should either improve the documentation or add validation around this. As the likely user mistake is that someone provides connectors: [ ... ] instead of just [ ... ], we could easily check for a connectors key with nested array and unpack it (and similarly make sure the array contains what looks like valid connectors (maybe checking for a type and id?).

Answer 1 · 2022-06-28T22:57:12.000Z

LDAP example:

cat << EOF > /tmp/dex-ldap.yaml
- type: ldap
  id: ldap
  name: LDAP
  config:
    host: ipa.example.com:636
    rootCAData: <base64 encoded CA file>
    bindDN: uid=admin,cn=users,cn=compat,dc=example,dc=com
    bindPW: password
    usernamePrompt: LDAP Username
    userSearch:
      baseDN: cn=users,cn=accounts,dc=example,dc=com
      filter: "(objectClass=person)"
      username: uid
      idAttr: uid
      emailAttr: mail
      nameAttr: cn
    groupSearch:
      baseDN: cn=groups,cn=accounts,dc=example,dc=com
      filter: "(objectClass=posixgroup)"
      userMatchers:
      - userAttr: uid
        groupAttr: memberUid
      - userAttr: DN
        groupAttr: member
      nameAttr: cn
EOF

and then:

juju config dex-auth connectors=@/tmp/dex-ldap.yaml