runtime: provide credentials to services (#1817)

* runtime: inject credentials into service * util/auth: self generate accounts (needed for jwt) * runtime/kubernetes: add logging for creds * runtime/kubernetes: serialize secret name * runtime/kubernetes: remove unused code * runtime/kubernetes: base64 encode secret * runtime/kubernetes: remove metadata from secret * util/kubernetes/client: omit empty secret metadata * util/kubernetes/client: fix secret template * util/kubernetes/client: fix secrets * web: update auth util * util/auth: fix missing arg * extend token expiry * extend token expiry
2020-07-10 16:25:46 +01:00
parent 3480e0a64e
commit 09ec20fded
10 changed files with 128 additions and 23 deletions
--- a/util/auth/auth.go
+++ b/util/auth/auth.go
@@ -1,34 +1,31 @@
 package auth

 import (
-	"fmt"
 	"time"

+	"github.com/google/uuid"
 	"github.com/micro/go-micro/v2/auth"
 	"github.com/micro/go-micro/v2/logger"
 )

-// Generate generates a service account for and continually
-// refreshes the access token.
-func Generate(id, name string, a auth.Auth) error {
+// Verify the auth credentials and refresh the auth token periodicallay
+func Verify(a auth.Auth) error {
 	// extract the account creds from options, these can be set by flags
 	accID := a.Options().ID
 	accSecret := a.Options().Secret

-	// if no credentials were provided, generate an account
-	if len(accID) == 0 || len(accSecret) == 0 {
-		name := fmt.Sprintf("%v-%v", name, id)
-
+	// if no credentials were provided, self generate an account
+	if len(accID) == 0 && len(accSecret) == 0 {
 		opts := []auth.GenerateOption{
 			auth.WithType("service"),
 			auth.WithScopes("service"),
 		}

-		acc, err := a.Generate(name, opts...)
+		acc, err := a.Generate(uuid.New().String(), opts...)
 		if err != nil {
 			return err
 		}
-		logger.Debugf("Auth [%v] Authenticated as %v issued by %v", a, name, acc.Issuer)
+		logger.Debugf("Auth [%v] Self-generated an auth account", a.String())

 		accID = acc.ID
 		accSecret = acc.Secret