auth/service: use address option since router may not be configured (#1734)
This commit is contained in:
parent
a2550820d3
commit
2b506b1a2a
@ -30,10 +30,6 @@ func (s *svc) Init(opts ...auth.Option) {
|
||||
o(&s.options)
|
||||
}
|
||||
|
||||
if s.options.Client == nil {
|
||||
s.options.Client = client.DefaultClient
|
||||
}
|
||||
|
||||
s.auth = pb.NewAuthService("go.micro.auth", s.options.Client)
|
||||
s.rules = pb.NewRulesService("go.micro.auth", s.options.Client)
|
||||
|
||||
@ -60,7 +56,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
|
||||
Scopes: options.Scopes,
|
||||
Metadata: options.Metadata,
|
||||
Provider: options.Provider,
|
||||
})
|
||||
}, s.callOpts()...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -89,7 +85,7 @@ func (s *svc) Grant(rule *auth.Rule) error {
|
||||
Endpoint: rule.Resource.Endpoint,
|
||||
},
|
||||
},
|
||||
})
|
||||
}, s.callOpts()...)
|
||||
|
||||
return err
|
||||
}
|
||||
@ -98,7 +94,7 @@ func (s *svc) Grant(rule *auth.Rule) error {
|
||||
func (s *svc) Revoke(rule *auth.Rule) error {
|
||||
_, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{
|
||||
Id: rule.ID,
|
||||
})
|
||||
}, s.callOpts()...)
|
||||
|
||||
return err
|
||||
}
|
||||
@ -112,7 +108,8 @@ func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
|
||||
options.Context = context.TODO()
|
||||
}
|
||||
|
||||
rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, client.WithCache(time.Second*30))
|
||||
callOpts := append(s.callOpts(), client.WithCache(time.Second*30))
|
||||
rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, callOpts...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -149,7 +146,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
|
||||
|
||||
// the token is not a JWT or we do not have the keys to decode it,
|
||||
// fall back to the auth service
|
||||
rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token})
|
||||
rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}, s.callOpts()...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -165,7 +162,7 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
|
||||
Secret: options.Secret,
|
||||
RefreshToken: options.RefreshToken,
|
||||
TokenExpiry: int64(options.Expiry.Seconds()),
|
||||
})
|
||||
}, s.callOpts()...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -213,12 +210,21 @@ func serializeRule(r *pb.Rule) *auth.Rule {
|
||||
}
|
||||
}
|
||||
|
||||
func (s *svc) callOpts() []client.CallOption {
|
||||
return []client.CallOption{
|
||||
client.WithAddress(s.options.Addrs...),
|
||||
}
|
||||
}
|
||||
|
||||
// NewAuth returns a new instance of the Auth service
|
||||
func NewAuth(opts ...auth.Option) auth.Auth {
|
||||
options := auth.NewOptions(opts...)
|
||||
if options.Client == nil {
|
||||
options.Client = client.DefaultClient
|
||||
}
|
||||
if len(options.Addrs) == 0 {
|
||||
options.Addrs = []string{"127.0.0.1:8010"}
|
||||
}
|
||||
|
||||
return &svc{
|
||||
auth: pb.NewAuthService("go.micro.auth", options.Client),
|
||||
|
@ -272,6 +272,11 @@ var (
|
||||
EnvVars: []string{"MICRO_AUTH"},
|
||||
Usage: "Auth for role based access control, e.g. service",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "auth_address",
|
||||
EnvVars: []string{"MICRO_AUTH_ADDRESS"},
|
||||
Usage: "Comma-separated list of auth addresses",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "auth_id",
|
||||
EnvVars: []string{"MICRO_AUTH_ID"},
|
||||
@ -570,6 +575,63 @@ func (c *cmd) Before(ctx *cli.Context) error {
|
||||
microClient := wrapper.CacheClient(cacheFn, grpc.NewClient())
|
||||
microClient = wrapper.AuthClient(authFn, microClient)
|
||||
|
||||
// Setup auth options
|
||||
authOpts := []auth.Option{auth.WithClient(microClient)}
|
||||
if len(ctx.String("auth_address")) > 0 {
|
||||
authOpts = append(authOpts, auth.Addrs(ctx.String("auth_address")))
|
||||
}
|
||||
if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 {
|
||||
authOpts = append(authOpts, auth.Credentials(
|
||||
ctx.String("auth_id"), ctx.String("auth_secret"),
|
||||
))
|
||||
}
|
||||
if len(ctx.String("auth_public_key")) > 0 {
|
||||
authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key")))
|
||||
}
|
||||
if len(ctx.String("auth_private_key")) > 0 {
|
||||
authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key")))
|
||||
}
|
||||
if ns := ctx.String("service_namespace"); len(ns) > 0 {
|
||||
serverOpts = append(serverOpts, server.Namespace(ns))
|
||||
authOpts = append(authOpts, auth.Issuer(ns))
|
||||
}
|
||||
if name := ctx.String("auth_provider"); len(name) > 0 {
|
||||
p, ok := DefaultAuthProviders[name]
|
||||
if !ok {
|
||||
logger.Fatalf("AuthProvider %s not found", name)
|
||||
}
|
||||
|
||||
var provOpts []provider.Option
|
||||
clientID := ctx.String("auth_provider_client_id")
|
||||
clientSecret := ctx.String("auth_provider_client_secret")
|
||||
if len(clientID) > 0 || len(clientSecret) > 0 {
|
||||
provOpts = append(provOpts, provider.Credentials(clientID, clientSecret))
|
||||
}
|
||||
if e := ctx.String("auth_provider_endpoint"); len(e) > 0 {
|
||||
provOpts = append(provOpts, provider.Endpoint(e))
|
||||
}
|
||||
if r := ctx.String("auth_provider_redirect"); len(r) > 0 {
|
||||
provOpts = append(provOpts, provider.Redirect(r))
|
||||
}
|
||||
if s := ctx.String("auth_provider_scope"); len(s) > 0 {
|
||||
provOpts = append(provOpts, provider.Scope(s))
|
||||
}
|
||||
|
||||
authOpts = append(authOpts, auth.Provider(p(provOpts...)))
|
||||
}
|
||||
|
||||
// Set the auth
|
||||
if name := ctx.String("auth"); len(name) > 0 {
|
||||
a, ok := c.opts.Auths[name]
|
||||
if !ok {
|
||||
logger.Fatalf("Unsupported auth: %s", name)
|
||||
}
|
||||
*c.opts.Auth = a(authOpts...)
|
||||
serverOpts = append(serverOpts, server.Auth(*c.opts.Auth))
|
||||
} else if len(authOpts) > 0 {
|
||||
(*c.opts.Auth).Init(authOpts...)
|
||||
}
|
||||
|
||||
// Set the router, this must happen before the rest of the server as it'll route server requests
|
||||
// such as go.micro.config if no address is specified
|
||||
routerOpts := []router.Option{
|
||||
@ -661,60 +723,6 @@ func (c *cmd) Before(ctx *cli.Context) error {
|
||||
registryOpts = append(registryOpts, registry.Addrs(addresses...))
|
||||
}
|
||||
|
||||
// Setup auth options
|
||||
authOpts := []auth.Option{auth.WithClient(microClient)}
|
||||
if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 {
|
||||
authOpts = append(authOpts, auth.Credentials(
|
||||
ctx.String("auth_id"), ctx.String("auth_secret"),
|
||||
))
|
||||
}
|
||||
if len(ctx.String("auth_public_key")) > 0 {
|
||||
authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key")))
|
||||
}
|
||||
if len(ctx.String("auth_private_key")) > 0 {
|
||||
authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key")))
|
||||
}
|
||||
if ns := ctx.String("service_namespace"); len(ns) > 0 {
|
||||
serverOpts = append(serverOpts, server.Namespace(ns))
|
||||
authOpts = append(authOpts, auth.Issuer(ns))
|
||||
}
|
||||
if name := ctx.String("auth_provider"); len(name) > 0 {
|
||||
p, ok := DefaultAuthProviders[name]
|
||||
if !ok {
|
||||
logger.Fatalf("AuthProvider %s not found", name)
|
||||
}
|
||||
|
||||
var provOpts []provider.Option
|
||||
clientID := ctx.String("auth_provider_client_id")
|
||||
clientSecret := ctx.String("auth_provider_client_secret")
|
||||
if len(clientID) > 0 || len(clientSecret) > 0 {
|
||||
provOpts = append(provOpts, provider.Credentials(clientID, clientSecret))
|
||||
}
|
||||
if e := ctx.String("auth_provider_endpoint"); len(e) > 0 {
|
||||
provOpts = append(provOpts, provider.Endpoint(e))
|
||||
}
|
||||
if r := ctx.String("auth_provider_redirect"); len(r) > 0 {
|
||||
provOpts = append(provOpts, provider.Redirect(r))
|
||||
}
|
||||
if s := ctx.String("auth_provider_scope"); len(s) > 0 {
|
||||
provOpts = append(provOpts, provider.Scope(s))
|
||||
}
|
||||
|
||||
authOpts = append(authOpts, auth.Provider(p(provOpts...)))
|
||||
}
|
||||
|
||||
// Set the auth
|
||||
if name := ctx.String("auth"); len(name) > 0 {
|
||||
a, ok := c.opts.Auths[name]
|
||||
if !ok {
|
||||
logger.Fatalf("Unsupported auth: %s", name)
|
||||
}
|
||||
*c.opts.Auth = a(authOpts...)
|
||||
serverOpts = append(serverOpts, server.Auth(*c.opts.Auth))
|
||||
} else if len(authOpts) > 0 {
|
||||
(*c.opts.Auth).Init(authOpts...)
|
||||
}
|
||||
|
||||
// Setup selector options
|
||||
selectorOpts := []selector.Option{selector.Registry(*c.opts.Registry)}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user