Add Namespace to Auth (#1438)

Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
ben-toogood 2020-03-30 09:51:37 +01:00 committed by GitHub
parent 3d7d5ce6b4
commit 4db2f5e79d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 120 additions and 64 deletions

View File

@ -68,6 +68,8 @@ type Account struct {
Roles []string `json:"roles"`
// Any other associated metadata
Metadata map[string]string `json:"metadata"`
// Namespace the account belongs to, default blank
Namespace string `json:"namespace"`
}
// Token can be short or long lived
@ -86,6 +88,8 @@ type Token struct {
Roles []string `json:"roles"`
// Metadata embedded in the token
Metadata map[string]string `json:"metadata"`
// Namespace the token belongs to
Namespace string `json:"namespace"`
}
const (

View File

@ -73,6 +73,8 @@ type GenerateOptions struct {
Roles []string
// SecretExpiry is the time the secret should live for
SecretExpiry time.Duration
// Namespace the account belongs too
Namespace string
}
type GenerateOption func(o *GenerateOptions)
@ -91,6 +93,13 @@ func WithRoles(rs ...string) GenerateOption {
}
}
// WithNamespace for the generated account
func WithNamespace(n string) GenerateOption {
return func(o *GenerateOptions) {
o.Namespace = n
}
}
// WithSecretExpiry for the generated account's secret expires
func WithSecretExpiry(ex time.Duration) GenerateOption {
return func(o *GenerateOptions) {

View File

@ -28,6 +28,7 @@ type Token struct {
Subject string `protobuf:"bytes,5,opt,name=subject,proto3" json:"subject,omitempty"`
Roles []string `protobuf:"bytes,6,rep,name=roles,proto3" json:"roles,omitempty"`
Metadata map[string]string `protobuf:"bytes,7,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
Namespace string `protobuf:"bytes,8,opt,name=namespace,proto3" json:"namespace,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@ -107,11 +108,19 @@ func (m *Token) GetMetadata() map[string]string {
return nil
}
func (m *Token) GetNamespace() string {
if m != nil {
return m.Namespace
}
return ""
}
type Account struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Secret *Token `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@ -170,6 +179,13 @@ func (m *Account) GetMetadata() map[string]string {
return nil
}
func (m *Account) GetNamespace() string {
if m != nil {
return m.Namespace
}
return ""
}
type Resource struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
@ -230,6 +246,7 @@ type GenerateRequest struct {
Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
SecretExpiry int64 `protobuf:"varint,4,opt,name=secret_expiry,json=secretExpiry,proto3" json:"secret_expiry,omitempty"`
Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@ -288,6 +305,13 @@ func (m *GenerateRequest) GetSecretExpiry() int64 {
return 0
}
func (m *GenerateRequest) GetNamespace() string {
if m != nil {
return m.Namespace
}
return ""
}
type GenerateResponse struct {
Account *Account `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
@ -671,44 +695,45 @@ func init() {
}
var fileDescriptor_b246cecfa8195ff3 = []byte{
// 612 bytes of a gzipped FileDescriptorProto
// 630 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xcd, 0x6e, 0xd3, 0x40,
0x10, 0xae, 0xed, 0x34, 0x49, 0x27, 0x4d, 0x13, 0xad, 0xaa, 0x60, 0x45, 0xa2, 0x04, 0x83, 0x50,
0x84, 0x8a, 0x83, 0xd2, 0x0b, 0xe2, 0x4f, 0x54, 0x50, 0x95, 0x1f, 0x95, 0x83, 0x85, 0x04, 0x37,
0xe4, 0x38, 0x43, 0x62, 0xd2, 0x78, 0xcd, 0x7a, 0x1d, 0x91, 0xb7, 0xe0, 0x01, 0xb9, 0x71, 0xe6,
0x1d, 0xd0, 0xae, 0x77, 0x5d, 0xc7, 0x49, 0x38, 0xf0, 0x73, 0x89, 0x66, 0x66, 0x67, 0xbf, 0x6f,
0xe6, 0x9b, 0xd9, 0x18, 0x1e, 0x4f, 0x42, 0x3e, 0x4d, 0x47, 0x6e, 0x40, 0xe7, 0x83, 0x79, 0x18,
0x30, 0x3a, 0x98, 0xd0, 0x7b, 0x99, 0xe1, 0xa7, 0x7c, 0x3a, 0x48, 0x90, 0x2d, 0xc2, 0x00, 0x07,
0x31, 0xa3, 0x5c, 0x85, 0xc4, 0x8f, 0x2b, 0x7d, 0xd2, 0x9c, 0x50, 0x57, 0x26, 0xbb, 0x22, 0xe8,
0x7c, 0x33, 0x61, 0xf7, 0x1d, 0x9d, 0x61, 0x44, 0x0e, 0x61, 0x97, 0x0b, 0xc3, 0x36, 0x7a, 0x46,
0x7f, 0xcf, 0xcb, 0x1c, 0x42, 0xa0, 0xc2, 0x97, 0x31, 0xda, 0xa6, 0x0c, 0x4a, 0x9b, 0xd8, 0x50,
0x0b, 0x18, 0xfa, 0x1c, 0xc7, 0xb6, 0xd5, 0x33, 0xfa, 0x96, 0xa7, 0x5d, 0xd2, 0x81, 0x2a, 0x7e,
0x8d, 0x43, 0xb6, 0xb4, 0x2b, 0xf2, 0x40, 0x79, 0xe2, 0x46, 0x92, 0x8e, 0x3e, 0x63, 0xc0, 0xed,
0x5d, 0x09, 0xa4, 0x5d, 0xc1, 0xca, 0xe8, 0x25, 0x26, 0x76, 0xb5, 0x67, 0x09, 0x56, 0xe9, 0x90,
0xa7, 0x50, 0x9f, 0x23, 0xf7, 0xc7, 0x3e, 0xf7, 0xed, 0x5a, 0xcf, 0xea, 0x37, 0x86, 0x8e, 0xbb,
0x52, 0xb7, 0x2b, 0x6b, 0x76, 0x2f, 0x54, 0xd2, 0x59, 0xc4, 0xd9, 0xd2, 0xcb, 0xef, 0x74, 0x1f,
0x41, 0x73, 0xe5, 0x88, 0xb4, 0xc1, 0x9a, 0xe1, 0x52, 0xb5, 0x26, 0x4c, 0x41, 0xbc, 0xf0, 0x2f,
0x53, 0xdd, 0x59, 0xe6, 0x3c, 0x34, 0x1f, 0x18, 0xce, 0x77, 0x03, 0x6a, 0xa7, 0x41, 0x40, 0xd3,
0x88, 0x93, 0x03, 0x30, 0xc3, 0xb1, 0xba, 0x66, 0x86, 0x63, 0x72, 0x0c, 0xd5, 0x04, 0x03, 0x86,
0x5c, 0x5e, 0x6b, 0x0c, 0x0f, 0x37, 0x95, 0xe5, 0xa9, 0x9c, 0xab, 0xe6, 0xac, 0x62, 0x73, 0xcf,
0x0a, 0xcd, 0x55, 0x64, 0x73, 0xb7, 0x4b, 0x28, 0x8a, 0xfd, 0xff, 0xb4, 0xf7, 0x16, 0xea, 0x1e,
0x26, 0x34, 0x65, 0x01, 0x8a, 0xe9, 0x46, 0xfe, 0x1c, 0xd5, 0x45, 0x69, 0x6f, 0x9c, 0x78, 0x17,
0xea, 0x18, 0x8d, 0x63, 0x1a, 0x46, 0x5c, 0x8e, 0x7c, 0xcf, 0xcb, 0x7d, 0xe7, 0x87, 0x01, 0xad,
0x73, 0x8c, 0x90, 0xf9, 0x1c, 0x3d, 0xfc, 0x92, 0x62, 0xb2, 0x2e, 0x5b, 0x2e, 0x84, 0x59, 0x14,
0xe2, 0x65, 0x41, 0x08, 0x4b, 0x0a, 0x71, 0x5c, 0x12, 0xa2, 0x84, 0xbb, 0x4d, 0x10, 0x72, 0x0b,
0x9a, 0x99, 0xe4, 0x1f, 0x57, 0xd6, 0x6f, 0x3f, 0x0b, 0x9e, 0xc9, 0xd8, 0xdf, 0xa9, 0xf6, 0x02,
0xda, 0x57, 0xc5, 0x24, 0x31, 0x8d, 0x12, 0x24, 0xf7, 0xa1, 0xe6, 0x67, 0x93, 0x92, 0x18, 0x8d,
0x61, 0x67, 0xf3, 0x1c, 0x3d, 0x9d, 0xe6, 0xbc, 0x87, 0xfd, 0x73, 0xe6, 0x47, 0x5c, 0xeb, 0x44,
0xa0, 0x22, 0xa4, 0xd0, 0xfa, 0x0b, 0x9b, 0x9c, 0x40, 0x9d, 0xa9, 0xf9, 0xa8, 0x25, 0xbb, 0x56,
0x82, 0xd5, 0xe3, 0xf3, 0xf2, 0x44, 0xa7, 0x05, 0x4d, 0x05, 0x9c, 0xd5, 0xe6, 0x7c, 0x80, 0xa6,
0x87, 0x0b, 0x3a, 0xc3, 0x7f, 0x4e, 0xd5, 0x86, 0x03, 0x8d, 0xac, 0xb8, 0xee, 0xc0, 0xc1, 0xab,
0x28, 0x89, 0x31, 0xc8, 0xfb, 0xda, 0xf8, 0x5f, 0xe2, 0x3c, 0x87, 0x56, 0x9e, 0xf7, 0xc7, 0x12,
0xbe, 0x11, 0xf4, 0x9f, 0x18, 0x26, 0x53, 0x4d, 0xd6, 0xc9, 0xdf, 0x64, 0xc6, 0xa6, 0x5f, 0xdf,
0x4d, 0xd8, 0x97, 0xbc, 0x7a, 0x27, 0x4c, 0xb9, 0x13, 0x0d, 0x19, 0xcb, 0x56, 0xc2, 0x79, 0x02,
0xad, 0x1c, 0x4c, 0x55, 0x74, 0xb7, 0x58, 0xfa, 0xb6, 0x07, 0x9e, 0xa5, 0x0c, 0x7f, 0x1a, 0x50,
0x39, 0x4d, 0xf9, 0x94, 0x5c, 0x40, 0x5d, 0x6f, 0x07, 0x39, 0xfa, 0xfd, 0x0e, 0x77, 0x6f, 0x6c,
0x3d, 0x57, 0x72, 0xee, 0x90, 0xd7, 0x50, 0x53, 0x42, 0x91, 0xeb, 0xa5, 0xec, 0x55, 0xa1, 0xbb,
0x47, 0xdb, 0x8e, 0x8b, 0x58, 0xaa, 0xc5, 0x35, 0xac, 0x55, 0x1d, 0xd7, 0xb0, 0x4a, 0xca, 0x38,
0x3b, 0xa3, 0xaa, 0xfc, 0x84, 0x9c, 0xfc, 0x0a, 0x00, 0x00, 0xff, 0xff, 0xe9, 0x1b, 0x69, 0xa7,
0x82, 0x06, 0x00, 0x00,
0x10, 0xae, 0xed, 0xfc, 0xb8, 0x93, 0xa6, 0xa9, 0x56, 0x55, 0xb1, 0x22, 0x28, 0xc1, 0x20, 0x54,
0xa1, 0xe2, 0xa0, 0xf4, 0x82, 0xf8, 0x13, 0x15, 0x54, 0xe5, 0x47, 0xe5, 0x60, 0x21, 0xc1, 0x0d,
0xb9, 0xce, 0xd0, 0x98, 0x34, 0x5e, 0xb3, 0x5e, 0x47, 0xe4, 0xc8, 0x0b, 0xf1, 0x66, 0xbc, 0x00,
0x27, 0xb4, 0xeb, 0x5d, 0xc7, 0x71, 0x12, 0x84, 0x50, 0xb9, 0x44, 0x33, 0xe3, 0x99, 0x6f, 0x66,
0xbe, 0xf9, 0xec, 0xc0, 0x93, 0x8b, 0x88, 0x8f, 0xb2, 0x73, 0x2f, 0xa4, 0x93, 0xfe, 0x24, 0x0a,
0x19, 0xed, 0x5f, 0xd0, 0xfb, 0xb9, 0x11, 0x64, 0x7c, 0xd4, 0x4f, 0x91, 0x4d, 0xa3, 0x10, 0xfb,
0x09, 0xa3, 0x5c, 0x85, 0xc4, 0x8f, 0x27, 0x7d, 0xd2, 0xbe, 0xa0, 0x9e, 0x4c, 0xf6, 0x44, 0xd0,
0xfd, 0x61, 0x42, 0xfd, 0x3d, 0x1d, 0x63, 0x4c, 0x76, 0xa1, 0xce, 0x85, 0xe1, 0x18, 0x3d, 0xe3,
0x60, 0xd3, 0xcf, 0x1d, 0x42, 0xa0, 0xc6, 0x67, 0x09, 0x3a, 0xa6, 0x0c, 0x4a, 0x9b, 0x38, 0xd0,
0x0c, 0x19, 0x06, 0x1c, 0x87, 0x8e, 0xd5, 0x33, 0x0e, 0x2c, 0x5f, 0xbb, 0x64, 0x0f, 0x1a, 0xf8,
0x2d, 0x89, 0xd8, 0xcc, 0xa9, 0xc9, 0x07, 0xca, 0x13, 0x15, 0x69, 0x76, 0xfe, 0x05, 0x43, 0xee,
0xd4, 0x25, 0x90, 0x76, 0x45, 0x57, 0x46, 0x2f, 0x31, 0x75, 0x1a, 0x3d, 0x4b, 0x74, 0x95, 0x0e,
0x79, 0x06, 0xf6, 0x04, 0x79, 0x30, 0x0c, 0x78, 0xe0, 0x34, 0x7b, 0xd6, 0x41, 0x6b, 0xe0, 0x7a,
0x0b, 0x73, 0x7b, 0x72, 0x66, 0xef, 0x4c, 0x25, 0x9d, 0xc4, 0x9c, 0xcd, 0xfc, 0xa2, 0x86, 0x5c,
0x87, 0xcd, 0x38, 0x98, 0x60, 0x9a, 0x04, 0x21, 0x3a, 0xb6, 0xec, 0x38, 0x0f, 0x74, 0x1f, 0x43,
0x7b, 0xa1, 0x90, 0xec, 0x80, 0x35, 0xc6, 0x99, 0x5a, 0x5c, 0x98, 0x62, 0xac, 0x69, 0x70, 0x99,
0xe9, 0xbd, 0x73, 0xe7, 0x91, 0xf9, 0xd0, 0x70, 0x7f, 0x19, 0xd0, 0x3c, 0x0e, 0x43, 0x9a, 0xc5,
0x9c, 0x6c, 0x83, 0x19, 0x0d, 0x55, 0x99, 0x19, 0x0d, 0xc9, 0x21, 0x34, 0x52, 0x0c, 0x19, 0x72,
0x59, 0xd6, 0x1a, 0xec, 0xae, 0x1a, 0xda, 0x57, 0x39, 0xf3, 0xd5, 0xad, 0xf2, 0xea, 0xcf, 0x4b,
0xab, 0xd7, 0xe4, 0xea, 0x77, 0x2a, 0x28, 0xaa, 0xfb, 0xdf, 0x2d, 0x5f, 0xbf, 0xd2, 0xe5, 0xdf,
0x81, 0xed, 0x63, 0x4a, 0x33, 0x16, 0xa2, 0x50, 0x86, 0x40, 0x55, 0x85, 0xd2, 0x5e, 0xa9, 0x96,
0x2e, 0xd8, 0x18, 0x0f, 0x13, 0x1a, 0xc5, 0x5c, 0xca, 0x65, 0xd3, 0x2f, 0x7c, 0xf7, 0xbb, 0x09,
0x9d, 0x53, 0x8c, 0x91, 0x05, 0x1c, 0x7d, 0xfc, 0x9a, 0x61, 0xba, 0x4c, 0x6a, 0x41, 0x93, 0x59,
0xa6, 0xe9, 0x55, 0x89, 0x26, 0x4b, 0xd2, 0x74, 0x58, 0xa1, 0xa9, 0x82, 0xbb, 0x96, 0xae, 0xdb,
0xd0, 0xce, 0x0f, 0xf2, 0x69, 0x41, 0xba, 0x5b, 0x79, 0xf0, 0x24, 0x17, 0xf0, 0x7f, 0xe4, 0xf4,
0x25, 0xec, 0xcc, 0x47, 0x4d, 0x13, 0x1a, 0xa7, 0x48, 0x1e, 0x40, 0x33, 0xc8, 0xaf, 0x2c, 0x31,
0x5a, 0x83, 0xbd, 0xd5, 0x1a, 0xf0, 0x75, 0x9a, 0xfb, 0x01, 0xb6, 0x4e, 0x59, 0x10, 0x73, 0xcd,
0x22, 0x81, 0x9a, 0x20, 0x4a, 0x5f, 0x47, 0xd8, 0xe4, 0x08, 0x6c, 0xa6, 0xae, 0xa7, 0x04, 0x7a,
0xad, 0x02, 0xab, 0x8f, 0xeb, 0x17, 0x89, 0x6e, 0x07, 0xda, 0x0a, 0x38, 0x9f, 0xcd, 0xfd, 0x08,
0x6d, 0x1f, 0xa7, 0x74, 0x8c, 0x57, 0xde, 0x6a, 0x07, 0xb6, 0x35, 0xb2, 0xea, 0x75, 0x17, 0xb6,
0x5f, 0xc7, 0x69, 0x82, 0x61, 0xb1, 0xd7, 0xca, 0xaf, 0x94, 0xfb, 0x02, 0x3a, 0x45, 0xde, 0x3f,
0x53, 0xf8, 0x56, 0xb4, 0xff, 0xcc, 0x30, 0x1d, 0xe9, 0x66, 0x7b, 0xc5, 0xfb, 0x9c, 0x77, 0xd3,
0x6f, 0xee, 0x2d, 0xd8, 0x92, 0x7d, 0xb5, 0x62, 0x4c, 0xa9, 0x98, 0x96, 0x8c, 0xe5, 0x82, 0x71,
0x9f, 0x42, 0xa7, 0x00, 0x53, 0x13, 0xdd, 0x2b, 0x8f, 0xbe, 0xee, 0xe3, 0x90, 0xa7, 0x0c, 0x7e,
0x1a, 0x50, 0x3b, 0xce, 0xf8, 0x88, 0x9c, 0x81, 0xad, 0xd5, 0x41, 0xf6, 0xff, 0xac, 0xf0, 0xee,
0xcd, 0xb5, 0xcf, 0x15, 0x9d, 0x1b, 0xe4, 0x0d, 0x34, 0x15, 0x51, 0xe4, 0x46, 0x25, 0x7b, 0x91,
0xe8, 0xee, 0xfe, 0xba, 0xc7, 0x65, 0x2c, 0xb5, 0xe2, 0x12, 0xd6, 0x22, 0x8f, 0x4b, 0x58, 0x15,
0x66, 0xdc, 0x8d, 0xf3, 0x86, 0xfc, 0x73, 0x3a, 0xfa, 0x1d, 0x00, 0x00, 0xff, 0xff, 0xb6, 0x18,
0xd0, 0x5a, 0xdc, 0x06, 0x00, 0x00,
}

View File

@ -16,6 +16,7 @@ message Token {
string subject = 5;
repeated string roles = 6;
map<string, string> metadata = 7;
string namespace = 8;
}
message Account {
@ -23,6 +24,7 @@ message Account {
Token secret = 2;
repeated string roles = 3;
map<string, string> metadata = 4;
string namespace = 5;
}
message Resource{
@ -36,6 +38,7 @@ message GenerateRequest {
repeated string roles = 2;
map<string, string> metadata = 3;
int64 secret_expiry = 4;
string namespace = 5;
}
message GenerateResponse {

View File

@ -85,6 +85,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
Id: id,
Roles: options.Roles,
Metadata: options.Metadata,
Namespace: options.Namespace,
SecretExpiry: int64(options.SecretExpiry.Seconds()),
})
if err != nil {
@ -275,9 +276,10 @@ func serializeAccount(a *authPb.Account) *auth.Account {
}
return &auth.Account{
ID: a.Id,
Roles: a.Roles,
Metadata: a.Metadata,
Secret: secret,
ID: a.Id,
Roles: a.Roles,
Metadata: a.Metadata,
Namespace: a.Namespace,
Secret: secret,
}
}

View File

@ -40,13 +40,14 @@ func (b *Basic) Generate(subject string, opts ...token.GenerateOption) (*auth.To
// construct the token
token := auth.Token{
Subject: subject,
Type: b.String(),
Token: uuid.New().String(),
Created: time.Now(),
Expiry: time.Now().Add(options.Expiry),
Metadata: options.Metadata,
Roles: options.Roles,
Subject: subject,
Type: b.String(),
Token: uuid.New().String(),
Created: time.Now(),
Expiry: time.Now().Add(options.Expiry),
Metadata: options.Metadata,
Roles: options.Roles,
Namespace: options.Namespace,
}
// marshal the account to bytes

View File

@ -11,8 +11,9 @@ import (
// authClaims to be encoded in the JWT
type authClaims struct {
Roles []string `json:"roles"`
Metadata map[string]string `json:"metadata"`
Roles []string `json:"roles"`
Metadata map[string]string `json:"metadata"`
Namespace string `json:"namespace"`
jwt.StandardClaims
}
@ -49,7 +50,7 @@ func (j *JWT) Generate(subject string, opts ...token.GenerateOption) (*auth.Toke
// generate the JWT
expiry := time.Now().Add(options.Expiry)
t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{
options.Roles, options.Metadata, jwt.StandardClaims{
options.Roles, options.Metadata, options.Namespace, jwt.StandardClaims{
Subject: subject,
ExpiresAt: expiry.Unix(),
},
@ -61,13 +62,14 @@ func (j *JWT) Generate(subject string, opts ...token.GenerateOption) (*auth.Toke
// return the token
return &auth.Token{
Subject: subject,
Token: tok,
Type: j.String(),
Created: time.Now(),
Expiry: expiry,
Roles: options.Roles,
Metadata: options.Metadata,
Subject: subject,
Token: tok,
Type: j.String(),
Created: time.Now(),
Expiry: expiry,
Roles: options.Roles,
Metadata: options.Metadata,
Namespace: options.Namespace,
}, nil
}
@ -98,10 +100,11 @@ func (j *JWT) Inspect(t string) (*auth.Token, error) {
// return the token
return &auth.Token{
Token: t,
Subject: claims.Subject,
Metadata: claims.Metadata,
Roles: claims.Roles,
Token: t,
Subject: claims.Subject,
Metadata: claims.Metadata,
Roles: claims.Roles,
Namespace: claims.Namespace,
}, nil
}

View File

@ -57,6 +57,8 @@ type GenerateOptions struct {
Metadata map[string]string
// Roles/scopes associated with the account
Roles []string
// Namespace the account belongs too
Namespace string
}
type GenerateOption func(o *GenerateOptions)
@ -82,6 +84,13 @@ func WithRoles(rs ...string) func(o *GenerateOptions) {
}
}
// WithNamespace for the token
func WithNamespace(n string) func(o *GenerateOptions) {
return func(o *GenerateOptions) {
o.Namespace = n
}
}
// NewGenerateOptions from a slice of options
func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
var options GenerateOptions