auth/service: use address option since router may not be configured (#1734)
This commit is contained in:
parent
a2550820d3
commit
2b506b1a2a
@ -30,10 +30,6 @@ func (s *svc) Init(opts ...auth.Option) {
|
|||||||
o(&s.options)
|
o(&s.options)
|
||||||
}
|
}
|
||||||
|
|
||||||
if s.options.Client == nil {
|
|
||||||
s.options.Client = client.DefaultClient
|
|
||||||
}
|
|
||||||
|
|
||||||
s.auth = pb.NewAuthService("go.micro.auth", s.options.Client)
|
s.auth = pb.NewAuthService("go.micro.auth", s.options.Client)
|
||||||
s.rules = pb.NewRulesService("go.micro.auth", s.options.Client)
|
s.rules = pb.NewRulesService("go.micro.auth", s.options.Client)
|
||||||
|
|
||||||
@ -60,7 +56,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
|
|||||||
Scopes: options.Scopes,
|
Scopes: options.Scopes,
|
||||||
Metadata: options.Metadata,
|
Metadata: options.Metadata,
|
||||||
Provider: options.Provider,
|
Provider: options.Provider,
|
||||||
})
|
}, s.callOpts()...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -89,7 +85,7 @@ func (s *svc) Grant(rule *auth.Rule) error {
|
|||||||
Endpoint: rule.Resource.Endpoint,
|
Endpoint: rule.Resource.Endpoint,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
})
|
}, s.callOpts()...)
|
||||||
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -98,7 +94,7 @@ func (s *svc) Grant(rule *auth.Rule) error {
|
|||||||
func (s *svc) Revoke(rule *auth.Rule) error {
|
func (s *svc) Revoke(rule *auth.Rule) error {
|
||||||
_, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{
|
_, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{
|
||||||
Id: rule.ID,
|
Id: rule.ID,
|
||||||
})
|
}, s.callOpts()...)
|
||||||
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -112,7 +108,8 @@ func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
|
|||||||
options.Context = context.TODO()
|
options.Context = context.TODO()
|
||||||
}
|
}
|
||||||
|
|
||||||
rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, client.WithCache(time.Second*30))
|
callOpts := append(s.callOpts(), client.WithCache(time.Second*30))
|
||||||
|
rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, callOpts...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -149,7 +146,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
|
|||||||
|
|
||||||
// the token is not a JWT or we do not have the keys to decode it,
|
// the token is not a JWT or we do not have the keys to decode it,
|
||||||
// fall back to the auth service
|
// fall back to the auth service
|
||||||
rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token})
|
rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}, s.callOpts()...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -165,7 +162,7 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
|
|||||||
Secret: options.Secret,
|
Secret: options.Secret,
|
||||||
RefreshToken: options.RefreshToken,
|
RefreshToken: options.RefreshToken,
|
||||||
TokenExpiry: int64(options.Expiry.Seconds()),
|
TokenExpiry: int64(options.Expiry.Seconds()),
|
||||||
})
|
}, s.callOpts()...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -213,12 +210,21 @@ func serializeRule(r *pb.Rule) *auth.Rule {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *svc) callOpts() []client.CallOption {
|
||||||
|
return []client.CallOption{
|
||||||
|
client.WithAddress(s.options.Addrs...),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// NewAuth returns a new instance of the Auth service
|
// NewAuth returns a new instance of the Auth service
|
||||||
func NewAuth(opts ...auth.Option) auth.Auth {
|
func NewAuth(opts ...auth.Option) auth.Auth {
|
||||||
options := auth.NewOptions(opts...)
|
options := auth.NewOptions(opts...)
|
||||||
if options.Client == nil {
|
if options.Client == nil {
|
||||||
options.Client = client.DefaultClient
|
options.Client = client.DefaultClient
|
||||||
}
|
}
|
||||||
|
if len(options.Addrs) == 0 {
|
||||||
|
options.Addrs = []string{"127.0.0.1:8010"}
|
||||||
|
}
|
||||||
|
|
||||||
return &svc{
|
return &svc{
|
||||||
auth: pb.NewAuthService("go.micro.auth", options.Client),
|
auth: pb.NewAuthService("go.micro.auth", options.Client),
|
||||||
|
@ -272,6 +272,11 @@ var (
|
|||||||
EnvVars: []string{"MICRO_AUTH"},
|
EnvVars: []string{"MICRO_AUTH"},
|
||||||
Usage: "Auth for role based access control, e.g. service",
|
Usage: "Auth for role based access control, e.g. service",
|
||||||
},
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "auth_address",
|
||||||
|
EnvVars: []string{"MICRO_AUTH_ADDRESS"},
|
||||||
|
Usage: "Comma-separated list of auth addresses",
|
||||||
|
},
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "auth_id",
|
Name: "auth_id",
|
||||||
EnvVars: []string{"MICRO_AUTH_ID"},
|
EnvVars: []string{"MICRO_AUTH_ID"},
|
||||||
@ -570,6 +575,63 @@ func (c *cmd) Before(ctx *cli.Context) error {
|
|||||||
microClient := wrapper.CacheClient(cacheFn, grpc.NewClient())
|
microClient := wrapper.CacheClient(cacheFn, grpc.NewClient())
|
||||||
microClient = wrapper.AuthClient(authFn, microClient)
|
microClient = wrapper.AuthClient(authFn, microClient)
|
||||||
|
|
||||||
|
// Setup auth options
|
||||||
|
authOpts := []auth.Option{auth.WithClient(microClient)}
|
||||||
|
if len(ctx.String("auth_address")) > 0 {
|
||||||
|
authOpts = append(authOpts, auth.Addrs(ctx.String("auth_address")))
|
||||||
|
}
|
||||||
|
if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 {
|
||||||
|
authOpts = append(authOpts, auth.Credentials(
|
||||||
|
ctx.String("auth_id"), ctx.String("auth_secret"),
|
||||||
|
))
|
||||||
|
}
|
||||||
|
if len(ctx.String("auth_public_key")) > 0 {
|
||||||
|
authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key")))
|
||||||
|
}
|
||||||
|
if len(ctx.String("auth_private_key")) > 0 {
|
||||||
|
authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key")))
|
||||||
|
}
|
||||||
|
if ns := ctx.String("service_namespace"); len(ns) > 0 {
|
||||||
|
serverOpts = append(serverOpts, server.Namespace(ns))
|
||||||
|
authOpts = append(authOpts, auth.Issuer(ns))
|
||||||
|
}
|
||||||
|
if name := ctx.String("auth_provider"); len(name) > 0 {
|
||||||
|
p, ok := DefaultAuthProviders[name]
|
||||||
|
if !ok {
|
||||||
|
logger.Fatalf("AuthProvider %s not found", name)
|
||||||
|
}
|
||||||
|
|
||||||
|
var provOpts []provider.Option
|
||||||
|
clientID := ctx.String("auth_provider_client_id")
|
||||||
|
clientSecret := ctx.String("auth_provider_client_secret")
|
||||||
|
if len(clientID) > 0 || len(clientSecret) > 0 {
|
||||||
|
provOpts = append(provOpts, provider.Credentials(clientID, clientSecret))
|
||||||
|
}
|
||||||
|
if e := ctx.String("auth_provider_endpoint"); len(e) > 0 {
|
||||||
|
provOpts = append(provOpts, provider.Endpoint(e))
|
||||||
|
}
|
||||||
|
if r := ctx.String("auth_provider_redirect"); len(r) > 0 {
|
||||||
|
provOpts = append(provOpts, provider.Redirect(r))
|
||||||
|
}
|
||||||
|
if s := ctx.String("auth_provider_scope"); len(s) > 0 {
|
||||||
|
provOpts = append(provOpts, provider.Scope(s))
|
||||||
|
}
|
||||||
|
|
||||||
|
authOpts = append(authOpts, auth.Provider(p(provOpts...)))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set the auth
|
||||||
|
if name := ctx.String("auth"); len(name) > 0 {
|
||||||
|
a, ok := c.opts.Auths[name]
|
||||||
|
if !ok {
|
||||||
|
logger.Fatalf("Unsupported auth: %s", name)
|
||||||
|
}
|
||||||
|
*c.opts.Auth = a(authOpts...)
|
||||||
|
serverOpts = append(serverOpts, server.Auth(*c.opts.Auth))
|
||||||
|
} else if len(authOpts) > 0 {
|
||||||
|
(*c.opts.Auth).Init(authOpts...)
|
||||||
|
}
|
||||||
|
|
||||||
// Set the router, this must happen before the rest of the server as it'll route server requests
|
// Set the router, this must happen before the rest of the server as it'll route server requests
|
||||||
// such as go.micro.config if no address is specified
|
// such as go.micro.config if no address is specified
|
||||||
routerOpts := []router.Option{
|
routerOpts := []router.Option{
|
||||||
@ -661,60 +723,6 @@ func (c *cmd) Before(ctx *cli.Context) error {
|
|||||||
registryOpts = append(registryOpts, registry.Addrs(addresses...))
|
registryOpts = append(registryOpts, registry.Addrs(addresses...))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Setup auth options
|
|
||||||
authOpts := []auth.Option{auth.WithClient(microClient)}
|
|
||||||
if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 {
|
|
||||||
authOpts = append(authOpts, auth.Credentials(
|
|
||||||
ctx.String("auth_id"), ctx.String("auth_secret"),
|
|
||||||
))
|
|
||||||
}
|
|
||||||
if len(ctx.String("auth_public_key")) > 0 {
|
|
||||||
authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key")))
|
|
||||||
}
|
|
||||||
if len(ctx.String("auth_private_key")) > 0 {
|
|
||||||
authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key")))
|
|
||||||
}
|
|
||||||
if ns := ctx.String("service_namespace"); len(ns) > 0 {
|
|
||||||
serverOpts = append(serverOpts, server.Namespace(ns))
|
|
||||||
authOpts = append(authOpts, auth.Issuer(ns))
|
|
||||||
}
|
|
||||||
if name := ctx.String("auth_provider"); len(name) > 0 {
|
|
||||||
p, ok := DefaultAuthProviders[name]
|
|
||||||
if !ok {
|
|
||||||
logger.Fatalf("AuthProvider %s not found", name)
|
|
||||||
}
|
|
||||||
|
|
||||||
var provOpts []provider.Option
|
|
||||||
clientID := ctx.String("auth_provider_client_id")
|
|
||||||
clientSecret := ctx.String("auth_provider_client_secret")
|
|
||||||
if len(clientID) > 0 || len(clientSecret) > 0 {
|
|
||||||
provOpts = append(provOpts, provider.Credentials(clientID, clientSecret))
|
|
||||||
}
|
|
||||||
if e := ctx.String("auth_provider_endpoint"); len(e) > 0 {
|
|
||||||
provOpts = append(provOpts, provider.Endpoint(e))
|
|
||||||
}
|
|
||||||
if r := ctx.String("auth_provider_redirect"); len(r) > 0 {
|
|
||||||
provOpts = append(provOpts, provider.Redirect(r))
|
|
||||||
}
|
|
||||||
if s := ctx.String("auth_provider_scope"); len(s) > 0 {
|
|
||||||
provOpts = append(provOpts, provider.Scope(s))
|
|
||||||
}
|
|
||||||
|
|
||||||
authOpts = append(authOpts, auth.Provider(p(provOpts...)))
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set the auth
|
|
||||||
if name := ctx.String("auth"); len(name) > 0 {
|
|
||||||
a, ok := c.opts.Auths[name]
|
|
||||||
if !ok {
|
|
||||||
logger.Fatalf("Unsupported auth: %s", name)
|
|
||||||
}
|
|
||||||
*c.opts.Auth = a(authOpts...)
|
|
||||||
serverOpts = append(serverOpts, server.Auth(*c.opts.Auth))
|
|
||||||
} else if len(authOpts) > 0 {
|
|
||||||
(*c.opts.Auth).Init(authOpts...)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Setup selector options
|
// Setup selector options
|
||||||
selectorOpts := []selector.Option{selector.Registry(*c.opts.Registry)}
|
selectorOpts := []selector.Option{selector.Registry(*c.opts.Registry)}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user