Auth (#1147)

Implement the Auth interface, with JWT and service implementations.

* Update Auth Interface

* Define Auth Service Implementation

* Support Service Auth

* Add Auth Service Proto

* Remove erronious files

* Implement Auth Service Package

* Update Auth Interface

* Update Auth Interface. Add Validate, remove Add/Remove roles

* Make Revoke interface more explicit

* Refactor serializing and deserializing service accounts

* Fix srv name & update interface to be more explicit

* Require jwt public key for auth

* Rename Variables (Resource.ID => Resource.Name & ServiceAccount => Account)

* Implement JWT Auth Package

* Remove parent, add ID

* Update auth imports to v2. Add String() to auth interface

config/cmd/cmd.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/micro/go-micro/v2/auth"
 	"github.com/micro/go-micro/v2/broker"
 	"github.com/micro/go-micro/v2/client"
 	"github.com/micro/go-micro/v2/client/selector"
@@ -55,6 +56,10 @@ import (
 	// tracers
 	// jTracer "github.com/micro/go-micro/v2/debug/trace/jaeger"
 	memTracer "github.com/micro/go-micro/v2/debug/trace/memory"
+
+	// auth
+	jwtAuth "github.com/micro/go-micro/v2/auth/jwt"
+	sAuth "github.com/micro/go-micro/v2/auth/service"
 )
 
 type Cmd interface {
@@ -223,6 +228,21 @@ var (
 			EnvVars: []string{"MICRO_TRACER_ADDRESS"},
 			Usage:   "Comma-separated list of tracer addresses",
 		},
+		&cli.StringFlag{
+			Name:    "auth",
+			EnvVars: []string{"MICRO_AUTH"},
+			Usage:   "Auth for role based access control, e.g. service",
+		},
+		&cli.StringFlag{
+			Name:    "auth_public_key",
+			EnvVars: []string{"MICRO_AUTH_PUBLIC_KEY"},
+			Usage:   "Public key for JWT auth (base64 encoded PEM)",
+		},
+		&cli.StringFlag{
+			Name:    "auth_private_key",
+			EnvVars: []string{"MICRO_AUTH_PRIVATE_KEY"},
+			Usage:   "Private key for JWT auth (base64 encoded PEM)",
+		},
 	}
 
 	DefaultBrokers = map[string]func(...broker.Option) broker.Broker{
@@ -274,6 +294,11 @@ var (
 		// "jaeger": jTracer.NewTracer,
 	}
 
+	DefaultAuths = map[string]func(...auth.Option) auth.Auth{
+		"service": sAuth.NewAuth,
+		"jwt":     jwtAuth.NewAuth,
+	}
+
 	// used for default selection as the fall back
 	defaultClient    = "grpc"
 	defaultServer    = "grpc"
@@ -300,6 +325,7 @@ func newCmd(opts ...Option) Cmd {
 		Runtime:   &runtime.DefaultRuntime,
 		Store:     &store.DefaultStore,
 		Tracer:    &trace.DefaultTracer,
+		Auth:      &auth.DefaultAuth,
 
 		Brokers:    DefaultBrokers,
 		Clients:    DefaultClients,
@@ -310,6 +336,7 @@ func newCmd(opts ...Option) Cmd {
 		Runtimes:   DefaultRuntimes,
 		Stores:     DefaultStores,
 		Tracers:    DefaultTracers,
+		Auths:      DefaultAuths,
 	}
 
 	for _, o := range opts {
@@ -382,6 +409,16 @@ func (c *cmd) Before(ctx *cli.Context) error {
 		*c.opts.Tracer = r()
 	}
 
+	// Set the auth
+	if name := ctx.String("auth"); len(name) > 0 {
+		r, ok := c.opts.Auths[name]
+		if !ok {
+			return fmt.Errorf("Unsupported auth: %s", name)
+		}
+
+		*c.opts.Auth = r()
+	}
+
 	// Set the client
 	if name := ctx.String("client"); len(name) > 0 {
 		// only change if we have the client and type differs
@@ -531,6 +568,18 @@ func (c *cmd) Before(ctx *cli.Context) error {
 		serverOpts = append(serverOpts, server.RegisterInterval(val*time.Second))
 	}
 
+	if len(ctx.String("auth_public_key")) > 0 {
+		if err := (*c.opts.Auth).Init(auth.PublicKey(ctx.String("auth_public_key"))); err != nil {
+			log.Fatalf("Error configuring auth: %v", err)
+		}
+	}
+
+	if len(ctx.String("auth_private_key")) > 0 {
+		if err := (*c.opts.Auth).Init(auth.PrivateKey(ctx.String("auth_private_key"))); err != nil {
+			log.Fatalf("Error configuring auth: %v", err)
+		}
+	}
+
 	// client opts
 	if r := ctx.Int("client_retries"); r >= 0 {
 		clientOpts = append(clientOpts, client.Retries(r))