auth/service: use address option since router may not be configured (#1734)

auth/service/service.go

@@ -30,10 +30,6 @@ func (s *svc) Init(opts ...auth.Option) {
 		o(&s.options)
 	}
 
-	if s.options.Client == nil {
-		s.options.Client = client.DefaultClient
-	}
-
 	s.auth = pb.NewAuthService("go.micro.auth", s.options.Client)
 	s.rules = pb.NewRulesService("go.micro.auth", s.options.Client)
 
@@ -60,7 +56,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
 		Scopes:   options.Scopes,
 		Metadata: options.Metadata,
 		Provider: options.Provider,
-	})
+	}, s.callOpts()...)
 	if err != nil {
 		return nil, err
 	}
@@ -89,7 +85,7 @@ func (s *svc) Grant(rule *auth.Rule) error {
 				Endpoint: rule.Resource.Endpoint,
 			},
 		},
-	})
+	}, s.callOpts()...)
 
 	return err
 }
@@ -98,7 +94,7 @@ func (s *svc) Grant(rule *auth.Rule) error {
 func (s *svc) Revoke(rule *auth.Rule) error {
 	_, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{
 		Id: rule.ID,
-	})
+	}, s.callOpts()...)
 
 	return err
 }
@@ -112,7 +108,8 @@ func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
 		options.Context = context.TODO()
 	}
 
-	rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, client.WithCache(time.Second*30))
+	callOpts := append(s.callOpts(), client.WithCache(time.Second*30))
+	rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, callOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -149,7 +146,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
 
 	// the token is not a JWT or we do not have the keys to decode it,
 	// fall back to the auth service
-	rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token})
+	rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}, s.callOpts()...)
 	if err != nil {
 		return nil, err
 	}
@@ -165,7 +162,7 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
 		Secret:       options.Secret,
 		RefreshToken: options.RefreshToken,
 		TokenExpiry:  int64(options.Expiry.Seconds()),
-	})
+	}, s.callOpts()...)
 	if err != nil {
 		return nil, err
 	}
@@ -213,12 +210,21 @@ func serializeRule(r *pb.Rule) *auth.Rule {
 	}
 }
 
+func (s *svc) callOpts() []client.CallOption {
+	return []client.CallOption{
+		client.WithAddress(s.options.Addrs...),
+	}
+}
+
 // NewAuth returns a new instance of the Auth service
 func NewAuth(opts ...auth.Option) auth.Auth {
 	options := auth.NewOptions(opts...)
 	if options.Client == nil {
 		options.Client = client.DefaultClient
 	}
+	if len(options.Addrs) == 0 {
+		options.Addrs = []string{"127.0.0.1:8010"}
+	}
 
 	return &svc{
 		auth:    pb.NewAuthService("go.micro.auth", options.Client),

config/cmd/cmd.go

@@ -272,6 +272,11 @@ var (
 			EnvVars: []string{"MICRO_AUTH"},
 			Usage:   "Auth for role based access control, e.g. service",
 		},
+		&cli.StringFlag{
+			Name:    "auth_address",
+			EnvVars: []string{"MICRO_AUTH_ADDRESS"},
+			Usage:   "Comma-separated list of auth addresses",
+		},
 		&cli.StringFlag{
 			Name:    "auth_id",
 			EnvVars: []string{"MICRO_AUTH_ID"},
@@ -570,6 +575,63 @@ func (c *cmd) Before(ctx *cli.Context) error {
 	microClient := wrapper.CacheClient(cacheFn, grpc.NewClient())
 	microClient = wrapper.AuthClient(authFn, microClient)
 
+	// Setup auth options
+	authOpts := []auth.Option{auth.WithClient(microClient)}
+	if len(ctx.String("auth_address")) > 0 {
+		authOpts = append(authOpts, auth.Addrs(ctx.String("auth_address")))
+	}
+	if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 {
+		authOpts = append(authOpts, auth.Credentials(
+			ctx.String("auth_id"), ctx.String("auth_secret"),
+		))
+	}
+	if len(ctx.String("auth_public_key")) > 0 {
+		authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key")))
+	}
+	if len(ctx.String("auth_private_key")) > 0 {
+		authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key")))
+	}
+	if ns := ctx.String("service_namespace"); len(ns) > 0 {
+		serverOpts = append(serverOpts, server.Namespace(ns))
+		authOpts = append(authOpts, auth.Issuer(ns))
+	}
+	if name := ctx.String("auth_provider"); len(name) > 0 {
+		p, ok := DefaultAuthProviders[name]
+		if !ok {
+			logger.Fatalf("AuthProvider %s not found", name)
+		}
+
+		var provOpts []provider.Option
+		clientID := ctx.String("auth_provider_client_id")
+		clientSecret := ctx.String("auth_provider_client_secret")
+		if len(clientID) > 0 || len(clientSecret) > 0 {
+			provOpts = append(provOpts, provider.Credentials(clientID, clientSecret))
+		}
+		if e := ctx.String("auth_provider_endpoint"); len(e) > 0 {
+			provOpts = append(provOpts, provider.Endpoint(e))
+		}
+		if r := ctx.String("auth_provider_redirect"); len(r) > 0 {
+			provOpts = append(provOpts, provider.Redirect(r))
+		}
+		if s := ctx.String("auth_provider_scope"); len(s) > 0 {
+			provOpts = append(provOpts, provider.Scope(s))
+		}
+
+		authOpts = append(authOpts, auth.Provider(p(provOpts...)))
+	}
+
+	// Set the auth
+	if name := ctx.String("auth"); len(name) > 0 {
+		a, ok := c.opts.Auths[name]
+		if !ok {
+			logger.Fatalf("Unsupported auth: %s", name)
+		}
+		*c.opts.Auth = a(authOpts...)
+		serverOpts = append(serverOpts, server.Auth(*c.opts.Auth))
+	} else if len(authOpts) > 0 {
+		(*c.opts.Auth).Init(authOpts...)
+	}
+
 	// Set the router, this must happen before the rest of the server as it'll route server requests
 	// such as go.micro.config if no address is specified
 	routerOpts := []router.Option{
@@ -661,60 +723,6 @@ func (c *cmd) Before(ctx *cli.Context) error {
 		registryOpts = append(registryOpts, registry.Addrs(addresses...))
 	}
 
-	// Setup auth options
-	authOpts := []auth.Option{auth.WithClient(microClient)}
-	if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 {
-		authOpts = append(authOpts, auth.Credentials(
-			ctx.String("auth_id"), ctx.String("auth_secret"),
-		))
-	}
-	if len(ctx.String("auth_public_key")) > 0 {
-		authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key")))
-	}
-	if len(ctx.String("auth_private_key")) > 0 {
-		authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key")))
-	}
-	if ns := ctx.String("service_namespace"); len(ns) > 0 {
-		serverOpts = append(serverOpts, server.Namespace(ns))
-		authOpts = append(authOpts, auth.Issuer(ns))
-	}
-	if name := ctx.String("auth_provider"); len(name) > 0 {
-		p, ok := DefaultAuthProviders[name]
-		if !ok {
-			logger.Fatalf("AuthProvider %s not found", name)
-		}
-
-		var provOpts []provider.Option
-		clientID := ctx.String("auth_provider_client_id")
-		clientSecret := ctx.String("auth_provider_client_secret")
-		if len(clientID) > 0 || len(clientSecret) > 0 {
-			provOpts = append(provOpts, provider.Credentials(clientID, clientSecret))
-		}
-		if e := ctx.String("auth_provider_endpoint"); len(e) > 0 {
-			provOpts = append(provOpts, provider.Endpoint(e))
-		}
-		if r := ctx.String("auth_provider_redirect"); len(r) > 0 {
-			provOpts = append(provOpts, provider.Redirect(r))
-		}
-		if s := ctx.String("auth_provider_scope"); len(s) > 0 {
-			provOpts = append(provOpts, provider.Scope(s))
-		}
-
-		authOpts = append(authOpts, auth.Provider(p(provOpts...)))
-	}
-
-	// Set the auth
-	if name := ctx.String("auth"); len(name) > 0 {
-		a, ok := c.opts.Auths[name]
-		if !ok {
-			logger.Fatalf("Unsupported auth: %s", name)
-		}
-		*c.opts.Auth = a(authOpts...)
-		serverOpts = append(serverOpts, server.Auth(*c.opts.Auth))
-	} else if len(authOpts) > 0 {
-		(*c.opts.Auth).Init(authOpts...)
-	}
-
 	// Setup selector options
 	selectorOpts := []selector.Option{selector.Registry(*c.opts.Registry)}