Auth (#1147)
Implement the Auth interface, with JWT and service implementations. * Update Auth Interface * Define Auth Service Implementation * Support Service Auth * Add Auth Service Proto * Remove erronious files * Implement Auth Service Package * Update Auth Interface * Update Auth Interface. Add Validate, remove Add/Remove roles * Make Revoke interface more explicit * Refactor serializing and deserializing service accounts * Fix srv name & update interface to be more explicit * Require jwt public key for auth * Rename Variables (Resource.ID => Resource.Name & ServiceAccount => Account) * Implement JWT Auth Package * Remove parent, add ID * Update auth imports to v2. Add String() to auth interface
This commit is contained in:
ben-toogood
GitHub
@@ -7,6 +7,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/micro/go-micro/v2/auth"
|
||||
"github.com/micro/go-micro/v2/broker"
|
||||
"github.com/micro/go-micro/v2/client"
|
||||
"github.com/micro/go-micro/v2/client/selector"
|
||||
@@ -55,6 +56,10 @@ import (
|
||||
// tracers
|
||||
// jTracer "github.com/micro/go-micro/v2/debug/trace/jaeger"
|
||||
memTracer "github.com/micro/go-micro/v2/debug/trace/memory"
|
||||
|
||||
// auth
|
||||
jwtAuth "github.com/micro/go-micro/v2/auth/jwt"
|
||||
sAuth "github.com/micro/go-micro/v2/auth/service"
|
||||
)
|
||||
|
||||
type Cmd interface {
|
||||
@@ -223,6 +228,21 @@ var (
|
||||
EnvVars: []string{"MICRO_TRACER_ADDRESS"},
|
||||
Usage: "Comma-separated list of tracer addresses",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "auth",
|
||||
EnvVars: []string{"MICRO_AUTH"},
|
||||
Usage: "Auth for role based access control, e.g. service",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "auth_public_key",
|
||||
EnvVars: []string{"MICRO_AUTH_PUBLIC_KEY"},
|
||||
Usage: "Public key for JWT auth (base64 encoded PEM)",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "auth_private_key",
|
||||
EnvVars: []string{"MICRO_AUTH_PRIVATE_KEY"},
|
||||
Usage: "Private key for JWT auth (base64 encoded PEM)",
|
||||
},
|
||||
}
|
||||
|
||||
DefaultBrokers = map[string]func(...broker.Option) broker.Broker{
|
||||
@@ -274,6 +294,11 @@ var (
|
||||
// "jaeger": jTracer.NewTracer,
|
||||
}
|
||||
|
||||
DefaultAuths = map[string]func(...auth.Option) auth.Auth{
|
||||
"service": sAuth.NewAuth,
|
||||
"jwt": jwtAuth.NewAuth,
|
||||
}
|
||||
|
||||
// used for default selection as the fall back
|
||||
defaultClient = "grpc"
|
||||
defaultServer = "grpc"
|
||||
@@ -300,6 +325,7 @@ func newCmd(opts ...Option) Cmd {
|
||||
Runtime: &runtime.DefaultRuntime,
|
||||
Store: &store.DefaultStore,
|
||||
Tracer: &trace.DefaultTracer,
|
||||
Auth: &auth.DefaultAuth,
|
||||
|
||||
Brokers: DefaultBrokers,
|
||||
Clients: DefaultClients,
|
||||
@@ -310,6 +336,7 @@ func newCmd(opts ...Option) Cmd {
|
||||
Runtimes: DefaultRuntimes,
|
||||
Stores: DefaultStores,
|
||||
Tracers: DefaultTracers,
|
||||
Auths: DefaultAuths,
|
||||
}
|
||||
|
||||
for _, o := range opts {
|
||||
@@ -382,6 +409,16 @@ func (c *cmd) Before(ctx *cli.Context) error {
|
||||
*c.opts.Tracer = r()
|
||||
}
|
||||
|
||||
// Set the auth
|
||||
if name := ctx.String("auth"); len(name) > 0 {
|
||||
r, ok := c.opts.Auths[name]
|
||||
if !ok {
|
||||
return fmt.Errorf("Unsupported auth: %s", name)
|
||||
}
|
||||
|
||||
*c.opts.Auth = r()
|
||||
}
|
||||
|
||||
// Set the client
|
||||
if name := ctx.String("client"); len(name) > 0 {
|
||||
// only change if we have the client and type differs
|
||||
@@ -531,6 +568,18 @@ func (c *cmd) Before(ctx *cli.Context) error {
|
||||
serverOpts = append(serverOpts, server.RegisterInterval(val*time.Second))
|
||||
}
|
||||
|
||||
if len(ctx.String("auth_public_key")) > 0 {
|
||||
if err := (*c.opts.Auth).Init(auth.PublicKey(ctx.String("auth_public_key"))); err != nil {
|
||||
log.Fatalf("Error configuring auth: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
if len(ctx.String("auth_private_key")) > 0 {
|
||||
if err := (*c.opts.Auth).Init(auth.PrivateKey(ctx.String("auth_private_key"))); err != nil {
|
||||
log.Fatalf("Error configuring auth: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// client opts
|
||||
if r := ctx.Int("client_retries"); r >= 0 {
|
||||
clientOpts = append(clientOpts, client.Retries(r))
|
||||
|
||||
@@ -3,6 +3,7 @@ package cmd
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/micro/go-micro/v2/auth"
|
||||
"github.com/micro/go-micro/v2/broker"
|
||||
"github.com/micro/go-micro/v2/client"
|
||||
"github.com/micro/go-micro/v2/client/selector"
|
||||
@@ -30,6 +31,7 @@ type Options struct {
|
||||
Runtime *runtime.Runtime
|
||||
Store *store.Store
|
||||
Tracer *trace.Tracer
|
||||
Auth *auth.Auth
|
||||
|
||||
Brokers map[string]func(...broker.Option) broker.Broker
|
||||
Clients map[string]func(...client.Option) client.Client
|
||||
@@ -40,6 +42,7 @@ type Options struct {
|
||||
Runtimes map[string]func(...runtime.Option) runtime.Runtime
|
||||
Stores map[string]func(...store.Option) store.Store
|
||||
Tracers map[string]func(...trace.Option) trace.Tracer
|
||||
Auths map[string]func(...auth.Option) auth.Auth
|
||||
|
||||
// Other options for implementations of the interface
|
||||
// can be stored in a context
|
||||
@@ -109,6 +112,12 @@ func Tracer(t *trace.Tracer) Option {
|
||||
}
|
||||
}
|
||||
|
||||
func Auth(a *auth.Auth) Option {
|
||||
return func(o *Options) {
|
||||
o.Auth = a
|
||||
}
|
||||
}
|
||||
|
||||
// New broker func
|
||||
func NewBroker(name string, b func(...broker.Option) broker.Broker) Option {
|
||||
return func(o *Options) {
|
||||
@@ -164,3 +173,10 @@ func NewTracer(name string, t func(...trace.Option) trace.Tracer) Option {
|
||||
o.Tracers[name] = t
|
||||
}
|
||||
}
|
||||
|
||||
// New auth func
|
||||
func NewAuth(name string, t func(...auth.Option) auth.Auth) Option {
|
||||
return func(o *Options) {
|
||||
o.Auths[name] = t
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user