Refactor Auth Service Protos, Add Access Rules (#1411)

* Refactor auth/service into two protos

* Accounts Proto

* Store Prefixes

* Misc

* Tweak Protos

Co-authored-by: Ben Toogood <ben@micro.mu>
Co-authored-by: Asim Aslam <asim@aslam.me>
This commit is contained in:
ben-toogood 2020-03-26 13:12:43 +00:00 committed by GitHub
parent 7182ca1fd0
commit 844c456839
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 895 additions and 291 deletions

View File

@ -0,0 +1,117 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// source: github.com/micro/go-micro/auth/service/proto/accounts/accounts.proto
package go_micro_auth
import (
fmt "fmt"
proto "github.com/golang/protobuf/proto"
auth "github.com/micro/go-micro/v2/auth/service/proto/auth"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
type ListAccountsRequest struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ListAccountsRequest) Reset() { *m = ListAccountsRequest{} }
func (m *ListAccountsRequest) String() string { return proto.CompactTextString(m) }
func (*ListAccountsRequest) ProtoMessage() {}
func (*ListAccountsRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_25929ace37374fcc, []int{0}
}
func (m *ListAccountsRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ListAccountsRequest.Unmarshal(m, b)
}
func (m *ListAccountsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_ListAccountsRequest.Marshal(b, m, deterministic)
}
func (m *ListAccountsRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ListAccountsRequest.Merge(m, src)
}
func (m *ListAccountsRequest) XXX_Size() int {
return xxx_messageInfo_ListAccountsRequest.Size(m)
}
func (m *ListAccountsRequest) XXX_DiscardUnknown() {
xxx_messageInfo_ListAccountsRequest.DiscardUnknown(m)
}
var xxx_messageInfo_ListAccountsRequest proto.InternalMessageInfo
type ListAccountsResponse struct {
Accounts []*auth.Account `protobuf:"bytes,1,rep,name=accounts,proto3" json:"accounts,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ListAccountsResponse) Reset() { *m = ListAccountsResponse{} }
func (m *ListAccountsResponse) String() string { return proto.CompactTextString(m) }
func (*ListAccountsResponse) ProtoMessage() {}
func (*ListAccountsResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_25929ace37374fcc, []int{1}
}
func (m *ListAccountsResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ListAccountsResponse.Unmarshal(m, b)
}
func (m *ListAccountsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_ListAccountsResponse.Marshal(b, m, deterministic)
}
func (m *ListAccountsResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_ListAccountsResponse.Merge(m, src)
}
func (m *ListAccountsResponse) XXX_Size() int {
return xxx_messageInfo_ListAccountsResponse.Size(m)
}
func (m *ListAccountsResponse) XXX_DiscardUnknown() {
xxx_messageInfo_ListAccountsResponse.DiscardUnknown(m)
}
var xxx_messageInfo_ListAccountsResponse proto.InternalMessageInfo
func (m *ListAccountsResponse) GetAccounts() []*auth.Account {
if m != nil {
return m.Accounts
}
return nil
}
func init() {
proto.RegisterType((*ListAccountsRequest)(nil), "go.micro.auth.ListAccountsRequest")
proto.RegisterType((*ListAccountsResponse)(nil), "go.micro.auth.ListAccountsResponse")
}
func init() {
proto.RegisterFile("github.com/micro/go-micro/auth/service/proto/accounts/accounts.proto", fileDescriptor_25929ace37374fcc)
}
var fileDescriptor_25929ace37374fcc = []byte{
// 186 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x72, 0x49, 0xcf, 0x2c, 0xc9,
0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0xcf, 0xcd, 0x4c, 0x2e, 0xca, 0xd7, 0x4f, 0xcf, 0xd7,
0x85, 0x30, 0x12, 0x4b, 0x4b, 0x32, 0xf4, 0x8b, 0x53, 0x8b, 0xca, 0x32, 0x93, 0x53, 0xf5, 0x0b,
0x8a, 0xf2, 0x4b, 0xf2, 0xf5, 0x13, 0x93, 0x93, 0xf3, 0x4b, 0xf3, 0x4a, 0x8a, 0xe1, 0x0c, 0x3d,
0xb0, 0xb8, 0x10, 0x6f, 0x7a, 0xbe, 0x1e, 0x58, 0x93, 0x1e, 0x48, 0x93, 0x94, 0x0d, 0x69, 0x86,
0x82, 0x84, 0x40, 0x04, 0xc4, 0x30, 0x25, 0x51, 0x2e, 0x61, 0x9f, 0xcc, 0xe2, 0x12, 0x47, 0xa8,
0x15, 0x41, 0xa9, 0x85, 0xa5, 0xa9, 0xc5, 0x25, 0x4a, 0x5e, 0x5c, 0x22, 0xa8, 0xc2, 0xc5, 0x05,
0xf9, 0x79, 0xc5, 0xa9, 0x42, 0x46, 0x5c, 0x1c, 0x30, 0xd7, 0x48, 0x30, 0x2a, 0x30, 0x6b, 0x70,
0x1b, 0x89, 0xe9, 0xa1, 0x38, 0x47, 0x0f, 0xaa, 0x25, 0x08, 0xae, 0xce, 0x28, 0x96, 0x8b, 0x03,
0x66, 0x8e, 0x50, 0x20, 0x17, 0x0b, 0xc8, 0x5c, 0x21, 0x25, 0x34, 0x5d, 0x58, 0xdc, 0x20, 0xa5,
0x8c, 0x57, 0x0d, 0xc4, 0x41, 0x4a, 0x0c, 0x49, 0x6c, 0x60, 0x8f, 0x18, 0x03, 0x02, 0x00, 0x00,
0xff, 0xff, 0x23, 0x27, 0x81, 0xfe, 0x5d, 0x01, 0x00, 0x00,
}

View File

@ -0,0 +1,86 @@
// Code generated by protoc-gen-micro. DO NOT EDIT.
// source: github.com/micro/go-micro/auth/service/proto/accounts/accounts.proto
package go_micro_auth
import (
fmt "fmt"
proto "github.com/golang/protobuf/proto"
_ "github.com/micro/go-micro/v2/auth/service/proto/auth"
math "math"
)
import (
context "context"
client "github.com/micro/go-micro/v2/client"
server "github.com/micro/go-micro/v2/server"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ client.Option
var _ server.Option
// Client API for Accounts service
type AccountsService interface {
List(ctx context.Context, in *ListAccountsRequest, opts ...client.CallOption) (*ListAccountsResponse, error)
}
type accountsService struct {
c client.Client
name string
}
func NewAccountsService(name string, c client.Client) AccountsService {
return &accountsService{
c: c,
name: name,
}
}
func (c *accountsService) List(ctx context.Context, in *ListAccountsRequest, opts ...client.CallOption) (*ListAccountsResponse, error) {
req := c.c.NewRequest(c.name, "Accounts.List", in)
out := new(ListAccountsResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// Server API for Accounts service
type AccountsHandler interface {
List(context.Context, *ListAccountsRequest, *ListAccountsResponse) error
}
func RegisterAccountsHandler(s server.Server, hdlr AccountsHandler, opts ...server.HandlerOption) error {
type accounts interface {
List(ctx context.Context, in *ListAccountsRequest, out *ListAccountsResponse) error
}
type Accounts struct {
accounts
}
h := &accountsHandler{hdlr}
return s.Handle(s.NewHandler(&Accounts{h}, opts...))
}
type accountsHandler struct {
AccountsHandler
}
func (h *accountsHandler) List(ctx context.Context, in *ListAccountsRequest, out *ListAccountsResponse) error {
return h.AccountsHandler.List(ctx, in, out)
}

View File

@ -0,0 +1,16 @@
syntax = "proto3";
package go.micro.auth;
import "github.com/micro/go-micro/auth/service/proto/auth/auth.proto";
service Accounts {
rpc List(ListAccountsRequest) returns (ListAccountsResponse) {};
}
message ListAccountsRequest {
}
message ListAccountsResponse {
repeated Account accounts = 1;
}

View File

@ -1,5 +1,5 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// source: auth/service/proto/auth.proto
// source: github.com/micro/go-micro/auth/service/proto/auth/auth.proto
package go_micro_auth
@ -20,61 +20,6 @@ var _ = math.Inf
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
type Rule struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
Resource *Resource `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Rule) Reset() { *m = Rule{} }
func (m *Rule) String() string { return proto.CompactTextString(m) }
func (*Rule) ProtoMessage() {}
func (*Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{0}
}
func (m *Rule) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Rule.Unmarshal(m, b)
}
func (m *Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_Rule.Marshal(b, m, deterministic)
}
func (m *Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_Rule.Merge(m, src)
}
func (m *Rule) XXX_Size() int {
return xxx_messageInfo_Rule.Size(m)
}
func (m *Rule) XXX_DiscardUnknown() {
xxx_messageInfo_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_Rule proto.InternalMessageInfo
func (m *Rule) GetId() string {
if m != nil {
return m.Id
}
return ""
}
func (m *Rule) GetRole() string {
if m != nil {
return m.Role
}
return ""
}
func (m *Rule) GetResource() *Resource {
if m != nil {
return m.Resource
}
return nil
}
type Token struct {
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
@ -92,7 +37,7 @@ func (m *Token) Reset() { *m = Token{} }
func (m *Token) String() string { return proto.CompactTextString(m) }
func (*Token) ProtoMessage() {}
func (*Token) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{1}
return fileDescriptor_b246cecfa8195ff3, []int{0}
}
func (m *Token) XXX_Unmarshal(b []byte) error {
@ -176,7 +121,7 @@ func (m *Account) Reset() { *m = Account{} }
func (m *Account) String() string { return proto.CompactTextString(m) }
func (*Account) ProtoMessage() {}
func (*Account) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{2}
return fileDescriptor_b246cecfa8195ff3, []int{1}
}
func (m *Account) XXX_Unmarshal(b []byte) error {
@ -238,7 +183,7 @@ func (m *Resource) Reset() { *m = Resource{} }
func (m *Resource) String() string { return proto.CompactTextString(m) }
func (*Resource) ProtoMessage() {}
func (*Resource) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{3}
return fileDescriptor_b246cecfa8195ff3, []int{2}
}
func (m *Resource) XXX_Unmarshal(b []byte) error {
@ -294,7 +239,7 @@ func (m *GenerateRequest) Reset() { *m = GenerateRequest{} }
func (m *GenerateRequest) String() string { return proto.CompactTextString(m) }
func (*GenerateRequest) ProtoMessage() {}
func (*GenerateRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{4}
return fileDescriptor_b246cecfa8195ff3, []int{3}
}
func (m *GenerateRequest) XXX_Unmarshal(b []byte) error {
@ -354,7 +299,7 @@ func (m *GenerateResponse) Reset() { *m = GenerateResponse{} }
func (m *GenerateResponse) String() string { return proto.CompactTextString(m) }
func (*GenerateResponse) ProtoMessage() {}
func (*GenerateResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{5}
return fileDescriptor_b246cecfa8195ff3, []int{4}
}
func (m *GenerateResponse) XXX_Unmarshal(b []byte) error {
@ -394,7 +339,7 @@ func (m *GrantRequest) Reset() { *m = GrantRequest{} }
func (m *GrantRequest) String() string { return proto.CompactTextString(m) }
func (*GrantRequest) ProtoMessage() {}
func (*GrantRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{6}
return fileDescriptor_b246cecfa8195ff3, []int{5}
}
func (m *GrantRequest) XXX_Unmarshal(b []byte) error {
@ -439,7 +384,7 @@ func (m *GrantResponse) Reset() { *m = GrantResponse{} }
func (m *GrantResponse) String() string { return proto.CompactTextString(m) }
func (*GrantResponse) ProtoMessage() {}
func (*GrantResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{7}
return fileDescriptor_b246cecfa8195ff3, []int{6}
}
func (m *GrantResponse) XXX_Unmarshal(b []byte) error {
@ -472,7 +417,7 @@ func (m *RevokeRequest) Reset() { *m = RevokeRequest{} }
func (m *RevokeRequest) String() string { return proto.CompactTextString(m) }
func (*RevokeRequest) ProtoMessage() {}
func (*RevokeRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{8}
return fileDescriptor_b246cecfa8195ff3, []int{7}
}
func (m *RevokeRequest) XXX_Unmarshal(b []byte) error {
@ -517,7 +462,7 @@ func (m *RevokeResponse) Reset() { *m = RevokeResponse{} }
func (m *RevokeResponse) String() string { return proto.CompactTextString(m) }
func (*RevokeResponse) ProtoMessage() {}
func (*RevokeResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{9}
return fileDescriptor_b246cecfa8195ff3, []int{8}
}
func (m *RevokeResponse) XXX_Unmarshal(b []byte) error {
@ -549,7 +494,7 @@ func (m *InspectRequest) Reset() { *m = InspectRequest{} }
func (m *InspectRequest) String() string { return proto.CompactTextString(m) }
func (*InspectRequest) ProtoMessage() {}
func (*InspectRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{10}
return fileDescriptor_b246cecfa8195ff3, []int{9}
}
func (m *InspectRequest) XXX_Unmarshal(b []byte) error {
@ -588,7 +533,7 @@ func (m *InspectResponse) Reset() { *m = InspectResponse{} }
func (m *InspectResponse) String() string { return proto.CompactTextString(m) }
func (*InspectResponse) ProtoMessage() {}
func (*InspectResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{11}
return fileDescriptor_b246cecfa8195ff3, []int{10}
}
func (m *InspectResponse) XXX_Unmarshal(b []byte) error {
@ -628,7 +573,7 @@ func (m *RefreshRequest) Reset() { *m = RefreshRequest{} }
func (m *RefreshRequest) String() string { return proto.CompactTextString(m) }
func (*RefreshRequest) ProtoMessage() {}
func (*RefreshRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{12}
return fileDescriptor_b246cecfa8195ff3, []int{11}
}
func (m *RefreshRequest) XXX_Unmarshal(b []byte) error {
@ -674,7 +619,7 @@ func (m *RefreshResponse) Reset() { *m = RefreshResponse{} }
func (m *RefreshResponse) String() string { return proto.CompactTextString(m) }
func (*RefreshResponse) ProtoMessage() {}
func (*RefreshResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{13}
return fileDescriptor_b246cecfa8195ff3, []int{12}
}
func (m *RefreshResponse) XXX_Unmarshal(b []byte) error {
@ -702,78 +647,7 @@ func (m *RefreshResponse) GetToken() *Token {
return nil
}
type ListRulesRequest struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ListRulesRequest) Reset() { *m = ListRulesRequest{} }
func (m *ListRulesRequest) String() string { return proto.CompactTextString(m) }
func (*ListRulesRequest) ProtoMessage() {}
func (*ListRulesRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{14}
}
func (m *ListRulesRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ListRulesRequest.Unmarshal(m, b)
}
func (m *ListRulesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_ListRulesRequest.Marshal(b, m, deterministic)
}
func (m *ListRulesRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ListRulesRequest.Merge(m, src)
}
func (m *ListRulesRequest) XXX_Size() int {
return xxx_messageInfo_ListRulesRequest.Size(m)
}
func (m *ListRulesRequest) XXX_DiscardUnknown() {
xxx_messageInfo_ListRulesRequest.DiscardUnknown(m)
}
var xxx_messageInfo_ListRulesRequest proto.InternalMessageInfo
type ListRulesResponse struct {
Rules []*Rule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ListRulesResponse) Reset() { *m = ListRulesResponse{} }
func (m *ListRulesResponse) String() string { return proto.CompactTextString(m) }
func (*ListRulesResponse) ProtoMessage() {}
func (*ListRulesResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{15}
}
func (m *ListRulesResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ListRulesResponse.Unmarshal(m, b)
}
func (m *ListRulesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_ListRulesResponse.Marshal(b, m, deterministic)
}
func (m *ListRulesResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_ListRulesResponse.Merge(m, src)
}
func (m *ListRulesResponse) XXX_Size() int {
return xxx_messageInfo_ListRulesResponse.Size(m)
}
func (m *ListRulesResponse) XXX_DiscardUnknown() {
xxx_messageInfo_ListRulesResponse.DiscardUnknown(m)
}
var xxx_messageInfo_ListRulesResponse proto.InternalMessageInfo
func (m *ListRulesResponse) GetRules() []*Rule {
if m != nil {
return m.Rules
}
return nil
}
func init() {
proto.RegisterType((*Rule)(nil), "go.micro.auth.Rule")
proto.RegisterType((*Token)(nil), "go.micro.auth.Token")
proto.RegisterMapType((map[string]string)(nil), "go.micro.auth.Token.MetadataEntry")
proto.RegisterType((*Account)(nil), "go.micro.auth.Account")
@ -790,56 +664,51 @@ func init() {
proto.RegisterType((*InspectResponse)(nil), "go.micro.auth.InspectResponse")
proto.RegisterType((*RefreshRequest)(nil), "go.micro.auth.RefreshRequest")
proto.RegisterType((*RefreshResponse)(nil), "go.micro.auth.RefreshResponse")
proto.RegisterType((*ListRulesRequest)(nil), "go.micro.auth.ListRulesRequest")
proto.RegisterType((*ListRulesResponse)(nil), "go.micro.auth.ListRulesResponse")
}
func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
var fileDescriptor_21300bfacc51fc2a = []byte{
// 696 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xdb, 0x6e, 0xd3, 0x40,
0x10, 0xad, 0xed, 0xdc, 0x3a, 0x69, 0x9a, 0xb0, 0x54, 0xc5, 0x32, 0x6d, 0x09, 0x06, 0xa1, 0x82,
0xaa, 0x14, 0xa5, 0x2f, 0x08, 0x44, 0x45, 0x45, 0xab, 0x72, 0x2b, 0x42, 0x16, 0x12, 0xbc, 0x55,
0xae, 0x33, 0x50, 0xd3, 0xd4, 0x36, 0xeb, 0x75, 0x45, 0xfe, 0x82, 0x2f, 0xe3, 0x0b, 0x78, 0xe3,
0x47, 0xd0, 0xae, 0x77, 0xb7, 0x8e, 0x13, 0x23, 0xc4, 0xe5, 0x6d, 0x77, 0x76, 0x7c, 0xce, 0xcc,
0x99, 0x33, 0x09, 0xac, 0xfb, 0x19, 0x3b, 0xdd, 0x4e, 0x91, 0x5e, 0x84, 0x01, 0x6e, 0x27, 0x34,
0x66, 0xf1, 0x36, 0x0f, 0x0d, 0xc4, 0x91, 0x74, 0x3e, 0xc6, 0x83, 0xf3, 0x30, 0xa0, 0xf1, 0x80,
0x07, 0xdd, 0x63, 0xa8, 0x79, 0xd9, 0x18, 0xc9, 0x32, 0x98, 0xe1, 0xc8, 0x36, 0xfa, 0xc6, 0xe6,
0xa2, 0x67, 0x86, 0x23, 0x42, 0xa0, 0x46, 0xe3, 0x31, 0xda, 0xa6, 0x88, 0x88, 0x33, 0xd9, 0x81,
0x16, 0xc5, 0x34, 0xce, 0x68, 0x80, 0xb6, 0xd5, 0x37, 0x36, 0xdb, 0xc3, 0x6b, 0x83, 0x29, 0xb4,
0x81, 0x27, 0x9f, 0x3d, 0x9d, 0xe8, 0x7e, 0x35, 0xa1, 0xfe, 0x36, 0x3e, 0xc3, 0x88, 0xac, 0x40,
0x9d, 0xf1, 0x83, 0x64, 0xc9, 0x2f, 0x9c, 0x88, 0x4d, 0x12, 0x4d, 0xc4, 0xcf, 0xc4, 0x86, 0x66,
0x40, 0xd1, 0x67, 0x38, 0x12, 0x3c, 0x96, 0xa7, 0xae, 0x64, 0x15, 0x1a, 0xf8, 0x25, 0x09, 0xe9,
0xc4, 0xae, 0x89, 0x07, 0x79, 0xe3, 0x5f, 0xa4, 0xd9, 0xc9, 0x27, 0x0c, 0x98, 0x5d, 0x17, 0x40,
0xea, 0xca, 0x59, 0x79, 0xf1, 0xa9, 0xdd, 0xe8, 0x5b, 0x9c, 0x55, 0x5c, 0xc8, 0x2e, 0xb4, 0xce,
0x91, 0xf9, 0x23, 0x9f, 0xf9, 0x76, 0xb3, 0x6f, 0x6d, 0xb6, 0x87, 0x6e, 0xa9, 0x15, 0x51, 0xf3,
0xe0, 0x48, 0x26, 0x1d, 0x44, 0x8c, 0x4e, 0x3c, 0xfd, 0x8d, 0xf3, 0x08, 0x3a, 0x53, 0x4f, 0xa4,
0x07, 0xd6, 0x19, 0x4e, 0x64, 0x6b, 0xfc, 0xc8, 0x89, 0x2f, 0xfc, 0x71, 0xa6, 0x3a, 0xcb, 0x2f,
0x0f, 0xcd, 0x07, 0x86, 0xfb, 0xdd, 0x80, 0xe6, 0x5e, 0x10, 0xc4, 0x59, 0xc4, 0x66, 0x74, 0xdf,
0x82, 0x46, 0x8a, 0x01, 0x45, 0x26, 0x3e, 0x6b, 0x0f, 0x57, 0xe6, 0x95, 0xe5, 0xc9, 0x9c, 0xcb,
0xe6, 0xac, 0x62, 0x73, 0x4f, 0x0a, 0xcd, 0xd5, 0x44, 0x73, 0xb7, 0x4b, 0x28, 0x92, 0xfd, 0xff,
0xb4, 0xf7, 0x1a, 0x5a, 0xca, 0x07, 0x7c, 0xba, 0x91, 0x7f, 0x8e, 0xf2, 0x43, 0x71, 0x9e, 0x3b,
0x71, 0x07, 0x5a, 0x18, 0x8d, 0x92, 0x38, 0x8c, 0x98, 0x18, 0xf9, 0xa2, 0xa7, 0xef, 0xee, 0x0f,
0x03, 0xba, 0x87, 0x18, 0x21, 0xf5, 0x19, 0x7a, 0xf8, 0x39, 0xc3, 0x74, 0x56, 0x36, 0x2d, 0x84,
0x59, 0x14, 0xe2, 0x59, 0x41, 0x08, 0x4b, 0x08, 0xb1, 0x55, 0x12, 0xa2, 0x84, 0x5b, 0x25, 0x08,
0xb9, 0x05, 0x9d, 0x5c, 0xf2, 0xe3, 0x29, 0xfb, 0x2d, 0xe5, 0xc1, 0x03, 0x11, 0xfb, 0x3b, 0xd5,
0xf6, 0xa1, 0x77, 0x59, 0x4c, 0x9a, 0xc4, 0x51, 0x8a, 0xe4, 0x3e, 0x34, 0xfd, 0x7c, 0x52, 0x02,
0xa3, 0x3d, 0x5c, 0x9d, 0x3f, 0x47, 0x4f, 0xa5, 0xb9, 0xef, 0x60, 0xe9, 0x90, 0xfa, 0x11, 0x53,
0x3a, 0xa9, 0x35, 0x36, 0x2a, 0xd6, 0xd8, 0xfc, 0xdd, 0x35, 0xee, 0x42, 0x47, 0x02, 0xe7, 0xb5,
0xb9, 0xef, 0xa1, 0xe3, 0xe1, 0x45, 0x7c, 0x86, 0xff, 0x9c, 0xaa, 0x07, 0xcb, 0x0a, 0x59, 0x72,
0xdd, 0x81, 0xe5, 0xe7, 0x51, 0x9a, 0x60, 0xa0, 0xfb, 0x9a, 0xfb, 0x5b, 0xe2, 0x3e, 0x85, 0xae,
0xce, 0xfb, 0x63, 0x09, 0x5f, 0x72, 0xfa, 0x0f, 0x14, 0xd3, 0x53, 0x45, 0xb6, 0xaa, 0x77, 0x32,
0x67, 0x53, 0xdb, 0x77, 0x13, 0x96, 0x04, 0xaf, 0xf2, 0x84, 0x29, 0x3c, 0xd1, 0x16, 0xb1, 0xdc,
0x12, 0xee, 0x63, 0xe8, 0x6a, 0x30, 0x59, 0xd1, 0xbd, 0x62, 0xe9, 0x55, 0x0b, 0x2e, 0x1b, 0x22,
0xd0, 0x7b, 0x15, 0xa6, 0x8c, 0xff, 0x42, 0xa7, 0xb2, 0x1a, 0x77, 0x17, 0xae, 0x14, 0x62, 0x12,
0xf4, 0x2e, 0xd4, 0x29, 0x0f, 0xd8, 0x86, 0xb0, 0xf9, 0xd5, 0xb2, 0xca, 0xd9, 0x18, 0xbd, 0x3c,
0x63, 0xf8, 0xcd, 0x82, 0xda, 0x5e, 0xc6, 0x4e, 0xc9, 0x11, 0xb4, 0x94, 0xe3, 0xc8, 0xc6, 0xaf,
0xf7, 0xc2, 0xb9, 0x51, 0xf9, 0x2e, 0x47, 0xb4, 0x40, 0xf6, 0xa1, 0x2e, 0x1c, 0x42, 0xae, 0x97,
0x73, 0x0b, 0x86, 0x74, 0xd6, 0xe6, 0x3f, 0x6a, 0x94, 0x43, 0x68, 0xe4, 0xc3, 0x27, 0x6b, 0x33,
0x4e, 0x29, 0xb8, 0xcd, 0x59, 0xaf, 0x78, 0xd5, 0x40, 0x2f, 0xa0, 0x29, 0xbd, 0x40, 0xca, 0xb9,
0xd3, 0x5e, 0x72, 0x36, 0xaa, 0x9e, 0x8b, 0x58, 0x72, 0x8a, 0x64, 0x96, 0xb7, 0x68, 0x95, 0x19,
0xac, 0xd2, 0xf0, 0xdd, 0x05, 0xf2, 0x06, 0x16, 0xf5, 0xf8, 0x48, 0x59, 0xd6, 0xf2, 0xb0, 0x9d,
0x7e, 0x75, 0x82, 0x42, 0x3c, 0x69, 0x88, 0x3f, 0xf6, 0x9d, 0x9f, 0x01, 0x00, 0x00, 0xff, 0xff,
0x91, 0x77, 0xf2, 0xa6, 0xf9, 0x07, 0x00, 0x00,
func init() {
proto.RegisterFile("github.com/micro/go-micro/auth/service/proto/auth/auth.proto", fileDescriptor_b246cecfa8195ff3)
}
var fileDescriptor_b246cecfa8195ff3 = []byte{
// 612 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xcd, 0x6e, 0xd3, 0x40,
0x10, 0xae, 0xed, 0x34, 0x49, 0x27, 0x4d, 0x13, 0xad, 0xaa, 0x60, 0x45, 0xa2, 0x04, 0x83, 0x50,
0x84, 0x8a, 0x83, 0xd2, 0x0b, 0xe2, 0x4f, 0x54, 0x50, 0x95, 0x1f, 0x95, 0x83, 0x85, 0x04, 0x37,
0xe4, 0x38, 0x43, 0x62, 0xd2, 0x78, 0xcd, 0x7a, 0x1d, 0x91, 0xb7, 0xe0, 0x01, 0xb9, 0x71, 0xe6,
0x1d, 0xd0, 0xae, 0x77, 0x5d, 0xc7, 0x49, 0x38, 0xf0, 0x73, 0x89, 0x66, 0x66, 0x67, 0xbf, 0x6f,
0xe6, 0x9b, 0xd9, 0x18, 0x1e, 0x4f, 0x42, 0x3e, 0x4d, 0x47, 0x6e, 0x40, 0xe7, 0x83, 0x79, 0x18,
0x30, 0x3a, 0x98, 0xd0, 0x7b, 0x99, 0xe1, 0xa7, 0x7c, 0x3a, 0x48, 0x90, 0x2d, 0xc2, 0x00, 0x07,
0x31, 0xa3, 0x5c, 0x85, 0xc4, 0x8f, 0x2b, 0x7d, 0xd2, 0x9c, 0x50, 0x57, 0x26, 0xbb, 0x22, 0xe8,
0x7c, 0x33, 0x61, 0xf7, 0x1d, 0x9d, 0x61, 0x44, 0x0e, 0x61, 0x97, 0x0b, 0xc3, 0x36, 0x7a, 0x46,
0x7f, 0xcf, 0xcb, 0x1c, 0x42, 0xa0, 0xc2, 0x97, 0x31, 0xda, 0xa6, 0x0c, 0x4a, 0x9b, 0xd8, 0x50,
0x0b, 0x18, 0xfa, 0x1c, 0xc7, 0xb6, 0xd5, 0x33, 0xfa, 0x96, 0xa7, 0x5d, 0xd2, 0x81, 0x2a, 0x7e,
0x8d, 0x43, 0xb6, 0xb4, 0x2b, 0xf2, 0x40, 0x79, 0xe2, 0x46, 0x92, 0x8e, 0x3e, 0x63, 0xc0, 0xed,
0x5d, 0x09, 0xa4, 0x5d, 0xc1, 0xca, 0xe8, 0x25, 0x26, 0x76, 0xb5, 0x67, 0x09, 0x56, 0xe9, 0x90,
0xa7, 0x50, 0x9f, 0x23, 0xf7, 0xc7, 0x3e, 0xf7, 0xed, 0x5a, 0xcf, 0xea, 0x37, 0x86, 0x8e, 0xbb,
0x52, 0xb7, 0x2b, 0x6b, 0x76, 0x2f, 0x54, 0xd2, 0x59, 0xc4, 0xd9, 0xd2, 0xcb, 0xef, 0x74, 0x1f,
0x41, 0x73, 0xe5, 0x88, 0xb4, 0xc1, 0x9a, 0xe1, 0x52, 0xb5, 0x26, 0x4c, 0x41, 0xbc, 0xf0, 0x2f,
0x53, 0xdd, 0x59, 0xe6, 0x3c, 0x34, 0x1f, 0x18, 0xce, 0x77, 0x03, 0x6a, 0xa7, 0x41, 0x40, 0xd3,
0x88, 0x93, 0x03, 0x30, 0xc3, 0xb1, 0xba, 0x66, 0x86, 0x63, 0x72, 0x0c, 0xd5, 0x04, 0x03, 0x86,
0x5c, 0x5e, 0x6b, 0x0c, 0x0f, 0x37, 0x95, 0xe5, 0xa9, 0x9c, 0xab, 0xe6, 0xac, 0x62, 0x73, 0xcf,
0x0a, 0xcd, 0x55, 0x64, 0x73, 0xb7, 0x4b, 0x28, 0x8a, 0xfd, 0xff, 0xb4, 0xf7, 0x16, 0xea, 0x1e,
0x26, 0x34, 0x65, 0x01, 0x8a, 0xe9, 0x46, 0xfe, 0x1c, 0xd5, 0x45, 0x69, 0x6f, 0x9c, 0x78, 0x17,
0xea, 0x18, 0x8d, 0x63, 0x1a, 0x46, 0x5c, 0x8e, 0x7c, 0xcf, 0xcb, 0x7d, 0xe7, 0x87, 0x01, 0xad,
0x73, 0x8c, 0x90, 0xf9, 0x1c, 0x3d, 0xfc, 0x92, 0x62, 0xb2, 0x2e, 0x5b, 0x2e, 0x84, 0x59, 0x14,
0xe2, 0x65, 0x41, 0x08, 0x4b, 0x0a, 0x71, 0x5c, 0x12, 0xa2, 0x84, 0xbb, 0x4d, 0x10, 0x72, 0x0b,
0x9a, 0x99, 0xe4, 0x1f, 0x57, 0xd6, 0x6f, 0x3f, 0x0b, 0x9e, 0xc9, 0xd8, 0xdf, 0xa9, 0xf6, 0x02,
0xda, 0x57, 0xc5, 0x24, 0x31, 0x8d, 0x12, 0x24, 0xf7, 0xa1, 0xe6, 0x67, 0x93, 0x92, 0x18, 0x8d,
0x61, 0x67, 0xf3, 0x1c, 0x3d, 0x9d, 0xe6, 0xbc, 0x87, 0xfd, 0x73, 0xe6, 0x47, 0x5c, 0xeb, 0x44,
0xa0, 0x22, 0xa4, 0xd0, 0xfa, 0x0b, 0x9b, 0x9c, 0x40, 0x9d, 0xa9, 0xf9, 0xa8, 0x25, 0xbb, 0x56,
0x82, 0xd5, 0xe3, 0xf3, 0xf2, 0x44, 0xa7, 0x05, 0x4d, 0x05, 0x9c, 0xd5, 0xe6, 0x7c, 0x80, 0xa6,
0x87, 0x0b, 0x3a, 0xc3, 0x7f, 0x4e, 0xd5, 0x86, 0x03, 0x8d, 0xac, 0xb8, 0xee, 0xc0, 0xc1, 0xab,
0x28, 0x89, 0x31, 0xc8, 0xfb, 0xda, 0xf8, 0x5f, 0xe2, 0x3c, 0x87, 0x56, 0x9e, 0xf7, 0xc7, 0x12,
0xbe, 0x11, 0xf4, 0x9f, 0x18, 0x26, 0x53, 0x4d, 0xd6, 0xc9, 0xdf, 0x64, 0xc6, 0xa6, 0x5f, 0xdf,
0x4d, 0xd8, 0x97, 0xbc, 0x7a, 0x27, 0x4c, 0xb9, 0x13, 0x0d, 0x19, 0xcb, 0x56, 0xc2, 0x79, 0x02,
0xad, 0x1c, 0x4c, 0x55, 0x74, 0xb7, 0x58, 0xfa, 0xb6, 0x07, 0x9e, 0xa5, 0x0c, 0x7f, 0x1a, 0x50,
0x39, 0x4d, 0xf9, 0x94, 0x5c, 0x40, 0x5d, 0x6f, 0x07, 0x39, 0xfa, 0xfd, 0x0e, 0x77, 0x6f, 0x6c,
0x3d, 0x57, 0x72, 0xee, 0x90, 0xd7, 0x50, 0x53, 0x42, 0x91, 0xeb, 0xa5, 0xec, 0x55, 0xa1, 0xbb,
0x47, 0xdb, 0x8e, 0x8b, 0x58, 0xaa, 0xc5, 0x35, 0xac, 0x55, 0x1d, 0xd7, 0xb0, 0x4a, 0xca, 0x38,
0x3b, 0xa3, 0xaa, 0xfc, 0x84, 0x9c, 0xfc, 0x0a, 0x00, 0x00, 0xff, 0xff, 0xe9, 0x1b, 0x69, 0xa7,
0x82, 0x06, 0x00, 0x00,
}

View File

@ -1,5 +1,5 @@
// Code generated by protoc-gen-micro. DO NOT EDIT.
// source: auth/service/proto/auth.proto
// source: github.com/micro/go-micro/auth/service/proto/auth/auth.proto
package go_micro_auth
@ -35,11 +35,8 @@ var _ server.Option
type AuthService interface {
Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
Grant(ctx context.Context, in *GrantRequest, opts ...client.CallOption) (*GrantResponse, error)
Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error)
Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error)
Refresh(ctx context.Context, in *RefreshRequest, opts ...client.CallOption) (*RefreshResponse, error)
ListRules(ctx context.Context, in *ListRulesRequest, opts ...client.CallOption) (*ListRulesResponse, error)
}
type authService struct {
@ -64,26 +61,6 @@ func (c *authService) Generate(ctx context.Context, in *GenerateRequest, opts ..
return out, nil
}
func (c *authService) Grant(ctx context.Context, in *GrantRequest, opts ...client.CallOption) (*GrantResponse, error) {
req := c.c.NewRequest(c.name, "Auth.Grant", in)
out := new(GrantResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *authService) Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error) {
req := c.c.NewRequest(c.name, "Auth.Revoke", in)
out := new(RevokeResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *authService) Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error) {
req := c.c.NewRequest(c.name, "Auth.Inspect", in)
out := new(InspectResponse)
@ -104,35 +81,19 @@ func (c *authService) Refresh(ctx context.Context, in *RefreshRequest, opts ...c
return out, nil
}
func (c *authService) ListRules(ctx context.Context, in *ListRulesRequest, opts ...client.CallOption) (*ListRulesResponse, error) {
req := c.c.NewRequest(c.name, "Auth.ListRules", in)
out := new(ListRulesResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// Server API for Auth service
type AuthHandler interface {
Generate(context.Context, *GenerateRequest, *GenerateResponse) error
Grant(context.Context, *GrantRequest, *GrantResponse) error
Revoke(context.Context, *RevokeRequest, *RevokeResponse) error
Inspect(context.Context, *InspectRequest, *InspectResponse) error
Refresh(context.Context, *RefreshRequest, *RefreshResponse) error
ListRules(context.Context, *ListRulesRequest, *ListRulesResponse) error
}
func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error {
type auth interface {
Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
Grant(ctx context.Context, in *GrantRequest, out *GrantResponse) error
Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error
Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error
Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error
ListRules(ctx context.Context, in *ListRulesRequest, out *ListRulesResponse) error
}
type Auth struct {
auth
@ -149,14 +110,6 @@ func (h *authHandler) Generate(ctx context.Context, in *GenerateRequest, out *Ge
return h.AuthHandler.Generate(ctx, in, out)
}
func (h *authHandler) Grant(ctx context.Context, in *GrantRequest, out *GrantResponse) error {
return h.AuthHandler.Grant(ctx, in, out)
}
func (h *authHandler) Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error {
return h.AuthHandler.Revoke(ctx, in, out)
}
func (h *authHandler) Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error {
return h.AuthHandler.Inspect(ctx, in, out)
}
@ -164,7 +117,3 @@ func (h *authHandler) Inspect(ctx context.Context, in *InspectRequest, out *Insp
func (h *authHandler) Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error {
return h.AuthHandler.Refresh(ctx, in, out)
}
func (h *authHandler) ListRules(ctx context.Context, in *ListRulesRequest, out *ListRulesResponse) error {
return h.AuthHandler.ListRules(ctx, in, out)
}

View File

@ -4,17 +4,8 @@ package go.micro.auth;
service Auth {
rpc Generate(GenerateRequest) returns (GenerateResponse) {};
rpc Grant(GrantRequest) returns (GrantResponse) {};
rpc Revoke(RevokeRequest) returns (RevokeResponse) {};
rpc Inspect(InspectRequest) returns (InspectResponse) {};
rpc Refresh(RefreshRequest) returns (RefreshResponse) {};
rpc ListRules(ListRulesRequest) returns (ListRulesResponse) {};
}
message Rule {
string id = 1;
string role = 2;
Resource resource = 3;
}
message Token {
@ -81,10 +72,3 @@ message RefreshRequest {
message RefreshResponse {
Token token = 1;
}
message ListRulesRequest {
}
message ListRulesResponse {
repeated Rule rules = 1;
}

View File

@ -0,0 +1,398 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// source: github.com/micro/go-micro/auth/service/proto/rules/rules.proto
package go_micro_auth
import (
fmt "fmt"
proto "github.com/golang/protobuf/proto"
auth "github.com/micro/go-micro/v2/auth/service/proto/auth"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
type Access int32
const (
Access_UNKNOWN Access = 0
Access_GRANTED Access = 1
Access_DENIED Access = 2
)
var Access_name = map[int32]string{
0: "UNKNOWN",
1: "GRANTED",
2: "DENIED",
}
var Access_value = map[string]int32{
"UNKNOWN": 0,
"GRANTED": 1,
"DENIED": 2,
}
func (x Access) String() string {
return proto.EnumName(Access_name, int32(x))
}
func (Access) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_d5bb7c98c32bdd99, []int{0}
}
type Rule struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
Resource *auth.Resource `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"`
Access Access `protobuf:"varint,4,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Rule) Reset() { *m = Rule{} }
func (m *Rule) String() string { return proto.CompactTextString(m) }
func (*Rule) ProtoMessage() {}
func (*Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_d5bb7c98c32bdd99, []int{0}
}
func (m *Rule) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Rule.Unmarshal(m, b)
}
func (m *Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_Rule.Marshal(b, m, deterministic)
}
func (m *Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_Rule.Merge(m, src)
}
func (m *Rule) XXX_Size() int {
return xxx_messageInfo_Rule.Size(m)
}
func (m *Rule) XXX_DiscardUnknown() {
xxx_messageInfo_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_Rule proto.InternalMessageInfo
func (m *Rule) GetId() string {
if m != nil {
return m.Id
}
return ""
}
func (m *Rule) GetRole() string {
if m != nil {
return m.Role
}
return ""
}
func (m *Rule) GetResource() *auth.Resource {
if m != nil {
return m.Resource
}
return nil
}
func (m *Rule) GetAccess() Access {
if m != nil {
return m.Access
}
return Access_UNKNOWN
}
type CreateRequest struct {
Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
Resource *auth.Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
Access Access `protobuf:"varint,3,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CreateRequest) Reset() { *m = CreateRequest{} }
func (m *CreateRequest) String() string { return proto.CompactTextString(m) }
func (*CreateRequest) ProtoMessage() {}
func (*CreateRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_d5bb7c98c32bdd99, []int{1}
}
func (m *CreateRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_CreateRequest.Unmarshal(m, b)
}
func (m *CreateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_CreateRequest.Marshal(b, m, deterministic)
}
func (m *CreateRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_CreateRequest.Merge(m, src)
}
func (m *CreateRequest) XXX_Size() int {
return xxx_messageInfo_CreateRequest.Size(m)
}
func (m *CreateRequest) XXX_DiscardUnknown() {
xxx_messageInfo_CreateRequest.DiscardUnknown(m)
}
var xxx_messageInfo_CreateRequest proto.InternalMessageInfo
func (m *CreateRequest) GetRole() string {
if m != nil {
return m.Role
}
return ""
}
func (m *CreateRequest) GetResource() *auth.Resource {
if m != nil {
return m.Resource
}
return nil
}
func (m *CreateRequest) GetAccess() Access {
if m != nil {
return m.Access
}
return Access_UNKNOWN
}
type CreateResponse struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CreateResponse) Reset() { *m = CreateResponse{} }
func (m *CreateResponse) String() string { return proto.CompactTextString(m) }
func (*CreateResponse) ProtoMessage() {}
func (*CreateResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_d5bb7c98c32bdd99, []int{2}
}
func (m *CreateResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_CreateResponse.Unmarshal(m, b)
}
func (m *CreateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_CreateResponse.Marshal(b, m, deterministic)
}
func (m *CreateResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_CreateResponse.Merge(m, src)
}
func (m *CreateResponse) XXX_Size() int {
return xxx_messageInfo_CreateResponse.Size(m)
}
func (m *CreateResponse) XXX_DiscardUnknown() {
xxx_messageInfo_CreateResponse.DiscardUnknown(m)
}
var xxx_messageInfo_CreateResponse proto.InternalMessageInfo
type DeleteRequest struct {
Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
Resource *auth.Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
Access Access `protobuf:"varint,3,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeleteRequest) Reset() { *m = DeleteRequest{} }
func (m *DeleteRequest) String() string { return proto.CompactTextString(m) }
func (*DeleteRequest) ProtoMessage() {}
func (*DeleteRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_d5bb7c98c32bdd99, []int{3}
}
func (m *DeleteRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_DeleteRequest.Unmarshal(m, b)
}
func (m *DeleteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_DeleteRequest.Marshal(b, m, deterministic)
}
func (m *DeleteRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeleteRequest.Merge(m, src)
}
func (m *DeleteRequest) XXX_Size() int {
return xxx_messageInfo_DeleteRequest.Size(m)
}
func (m *DeleteRequest) XXX_DiscardUnknown() {
xxx_messageInfo_DeleteRequest.DiscardUnknown(m)
}
var xxx_messageInfo_DeleteRequest proto.InternalMessageInfo
func (m *DeleteRequest) GetRole() string {
if m != nil {
return m.Role
}
return ""
}
func (m *DeleteRequest) GetResource() *auth.Resource {
if m != nil {
return m.Resource
}
return nil
}
func (m *DeleteRequest) GetAccess() Access {
if m != nil {
return m.Access
}
return Access_UNKNOWN
}
type DeleteResponse struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeleteResponse) Reset() { *m = DeleteResponse{} }
func (m *DeleteResponse) String() string { return proto.CompactTextString(m) }
func (*DeleteResponse) ProtoMessage() {}
func (*DeleteResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_d5bb7c98c32bdd99, []int{4}
}
func (m *DeleteResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_DeleteResponse.Unmarshal(m, b)
}
func (m *DeleteResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_DeleteResponse.Marshal(b, m, deterministic)
}
func (m *DeleteResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeleteResponse.Merge(m, src)
}
func (m *DeleteResponse) XXX_Size() int {
return xxx_messageInfo_DeleteResponse.Size(m)
}
func (m *DeleteResponse) XXX_DiscardUnknown() {
xxx_messageInfo_DeleteResponse.DiscardUnknown(m)
}
var xxx_messageInfo_DeleteResponse proto.InternalMessageInfo
type ListRequest struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ListRequest) Reset() { *m = ListRequest{} }
func (m *ListRequest) String() string { return proto.CompactTextString(m) }
func (*ListRequest) ProtoMessage() {}
func (*ListRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_d5bb7c98c32bdd99, []int{5}
}
func (m *ListRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ListRequest.Unmarshal(m, b)
}
func (m *ListRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_ListRequest.Marshal(b, m, deterministic)
}
func (m *ListRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ListRequest.Merge(m, src)
}
func (m *ListRequest) XXX_Size() int {
return xxx_messageInfo_ListRequest.Size(m)
}
func (m *ListRequest) XXX_DiscardUnknown() {
xxx_messageInfo_ListRequest.DiscardUnknown(m)
}
var xxx_messageInfo_ListRequest proto.InternalMessageInfo
type ListResponse struct {
Rules []*Rule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ListResponse) Reset() { *m = ListResponse{} }
func (m *ListResponse) String() string { return proto.CompactTextString(m) }
func (*ListResponse) ProtoMessage() {}
func (*ListResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_d5bb7c98c32bdd99, []int{6}
}
func (m *ListResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ListResponse.Unmarshal(m, b)
}
func (m *ListResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_ListResponse.Marshal(b, m, deterministic)
}
func (m *ListResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_ListResponse.Merge(m, src)
}
func (m *ListResponse) XXX_Size() int {
return xxx_messageInfo_ListResponse.Size(m)
}
func (m *ListResponse) XXX_DiscardUnknown() {
xxx_messageInfo_ListResponse.DiscardUnknown(m)
}
var xxx_messageInfo_ListResponse proto.InternalMessageInfo
func (m *ListResponse) GetRules() []*Rule {
if m != nil {
return m.Rules
}
return nil
}
func init() {
proto.RegisterEnum("go.micro.auth.Access", Access_name, Access_value)
proto.RegisterType((*Rule)(nil), "go.micro.auth.Rule")
proto.RegisterType((*CreateRequest)(nil), "go.micro.auth.CreateRequest")
proto.RegisterType((*CreateResponse)(nil), "go.micro.auth.CreateResponse")
proto.RegisterType((*DeleteRequest)(nil), "go.micro.auth.DeleteRequest")
proto.RegisterType((*DeleteResponse)(nil), "go.micro.auth.DeleteResponse")
proto.RegisterType((*ListRequest)(nil), "go.micro.auth.ListRequest")
proto.RegisterType((*ListResponse)(nil), "go.micro.auth.ListResponse")
}
func init() {
proto.RegisterFile("github.com/micro/go-micro/auth/service/proto/rules/rules.proto", fileDescriptor_d5bb7c98c32bdd99)
}
var fileDescriptor_d5bb7c98c32bdd99 = []byte{
// 384 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x93, 0x41, 0x6b, 0xdb, 0x30,
0x1c, 0xc5, 0x23, 0xc7, 0xf1, 0xb6, 0xbf, 0x97, 0x60, 0x34, 0xc6, 0x8c, 0xb7, 0x81, 0xc9, 0xc9,
0x1b, 0xc4, 0x06, 0xe7, 0x34, 0x18, 0x83, 0x30, 0x87, 0x30, 0x36, 0x3c, 0x10, 0x2d, 0x3d, 0x27,
0xce, 0x9f, 0xc4, 0xe0, 0x54, 0xa9, 0x64, 0xf7, 0x2b, 0xf4, 0xd6, 0x4f, 0xd8, 0x0f, 0x53, 0x2c,
0x39, 0xa1, 0x71, 0x1a, 0x68, 0x6e, 0xbd, 0x08, 0x49, 0xef, 0xe9, 0xf9, 0xa7, 0x67, 0x1b, 0x7e,
0xad, 0xf2, 0x72, 0x5d, 0x2d, 0xc2, 0x8c, 0x6f, 0xa2, 0x4d, 0x9e, 0x09, 0x1e, 0xad, 0xf8, 0x48,
0x4f, 0xe6, 0x55, 0xb9, 0x8e, 0x24, 0x8a, 0xdb, 0x3c, 0xc3, 0x68, 0x2b, 0x78, 0xc9, 0x23, 0x51,
0x15, 0x28, 0xf5, 0x18, 0xaa, 0x1d, 0xda, 0x5f, 0xf1, 0x50, 0xd9, 0xc3, 0xda, 0xee, 0xfd, 0x3c,
0x2b, 0x4e, 0x6d, 0xd5, 0x83, 0x0e, 0x1b, 0xde, 0x13, 0x30, 0x59, 0x55, 0x20, 0x1d, 0x80, 0x91,
0x2f, 0x5d, 0xe2, 0x93, 0xe0, 0x1d, 0x33, 0xf2, 0x25, 0xa5, 0x60, 0x0a, 0x5e, 0xa0, 0x6b, 0xa8,
0x1d, 0x35, 0xa7, 0x63, 0x78, 0x2b, 0x50, 0xf2, 0x4a, 0x64, 0xe8, 0x76, 0x7d, 0x12, 0xd8, 0xf1,
0xa7, 0xf0, 0x00, 0x26, 0x64, 0x8d, 0xcc, 0xf6, 0x46, 0x3a, 0x02, 0x6b, 0x9e, 0x65, 0x28, 0xa5,
0x6b, 0xfa, 0x24, 0x18, 0xc4, 0x1f, 0x5b, 0x47, 0x26, 0x4a, 0x64, 0x8d, 0x69, 0x78, 0x47, 0xa0,
0xff, 0x5b, 0xe0, 0xbc, 0x44, 0x86, 0x37, 0x15, 0xca, 0x72, 0x4f, 0x42, 0x4e, 0x90, 0x18, 0xe7,
0x93, 0x74, 0x5f, 0x42, 0xe2, 0xc0, 0x60, 0x07, 0x22, 0xb7, 0xfc, 0x5a, 0xa2, 0x62, 0x4b, 0xb0,
0xc0, 0x57, 0xc1, 0xb6, 0x03, 0x69, 0xd8, 0xfa, 0x60, 0xff, 0xcb, 0x65, 0xd9, 0x80, 0x0d, 0x7f,
0xc0, 0x7b, 0xbd, 0xd4, 0x32, 0xfd, 0x06, 0x3d, 0xf5, 0x0d, 0xb9, 0xc4, 0xef, 0x06, 0x76, 0xfc,
0xa1, 0x4d, 0x54, 0x15, 0xc8, 0xb4, 0xe3, 0x7b, 0x08, 0x96, 0x7e, 0x1a, 0xb5, 0xe1, 0xcd, 0x65,
0xfa, 0x37, 0xfd, 0x7f, 0x95, 0x3a, 0x9d, 0x7a, 0x31, 0x63, 0x93, 0xf4, 0x62, 0x9a, 0x38, 0x84,
0x02, 0x58, 0xc9, 0x34, 0xfd, 0x33, 0x4d, 0x1c, 0x23, 0x7e, 0x20, 0xd0, 0xab, 0xcf, 0x4b, 0x3a,
0x03, 0x4b, 0x37, 0x46, 0xbf, 0xb4, 0xf2, 0x0f, 0xde, 0xa8, 0xf7, 0xf5, 0x84, 0xda, 0x5c, 0xa5,
0x53, 0x07, 0xe9, 0xeb, 0x1d, 0x05, 0x1d, 0xd4, 0x7f, 0x14, 0xd4, 0xea, 0xa4, 0x43, 0x27, 0x60,
0xd6, 0x35, 0x50, 0xaf, 0x65, 0x7c, 0x52, 0x95, 0xf7, 0xf9, 0x59, 0x6d, 0x17, 0xb1, 0xb0, 0xd4,
0x8f, 0x32, 0x7e, 0x0c, 0x00, 0x00, 0xff, 0xff, 0x85, 0x65, 0x07, 0x9d, 0xb7, 0x03, 0x00, 0x00,
}

View File

@ -0,0 +1,120 @@
// Code generated by protoc-gen-micro. DO NOT EDIT.
// source: github.com/micro/go-micro/auth/service/proto/rules/rules.proto
package go_micro_auth
import (
fmt "fmt"
proto "github.com/golang/protobuf/proto"
_ "github.com/micro/go-micro/v2/auth/service/proto/auth"
math "math"
)
import (
context "context"
client "github.com/micro/go-micro/v2/client"
server "github.com/micro/go-micro/v2/server"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ client.Option
var _ server.Option
// Client API for Rules service
type RulesService interface {
Create(ctx context.Context, in *CreateRequest, opts ...client.CallOption) (*CreateResponse, error)
Delete(ctx context.Context, in *DeleteRequest, opts ...client.CallOption) (*DeleteResponse, error)
List(ctx context.Context, in *ListRequest, opts ...client.CallOption) (*ListResponse, error)
}
type rulesService struct {
c client.Client
name string
}
func NewRulesService(name string, c client.Client) RulesService {
return &rulesService{
c: c,
name: name,
}
}
func (c *rulesService) Create(ctx context.Context, in *CreateRequest, opts ...client.CallOption) (*CreateResponse, error) {
req := c.c.NewRequest(c.name, "Rules.Create", in)
out := new(CreateResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *rulesService) Delete(ctx context.Context, in *DeleteRequest, opts ...client.CallOption) (*DeleteResponse, error) {
req := c.c.NewRequest(c.name, "Rules.Delete", in)
out := new(DeleteResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *rulesService) List(ctx context.Context, in *ListRequest, opts ...client.CallOption) (*ListResponse, error) {
req := c.c.NewRequest(c.name, "Rules.List", in)
out := new(ListResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// Server API for Rules service
type RulesHandler interface {
Create(context.Context, *CreateRequest, *CreateResponse) error
Delete(context.Context, *DeleteRequest, *DeleteResponse) error
List(context.Context, *ListRequest, *ListResponse) error
}
func RegisterRulesHandler(s server.Server, hdlr RulesHandler, opts ...server.HandlerOption) error {
type rules interface {
Create(ctx context.Context, in *CreateRequest, out *CreateResponse) error
Delete(ctx context.Context, in *DeleteRequest, out *DeleteResponse) error
List(ctx context.Context, in *ListRequest, out *ListResponse) error
}
type Rules struct {
rules
}
h := &rulesHandler{hdlr}
return s.Handle(s.NewHandler(&Rules{h}, opts...))
}
type rulesHandler struct {
RulesHandler
}
func (h *rulesHandler) Create(ctx context.Context, in *CreateRequest, out *CreateResponse) error {
return h.RulesHandler.Create(ctx, in, out)
}
func (h *rulesHandler) Delete(ctx context.Context, in *DeleteRequest, out *DeleteResponse) error {
return h.RulesHandler.Delete(ctx, in, out)
}
func (h *rulesHandler) List(ctx context.Context, in *ListRequest, out *ListResponse) error {
return h.RulesHandler.List(ctx, in, out)
}

View File

@ -0,0 +1,47 @@
syntax = "proto3";
package go.micro.auth;
import "github.com/micro/go-micro/auth/service/proto/auth/auth.proto";
service Rules {
rpc Create(CreateRequest) returns (CreateResponse) {};
rpc Delete(DeleteRequest) returns (DeleteResponse) {};
rpc List(ListRequest) returns (ListResponse) {};
}
enum Access {
UNKNOWN = 0;
GRANTED = 1;
DENIED = 2;
}
message Rule {
string id = 1;
string role = 2;
Resource resource = 3;
Access access = 4;
}
message CreateRequest {
string role = 1;
Resource resource = 2;
Access access = 3;
}
message CreateResponse {}
message DeleteRequest {
string role = 1;
Resource resource = 2;
Access access = 3;
}
message DeleteResponse {}
message ListRequest {
}
message ListResponse {
repeated Rule rules = 1;
}

View File

@ -8,7 +8,8 @@ import (
"time"
"github.com/micro/go-micro/v2/auth"
pb "github.com/micro/go-micro/v2/auth/service/proto"
authPb "github.com/micro/go-micro/v2/auth/service/proto/auth"
rulePb "github.com/micro/go-micro/v2/auth/service/proto/rules"
"github.com/micro/go-micro/v2/auth/token"
"github.com/micro/go-micro/v2/auth/token/jwt"
"github.com/micro/go-micro/v2/client"
@ -26,10 +27,11 @@ func NewAuth(opts ...auth.Option) auth.Auth {
// svc is the service implementation of the Auth interface
type svc struct {
options auth.Options
auth pb.AuthService
auth authPb.AuthService
rule rulePb.RulesService
jwt token.Provider
rules []*pb.Rule
rules []*rulePb.Rule
sync.Mutex
}
@ -43,7 +45,8 @@ func (s *svc) Init(opts ...auth.Option) {
}
dc := client.DefaultClient
s.auth = pb.NewAuthService("go.micro.auth", dc)
s.auth = authPb.NewAuthService("go.micro.auth", dc)
s.rule = rulePb.NewRulesService("go.micro.auth", dc)
// if we have a JWT public key passed as an option,
// we can decode tokens with the type "JWT" locally
@ -78,7 +81,7 @@ func (s *svc) Options() auth.Options {
func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
options := auth.NewGenerateOptions(opts...)
rsp, err := s.auth.Generate(context.TODO(), &pb.GenerateRequest{
rsp, err := s.auth.Generate(context.TODO(), &authPb.GenerateRequest{
Id: id,
Roles: options.Roles,
Metadata: options.Metadata,
@ -93,9 +96,10 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
// Grant access to a resource
func (s *svc) Grant(role string, res *auth.Resource) error {
_, err := s.auth.Grant(context.TODO(), &pb.GrantRequest{
_, err := s.rule.Create(context.TODO(), &rulePb.CreateRequest{
Role: role,
Resource: &pb.Resource{
Access: rulePb.Access_GRANTED,
Resource: &authPb.Resource{
Type: res.Type,
Name: res.Name,
Endpoint: res.Endpoint,
@ -106,9 +110,10 @@ func (s *svc) Grant(role string, res *auth.Resource) error {
// Revoke access to a resource
func (s *svc) Revoke(role string, res *auth.Resource) error {
_, err := s.auth.Revoke(context.TODO(), &pb.RevokeRequest{
_, err := s.rule.Delete(context.TODO(), &rulePb.DeleteRequest{
Role: role,
Resource: &pb.Resource{
Access: rulePb.Access_GRANTED,
Resource: &authPb.Resource{
Type: res.Type,
Name: res.Name,
Endpoint: res.Endpoint,
@ -120,10 +125,11 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
// Verify an account has access to a resource
func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
queries := [][]string{
{res.Type, "*"}, // check for wildcard resource type, e.g. service.*
{res.Type, res.Name, "*"}, // check for wildcard name, e.g. service.foo*
{res.Type, res.Name, res.Endpoint, "*"}, // check for wildcard endpoints, e.g. service.foo.ListFoo:*
{res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin
{res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule)
{res.Type, res.Name, res.Endpoint, "*"}, // check for wildcard role, e.g. service.foo.ListFoo:*
{res.Type, res.Name, "*"}, // check for wildcard endpoint, e.g. service.foo*
{res.Type, "*"}, // check for wildcard name, e.g. service.*
{"*"}, // check for wildcard type, e.g. *
}
// endpoint is a url which can have wildcard excludes, e.g.
@ -137,12 +143,18 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
for _, q := range queries {
for _, rule := range s.listRules(q...) {
if isValidRule(rule, acc, res) {
return nil
switch accessForRule(rule, acc, res) {
case rulePb.Access_UNKNOWN:
continue // rule did not specify access, check the next rule
case rulePb.Access_GRANTED:
return nil // rule grants the account access to the resource
case rulePb.Access_DENIED:
return auth.ErrForbidden // reule denies access to the resource
}
}
}
// no rules were found for the resource, default to denying access
return auth.ErrForbidden
}
@ -162,7 +174,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
}
}
rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{
rsp, err := s.auth.Inspect(context.TODO(), &authPb.InspectRequest{
Token: token,
})
if err != nil {
@ -176,7 +188,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
func (s *svc) Refresh(secret string, opts ...auth.RefreshOption) (*auth.Token, error) {
options := auth.NewRefreshOptions(opts...)
rsp, err := s.auth.Refresh(context.Background(), &pb.RefreshRequest{
rsp, err := s.auth.Refresh(context.Background(), &authPb.RefreshRequest{
Secret: secret,
TokenExpiry: int64(options.TokenExpiry.Seconds()),
})
@ -189,36 +201,36 @@ func (s *svc) Refresh(secret string, opts ...auth.RefreshOption) (*auth.Token, e
var ruleJoinKey = ":"
// isValidRule returns a bool, indicating if a rule permits access to a
// accessForRule returns a rule status, indicating if a rule permits access to a
// resource for a given account
func isValidRule(rule *pb.Rule, acc *auth.Account, res *auth.Resource) bool {
func accessForRule(rule *rulePb.Rule, acc *auth.Account, res *auth.Resource) rulePb.Access {
if rule.Role == "*" {
return true
return rule.Access
}
for _, role := range acc.Roles {
if rule.Role == role {
return true
return rule.Access
}
// allow user.anything if role is user.*
if strings.HasSuffix(rule.Role, ".*") && strings.HasPrefix(rule.Role, role+".") {
return true
return rule.Access
}
}
return false
return rulePb.Access_DENIED
}
// listRules gets all the rules from the store which have an id
// prefix matching the filters
func (s *svc) listRules(filters ...string) []*pb.Rule {
func (s *svc) listRules(filters ...string) []*rulePb.Rule {
s.Lock()
defer s.Unlock()
prefix := strings.Join(filters, ruleJoinKey)
var rules []*pb.Rule
var rules []*rulePb.Rule
for _, r := range s.rules {
if strings.HasPrefix(r.Id, prefix) {
rules = append(rules, r)
@ -230,7 +242,7 @@ func (s *svc) listRules(filters ...string) []*pb.Rule {
// loadRules retrieves the rules from the auth service
func (s *svc) loadRules() {
rsp, err := s.auth.ListRules(context.TODO(), &pb.ListRulesRequest{}, client.WithRetries(3))
rsp, err := s.rule.List(context.TODO(), &rulePb.ListRequest{})
s.Lock()
defer s.Unlock()
@ -242,7 +254,7 @@ func (s *svc) loadRules() {
s.rules = rsp.Rules
}
func serializeToken(t *pb.Token) *auth.Token {
func serializeToken(t *authPb.Token) *auth.Token {
return &auth.Token{
Token: t.Token,
Type: t.Type,
@ -254,7 +266,7 @@ func serializeToken(t *pb.Token) *auth.Token {
}
}
func serializeAccount(a *pb.Account) *auth.Account {
func serializeAccount(a *authPb.Account) *auth.Account {
var secret *auth.Token
if a.Secret != nil {
secret = serializeToken(a.Secret)

View File

@ -2,6 +2,7 @@ package basic
import (
"encoding/json"
"fmt"
"time"
"github.com/google/uuid"
@ -15,6 +16,11 @@ type Basic struct {
store store.Store
}
var (
// StorePrefix to isolate tokens
StorePrefix = "tokens/"
)
// NewTokenProvider returns an initialized basic provider
func NewTokenProvider(opts ...token.Option) token.Provider {
options := token.NewOptions(opts...)
@ -51,7 +57,7 @@ func (b *Basic) Generate(subject string, opts ...token.GenerateOption) (*auth.To
// write to the store
err = b.store.Write(&store.Record{
Key: token.Token,
Key: fmt.Sprintf("%v%v", StorePrefix, token.Token),
Value: bytes,
Expiry: options.Expiry,
})
@ -66,7 +72,7 @@ func (b *Basic) Generate(subject string, opts ...token.GenerateOption) (*auth.To
// Inspect a token
func (b *Basic) Inspect(t string) (*auth.Token, error) {
// lookup the token in the store
recs, err := b.store.Read(t)
recs, err := b.store.Read(StorePrefix + t)
if err == store.ErrNotFound {
return nil, token.ErrInvalidToken
} else if err != nil {