This uses a provide() function in server/server.go, to push the
necessary oauth2.Provider and oauth2.Mux into the scope of the
server.Mux. This allows the server.Mux to configure its routes without
caring which Providers are enabled, which switches/ENVs are set etc. It
configures its routes optimistically and leaves the higher-order logic
to decide whether to actually invoke the logic used by the mux to
configure routes for that provider.
This allows operators to permit access to Chronograf only to users belonging
to a set of specific Heroku organizations. This is controlled using the
HEROKU_ORGS env or the --heroku-organizations switch.
If a --token-secret, --heroku-client-id, and --heroku-secret are
provided to Chronograf, it will add Heroku as an OAuth2 provider. These
tokens can be obtained (as of this writing) by visiting your "manage
account" page, navigating to "Applications," and then clicking "Register
New API Client" under the "API Clients" section.
Since this is a flag that is being accepted by the application, it makes
sense to group it with the other flags. Also, the `json` struct tag was
a remnant from an earlier attempt at implementing this feature, and is
no longer necessary.
Using my existing layout chaining, I added layouts wrapped in
go-bindata as the last option for loading layouts. This means
that the data store is preferred over file system over bindata.
With this functionality, we can simply distribute the single-file
binary.
Tim Raymond
Chris Goller
gunnaraasen
Mark Rushakoff
Jack Zampolin
Jade McGough
Will Piers
Ross McDonald