[PR #5050] [MERGED] Add `exec` value source type #5112

New issue

Closed

opened 2026-05-05 14:54:56 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 14:54:56 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/fatedier/frp/pull/5050
Author: @Saancreed
Created: 11/10/2025
Status: ✅ Merged
Merged: 11/17/2025
Merged by: @fatedier

Base: dev ← Head: exec-value-source

📝 Commits (4)

08ac349 config: introduce ExecSource value source
540a7b0 auth: introduce OidcTokenSourceAuthProvider
28f9962 auth: use OidcTokenSourceAuthProvider if tokenSource config is present on the client
7b9639b cmd: allow exec token source only if CLI flag was passed

📊 Changes

10 files changed (+179 additions, -20 deletions)

View changed files

📝 client/admin_api.go (+1 -1)
📝 client/service.go (+5 -0)
📝 cmd/frpc/sub/proxy.go (+7 -4)
📝 cmd/frpc/sub/root.go (+20 -7)
📝 cmd/frpc/sub/verify.go (+4 -1)
📝 pkg/auth/auth.go (+7 -3)
📝 pkg/auth/oidc.go (+45 -0)
📝 pkg/config/v1/client.go (+8 -0)
📝 pkg/config/v1/validation/client.go (+16 -3)
📝 pkg/config/v1/value_source.go (+66 -1)

📄 Description

WHY

https://github.com/fatedier/frp/issues/5045

Notably, the current version:

uses simple map[string]string to represent additional environment variables
also supports dir option that allows customizing the working directory of executed process (because adding it was pretty much free)
does not consider oidc and tokenSource to be mutually exclusive; if both are present, the latter will take precedence
uses --allow-unsafe-token-source CLI flag to enable usage of exec source type but the name isn't final… and maybe file should be considered unsafe too?
requires the flag to be specified again by the caller when using reload command
doesn't have any tests or documentation changes yet, I can add them once this is considered to be an acceptable approach

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fatedier/frp/pull/5050 **Author:** [@Saancreed](https://github.com/Saancreed) **Created:** 11/10/2025 **Status:** ✅ Merged **Merged:** 11/17/2025 **Merged by:** [@fatedier](https://github.com/fatedier) **Base:** `dev` ← **Head:** `exec-value-source` --- ### 📝 Commits (4) - [`08ac349`](https://github.com/fatedier/frp/commit/08ac349e0f21fc6e5f5d69cb3d52d0d4bd966bb3) config: introduce ExecSource value source - [`540a7b0`](https://github.com/fatedier/frp/commit/540a7b0ee21105865c1512aa8b060508254d98df) auth: introduce OidcTokenSourceAuthProvider - [`28f9962`](https://github.com/fatedier/frp/commit/28f99621336571d4e0075aee228e6f670dbacdec) auth: use OidcTokenSourceAuthProvider if tokenSource config is present on the client - [`7b9639b`](https://github.com/fatedier/frp/commit/7b9639b528551555e3e85ba3cee7de3cf824cdb7) cmd: allow exec token source only if CLI flag was passed ### 📊 Changes **10 files changed** (+179 additions, -20 deletions) <details> <summary>View changed files</summary> 📝 `client/admin_api.go` (+1 -1) 📝 `client/service.go` (+5 -0) 📝 `cmd/frpc/sub/proxy.go` (+7 -4) 📝 `cmd/frpc/sub/root.go` (+20 -7) 📝 `cmd/frpc/sub/verify.go` (+4 -1) 📝 `pkg/auth/auth.go` (+7 -3) 📝 `pkg/auth/oidc.go` (+45 -0) 📝 `pkg/config/v1/client.go` (+8 -0) 📝 `pkg/config/v1/validation/client.go` (+16 -3) 📝 `pkg/config/v1/value_source.go` (+66 -1) </details> ### 📄 Description ### WHY https://github.com/fatedier/frp/issues/5045 Notably, the current version: * uses simple `map[string]string` to represent additional environment variables * also supports `dir` option that allows customizing the working directory of executed process (because adding it was pretty much free) * does not consider `oidc` and `tokenSource` to be mutually exclusive; if both are present, the latter will take precedence * uses `--allow-unsafe-token-source` CLI flag to enable usage of `exec` source type but the name isn't final… and maybe `file` should be considered unsafe too? * requires the flag to be specified again by the caller when using `reload` command * doesn't have any tests or documentation changes yet, I can add them once this is considered to be an acceptable approach --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>