Properly merge env vars into pipeline configs (ory#320)

Previously, some keys did not respect the values set in the environment variables.

Closes ory#305
Closes ory#317

.schemas/config.schema.json

@@ -282,11 +282,12 @@
           "title": "Token From",
           "description": "The location of the token.\n If not configured, the token will be received from a default location - 'Authorization' header.\n One and only one location (header or query) must be specified.",
           "oneOf": [
+            {
+              "type": "null"
+            },
             {
               "type": "object",
-              "required": [
-                "header"
-              ],
+              "additionalProperties": false,
               "properties": {
                 "header": {
                   "title": "Header",
@@ -297,9 +298,7 @@
             },
             {
               "type": "object",
-              "required": [
-                "query_parameter"
-              ],
+              "additionalProperties": false,
               "properties": {
                 "query_parameter": {
                   "title": "Query Parameter",
@@ -481,12 +480,13 @@
         "token_from": {
           "title": "Token From",
           "description": "The location of the token.\n If not configured, the token will be received from a default location - 'Authorization' header.\n One and only one location (header or query) must be specified.",
-          "type": "object",
           "oneOf": [
             {
-              "required": [
-                "header"
-              ],
+              "type": "null"
+            },
+            {
+              "type": "object",
+              "additionalProperties": false,
               "properties": {
                 "header": {
                   "title": "Header",
@@ -496,9 +496,8 @@
               }
             },
             {
-              "required": [
-                "query_parameter"
-              ],
+              "type": "object",
+              "additionalProperties": false,
               "properties": {
                 "query_parameter": {
                   "title": "Query Parameter",
@@ -508,9 +507,8 @@
               }
             },
             {
-              "required": [
-                "cookie"
-              ],
+              "type": "object",
+              "additionalProperties": false,
               "properties": {
                 "cookie": {
                   "title": "Cookie",
@@ -821,7 +819,6 @@
           "title": "Repositories",
           "description": "Locations (list of URLs) where access rules should be fetched from on boot. It is expected that the documents at those locations return a JSON or YAML Array containing ORY Oathkeeper Access Rules:\n\n- If the URL Scheme is `file://`, the access rules (an array of access rules is expected) will be fetched from the local file system.\n- If the URL Scheme is `inline://`, the access rules (an array of access rules is expected) are expected to be a base64 encoded (with padding!) JSON/YAML string (base64_encode(`[{\"id\":\"foo-rule\",\"authenticators\":[....]}]`)).\n- If the URL Scheme is `http://` or `https://`, the access rules (an array of access rules is expected) will be fetched from the provided HTTP(s) location.",
           "type": "array",
-          "default": [],
           "items": {
             "type": "string",
             "format": "uri"

driver/configuration/provider_viper.go

@@ -13,11 +13,11 @@ import (
 	"github.com/rs/cors"
 	"github.com/sirupsen/logrus"
 
+	"github.com/ory/go-convenience/stringsx"
+
 	"github.com/ory/gojsonschema"
 	"github.com/ory/x/jsonx"
 
-	"github.com/ory/viper"
-
 	"github.com/ory/fosite"
 	"github.com/ory/x/corsx"
 	"github.com/ory/x/urlx"
@@ -185,7 +185,7 @@ func (v *ViperProvider) pipelineIsEnabled(prefix, id string) bool {
 
 func (v *ViperProvider) PipelineConfig(prefix, id string, override json.RawMessage, dest interface{}) error {
 	// we need to create a copy for config otherwise we will accidentally override values
-	config, err := x.Deepcopy(viper.GetStringMap(fmt.Sprintf("%s.%s.config", prefix, id)))
+	config, err := x.Deepcopy(viperx.GetStringMapConfig(stringsx.Splitx(fmt.Sprintf("%s.%s.config", prefix, id), ".")...))
 	if err != nil {
 		return errors.WithStack(err)
 	}

driver/configuration/provider_viper_public_test.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/url"
+	"os"
 	"testing"
 
 	"github.com/rs/cors"
@@ -40,16 +41,30 @@ func TestPipelineConfig(t *testing.T) {
 
 	p := NewViperProvider(logrus.New())
 
+	t.Run("case=should use config from environment variables", func(t *testing.T) {
+		var res json.RawMessage
+		require.NoError(t, os.Setenv("AUTHENTICATORS_OAUTH2_INTROSPECTION_CONFIG_INTROSPECTION_URL", "https://override/path"))
+
+		require.NoError(t, p.PipelineConfig("authenticators", "oauth2_introspection", nil, &res))
+		assert.JSONEq(t, `{"introspection_request_headers":{},"introspection_url":"https://override/path","pre_authorization":{"client_id":"some_id","client_secret":"some_secret","enabled":true,"scope":["foo","bar"],"token_url":"https://my-website.com/oauth2/token"},"required_scope":[],"scope_strategy":"exact","target_audience":[],"trusted_issuers":[]}`, string(res), "%s", res)
+
+		require.NoError(t, os.Setenv("AUTHENTICATORS_OAUTH2_INTROSPECTION_CONFIG_INTROSPECTION_URL", ""))
+
+		require.NoError(t, p.PipelineConfig("authenticators", "oauth2_introspection", nil, &res))
+		assert.JSONEq(t, `{"introspection_request_headers":{},"introspection_url":"https://my-website.com/oauth2/introspection","pre_authorization":{"client_id":"some_id","client_secret":"some_secret","enabled":true,"scope":["foo","bar"],"token_url":"https://my-website.com/oauth2/token"},"required_scope":[],"scope_strategy":"exact","target_audience":[],"trusted_issuers":[]}`, string(res), "%s", res)
+
+	})
+
 	t.Run("case=should fail when invalid value is used in override", func(t *testing.T) {
 		res := json.RawMessage{}
 		require.Error(t, p.PipelineConfig("mutators", "hydrator", json.RawMessage(`{"not-api":"invalid"}`), &res))
-		assert.JSONEq(t, `{"api":{"url":"https://some-url/"},"not-api":"invalid"}`, string(res))
+		assert.JSONEq(t, `{"api":{"url":"https://some-url/","retry":{"give_up_after":"1s","max_delay":"100ms"}},"not-api":"invalid"}`, string(res))
 
 		require.Error(t, p.PipelineConfig("mutators", "hydrator", json.RawMessage(`{"api":{"this-key-does-not-exist":true}}`), &res))
-		assert.JSONEq(t, `{"api":{"url":"https://some-url/","this-key-does-not-exist":true}}`, string(res))
+		assert.JSONEq(t, `{"api":{"url":"https://some-url/","this-key-does-not-exist":true,"retry":{"give_up_after":"1s","max_delay":"100ms"}}}`, string(res))
 
 		require.Error(t, p.PipelineConfig("mutators", "hydrator", json.RawMessage(`{"api":{"url":"not-a-url"}}`), &res))
-		assert.JSONEq(t, `{"api":{"url":"not-a-url"}}`, string(res))
+		assert.JSONEq(t, `{"api":{"url":"not-a-url","retry":{"give_up_after":"1s","max_delay":"100ms"}}}`, string(res))
 	})
 
 	t.Run("case=should pass and override values", func(t *testing.T) {

go.mod

@@ -8,7 +8,6 @@ require (
 	github.com/auth0/go-jwt-middleware v0.0.0-20170425171159-5493cabe49f7
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/bxcodec/faker v2.0.1+incompatible
-	github.com/cenkalti/backoff v2.1.1+incompatible
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/fsnotify/fsnotify v1.4.7
 	github.com/ghodss/yaml v1.0.0
@@ -25,7 +24,6 @@ require (
 	github.com/go-swagger/go-swagger v0.19.0
 	github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 // indirect
 	github.com/gobuffalo/packr/v2 v2.0.0-rc.15
-	github.com/golang/gddo v0.0.0-20190312205958-5a2505f3dbf0 // indirect
 	github.com/golang/mock v1.3.1
 	github.com/google/uuid v1.1.1
 	github.com/gorilla/handlers v1.4.0 // indirect
@@ -35,11 +33,8 @@ require (
 	github.com/jessevdk/go-flags v1.4.0 // indirect
 	github.com/julienschmidt/httprouter v1.2.0
 	github.com/lib/pq v1.0.0
-	github.com/luna-duclos/instrumentedsql v0.0.0-20190316074304-ecad98b20aec // indirect
 	github.com/mattn/goveralls v0.0.3
-	github.com/meatballhat/negroni-logrus v0.0.0-20170801195057-31067281800f
 	github.com/opencontainers/runc v1.0.0-rc5 // indirect
-	github.com/opentracing/opentracing-go v1.1.0 // indirect
 	github.com/ory/fosite v0.29.2
 	github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90
 	github.com/ory/go-convenience v0.1.0
@@ -48,7 +43,7 @@ require (
 	github.com/ory/herodot v0.6.2
 	github.com/ory/ladon v1.0.1
 	github.com/ory/viper v1.5.6
-	github.com/ory/x v0.0.80
+	github.com/ory/x v0.0.87
 	github.com/pborman/uuid v1.2.0
 	github.com/pelletier/go-toml v1.6.0 // indirect
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
@@ -60,7 +55,7 @@ require (
 	github.com/spf13/viper v1.4.0 // indirect
 	github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518
 	github.com/square/go-jose v2.3.1+incompatible
-	github.com/stretchr/testify v1.3.0
+	github.com/stretchr/testify v1.4.0
 	github.com/subosito/gotenv v1.2.0 // indirect
 	github.com/tidwall/gjson v1.3.2
 	github.com/tidwall/sjson v1.0.4
@@ -70,7 +65,6 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
-	golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 // indirect
 	golang.org/x/tools v0.0.0-20191026034945-b2104f82a97d
 	gopkg.in/square/go-jose.v2 v2.3.0
 )