diff --git a/auth/options.go b/auth/options.go index da0982b7..bb120241 100644 --- a/auth/options.go +++ b/auth/options.go @@ -44,10 +44,19 @@ type Options struct { Store store.Store // Client to use for RPC Client client.Client + // Addrs sets the addresses of auth + Addrs []string } type Option func(o *Options) +// Addrs is the auth addresses to use +func Addrs(addrs ...string) Option { + return func(o *Options) { + o.Addrs = addrs + } +} + // Namespace the service belongs to func Namespace(n string) Option { return func(o *Options) { diff --git a/auth/service/service.go b/auth/service/service.go index 90291257..197462a2 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -23,6 +23,7 @@ type svc struct { auth pb.AuthService rule pb.RulesService jwt token.Provider + addrs []string rules []*pb.Rule sync.Mutex @@ -50,21 +51,6 @@ func (s *svc) Init(opts ...auth.Option) { if key := s.options.PublicKey; len(key) > 0 { s.jwt = jwt.NewTokenProvider(token.WithPublicKey(key)) } - - // load rules periodically from the auth service - go func() { - ruleTimer := time.NewTicker(time.Second * 30) - - for { - // jitter for up to 5 seconds, this stops - // all the services calling the auth service - // at the exact same time - time.Sleep(jitter.Do(time.Second * 5)) - s.loadRules() - - <-ruleTimer.C - } - }() } func (s *svc) Options() auth.Options { @@ -85,7 +71,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e Metadata: options.Metadata, Provider: options.Provider, Namespace: options.Namespace, - }) + }, client.WithAddress(s.addrs...)) if err != nil { return nil, err } @@ -104,7 +90,7 @@ func (s *svc) Grant(role string, res *auth.Resource) error { Name: res.Name, Endpoint: res.Endpoint, }, - }) + }, client.WithAddress(s.addrs...)) return err } @@ -119,7 +105,7 @@ func (s *svc) Revoke(role string, res *auth.Resource) error { Name: res.Name, Endpoint: res.Endpoint, }, - }) + }, client.WithAddress(s.addrs...)) return err } @@ -189,7 +175,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) { // the token is not a JWT or we do not have the keys to decode it, // fall back to the auth service - rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}) + rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}, client.WithAddress(s.addrs...)) if err != nil { return nil, err } @@ -205,7 +191,7 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) { Secret: options.Secret, RefreshToken: options.RefreshToken, TokenExpiry: int64(options.Expiry.Seconds()), - }) + }, client.WithAddress(s.addrs...)) if err != nil { return nil, err } @@ -270,7 +256,7 @@ func (s *svc) listRules(filters ...string) []*pb.Rule { // loadRules retrieves the rules from the auth service func (s *svc) loadRules() { - rsp, err := s.rule.List(context.TODO(), &pb.ListRequest{}) + rsp, err := s.rule.List(context.TODO(), &pb.ListRequest{}, client.WithAddress(s.addrs...)) s.Lock() defer s.Unlock() @@ -320,9 +306,28 @@ func NewAuth(opts ...auth.Option) auth.Auth { options.Client = client.DefaultClient } - return &svc{ + addrs := options.Addrs + if len(addrs) == 0 { + addrs = []string{"127.0.0.1:8010"} + } + + service := &svc{ auth: pb.NewAuthService("go.micro.auth", options.Client), rule: pb.NewRulesService("go.micro.auth", options.Client), options: options, + addrs: addrs, } + + // load rules periodically from the auth service + go func() { + ruleTimer := time.NewTicker(time.Second * 30) + + for { + time.Sleep(jitter.Do(time.Second * 5)) + service.loadRules() + <-ruleTimer.C + } + }() + + return service }