diff --git a/README.md b/README.md
index 71cc20c7c5f8ab8a5754d341f0d0a43f7c58f20c..2ba0b72f0ee6f96849b0ee47771730e4a717007b 100644
--- a/README.md
+++ b/README.md
@@ -60,8 +60,8 @@ Configuration is divided into three sections: `server`, `auth`, and `ssh`.
- `oauth_client_id` : string. Oauth Client ID.
- `oauth_client_secret` : string. Oauth secret.
- `oauth_callback_url` : string. URL that the Oauth provider will redirect to after user authorisation. The path is hardcoded to `"/auth/callback"` in the source.
-- `google_opts` : object. Additional options for the `google` provider.
-- `google_opts: { domain }` : string. Only allow users from this Google Apps domain. This is optional but leaving it unset will allow anyone with a Google account to obtain ssh certificates so don't do that.
+- `provider_opts` : object. Additional options for the provider.
+- `provider_opts: { domain }` : string. Applies to "google" provider. Only allow users from this Google Apps domain. This is optional but leaving it unset will allow anyone with a Google account to obtain ssh certificates so don't do that.
### ssh
- `signing_key`: string. Path to the signing ssh private key you created earlier.
diff --git a/server/auth/google/google.go b/server/auth/google/google.go
index d464b147ff28c0dd05ebdb87630148268fca2980..231312bbb39de501feea22c9fff6cdbdec6f037f 100644
--- a/server/auth/google/google.go
+++ b/server/auth/google/google.go
@@ -35,7 +35,7 @@ func New(c *config.Auth) auth.Provider {
Endpoint: google.Endpoint,
Scopes: []string{googleapi.UserinfoEmailScope, googleapi.UserinfoProfileScope},
},
- domain: c.GoogleOpts["domain"].(string),
+ domain: c.ProviderOpts["domain"].(string),
}
}
diff --git a/server/auth/google/google_test.go b/server/auth/google/google_test.go
index 489aa1a2a45729321897623aefa686b60df191ba..3a86610650bd5d9f8ca48744991098b8982d237f 100644
--- a/server/auth/google/google_test.go
+++ b/server/auth/google/google_test.go
@@ -44,8 +44,8 @@ func newGoogle() auth.Provider {
OauthClientID: oauthClientID,
OauthClientSecret: oauthClientSecret,
OauthCallbackURL: oauthCallbackURL,
- GoogleOpts: make(map[string]interface{}),
+ ProviderOpts: make(map[string]interface{}),
}
- c.GoogleOpts["domain"] = domain
+ c.ProviderOpts["domain"] = domain
return New(c)
}
diff --git a/server/config/config.go b/server/config/config.go
index 4011d82350f02b3dd8ec73d434b741bab71e52e4..49b0f2e4f33192eb5fc8137cecae26b0da27e524 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -24,16 +24,16 @@ type Auth struct {
OauthClientSecret string `mapstructure:"oauth_client_secret"`
OauthCallbackURL string `mapstructure:"oauth_callback_url"`
Provider string `mapstructure:"provider"`
- GoogleOpts map[string]interface{} `mapstructure:"google_opts"`
+ ProviderOpts map[string]interface{} `mapstructure:"provider_opts"`
JWTSigningKey string `mapstructure:"jwt_signing_key"`
}
// SSH holds the configuration specific to signing ssh keys.
type SSH struct {
- SigningKey string `mapstructure:"signing_key"`
- Principals []string `mapstructure:"additional_principals"`
- MaxAge string `mapstructure:"max_age"`
- Permissions []string `mapstructure:"permissions"`
+ SigningKey string `mapstructure:"signing_key"`
+ AdditionalPrincipals []string `mapstructure:"additional_principals"`
+ MaxAge string `mapstructure:"max_age"`
+ Permissions []string `mapstructure:"permissions"`
}
// ReadConfig parses a JSON configuration file into a Config struct.
diff --git a/server/signer/signer.go b/server/signer/signer.go
index f897195bef492e4f7a90b1cf96a480486b5f1624..854d70e24964fd03893733f221f3580f8d934e2e 100644
--- a/server/signer/signer.go
+++ b/server/signer/signer.go
@@ -82,7 +82,7 @@ func New(conf config.SSH) (*KeySigner, error) {
return &KeySigner{
ca: key,
validity: validity,
- principals: conf.Principals,
+ principals: conf.AdditionalPrincipals,
permissions: makeperms(conf.Permissions),
}, nil
}