Refactor to central options struct and parsing

authenticate/authenticate.go

@@ -6,9 +6,8 @@ import (
 	"fmt"
 	"html/template"
 	"net/url"
-	"time"
 
-	"github.com/pomerium/envconfig"
+	"github.com/pomerium/pomerium/internal/config"
 
 	"github.com/pomerium/pomerium/internal/cryptutil"
 	"github.com/pomerium/pomerium/internal/identity"
@@ -16,53 +15,10 @@ import (
 	"github.com/pomerium/pomerium/internal/templates"
 )
 
-var defaultOptions = &Options{
-	CookieName:     "_pomerium_authenticate",
-	CookieHTTPOnly: true,
-	CookieSecure:   true,
-	CookieExpire:   time.Duration(14) * time.Hour,
-	CookieRefresh:  time.Duration(30) * time.Minute,
-}
-
-// Options details the available configuration settings for the authenticate service
-type Options struct {
-	AuthenticateURL *url.URL `envconfig:"AUTHENTICATE_SERVICE_URL"`
-
-	// SharedKey is used to authenticate requests between services
-	SharedKey string `envconfig:"SHARED_SECRET"`
-	// Session/Cookie management
-	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
-	CookieName     string
-	CookieSecret   string        `envconfig:"COOKIE_SECRET"`
-	CookieDomain   string        `envconfig:"COOKIE_DOMAIN"`
-	CookieSecure   bool          `envconfig:"COOKIE_SECURE"`
-	CookieHTTPOnly bool          `envconfig:"COOKIE_HTTP_ONLY"`
-	CookieExpire   time.Duration `envconfig:"COOKIE_EXPIRE"`
-	CookieRefresh  time.Duration `envconfig:"COOKIE_REFRESH"`
-
-	// Identity provider configuration variables as specified by RFC6749
-	// https://openid.net/specs/openid-connect-basic-1_0.html#RFC6749
-	ClientID       string   `envconfig:"IDP_CLIENT_ID"`
-	ClientSecret   string   `envconfig:"IDP_CLIENT_SECRET"`
-	Provider       string   `envconfig:"IDP_PROVIDER"`
-	ProviderURL    string   `envconfig:"IDP_PROVIDER_URL"`
-	Scopes         []string `envconfig:"IDP_SCOPES"`
-	ServiceAccount string   `envconfig:"IDP_SERVICE_ACCOUNT"`
-}
-
-// OptionsFromEnvConfig builds the authenticate service's configuration environmental variables
-func OptionsFromEnvConfig() (*Options, error) {
-	o := defaultOptions
-	if err := envconfig.Process("", o); err != nil {
-		return nil, err
-	}
-	return o, nil
-}
-
-// Validate checks to see if configuration values are valid for the authenticate service.
+// ValidateOptions checks to see if configuration values are valid for the authenticate service.
 // The checks do not modify the internal state of the Option structure. Returns
 // on first error found.
-func (o *Options) Validate() error {
+func ValidateOptions(o *config.Options) error {
 	if o.AuthenticateURL == nil {
 		return errors.New("authenticate: 'AUTHENTICATE_SERVICE_URL' missing")
 	}
@@ -98,11 +54,11 @@ type Authenticate struct {
 }
 
 // New validates and creates a new authenticate service from a set of Options
-func New(opts *Options) (*Authenticate, error) {
+func New(opts *config.Options) (*Authenticate, error) {
 	if opts == nil {
 		return nil, errors.New("authenticate: options cannot be nil")
 	}
-	if err := opts.Validate(); err != nil {
+	if err := ValidateOptions(opts); err != nil {
 		return nil, err
 	}
 	decodedCookieSecret, _ := base64.StdEncoding.DecodeString(opts.CookieSecret)
@@ -112,7 +68,7 @@ func New(opts *Options) (*Authenticate, error) {
 	}
 	cookieStore, err := sessions.NewCookieStore(
 		&sessions.CookieStoreOptions{
-			Name:           opts.CookieName,
+			Name:           opts.AuthenticateCookieName,
 			CookieSecure:   opts.CookieSecure,
 			CookieHTTPOnly: opts.CookieHTTPOnly,
 			CookieExpire:   opts.CookieExpire,