Merge pull request #1631 from micro/auth-address

Auth: Set address
This commit is contained in:
ben-toogood 2020-05-13 18:02:10 +01:00 committed by GitHub
commit a2d4d62f1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 22 deletions

View File

@ -44,10 +44,19 @@ type Options struct {
Store store.Store Store store.Store
// Client to use for RPC // Client to use for RPC
Client client.Client Client client.Client
// Addrs sets the addresses of auth
Addrs []string
} }
type Option func(o *Options) type Option func(o *Options)
// Addrs is the auth addresses to use
func Addrs(addrs ...string) Option {
return func(o *Options) {
o.Addrs = addrs
}
}
// Namespace the service belongs to // Namespace the service belongs to
func Namespace(n string) Option { func Namespace(n string) Option {
return func(o *Options) { return func(o *Options) {

View File

@ -23,6 +23,7 @@ type svc struct {
auth pb.AuthService auth pb.AuthService
rule pb.RulesService rule pb.RulesService
jwt token.Provider jwt token.Provider
addrs []string
rules []*pb.Rule rules []*pb.Rule
sync.Mutex sync.Mutex
@ -50,21 +51,6 @@ func (s *svc) Init(opts ...auth.Option) {
if key := s.options.PublicKey; len(key) > 0 { if key := s.options.PublicKey; len(key) > 0 {
s.jwt = jwt.NewTokenProvider(token.WithPublicKey(key)) s.jwt = jwt.NewTokenProvider(token.WithPublicKey(key))
} }
// load rules periodically from the auth service
go func() {
ruleTimer := time.NewTicker(time.Second * 30)
for {
// jitter for up to 5 seconds, this stops
// all the services calling the auth service
// at the exact same time
time.Sleep(jitter.Do(time.Second * 5))
s.loadRules()
<-ruleTimer.C
}
}()
} }
func (s *svc) Options() auth.Options { func (s *svc) Options() auth.Options {
@ -85,7 +71,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
Metadata: options.Metadata, Metadata: options.Metadata,
Provider: options.Provider, Provider: options.Provider,
Namespace: options.Namespace, Namespace: options.Namespace,
}) }, client.WithAddress(s.addrs...))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -104,7 +90,7 @@ func (s *svc) Grant(role string, res *auth.Resource) error {
Name: res.Name, Name: res.Name,
Endpoint: res.Endpoint, Endpoint: res.Endpoint,
}, },
}) }, client.WithAddress(s.addrs...))
return err return err
} }
@ -119,7 +105,7 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
Name: res.Name, Name: res.Name,
Endpoint: res.Endpoint, Endpoint: res.Endpoint,
}, },
}) }, client.WithAddress(s.addrs...))
return err return err
} }
@ -189,7 +175,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
// the token is not a JWT or we do not have the keys to decode it, // the token is not a JWT or we do not have the keys to decode it,
// fall back to the auth service // fall back to the auth service
rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}) rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}, client.WithAddress(s.addrs...))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -205,7 +191,7 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
Secret: options.Secret, Secret: options.Secret,
RefreshToken: options.RefreshToken, RefreshToken: options.RefreshToken,
TokenExpiry: int64(options.Expiry.Seconds()), TokenExpiry: int64(options.Expiry.Seconds()),
}) }, client.WithAddress(s.addrs...))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -270,7 +256,7 @@ func (s *svc) listRules(filters ...string) []*pb.Rule {
// loadRules retrieves the rules from the auth service // loadRules retrieves the rules from the auth service
func (s *svc) loadRules() { func (s *svc) loadRules() {
rsp, err := s.rule.List(context.TODO(), &pb.ListRequest{}) rsp, err := s.rule.List(context.TODO(), &pb.ListRequest{}, client.WithAddress(s.addrs...))
s.Lock() s.Lock()
defer s.Unlock() defer s.Unlock()
@ -320,9 +306,28 @@ func NewAuth(opts ...auth.Option) auth.Auth {
options.Client = client.DefaultClient options.Client = client.DefaultClient
} }
return &svc{ addrs := options.Addrs
if len(addrs) == 0 {
addrs = []string{"127.0.0.1:8010"}
}
service := &svc{
auth: pb.NewAuthService("go.micro.auth", options.Client), auth: pb.NewAuthService("go.micro.auth", options.Client),
rule: pb.NewRulesService("go.micro.auth", options.Client), rule: pb.NewRulesService("go.micro.auth", options.Client),
options: options, options: options,
addrs: addrs,
} }
// load rules periodically from the auth service
go func() {
ruleTimer := time.NewTicker(time.Second * 30)
for {
time.Sleep(jitter.Do(time.Second * 5))
service.loadRules()
<-ruleTimer.C
}
}()
return service
} }