auth/service: use address option since router may not be configured (#1734)

This commit is contained in:
ben-toogood 2020-06-24 13:47:43 +01:00 committed by GitHub
parent a2550820d3
commit 2b506b1a2a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 78 additions and 64 deletions

View File

@ -30,10 +30,6 @@ func (s *svc) Init(opts ...auth.Option) {
o(&s.options) o(&s.options)
} }
if s.options.Client == nil {
s.options.Client = client.DefaultClient
}
s.auth = pb.NewAuthService("go.micro.auth", s.options.Client) s.auth = pb.NewAuthService("go.micro.auth", s.options.Client)
s.rules = pb.NewRulesService("go.micro.auth", s.options.Client) s.rules = pb.NewRulesService("go.micro.auth", s.options.Client)
@ -60,7 +56,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
Scopes: options.Scopes, Scopes: options.Scopes,
Metadata: options.Metadata, Metadata: options.Metadata,
Provider: options.Provider, Provider: options.Provider,
}) }, s.callOpts()...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -89,7 +85,7 @@ func (s *svc) Grant(rule *auth.Rule) error {
Endpoint: rule.Resource.Endpoint, Endpoint: rule.Resource.Endpoint,
}, },
}, },
}) }, s.callOpts()...)
return err return err
} }
@ -98,7 +94,7 @@ func (s *svc) Grant(rule *auth.Rule) error {
func (s *svc) Revoke(rule *auth.Rule) error { func (s *svc) Revoke(rule *auth.Rule) error {
_, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{ _, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{
Id: rule.ID, Id: rule.ID,
}) }, s.callOpts()...)
return err return err
} }
@ -112,7 +108,8 @@ func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
options.Context = context.TODO() options.Context = context.TODO()
} }
rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, client.WithCache(time.Second*30)) callOpts := append(s.callOpts(), client.WithCache(time.Second*30))
rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, callOpts...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -149,7 +146,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
// the token is not a JWT or we do not have the keys to decode it, // the token is not a JWT or we do not have the keys to decode it,
// fall back to the auth service // fall back to the auth service
rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}) rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}, s.callOpts()...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -165,7 +162,7 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
Secret: options.Secret, Secret: options.Secret,
RefreshToken: options.RefreshToken, RefreshToken: options.RefreshToken,
TokenExpiry: int64(options.Expiry.Seconds()), TokenExpiry: int64(options.Expiry.Seconds()),
}) }, s.callOpts()...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -213,12 +210,21 @@ func serializeRule(r *pb.Rule) *auth.Rule {
} }
} }
func (s *svc) callOpts() []client.CallOption {
return []client.CallOption{
client.WithAddress(s.options.Addrs...),
}
}
// NewAuth returns a new instance of the Auth service // NewAuth returns a new instance of the Auth service
func NewAuth(opts ...auth.Option) auth.Auth { func NewAuth(opts ...auth.Option) auth.Auth {
options := auth.NewOptions(opts...) options := auth.NewOptions(opts...)
if options.Client == nil { if options.Client == nil {
options.Client = client.DefaultClient options.Client = client.DefaultClient
} }
if len(options.Addrs) == 0 {
options.Addrs = []string{"127.0.0.1:8010"}
}
return &svc{ return &svc{
auth: pb.NewAuthService("go.micro.auth", options.Client), auth: pb.NewAuthService("go.micro.auth", options.Client),

View File

@ -272,6 +272,11 @@ var (
EnvVars: []string{"MICRO_AUTH"}, EnvVars: []string{"MICRO_AUTH"},
Usage: "Auth for role based access control, e.g. service", Usage: "Auth for role based access control, e.g. service",
}, },
&cli.StringFlag{
Name: "auth_address",
EnvVars: []string{"MICRO_AUTH_ADDRESS"},
Usage: "Comma-separated list of auth addresses",
},
&cli.StringFlag{ &cli.StringFlag{
Name: "auth_id", Name: "auth_id",
EnvVars: []string{"MICRO_AUTH_ID"}, EnvVars: []string{"MICRO_AUTH_ID"},
@ -570,6 +575,63 @@ func (c *cmd) Before(ctx *cli.Context) error {
microClient := wrapper.CacheClient(cacheFn, grpc.NewClient()) microClient := wrapper.CacheClient(cacheFn, grpc.NewClient())
microClient = wrapper.AuthClient(authFn, microClient) microClient = wrapper.AuthClient(authFn, microClient)
// Setup auth options
authOpts := []auth.Option{auth.WithClient(microClient)}
if len(ctx.String("auth_address")) > 0 {
authOpts = append(authOpts, auth.Addrs(ctx.String("auth_address")))
}
if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 {
authOpts = append(authOpts, auth.Credentials(
ctx.String("auth_id"), ctx.String("auth_secret"),
))
}
if len(ctx.String("auth_public_key")) > 0 {
authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key")))
}
if len(ctx.String("auth_private_key")) > 0 {
authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key")))
}
if ns := ctx.String("service_namespace"); len(ns) > 0 {
serverOpts = append(serverOpts, server.Namespace(ns))
authOpts = append(authOpts, auth.Issuer(ns))
}
if name := ctx.String("auth_provider"); len(name) > 0 {
p, ok := DefaultAuthProviders[name]
if !ok {
logger.Fatalf("AuthProvider %s not found", name)
}
var provOpts []provider.Option
clientID := ctx.String("auth_provider_client_id")
clientSecret := ctx.String("auth_provider_client_secret")
if len(clientID) > 0 || len(clientSecret) > 0 {
provOpts = append(provOpts, provider.Credentials(clientID, clientSecret))
}
if e := ctx.String("auth_provider_endpoint"); len(e) > 0 {
provOpts = append(provOpts, provider.Endpoint(e))
}
if r := ctx.String("auth_provider_redirect"); len(r) > 0 {
provOpts = append(provOpts, provider.Redirect(r))
}
if s := ctx.String("auth_provider_scope"); len(s) > 0 {
provOpts = append(provOpts, provider.Scope(s))
}
authOpts = append(authOpts, auth.Provider(p(provOpts...)))
}
// Set the auth
if name := ctx.String("auth"); len(name) > 0 {
a, ok := c.opts.Auths[name]
if !ok {
logger.Fatalf("Unsupported auth: %s", name)
}
*c.opts.Auth = a(authOpts...)
serverOpts = append(serverOpts, server.Auth(*c.opts.Auth))
} else if len(authOpts) > 0 {
(*c.opts.Auth).Init(authOpts...)
}
// Set the router, this must happen before the rest of the server as it'll route server requests // Set the router, this must happen before the rest of the server as it'll route server requests
// such as go.micro.config if no address is specified // such as go.micro.config if no address is specified
routerOpts := []router.Option{ routerOpts := []router.Option{
@ -661,60 +723,6 @@ func (c *cmd) Before(ctx *cli.Context) error {
registryOpts = append(registryOpts, registry.Addrs(addresses...)) registryOpts = append(registryOpts, registry.Addrs(addresses...))
} }
// Setup auth options
authOpts := []auth.Option{auth.WithClient(microClient)}
if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 {
authOpts = append(authOpts, auth.Credentials(
ctx.String("auth_id"), ctx.String("auth_secret"),
))
}
if len(ctx.String("auth_public_key")) > 0 {
authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key")))
}
if len(ctx.String("auth_private_key")) > 0 {
authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key")))
}
if ns := ctx.String("service_namespace"); len(ns) > 0 {
serverOpts = append(serverOpts, server.Namespace(ns))
authOpts = append(authOpts, auth.Issuer(ns))
}
if name := ctx.String("auth_provider"); len(name) > 0 {
p, ok := DefaultAuthProviders[name]
if !ok {
logger.Fatalf("AuthProvider %s not found", name)
}
var provOpts []provider.Option
clientID := ctx.String("auth_provider_client_id")
clientSecret := ctx.String("auth_provider_client_secret")
if len(clientID) > 0 || len(clientSecret) > 0 {
provOpts = append(provOpts, provider.Credentials(clientID, clientSecret))
}
if e := ctx.String("auth_provider_endpoint"); len(e) > 0 {
provOpts = append(provOpts, provider.Endpoint(e))
}
if r := ctx.String("auth_provider_redirect"); len(r) > 0 {
provOpts = append(provOpts, provider.Redirect(r))
}
if s := ctx.String("auth_provider_scope"); len(s) > 0 {
provOpts = append(provOpts, provider.Scope(s))
}
authOpts = append(authOpts, auth.Provider(p(provOpts...)))
}
// Set the auth
if name := ctx.String("auth"); len(name) > 0 {
a, ok := c.opts.Auths[name]
if !ok {
logger.Fatalf("Unsupported auth: %s", name)
}
*c.opts.Auth = a(authOpts...)
serverOpts = append(serverOpts, server.Auth(*c.opts.Auth))
} else if len(authOpts) > 0 {
(*c.opts.Auth).Init(authOpts...)
}
// Setup selector options // Setup selector options
selectorOpts := []selector.Option{selector.Registry(*c.opts.Registry)} selectorOpts := []selector.Option{selector.Registry(*c.opts.Registry)}