From 2b506b1a2a1008940946dca5b7f3082a5934f3c9 Mon Sep 17 00:00:00 2001 From: ben-toogood Date: Wed, 24 Jun 2020 13:47:43 +0100 Subject: [PATCH] auth/service: use address option since router may not be configured (#1734) --- auth/service/service.go | 26 +++++---- config/cmd/cmd.go | 116 +++++++++++++++++++++------------------- 2 files changed, 78 insertions(+), 64 deletions(-) diff --git a/auth/service/service.go b/auth/service/service.go index 9c3bd323..ddf7acf2 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -30,10 +30,6 @@ func (s *svc) Init(opts ...auth.Option) { o(&s.options) } - if s.options.Client == nil { - s.options.Client = client.DefaultClient - } - s.auth = pb.NewAuthService("go.micro.auth", s.options.Client) s.rules = pb.NewRulesService("go.micro.auth", s.options.Client) @@ -60,7 +56,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e Scopes: options.Scopes, Metadata: options.Metadata, Provider: options.Provider, - }) + }, s.callOpts()...) if err != nil { return nil, err } @@ -89,7 +85,7 @@ func (s *svc) Grant(rule *auth.Rule) error { Endpoint: rule.Resource.Endpoint, }, }, - }) + }, s.callOpts()...) return err } @@ -98,7 +94,7 @@ func (s *svc) Grant(rule *auth.Rule) error { func (s *svc) Revoke(rule *auth.Rule) error { _, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{ Id: rule.ID, - }) + }, s.callOpts()...) return err } @@ -112,7 +108,8 @@ func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) { options.Context = context.TODO() } - rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, client.WithCache(time.Second*30)) + callOpts := append(s.callOpts(), client.WithCache(time.Second*30)) + rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, callOpts...) if err != nil { return nil, err } @@ -149,7 +146,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) { // the token is not a JWT or we do not have the keys to decode it, // fall back to the auth service - rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}) + rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}, s.callOpts()...) if err != nil { return nil, err } @@ -165,7 +162,7 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) { Secret: options.Secret, RefreshToken: options.RefreshToken, TokenExpiry: int64(options.Expiry.Seconds()), - }) + }, s.callOpts()...) if err != nil { return nil, err } @@ -213,12 +210,21 @@ func serializeRule(r *pb.Rule) *auth.Rule { } } +func (s *svc) callOpts() []client.CallOption { + return []client.CallOption{ + client.WithAddress(s.options.Addrs...), + } +} + // NewAuth returns a new instance of the Auth service func NewAuth(opts ...auth.Option) auth.Auth { options := auth.NewOptions(opts...) if options.Client == nil { options.Client = client.DefaultClient } + if len(options.Addrs) == 0 { + options.Addrs = []string{"127.0.0.1:8010"} + } return &svc{ auth: pb.NewAuthService("go.micro.auth", options.Client), diff --git a/config/cmd/cmd.go b/config/cmd/cmd.go index 6c8cbb91..ffb4dc1c 100644 --- a/config/cmd/cmd.go +++ b/config/cmd/cmd.go @@ -272,6 +272,11 @@ var ( EnvVars: []string{"MICRO_AUTH"}, Usage: "Auth for role based access control, e.g. service", }, + &cli.StringFlag{ + Name: "auth_address", + EnvVars: []string{"MICRO_AUTH_ADDRESS"}, + Usage: "Comma-separated list of auth addresses", + }, &cli.StringFlag{ Name: "auth_id", EnvVars: []string{"MICRO_AUTH_ID"}, @@ -570,6 +575,63 @@ func (c *cmd) Before(ctx *cli.Context) error { microClient := wrapper.CacheClient(cacheFn, grpc.NewClient()) microClient = wrapper.AuthClient(authFn, microClient) + // Setup auth options + authOpts := []auth.Option{auth.WithClient(microClient)} + if len(ctx.String("auth_address")) > 0 { + authOpts = append(authOpts, auth.Addrs(ctx.String("auth_address"))) + } + if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 { + authOpts = append(authOpts, auth.Credentials( + ctx.String("auth_id"), ctx.String("auth_secret"), + )) + } + if len(ctx.String("auth_public_key")) > 0 { + authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key"))) + } + if len(ctx.String("auth_private_key")) > 0 { + authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key"))) + } + if ns := ctx.String("service_namespace"); len(ns) > 0 { + serverOpts = append(serverOpts, server.Namespace(ns)) + authOpts = append(authOpts, auth.Issuer(ns)) + } + if name := ctx.String("auth_provider"); len(name) > 0 { + p, ok := DefaultAuthProviders[name] + if !ok { + logger.Fatalf("AuthProvider %s not found", name) + } + + var provOpts []provider.Option + clientID := ctx.String("auth_provider_client_id") + clientSecret := ctx.String("auth_provider_client_secret") + if len(clientID) > 0 || len(clientSecret) > 0 { + provOpts = append(provOpts, provider.Credentials(clientID, clientSecret)) + } + if e := ctx.String("auth_provider_endpoint"); len(e) > 0 { + provOpts = append(provOpts, provider.Endpoint(e)) + } + if r := ctx.String("auth_provider_redirect"); len(r) > 0 { + provOpts = append(provOpts, provider.Redirect(r)) + } + if s := ctx.String("auth_provider_scope"); len(s) > 0 { + provOpts = append(provOpts, provider.Scope(s)) + } + + authOpts = append(authOpts, auth.Provider(p(provOpts...))) + } + + // Set the auth + if name := ctx.String("auth"); len(name) > 0 { + a, ok := c.opts.Auths[name] + if !ok { + logger.Fatalf("Unsupported auth: %s", name) + } + *c.opts.Auth = a(authOpts...) + serverOpts = append(serverOpts, server.Auth(*c.opts.Auth)) + } else if len(authOpts) > 0 { + (*c.opts.Auth).Init(authOpts...) + } + // Set the router, this must happen before the rest of the server as it'll route server requests // such as go.micro.config if no address is specified routerOpts := []router.Option{ @@ -661,60 +723,6 @@ func (c *cmd) Before(ctx *cli.Context) error { registryOpts = append(registryOpts, registry.Addrs(addresses...)) } - // Setup auth options - authOpts := []auth.Option{auth.WithClient(microClient)} - if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 { - authOpts = append(authOpts, auth.Credentials( - ctx.String("auth_id"), ctx.String("auth_secret"), - )) - } - if len(ctx.String("auth_public_key")) > 0 { - authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key"))) - } - if len(ctx.String("auth_private_key")) > 0 { - authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key"))) - } - if ns := ctx.String("service_namespace"); len(ns) > 0 { - serverOpts = append(serverOpts, server.Namespace(ns)) - authOpts = append(authOpts, auth.Issuer(ns)) - } - if name := ctx.String("auth_provider"); len(name) > 0 { - p, ok := DefaultAuthProviders[name] - if !ok { - logger.Fatalf("AuthProvider %s not found", name) - } - - var provOpts []provider.Option - clientID := ctx.String("auth_provider_client_id") - clientSecret := ctx.String("auth_provider_client_secret") - if len(clientID) > 0 || len(clientSecret) > 0 { - provOpts = append(provOpts, provider.Credentials(clientID, clientSecret)) - } - if e := ctx.String("auth_provider_endpoint"); len(e) > 0 { - provOpts = append(provOpts, provider.Endpoint(e)) - } - if r := ctx.String("auth_provider_redirect"); len(r) > 0 { - provOpts = append(provOpts, provider.Redirect(r)) - } - if s := ctx.String("auth_provider_scope"); len(s) > 0 { - provOpts = append(provOpts, provider.Scope(s)) - } - - authOpts = append(authOpts, auth.Provider(p(provOpts...))) - } - - // Set the auth - if name := ctx.String("auth"); len(name) > 0 { - a, ok := c.opts.Auths[name] - if !ok { - logger.Fatalf("Unsupported auth: %s", name) - } - *c.opts.Auth = a(authOpts...) - serverOpts = append(serverOpts, server.Auth(*c.opts.Auth)) - } else if len(authOpts) > 0 { - (*c.opts.Auth).Init(authOpts...) - } - // Setup selector options selectorOpts := []selector.Option{selector.Registry(*c.opts.Registry)}