Auth load rules (#1397)
* WithRoles variadic args * Load Rules * Timer => Ticker Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
parent
86272a3064
commit
fd664f4392
@ -20,6 +20,61 @@ var _ = math.Inf
|
|||||||
// proto package needs to be updated.
|
// proto package needs to be updated.
|
||||||
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
|
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
|
||||||
|
|
||||||
|
type Rule struct {
|
||||||
|
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
|
||||||
|
Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
|
||||||
|
Resource *Resource `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"`
|
||||||
|
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||||
|
XXX_unrecognized []byte `json:"-"`
|
||||||
|
XXX_sizecache int32 `json:"-"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Rule) Reset() { *m = Rule{} }
|
||||||
|
func (m *Rule) String() string { return proto.CompactTextString(m) }
|
||||||
|
func (*Rule) ProtoMessage() {}
|
||||||
|
func (*Rule) Descriptor() ([]byte, []int) {
|
||||||
|
return fileDescriptor_21300bfacc51fc2a, []int{0}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Rule) XXX_Unmarshal(b []byte) error {
|
||||||
|
return xxx_messageInfo_Rule.Unmarshal(m, b)
|
||||||
|
}
|
||||||
|
func (m *Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||||
|
return xxx_messageInfo_Rule.Marshal(b, m, deterministic)
|
||||||
|
}
|
||||||
|
func (m *Rule) XXX_Merge(src proto.Message) {
|
||||||
|
xxx_messageInfo_Rule.Merge(m, src)
|
||||||
|
}
|
||||||
|
func (m *Rule) XXX_Size() int {
|
||||||
|
return xxx_messageInfo_Rule.Size(m)
|
||||||
|
}
|
||||||
|
func (m *Rule) XXX_DiscardUnknown() {
|
||||||
|
xxx_messageInfo_Rule.DiscardUnknown(m)
|
||||||
|
}
|
||||||
|
|
||||||
|
var xxx_messageInfo_Rule proto.InternalMessageInfo
|
||||||
|
|
||||||
|
func (m *Rule) GetId() string {
|
||||||
|
if m != nil {
|
||||||
|
return m.Id
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Rule) GetRole() string {
|
||||||
|
if m != nil {
|
||||||
|
return m.Role
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Rule) GetResource() *Resource {
|
||||||
|
if m != nil {
|
||||||
|
return m.Resource
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
type Token struct {
|
type Token struct {
|
||||||
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
|
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
|
||||||
Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
|
Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
|
||||||
@ -37,7 +92,7 @@ func (m *Token) Reset() { *m = Token{} }
|
|||||||
func (m *Token) String() string { return proto.CompactTextString(m) }
|
func (m *Token) String() string { return proto.CompactTextString(m) }
|
||||||
func (*Token) ProtoMessage() {}
|
func (*Token) ProtoMessage() {}
|
||||||
func (*Token) Descriptor() ([]byte, []int) {
|
func (*Token) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{0}
|
return fileDescriptor_21300bfacc51fc2a, []int{1}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Token) XXX_Unmarshal(b []byte) error {
|
func (m *Token) XXX_Unmarshal(b []byte) error {
|
||||||
@ -121,7 +176,7 @@ func (m *Account) Reset() { *m = Account{} }
|
|||||||
func (m *Account) String() string { return proto.CompactTextString(m) }
|
func (m *Account) String() string { return proto.CompactTextString(m) }
|
||||||
func (*Account) ProtoMessage() {}
|
func (*Account) ProtoMessage() {}
|
||||||
func (*Account) Descriptor() ([]byte, []int) {
|
func (*Account) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{1}
|
return fileDescriptor_21300bfacc51fc2a, []int{2}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Account) XXX_Unmarshal(b []byte) error {
|
func (m *Account) XXX_Unmarshal(b []byte) error {
|
||||||
@ -183,7 +238,7 @@ func (m *Resource) Reset() { *m = Resource{} }
|
|||||||
func (m *Resource) String() string { return proto.CompactTextString(m) }
|
func (m *Resource) String() string { return proto.CompactTextString(m) }
|
||||||
func (*Resource) ProtoMessage() {}
|
func (*Resource) ProtoMessage() {}
|
||||||
func (*Resource) Descriptor() ([]byte, []int) {
|
func (*Resource) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{2}
|
return fileDescriptor_21300bfacc51fc2a, []int{3}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Resource) XXX_Unmarshal(b []byte) error {
|
func (m *Resource) XXX_Unmarshal(b []byte) error {
|
||||||
@ -239,7 +294,7 @@ func (m *GenerateRequest) Reset() { *m = GenerateRequest{} }
|
|||||||
func (m *GenerateRequest) String() string { return proto.CompactTextString(m) }
|
func (m *GenerateRequest) String() string { return proto.CompactTextString(m) }
|
||||||
func (*GenerateRequest) ProtoMessage() {}
|
func (*GenerateRequest) ProtoMessage() {}
|
||||||
func (*GenerateRequest) Descriptor() ([]byte, []int) {
|
func (*GenerateRequest) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{3}
|
return fileDescriptor_21300bfacc51fc2a, []int{4}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *GenerateRequest) XXX_Unmarshal(b []byte) error {
|
func (m *GenerateRequest) XXX_Unmarshal(b []byte) error {
|
||||||
@ -299,7 +354,7 @@ func (m *GenerateResponse) Reset() { *m = GenerateResponse{} }
|
|||||||
func (m *GenerateResponse) String() string { return proto.CompactTextString(m) }
|
func (m *GenerateResponse) String() string { return proto.CompactTextString(m) }
|
||||||
func (*GenerateResponse) ProtoMessage() {}
|
func (*GenerateResponse) ProtoMessage() {}
|
||||||
func (*GenerateResponse) Descriptor() ([]byte, []int) {
|
func (*GenerateResponse) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{4}
|
return fileDescriptor_21300bfacc51fc2a, []int{5}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *GenerateResponse) XXX_Unmarshal(b []byte) error {
|
func (m *GenerateResponse) XXX_Unmarshal(b []byte) error {
|
||||||
@ -339,7 +394,7 @@ func (m *GrantRequest) Reset() { *m = GrantRequest{} }
|
|||||||
func (m *GrantRequest) String() string { return proto.CompactTextString(m) }
|
func (m *GrantRequest) String() string { return proto.CompactTextString(m) }
|
||||||
func (*GrantRequest) ProtoMessage() {}
|
func (*GrantRequest) ProtoMessage() {}
|
||||||
func (*GrantRequest) Descriptor() ([]byte, []int) {
|
func (*GrantRequest) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{5}
|
return fileDescriptor_21300bfacc51fc2a, []int{6}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *GrantRequest) XXX_Unmarshal(b []byte) error {
|
func (m *GrantRequest) XXX_Unmarshal(b []byte) error {
|
||||||
@ -384,7 +439,7 @@ func (m *GrantResponse) Reset() { *m = GrantResponse{} }
|
|||||||
func (m *GrantResponse) String() string { return proto.CompactTextString(m) }
|
func (m *GrantResponse) String() string { return proto.CompactTextString(m) }
|
||||||
func (*GrantResponse) ProtoMessage() {}
|
func (*GrantResponse) ProtoMessage() {}
|
||||||
func (*GrantResponse) Descriptor() ([]byte, []int) {
|
func (*GrantResponse) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{6}
|
return fileDescriptor_21300bfacc51fc2a, []int{7}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *GrantResponse) XXX_Unmarshal(b []byte) error {
|
func (m *GrantResponse) XXX_Unmarshal(b []byte) error {
|
||||||
@ -405,84 +460,6 @@ func (m *GrantResponse) XXX_DiscardUnknown() {
|
|||||||
|
|
||||||
var xxx_messageInfo_GrantResponse proto.InternalMessageInfo
|
var xxx_messageInfo_GrantResponse proto.InternalMessageInfo
|
||||||
|
|
||||||
type VerifyRequest struct {
|
|
||||||
Account *Account `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
|
|
||||||
Resource *Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
|
|
||||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
|
||||||
XXX_unrecognized []byte `json:"-"`
|
|
||||||
XXX_sizecache int32 `json:"-"`
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *VerifyRequest) Reset() { *m = VerifyRequest{} }
|
|
||||||
func (m *VerifyRequest) String() string { return proto.CompactTextString(m) }
|
|
||||||
func (*VerifyRequest) ProtoMessage() {}
|
|
||||||
func (*VerifyRequest) Descriptor() ([]byte, []int) {
|
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{7}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *VerifyRequest) XXX_Unmarshal(b []byte) error {
|
|
||||||
return xxx_messageInfo_VerifyRequest.Unmarshal(m, b)
|
|
||||||
}
|
|
||||||
func (m *VerifyRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
|
||||||
return xxx_messageInfo_VerifyRequest.Marshal(b, m, deterministic)
|
|
||||||
}
|
|
||||||
func (m *VerifyRequest) XXX_Merge(src proto.Message) {
|
|
||||||
xxx_messageInfo_VerifyRequest.Merge(m, src)
|
|
||||||
}
|
|
||||||
func (m *VerifyRequest) XXX_Size() int {
|
|
||||||
return xxx_messageInfo_VerifyRequest.Size(m)
|
|
||||||
}
|
|
||||||
func (m *VerifyRequest) XXX_DiscardUnknown() {
|
|
||||||
xxx_messageInfo_VerifyRequest.DiscardUnknown(m)
|
|
||||||
}
|
|
||||||
|
|
||||||
var xxx_messageInfo_VerifyRequest proto.InternalMessageInfo
|
|
||||||
|
|
||||||
func (m *VerifyRequest) GetAccount() *Account {
|
|
||||||
if m != nil {
|
|
||||||
return m.Account
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *VerifyRequest) GetResource() *Resource {
|
|
||||||
if m != nil {
|
|
||||||
return m.Resource
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
type VerifyResponse struct {
|
|
||||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
|
||||||
XXX_unrecognized []byte `json:"-"`
|
|
||||||
XXX_sizecache int32 `json:"-"`
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *VerifyResponse) Reset() { *m = VerifyResponse{} }
|
|
||||||
func (m *VerifyResponse) String() string { return proto.CompactTextString(m) }
|
|
||||||
func (*VerifyResponse) ProtoMessage() {}
|
|
||||||
func (*VerifyResponse) Descriptor() ([]byte, []int) {
|
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{8}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *VerifyResponse) XXX_Unmarshal(b []byte) error {
|
|
||||||
return xxx_messageInfo_VerifyResponse.Unmarshal(m, b)
|
|
||||||
}
|
|
||||||
func (m *VerifyResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
|
||||||
return xxx_messageInfo_VerifyResponse.Marshal(b, m, deterministic)
|
|
||||||
}
|
|
||||||
func (m *VerifyResponse) XXX_Merge(src proto.Message) {
|
|
||||||
xxx_messageInfo_VerifyResponse.Merge(m, src)
|
|
||||||
}
|
|
||||||
func (m *VerifyResponse) XXX_Size() int {
|
|
||||||
return xxx_messageInfo_VerifyResponse.Size(m)
|
|
||||||
}
|
|
||||||
func (m *VerifyResponse) XXX_DiscardUnknown() {
|
|
||||||
xxx_messageInfo_VerifyResponse.DiscardUnknown(m)
|
|
||||||
}
|
|
||||||
|
|
||||||
var xxx_messageInfo_VerifyResponse proto.InternalMessageInfo
|
|
||||||
|
|
||||||
type RevokeRequest struct {
|
type RevokeRequest struct {
|
||||||
Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
|
Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
|
||||||
Resource *Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
|
Resource *Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
|
||||||
@ -495,7 +472,7 @@ func (m *RevokeRequest) Reset() { *m = RevokeRequest{} }
|
|||||||
func (m *RevokeRequest) String() string { return proto.CompactTextString(m) }
|
func (m *RevokeRequest) String() string { return proto.CompactTextString(m) }
|
||||||
func (*RevokeRequest) ProtoMessage() {}
|
func (*RevokeRequest) ProtoMessage() {}
|
||||||
func (*RevokeRequest) Descriptor() ([]byte, []int) {
|
func (*RevokeRequest) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{9}
|
return fileDescriptor_21300bfacc51fc2a, []int{8}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *RevokeRequest) XXX_Unmarshal(b []byte) error {
|
func (m *RevokeRequest) XXX_Unmarshal(b []byte) error {
|
||||||
@ -540,7 +517,7 @@ func (m *RevokeResponse) Reset() { *m = RevokeResponse{} }
|
|||||||
func (m *RevokeResponse) String() string { return proto.CompactTextString(m) }
|
func (m *RevokeResponse) String() string { return proto.CompactTextString(m) }
|
||||||
func (*RevokeResponse) ProtoMessage() {}
|
func (*RevokeResponse) ProtoMessage() {}
|
||||||
func (*RevokeResponse) Descriptor() ([]byte, []int) {
|
func (*RevokeResponse) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{10}
|
return fileDescriptor_21300bfacc51fc2a, []int{9}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *RevokeResponse) XXX_Unmarshal(b []byte) error {
|
func (m *RevokeResponse) XXX_Unmarshal(b []byte) error {
|
||||||
@ -572,7 +549,7 @@ func (m *InspectRequest) Reset() { *m = InspectRequest{} }
|
|||||||
func (m *InspectRequest) String() string { return proto.CompactTextString(m) }
|
func (m *InspectRequest) String() string { return proto.CompactTextString(m) }
|
||||||
func (*InspectRequest) ProtoMessage() {}
|
func (*InspectRequest) ProtoMessage() {}
|
||||||
func (*InspectRequest) Descriptor() ([]byte, []int) {
|
func (*InspectRequest) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{11}
|
return fileDescriptor_21300bfacc51fc2a, []int{10}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *InspectRequest) XXX_Unmarshal(b []byte) error {
|
func (m *InspectRequest) XXX_Unmarshal(b []byte) error {
|
||||||
@ -611,7 +588,7 @@ func (m *InspectResponse) Reset() { *m = InspectResponse{} }
|
|||||||
func (m *InspectResponse) String() string { return proto.CompactTextString(m) }
|
func (m *InspectResponse) String() string { return proto.CompactTextString(m) }
|
||||||
func (*InspectResponse) ProtoMessage() {}
|
func (*InspectResponse) ProtoMessage() {}
|
||||||
func (*InspectResponse) Descriptor() ([]byte, []int) {
|
func (*InspectResponse) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{12}
|
return fileDescriptor_21300bfacc51fc2a, []int{11}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *InspectResponse) XXX_Unmarshal(b []byte) error {
|
func (m *InspectResponse) XXX_Unmarshal(b []byte) error {
|
||||||
@ -651,7 +628,7 @@ func (m *RefreshRequest) Reset() { *m = RefreshRequest{} }
|
|||||||
func (m *RefreshRequest) String() string { return proto.CompactTextString(m) }
|
func (m *RefreshRequest) String() string { return proto.CompactTextString(m) }
|
||||||
func (*RefreshRequest) ProtoMessage() {}
|
func (*RefreshRequest) ProtoMessage() {}
|
||||||
func (*RefreshRequest) Descriptor() ([]byte, []int) {
|
func (*RefreshRequest) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{13}
|
return fileDescriptor_21300bfacc51fc2a, []int{12}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *RefreshRequest) XXX_Unmarshal(b []byte) error {
|
func (m *RefreshRequest) XXX_Unmarshal(b []byte) error {
|
||||||
@ -697,7 +674,7 @@ func (m *RefreshResponse) Reset() { *m = RefreshResponse{} }
|
|||||||
func (m *RefreshResponse) String() string { return proto.CompactTextString(m) }
|
func (m *RefreshResponse) String() string { return proto.CompactTextString(m) }
|
||||||
func (*RefreshResponse) ProtoMessage() {}
|
func (*RefreshResponse) ProtoMessage() {}
|
||||||
func (*RefreshResponse) Descriptor() ([]byte, []int) {
|
func (*RefreshResponse) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptor_21300bfacc51fc2a, []int{14}
|
return fileDescriptor_21300bfacc51fc2a, []int{13}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *RefreshResponse) XXX_Unmarshal(b []byte) error {
|
func (m *RefreshResponse) XXX_Unmarshal(b []byte) error {
|
||||||
@ -725,7 +702,78 @@ func (m *RefreshResponse) GetToken() *Token {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type ListRulesRequest struct {
|
||||||
|
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||||
|
XXX_unrecognized []byte `json:"-"`
|
||||||
|
XXX_sizecache int32 `json:"-"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *ListRulesRequest) Reset() { *m = ListRulesRequest{} }
|
||||||
|
func (m *ListRulesRequest) String() string { return proto.CompactTextString(m) }
|
||||||
|
func (*ListRulesRequest) ProtoMessage() {}
|
||||||
|
func (*ListRulesRequest) Descriptor() ([]byte, []int) {
|
||||||
|
return fileDescriptor_21300bfacc51fc2a, []int{14}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *ListRulesRequest) XXX_Unmarshal(b []byte) error {
|
||||||
|
return xxx_messageInfo_ListRulesRequest.Unmarshal(m, b)
|
||||||
|
}
|
||||||
|
func (m *ListRulesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||||
|
return xxx_messageInfo_ListRulesRequest.Marshal(b, m, deterministic)
|
||||||
|
}
|
||||||
|
func (m *ListRulesRequest) XXX_Merge(src proto.Message) {
|
||||||
|
xxx_messageInfo_ListRulesRequest.Merge(m, src)
|
||||||
|
}
|
||||||
|
func (m *ListRulesRequest) XXX_Size() int {
|
||||||
|
return xxx_messageInfo_ListRulesRequest.Size(m)
|
||||||
|
}
|
||||||
|
func (m *ListRulesRequest) XXX_DiscardUnknown() {
|
||||||
|
xxx_messageInfo_ListRulesRequest.DiscardUnknown(m)
|
||||||
|
}
|
||||||
|
|
||||||
|
var xxx_messageInfo_ListRulesRequest proto.InternalMessageInfo
|
||||||
|
|
||||||
|
type ListRulesResponse struct {
|
||||||
|
Rules []*Rule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
|
||||||
|
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||||
|
XXX_unrecognized []byte `json:"-"`
|
||||||
|
XXX_sizecache int32 `json:"-"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *ListRulesResponse) Reset() { *m = ListRulesResponse{} }
|
||||||
|
func (m *ListRulesResponse) String() string { return proto.CompactTextString(m) }
|
||||||
|
func (*ListRulesResponse) ProtoMessage() {}
|
||||||
|
func (*ListRulesResponse) Descriptor() ([]byte, []int) {
|
||||||
|
return fileDescriptor_21300bfacc51fc2a, []int{15}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *ListRulesResponse) XXX_Unmarshal(b []byte) error {
|
||||||
|
return xxx_messageInfo_ListRulesResponse.Unmarshal(m, b)
|
||||||
|
}
|
||||||
|
func (m *ListRulesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||||
|
return xxx_messageInfo_ListRulesResponse.Marshal(b, m, deterministic)
|
||||||
|
}
|
||||||
|
func (m *ListRulesResponse) XXX_Merge(src proto.Message) {
|
||||||
|
xxx_messageInfo_ListRulesResponse.Merge(m, src)
|
||||||
|
}
|
||||||
|
func (m *ListRulesResponse) XXX_Size() int {
|
||||||
|
return xxx_messageInfo_ListRulesResponse.Size(m)
|
||||||
|
}
|
||||||
|
func (m *ListRulesResponse) XXX_DiscardUnknown() {
|
||||||
|
xxx_messageInfo_ListRulesResponse.DiscardUnknown(m)
|
||||||
|
}
|
||||||
|
|
||||||
|
var xxx_messageInfo_ListRulesResponse proto.InternalMessageInfo
|
||||||
|
|
||||||
|
func (m *ListRulesResponse) GetRules() []*Rule {
|
||||||
|
if m != nil {
|
||||||
|
return m.Rules
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
proto.RegisterType((*Rule)(nil), "go.micro.auth.Rule")
|
||||||
proto.RegisterType((*Token)(nil), "go.micro.auth.Token")
|
proto.RegisterType((*Token)(nil), "go.micro.auth.Token")
|
||||||
proto.RegisterMapType((map[string]string)(nil), "go.micro.auth.Token.MetadataEntry")
|
proto.RegisterMapType((map[string]string)(nil), "go.micro.auth.Token.MetadataEntry")
|
||||||
proto.RegisterType((*Account)(nil), "go.micro.auth.Account")
|
proto.RegisterType((*Account)(nil), "go.micro.auth.Account")
|
||||||
@ -736,60 +784,62 @@ func init() {
|
|||||||
proto.RegisterType((*GenerateResponse)(nil), "go.micro.auth.GenerateResponse")
|
proto.RegisterType((*GenerateResponse)(nil), "go.micro.auth.GenerateResponse")
|
||||||
proto.RegisterType((*GrantRequest)(nil), "go.micro.auth.GrantRequest")
|
proto.RegisterType((*GrantRequest)(nil), "go.micro.auth.GrantRequest")
|
||||||
proto.RegisterType((*GrantResponse)(nil), "go.micro.auth.GrantResponse")
|
proto.RegisterType((*GrantResponse)(nil), "go.micro.auth.GrantResponse")
|
||||||
proto.RegisterType((*VerifyRequest)(nil), "go.micro.auth.VerifyRequest")
|
|
||||||
proto.RegisterType((*VerifyResponse)(nil), "go.micro.auth.VerifyResponse")
|
|
||||||
proto.RegisterType((*RevokeRequest)(nil), "go.micro.auth.RevokeRequest")
|
proto.RegisterType((*RevokeRequest)(nil), "go.micro.auth.RevokeRequest")
|
||||||
proto.RegisterType((*RevokeResponse)(nil), "go.micro.auth.RevokeResponse")
|
proto.RegisterType((*RevokeResponse)(nil), "go.micro.auth.RevokeResponse")
|
||||||
proto.RegisterType((*InspectRequest)(nil), "go.micro.auth.InspectRequest")
|
proto.RegisterType((*InspectRequest)(nil), "go.micro.auth.InspectRequest")
|
||||||
proto.RegisterType((*InspectResponse)(nil), "go.micro.auth.InspectResponse")
|
proto.RegisterType((*InspectResponse)(nil), "go.micro.auth.InspectResponse")
|
||||||
proto.RegisterType((*RefreshRequest)(nil), "go.micro.auth.RefreshRequest")
|
proto.RegisterType((*RefreshRequest)(nil), "go.micro.auth.RefreshRequest")
|
||||||
proto.RegisterType((*RefreshResponse)(nil), "go.micro.auth.RefreshResponse")
|
proto.RegisterType((*RefreshResponse)(nil), "go.micro.auth.RefreshResponse")
|
||||||
|
proto.RegisterType((*ListRulesRequest)(nil), "go.micro.auth.ListRulesRequest")
|
||||||
|
proto.RegisterType((*ListRulesResponse)(nil), "go.micro.auth.ListRulesResponse")
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
|
func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
|
||||||
|
|
||||||
var fileDescriptor_21300bfacc51fc2a = []byte{
|
var fileDescriptor_21300bfacc51fc2a = []byte{
|
||||||
// 663 bytes of a gzipped FileDescriptorProto
|
// 696 bytes of a gzipped FileDescriptorProto
|
||||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xdd, 0x6e, 0xd3, 0x4c,
|
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xdb, 0x6e, 0xd3, 0x40,
|
||||||
0x10, 0xad, 0xed, 0xfc, 0x75, 0x52, 0x27, 0xd1, 0xaa, 0xea, 0x67, 0xf9, 0xa3, 0x25, 0x18, 0x84,
|
0x10, 0xad, 0xed, 0xdc, 0x3a, 0x69, 0x9a, 0xb0, 0x54, 0xc5, 0x32, 0x6d, 0x09, 0x06, 0xa1, 0x82,
|
||||||
0x2a, 0x54, 0xb9, 0x28, 0xbd, 0x41, 0x20, 0x10, 0x15, 0xad, 0xca, 0x8f, 0xca, 0x85, 0x85, 0x80,
|
0xaa, 0x14, 0xa5, 0x2f, 0x08, 0x44, 0x45, 0x45, 0xab, 0x72, 0x2b, 0x42, 0x16, 0x12, 0xbc, 0x55,
|
||||||
0x3b, 0xe4, 0x3a, 0x53, 0x6a, 0xd2, 0xd8, 0x66, 0xbd, 0x8e, 0xc8, 0x5b, 0xf0, 0x52, 0xbc, 0x05,
|
0xae, 0x33, 0x50, 0xd3, 0xd4, 0x36, 0xeb, 0x75, 0x45, 0xfe, 0x82, 0x2f, 0xe3, 0x0b, 0x78, 0xe3,
|
||||||
0x77, 0xbc, 0x08, 0xda, 0xf5, 0xae, 0x6b, 0x3b, 0x09, 0x12, 0x05, 0xee, 0x76, 0x76, 0x66, 0xcf,
|
0x47, 0xd0, 0xae, 0x77, 0xb7, 0x8e, 0x13, 0x23, 0xc4, 0xe5, 0x6d, 0x77, 0x76, 0x7c, 0xce, 0xcc,
|
||||||
0x99, 0x39, 0x73, 0xe2, 0xc0, 0xb6, 0x9f, 0xb1, 0x8b, 0xfd, 0x14, 0xe9, 0x2c, 0x0c, 0x70, 0x3f,
|
0x99, 0x33, 0x09, 0xac, 0xfb, 0x19, 0x3b, 0xdd, 0x4e, 0x91, 0x5e, 0x84, 0x01, 0x6e, 0x27, 0x34,
|
||||||
0xa1, 0x31, 0x8b, 0xf7, 0xf9, 0x95, 0x2b, 0x8e, 0xc4, 0xfc, 0x18, 0xbb, 0xd3, 0x30, 0xa0, 0xb1,
|
0x66, 0xf1, 0x36, 0x0f, 0x0d, 0xc4, 0x91, 0x74, 0x3e, 0xc6, 0x83, 0xf3, 0x30, 0xa0, 0xf1, 0x80,
|
||||||
0xcb, 0x2f, 0x9d, 0xaf, 0x3a, 0x34, 0xdf, 0xc4, 0x13, 0x8c, 0xc8, 0x26, 0x34, 0x19, 0x3f, 0x58,
|
0x07, 0xdd, 0x63, 0xa8, 0x79, 0xd9, 0x18, 0xc9, 0x32, 0x98, 0xe1, 0xc8, 0x36, 0xfa, 0xc6, 0xe6,
|
||||||
0xda, 0x50, 0xdb, 0x5d, 0xf7, 0xf2, 0x80, 0x10, 0x68, 0xb0, 0x79, 0x82, 0x96, 0x2e, 0x2e, 0xc5,
|
0xa2, 0x67, 0x86, 0x23, 0x42, 0xa0, 0x46, 0xe3, 0x31, 0xda, 0xa6, 0x88, 0x88, 0x33, 0xd9, 0x81,
|
||||||
0x99, 0x58, 0xd0, 0x0e, 0x28, 0xfa, 0x0c, 0xc7, 0x96, 0x31, 0xd4, 0x76, 0x0d, 0x4f, 0x85, 0x64,
|
0x16, 0xc5, 0x34, 0xce, 0x68, 0x80, 0xb6, 0xd5, 0x37, 0x36, 0xdb, 0xc3, 0x6b, 0x83, 0x29, 0xb4,
|
||||||
0x0b, 0x5a, 0xf8, 0x25, 0x09, 0xe9, 0xdc, 0x6a, 0x88, 0x84, 0x8c, 0xf8, 0x8b, 0x34, 0x3b, 0xfb,
|
0x81, 0x27, 0x9f, 0x3d, 0x9d, 0xe8, 0x7e, 0x35, 0xa1, 0xfe, 0x36, 0x3e, 0xc3, 0x88, 0xac, 0x40,
|
||||||
0x84, 0x01, 0xb3, 0x9a, 0x02, 0x48, 0x85, 0x9c, 0x95, 0xc6, 0x97, 0x98, 0x5a, 0xad, 0xa1, 0xc1,
|
0x9d, 0xf1, 0x83, 0x64, 0xc9, 0x2f, 0x9c, 0x88, 0x4d, 0x12, 0x4d, 0xc4, 0xcf, 0xc4, 0x86, 0x66,
|
||||||
0x59, 0x45, 0x40, 0x9e, 0x40, 0x67, 0x8a, 0xcc, 0x1f, 0xfb, 0xcc, 0xb7, 0xda, 0x43, 0x63, 0xb7,
|
0x40, 0xd1, 0x67, 0x38, 0x12, 0x3c, 0x96, 0xa7, 0xae, 0x64, 0x15, 0x1a, 0xf8, 0x25, 0x09, 0xe9,
|
||||||
0x3b, 0x72, 0xdc, 0x4a, 0xdf, 0xae, 0xe8, 0xd9, 0x3d, 0x95, 0x45, 0xc7, 0x11, 0xa3, 0x73, 0xaf,
|
0xc4, 0xae, 0x89, 0x07, 0x79, 0xe3, 0x5f, 0xa4, 0xd9, 0xc9, 0x27, 0x0c, 0x98, 0x5d, 0x17, 0x40,
|
||||||
0x78, 0x63, 0x3f, 0x02, 0xb3, 0x92, 0x22, 0x03, 0x30, 0x26, 0x38, 0x97, 0xa3, 0xf1, 0x23, 0x27,
|
0xea, 0xca, 0x59, 0x79, 0xf1, 0xa9, 0xdd, 0xe8, 0x5b, 0x9c, 0x55, 0x5c, 0xc8, 0x2e, 0xb4, 0xce,
|
||||||
0x9e, 0xf9, 0x97, 0x99, 0x9a, 0x2c, 0x0f, 0x1e, 0xea, 0x0f, 0x34, 0xe7, 0xbb, 0x06, 0xed, 0xc3,
|
0x91, 0xf9, 0x23, 0x9f, 0xf9, 0x76, 0xb3, 0x6f, 0x6d, 0xb6, 0x87, 0x6e, 0xa9, 0x15, 0x51, 0xf3,
|
||||||
0x20, 0x88, 0xb3, 0x88, 0x91, 0x1e, 0xe8, 0xe1, 0x58, 0x3e, 0xd3, 0xc3, 0x31, 0xd9, 0x83, 0x56,
|
0xe0, 0x48, 0x26, 0x1d, 0x44, 0x8c, 0x4e, 0x3c, 0xfd, 0x8d, 0xf3, 0x08, 0x3a, 0x53, 0x4f, 0xa4,
|
||||||
0x8a, 0x01, 0x45, 0x26, 0x9e, 0x75, 0x47, 0x9b, 0xcb, 0xda, 0xf2, 0x64, 0xcd, 0xd5, 0x70, 0x46,
|
0x07, 0xd6, 0x19, 0x4e, 0x64, 0x6b, 0xfc, 0xc8, 0x89, 0x2f, 0xfc, 0x71, 0xa6, 0x3a, 0xcb, 0x2f,
|
||||||
0x79, 0xb8, 0xa7, 0xa5, 0xe1, 0x1a, 0x62, 0xb8, 0x3b, 0x35, 0x14, 0xc9, 0xfe, 0x6f, 0xc6, 0x7b,
|
0x0f, 0xcd, 0x07, 0x86, 0xfb, 0xdd, 0x80, 0xe6, 0x5e, 0x10, 0xc4, 0x59, 0xc4, 0x66, 0x74, 0xdf,
|
||||||
0x0d, 0x1d, 0x0f, 0xd3, 0x38, 0xa3, 0x01, 0xf2, 0xed, 0x46, 0xfe, 0x14, 0xe5, 0x43, 0x71, 0x5e,
|
0x82, 0x46, 0x8a, 0x01, 0x45, 0x26, 0x3e, 0x6b, 0x0f, 0x57, 0xe6, 0x95, 0xe5, 0xc9, 0x9c, 0xcb,
|
||||||
0xba, 0x71, 0x1b, 0x3a, 0x18, 0x8d, 0x93, 0x38, 0x8c, 0x98, 0x58, 0xf9, 0xba, 0x57, 0xc4, 0xce,
|
0xe6, 0xac, 0x62, 0x73, 0x4f, 0x0a, 0xcd, 0xd5, 0x44, 0x73, 0xb7, 0x4b, 0x28, 0x92, 0xfd, 0xff,
|
||||||
0x0f, 0x0d, 0xfa, 0x27, 0x18, 0x21, 0xf5, 0x19, 0x7a, 0xf8, 0x39, 0xc3, 0x74, 0x51, 0xb6, 0x42,
|
0xb4, 0xf7, 0x1a, 0x5a, 0xca, 0x07, 0x7c, 0xba, 0x91, 0x7f, 0x8e, 0xf2, 0x43, 0x71, 0x9e, 0x3b,
|
||||||
0x08, 0xbd, 0x2c, 0xc4, 0xf3, 0x92, 0x10, 0x86, 0x10, 0x62, 0xaf, 0x26, 0x44, 0x0d, 0x77, 0x95,
|
0x71, 0x07, 0x5a, 0x18, 0x8d, 0x92, 0x38, 0x8c, 0x98, 0x18, 0xf9, 0xa2, 0xa7, 0xef, 0xee, 0x0f,
|
||||||
0x20, 0xe4, 0x36, 0x98, 0xb9, 0xe4, 0x1f, 0x2a, 0xf6, 0xdb, 0xc8, 0x2f, 0x8f, 0xc5, 0xdd, 0x9f,
|
0x03, 0xba, 0x87, 0x18, 0x21, 0xf5, 0x19, 0x7a, 0xf8, 0x39, 0xc3, 0x74, 0x56, 0x36, 0x2d, 0x84,
|
||||||
0xa9, 0x76, 0x04, 0x83, 0xab, 0x66, 0xd2, 0x24, 0x8e, 0x52, 0x24, 0xf7, 0xa1, 0xed, 0xe7, 0x9b,
|
0x59, 0x14, 0xe2, 0x59, 0x41, 0x08, 0x4b, 0x08, 0xb1, 0x55, 0x12, 0xa2, 0x84, 0x5b, 0x25, 0x08,
|
||||||
0x12, 0x18, 0xdd, 0xd1, 0xd6, 0xf2, 0x3d, 0x7a, 0xaa, 0xcc, 0x79, 0x07, 0x1b, 0x27, 0xd4, 0x8f,
|
0xb9, 0x05, 0x9d, 0x5c, 0xf2, 0xe3, 0x29, 0xfb, 0x2d, 0xe5, 0xc1, 0x03, 0x11, 0xfb, 0x3b, 0xd5,
|
||||||
0x98, 0xd2, 0x89, 0x40, 0x83, 0x4b, 0xa1, 0xf4, 0xe7, 0x67, 0x72, 0x00, 0x1d, 0x2a, 0xf7, 0x23,
|
0xf6, 0xa1, 0x77, 0x59, 0x4c, 0x9a, 0xc4, 0x51, 0x8a, 0xe4, 0x3e, 0x34, 0xfd, 0x7c, 0x52, 0x02,
|
||||||
0x4d, 0xf6, 0x5f, 0x0d, 0x56, 0xad, 0xcf, 0x2b, 0x0a, 0x9d, 0x3e, 0x98, 0x12, 0x38, 0xef, 0xcd,
|
0xa3, 0x3d, 0x5c, 0x9d, 0x3f, 0x47, 0x4f, 0xa5, 0xb9, 0xef, 0x60, 0xe9, 0x90, 0xfa, 0x11, 0x53,
|
||||||
0x99, 0x81, 0xf9, 0x16, 0x69, 0x78, 0x3e, 0x57, 0x54, 0xbf, 0xdd, 0xec, 0xf5, 0x1a, 0x19, 0x40,
|
0x3a, 0xa9, 0x35, 0x36, 0x2a, 0xd6, 0xd8, 0xfc, 0xdd, 0x35, 0xee, 0x42, 0x47, 0x02, 0xe7, 0xb5,
|
||||||
0x4f, 0xf1, 0xca, 0x4e, 0xde, 0x83, 0xe9, 0xe1, 0x2c, 0x9e, 0xe0, 0x5f, 0x1f, 0x7a, 0x00, 0x3d,
|
0xb9, 0xef, 0xa1, 0xe3, 0xe1, 0x45, 0x7c, 0x86, 0xff, 0x9c, 0xaa, 0x07, 0xcb, 0x0a, 0x59, 0x72,
|
||||||
0x85, 0x2c, 0xb9, 0xee, 0x42, 0xef, 0x45, 0x94, 0x26, 0x18, 0x14, 0x0a, 0x2f, 0xfd, 0xaa, 0x39,
|
0xdd, 0x81, 0xe5, 0xe7, 0x51, 0x9a, 0x60, 0xa0, 0xfb, 0x9a, 0xfb, 0x5b, 0xe2, 0x3e, 0x85, 0xae,
|
||||||
0xcf, 0xa0, 0x5f, 0xd4, 0x5d, 0x7b, 0x99, 0xaf, 0x38, 0xfd, 0x39, 0xc5, 0xf4, 0x42, 0x91, 0x6d,
|
0xce, 0xfb, 0x63, 0x09, 0x5f, 0x72, 0xfa, 0x0f, 0x14, 0xd3, 0x53, 0x45, 0xb6, 0xaa, 0x77, 0x32,
|
||||||
0x15, 0x5f, 0x87, 0x9c, 0x4d, 0x7d, 0x07, 0x6e, 0xc1, 0x86, 0xe0, 0x55, 0xee, 0xd4, 0x85, 0x3b,
|
0x67, 0x53, 0xdb, 0x77, 0x13, 0x96, 0x04, 0xaf, 0xf2, 0x84, 0x29, 0x3c, 0xd1, 0x16, 0xb1, 0xdc,
|
||||||
0xbb, 0xe2, 0x2e, 0x37, 0xa7, 0xf3, 0x18, 0xfa, 0x05, 0x98, 0xec, 0xe8, 0x5e, 0xb9, 0xf5, 0x55,
|
0x12, 0xee, 0x63, 0xe8, 0x6a, 0x30, 0x59, 0xd1, 0xbd, 0x62, 0xe9, 0x55, 0x0b, 0x2e, 0x1b, 0x22,
|
||||||
0x9f, 0x9a, 0xbc, 0x64, 0xf4, 0xcd, 0x80, 0xc6, 0x61, 0xc6, 0x2e, 0xc8, 0x29, 0x74, 0x94, 0x4f,
|
0xd0, 0x7b, 0x15, 0xa6, 0x8c, 0xff, 0x42, 0xa7, 0xb2, 0x1a, 0x77, 0x17, 0xae, 0x14, 0x62, 0x12,
|
||||||
0xc9, 0xce, 0xaf, 0x7f, 0x4d, 0xf6, 0xcd, 0x95, 0x79, 0x29, 0xe7, 0x1a, 0x39, 0x82, 0xa6, 0xf0,
|
0xf4, 0x2e, 0xd4, 0x29, 0x0f, 0xd8, 0x86, 0xb0, 0xf9, 0xd5, 0xb2, 0xca, 0xd9, 0x18, 0xbd, 0x3c,
|
||||||
0x15, 0xf9, 0xbf, 0x5e, 0x5b, 0xb2, 0xb1, 0x7d, 0x63, 0x79, 0xb2, 0x40, 0x39, 0x81, 0x56, 0x6e,
|
0x63, 0xf8, 0xcd, 0x82, 0xda, 0x5e, 0xc6, 0x4e, 0xc9, 0x11, 0xb4, 0x94, 0xe3, 0xc8, 0xc6, 0xaf,
|
||||||
0x0a, 0x52, 0xaf, 0xac, 0x78, 0xd4, 0xde, 0x5e, 0x91, 0x2d, 0x03, 0xe5, 0x1b, 0x5f, 0x00, 0xaa,
|
0xf7, 0xc2, 0xb9, 0x51, 0xf9, 0x2e, 0x47, 0xb4, 0x40, 0xf6, 0xa1, 0x2e, 0x1c, 0x42, 0xae, 0x97,
|
||||||
0x58, 0x6c, 0x01, 0xa8, 0x66, 0x93, 0x35, 0xf2, 0x12, 0xda, 0xd2, 0x00, 0xa4, 0x5e, 0x5b, 0x35,
|
0x73, 0x0b, 0x86, 0x74, 0xd6, 0xe6, 0x3f, 0x6a, 0x94, 0x43, 0x68, 0xe4, 0xc3, 0x27, 0x6b, 0x33,
|
||||||
0x90, 0xbd, 0xb3, 0x2a, 0x5d, 0xc6, 0x92, 0xab, 0x23, 0x8b, 0xbc, 0x65, 0x7f, 0x2c, 0x60, 0xd5,
|
0x4e, 0x29, 0xb8, 0xcd, 0x59, 0xaf, 0x78, 0xd5, 0x40, 0x2f, 0xa0, 0x29, 0xbd, 0x40, 0xca, 0xb9,
|
||||||
0x36, 0xee, 0xac, 0x9d, 0xb5, 0xc4, 0x9f, 0xf4, 0xc1, 0xcf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xb7,
|
0xd3, 0x5e, 0x72, 0x36, 0xaa, 0x9e, 0x8b, 0x58, 0x72, 0x8a, 0x64, 0x96, 0xb7, 0x68, 0x95, 0x19,
|
||||||
0xf8, 0x55, 0xb6, 0xc5, 0x07, 0x00, 0x00,
|
0xac, 0xd2, 0xf0, 0xdd, 0x05, 0xf2, 0x06, 0x16, 0xf5, 0xf8, 0x48, 0x59, 0xd6, 0xf2, 0xb0, 0x9d,
|
||||||
|
0x7e, 0x75, 0x82, 0x42, 0x3c, 0x69, 0x88, 0x3f, 0xf6, 0x9d, 0x9f, 0x01, 0x00, 0x00, 0xff, 0xff,
|
||||||
|
0x91, 0x77, 0xf2, 0xa6, 0xf9, 0x07, 0x00, 0x00,
|
||||||
}
|
}
|
||||||
|
@ -36,10 +36,10 @@ var _ server.Option
|
|||||||
type AuthService interface {
|
type AuthService interface {
|
||||||
Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
|
Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
|
||||||
Grant(ctx context.Context, in *GrantRequest, opts ...client.CallOption) (*GrantResponse, error)
|
Grant(ctx context.Context, in *GrantRequest, opts ...client.CallOption) (*GrantResponse, error)
|
||||||
Verify(ctx context.Context, in *VerifyRequest, opts ...client.CallOption) (*VerifyResponse, error)
|
|
||||||
Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error)
|
Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error)
|
||||||
Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error)
|
Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error)
|
||||||
Refresh(ctx context.Context, in *RefreshRequest, opts ...client.CallOption) (*RefreshResponse, error)
|
Refresh(ctx context.Context, in *RefreshRequest, opts ...client.CallOption) (*RefreshResponse, error)
|
||||||
|
ListRules(ctx context.Context, in *ListRulesRequest, opts ...client.CallOption) (*ListRulesResponse, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
type authService struct {
|
type authService struct {
|
||||||
@ -74,16 +74,6 @@ func (c *authService) Grant(ctx context.Context, in *GrantRequest, opts ...clien
|
|||||||
return out, nil
|
return out, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *authService) Verify(ctx context.Context, in *VerifyRequest, opts ...client.CallOption) (*VerifyResponse, error) {
|
|
||||||
req := c.c.NewRequest(c.name, "Auth.Verify", in)
|
|
||||||
out := new(VerifyResponse)
|
|
||||||
err := c.c.Call(ctx, req, out, opts...)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return out, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *authService) Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error) {
|
func (c *authService) Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error) {
|
||||||
req := c.c.NewRequest(c.name, "Auth.Revoke", in)
|
req := c.c.NewRequest(c.name, "Auth.Revoke", in)
|
||||||
out := new(RevokeResponse)
|
out := new(RevokeResponse)
|
||||||
@ -114,25 +104,35 @@ func (c *authService) Refresh(ctx context.Context, in *RefreshRequest, opts ...c
|
|||||||
return out, nil
|
return out, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *authService) ListRules(ctx context.Context, in *ListRulesRequest, opts ...client.CallOption) (*ListRulesResponse, error) {
|
||||||
|
req := c.c.NewRequest(c.name, "Auth.ListRules", in)
|
||||||
|
out := new(ListRulesResponse)
|
||||||
|
err := c.c.Call(ctx, req, out, opts...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return out, nil
|
||||||
|
}
|
||||||
|
|
||||||
// Server API for Auth service
|
// Server API for Auth service
|
||||||
|
|
||||||
type AuthHandler interface {
|
type AuthHandler interface {
|
||||||
Generate(context.Context, *GenerateRequest, *GenerateResponse) error
|
Generate(context.Context, *GenerateRequest, *GenerateResponse) error
|
||||||
Grant(context.Context, *GrantRequest, *GrantResponse) error
|
Grant(context.Context, *GrantRequest, *GrantResponse) error
|
||||||
Verify(context.Context, *VerifyRequest, *VerifyResponse) error
|
|
||||||
Revoke(context.Context, *RevokeRequest, *RevokeResponse) error
|
Revoke(context.Context, *RevokeRequest, *RevokeResponse) error
|
||||||
Inspect(context.Context, *InspectRequest, *InspectResponse) error
|
Inspect(context.Context, *InspectRequest, *InspectResponse) error
|
||||||
Refresh(context.Context, *RefreshRequest, *RefreshResponse) error
|
Refresh(context.Context, *RefreshRequest, *RefreshResponse) error
|
||||||
|
ListRules(context.Context, *ListRulesRequest, *ListRulesResponse) error
|
||||||
}
|
}
|
||||||
|
|
||||||
func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error {
|
func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error {
|
||||||
type auth interface {
|
type auth interface {
|
||||||
Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
|
Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
|
||||||
Grant(ctx context.Context, in *GrantRequest, out *GrantResponse) error
|
Grant(ctx context.Context, in *GrantRequest, out *GrantResponse) error
|
||||||
Verify(ctx context.Context, in *VerifyRequest, out *VerifyResponse) error
|
|
||||||
Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error
|
Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error
|
||||||
Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error
|
Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error
|
||||||
Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error
|
Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error
|
||||||
|
ListRules(ctx context.Context, in *ListRulesRequest, out *ListRulesResponse) error
|
||||||
}
|
}
|
||||||
type Auth struct {
|
type Auth struct {
|
||||||
auth
|
auth
|
||||||
@ -153,10 +153,6 @@ func (h *authHandler) Grant(ctx context.Context, in *GrantRequest, out *GrantRes
|
|||||||
return h.AuthHandler.Grant(ctx, in, out)
|
return h.AuthHandler.Grant(ctx, in, out)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *authHandler) Verify(ctx context.Context, in *VerifyRequest, out *VerifyResponse) error {
|
|
||||||
return h.AuthHandler.Verify(ctx, in, out)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (h *authHandler) Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error {
|
func (h *authHandler) Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error {
|
||||||
return h.AuthHandler.Revoke(ctx, in, out)
|
return h.AuthHandler.Revoke(ctx, in, out)
|
||||||
}
|
}
|
||||||
@ -168,3 +164,7 @@ func (h *authHandler) Inspect(ctx context.Context, in *InspectRequest, out *Insp
|
|||||||
func (h *authHandler) Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error {
|
func (h *authHandler) Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error {
|
||||||
return h.AuthHandler.Refresh(ctx, in, out)
|
return h.AuthHandler.Refresh(ctx, in, out)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (h *authHandler) ListRules(ctx context.Context, in *ListRulesRequest, out *ListRulesResponse) error {
|
||||||
|
return h.AuthHandler.ListRules(ctx, in, out)
|
||||||
|
}
|
||||||
|
@ -5,10 +5,16 @@ package go.micro.auth;
|
|||||||
service Auth {
|
service Auth {
|
||||||
rpc Generate(GenerateRequest) returns (GenerateResponse) {};
|
rpc Generate(GenerateRequest) returns (GenerateResponse) {};
|
||||||
rpc Grant(GrantRequest) returns (GrantResponse) {};
|
rpc Grant(GrantRequest) returns (GrantResponse) {};
|
||||||
rpc Verify(VerifyRequest) returns (VerifyResponse) {};
|
|
||||||
rpc Revoke(RevokeRequest) returns (RevokeResponse) {};
|
rpc Revoke(RevokeRequest) returns (RevokeResponse) {};
|
||||||
rpc Inspect(InspectRequest) returns (InspectResponse) {};
|
rpc Inspect(InspectRequest) returns (InspectResponse) {};
|
||||||
rpc Refresh(RefreshRequest) returns (RefreshResponse) {};
|
rpc Refresh(RefreshRequest) returns (RefreshResponse) {};
|
||||||
|
rpc ListRules(ListRulesRequest) returns (ListRulesResponse) {};
|
||||||
|
}
|
||||||
|
|
||||||
|
message Rule {
|
||||||
|
string id = 1;
|
||||||
|
string role = 2;
|
||||||
|
Resource resource = 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
message Token {
|
message Token {
|
||||||
@ -52,13 +58,6 @@ message GrantRequest {
|
|||||||
|
|
||||||
message GrantResponse {}
|
message GrantResponse {}
|
||||||
|
|
||||||
message VerifyRequest {
|
|
||||||
Account account = 1;
|
|
||||||
Resource resource = 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
message VerifyResponse {}
|
|
||||||
|
|
||||||
message RevokeRequest {
|
message RevokeRequest {
|
||||||
string role = 1;
|
string role = 1;
|
||||||
Resource resource = 2;
|
Resource resource = 2;
|
||||||
@ -82,3 +81,10 @@ message RefreshRequest {
|
|||||||
message RefreshResponse {
|
message RefreshResponse {
|
||||||
Token token = 1;
|
Token token = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
message ListRulesRequest {
|
||||||
|
}
|
||||||
|
|
||||||
|
message ListRulesResponse {
|
||||||
|
repeated Rule rules = 1;
|
||||||
|
}
|
||||||
|
@ -2,7 +2,9 @@ package service
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/micro/go-micro/v2/auth"
|
"github.com/micro/go-micro/v2/auth"
|
||||||
@ -10,6 +12,7 @@ import (
|
|||||||
"github.com/micro/go-micro/v2/auth/token"
|
"github.com/micro/go-micro/v2/auth/token"
|
||||||
"github.com/micro/go-micro/v2/auth/token/jwt"
|
"github.com/micro/go-micro/v2/auth/token/jwt"
|
||||||
"github.com/micro/go-micro/v2/client"
|
"github.com/micro/go-micro/v2/client"
|
||||||
|
log "github.com/micro/go-micro/v2/logger"
|
||||||
)
|
)
|
||||||
|
|
||||||
// NewAuth returns a new instance of the Auth service
|
// NewAuth returns a new instance of the Auth service
|
||||||
@ -24,6 +27,9 @@ type svc struct {
|
|||||||
options auth.Options
|
options auth.Options
|
||||||
auth pb.AuthService
|
auth pb.AuthService
|
||||||
jwt token.Provider
|
jwt token.Provider
|
||||||
|
rules []*pb.Rule
|
||||||
|
|
||||||
|
sync.Mutex
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *svc) String() string {
|
func (s *svc) String() string {
|
||||||
@ -44,6 +50,13 @@ func (s *svc) Init(opts ...auth.Option) {
|
|||||||
if key := s.options.PublicKey; len(key) > 0 {
|
if key := s.options.PublicKey; len(key) > 0 {
|
||||||
s.jwt = jwt.NewTokenProvider(token.WithPublicKey(key))
|
s.jwt = jwt.NewTokenProvider(token.WithPublicKey(key))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// load rules periodically from the auth service
|
||||||
|
timer := time.NewTicker(time.Second * 30)
|
||||||
|
go func() {
|
||||||
|
s.loadRules()
|
||||||
|
<-timer.C
|
||||||
|
}()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *svc) Options() auth.Options {
|
func (s *svc) Options() auth.Options {
|
||||||
@ -95,18 +108,31 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
|
|||||||
|
|
||||||
// Verify an account has access to a resource
|
// Verify an account has access to a resource
|
||||||
func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
||||||
_, err := s.auth.Verify(context.TODO(), &pb.VerifyRequest{
|
queries := [][]string{
|
||||||
Account: &pb.Account{
|
{res.Type, "*"}, // check for wildcard resource type, e.g. service.*
|
||||||
Id: acc.ID,
|
{res.Type, res.Name, "*"}, // check for wildcard name, e.g. service.foo*
|
||||||
Roles: acc.Roles,
|
{res.Type, res.Name, res.Endpoint, "*"}, // check for wildcard endpoints, e.g. service.foo.ListFoo:*
|
||||||
},
|
{res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin
|
||||||
Resource: &pb.Resource{
|
}
|
||||||
Type: res.Type,
|
|
||||||
Name: res.Name,
|
// endpoint is a url which can have wildcard excludes, e.g.
|
||||||
Endpoint: res.Endpoint,
|
// "/foo/*" will allow "/foo/bar"
|
||||||
},
|
if comps := strings.Split(res.Endpoint, "/"); len(comps) > 1 {
|
||||||
})
|
for i := 1; i < len(comps); i++ {
|
||||||
return err
|
wildcard := fmt.Sprintf("%v/*", strings.Join(comps[0:i], "/"))
|
||||||
|
queries = append(queries, []string{res.Type, res.Name, wildcard})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, q := range queries {
|
||||||
|
for _, rule := range s.listRules(q...) {
|
||||||
|
if isValidRule(rule, acc, res) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return auth.ErrForbidden
|
||||||
}
|
}
|
||||||
|
|
||||||
// Inspect a token
|
// Inspect a token
|
||||||
@ -150,6 +176,62 @@ func (s *svc) Refresh(secret string, opts ...auth.RefreshOption) (*auth.Token, e
|
|||||||
return serializeToken(rsp.Token), nil
|
return serializeToken(rsp.Token), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var ruleJoinKey = ":"
|
||||||
|
|
||||||
|
// isValidRule returns a bool, indicating if a rule permits access to a
|
||||||
|
// resource for a given account
|
||||||
|
func isValidRule(rule *pb.Rule, acc *auth.Account, res *auth.Resource) bool {
|
||||||
|
if rule.Role == "*" {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, role := range acc.Roles {
|
||||||
|
if rule.Role == role {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
// allow user.anything if role is user.*
|
||||||
|
if strings.HasSuffix(rule.Role, ".*") && strings.HasPrefix(rule.Role, role+".") {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// listRules gets all the rules from the store which have an id
|
||||||
|
// prefix matching the filters
|
||||||
|
func (s *svc) listRules(filters ...string) []*pb.Rule {
|
||||||
|
s.Lock()
|
||||||
|
defer s.Unlock()
|
||||||
|
|
||||||
|
prefix := strings.Join(filters, ruleJoinKey)
|
||||||
|
|
||||||
|
var rules []*pb.Rule
|
||||||
|
for _, r := range s.rules {
|
||||||
|
if strings.HasPrefix(r.Id, prefix) {
|
||||||
|
rules = append(rules, r)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return rules
|
||||||
|
}
|
||||||
|
|
||||||
|
// loadRules retrieves the rules from the auth service
|
||||||
|
func (s *svc) loadRules() {
|
||||||
|
rsp, err := s.auth.ListRules(context.TODO(), &pb.ListRulesRequest{}, client.WithRetries(3))
|
||||||
|
s.Lock()
|
||||||
|
defer s.Unlock()
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("Error listing rules: %v", err)
|
||||||
|
s.rules = []*pb.Rule{}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
s.rules = rsp.Rules
|
||||||
|
}
|
||||||
|
|
||||||
func serializeToken(t *pb.Token) *auth.Token {
|
func serializeToken(t *pb.Token) *auth.Token {
|
||||||
return &auth.Token{
|
return &auth.Token{
|
||||||
Token: t.Token,
|
Token: t.Token,
|
||||||
|
@ -1,74 +0,0 @@
|
|||||||
package store
|
|
||||||
|
|
||||||
import (
|
|
||||||
"encoding/json"
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/micro/go-micro/v2/auth"
|
|
||||||
"github.com/micro/go-micro/v2/store"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Rule is an access control rule
|
|
||||||
type Rule struct {
|
|
||||||
Role string `json:"rule"`
|
|
||||||
Resource *auth.Resource `json:"resource"`
|
|
||||||
}
|
|
||||||
|
|
||||||
var joinKey = ":"
|
|
||||||
|
|
||||||
// Key to be used when written to the store
|
|
||||||
func (r *Rule) Key() string {
|
|
||||||
comps := []string{r.Resource.Type, r.Resource.Name, r.Resource.Endpoint, r.Role}
|
|
||||||
return strings.Join(comps, joinKey)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Bytes returns json encoded bytes
|
|
||||||
func (r *Rule) Bytes() []byte {
|
|
||||||
bytes, _ := json.Marshal(r)
|
|
||||||
return bytes
|
|
||||||
}
|
|
||||||
|
|
||||||
// isValidRule returns a bool, indicating if a rule permits access to a
|
|
||||||
// resource for a given account
|
|
||||||
func isValidRule(rule Rule, acc *auth.Account, res *auth.Resource) bool {
|
|
||||||
if rule.Role == "*" {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, role := range acc.Roles {
|
|
||||||
if rule.Role == role {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
// allow user.anything if role is user.*
|
|
||||||
if strings.HasSuffix(rule.Role, ".*") && strings.HasPrefix(rule.Role, role+".") {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// listRules gets all the rules from the store which have a key
|
|
||||||
// prefix matching the filters
|
|
||||||
func (s *Store) listRules(filters ...string) ([]Rule, error) {
|
|
||||||
// get the records from the store
|
|
||||||
prefix := strings.Join(filters, joinKey)
|
|
||||||
recs, err := s.opts.Store.Read(prefix, store.ReadPrefix())
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// unmarshal the records
|
|
||||||
rules := make([]Rule, 0, len(recs))
|
|
||||||
for _, rec := range recs {
|
|
||||||
var r Rule
|
|
||||||
if err := json.Unmarshal(rec.Value, &r); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
rules = append(rules, r)
|
|
||||||
}
|
|
||||||
|
|
||||||
// return the rules
|
|
||||||
return rules, nil
|
|
||||||
}
|
|
@ -1,171 +0,0 @@
|
|||||||
package store
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/micro/go-micro/v2/auth"
|
|
||||||
"github.com/micro/go-micro/v2/auth/token"
|
|
||||||
"github.com/micro/go-micro/v2/auth/token/basic"
|
|
||||||
"github.com/micro/go-micro/v2/store"
|
|
||||||
memStore "github.com/micro/go-micro/v2/store/memory"
|
|
||||||
)
|
|
||||||
|
|
||||||
// NewAuth returns a new default registry which is store
|
|
||||||
func NewAuth(opts ...auth.Option) auth.Auth {
|
|
||||||
var s Store
|
|
||||||
s.Init(opts...)
|
|
||||||
return &s
|
|
||||||
}
|
|
||||||
|
|
||||||
// Store implementation of auth
|
|
||||||
type Store struct {
|
|
||||||
secretProvider token.Provider
|
|
||||||
tokenProvider token.Provider
|
|
||||||
opts auth.Options
|
|
||||||
}
|
|
||||||
|
|
||||||
// String returns store
|
|
||||||
func (s *Store) String() string {
|
|
||||||
return "store"
|
|
||||||
}
|
|
||||||
|
|
||||||
// Init the auth
|
|
||||||
func (s *Store) Init(opts ...auth.Option) {
|
|
||||||
for _, o := range opts {
|
|
||||||
o(&s.opts)
|
|
||||||
}
|
|
||||||
|
|
||||||
// use the default store as a fallback
|
|
||||||
if s.opts.Store == nil {
|
|
||||||
s.opts.Store = store.DefaultStore
|
|
||||||
}
|
|
||||||
|
|
||||||
// noop will not work for auth
|
|
||||||
if s.opts.Store.String() == "noop" {
|
|
||||||
s.opts.Store = memStore.NewStore()
|
|
||||||
}
|
|
||||||
|
|
||||||
if s.tokenProvider == nil {
|
|
||||||
s.tokenProvider = basic.NewTokenProvider(token.WithStore(s.opts.Store))
|
|
||||||
}
|
|
||||||
if s.secretProvider == nil {
|
|
||||||
s.secretProvider = basic.NewTokenProvider(token.WithStore(s.opts.Store))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Options returns the options
|
|
||||||
func (s *Store) Options() auth.Options {
|
|
||||||
return s.opts
|
|
||||||
}
|
|
||||||
|
|
||||||
// Generate a new account
|
|
||||||
func (s *Store) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
|
|
||||||
// parse the options
|
|
||||||
options := auth.NewGenerateOptions(opts...)
|
|
||||||
|
|
||||||
// Generate a long-lived secret
|
|
||||||
secretOpts := []token.GenerateOption{
|
|
||||||
token.WithExpiry(options.SecretExpiry),
|
|
||||||
token.WithMetadata(options.Metadata),
|
|
||||||
token.WithRoles(options.Roles...),
|
|
||||||
}
|
|
||||||
secret, err := s.secretProvider.Generate(id, secretOpts...)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// return the account
|
|
||||||
return &auth.Account{
|
|
||||||
ID: id,
|
|
||||||
Roles: options.Roles,
|
|
||||||
Metadata: options.Metadata,
|
|
||||||
Secret: secret,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Grant access to a resource
|
|
||||||
func (s *Store) Grant(role string, res *auth.Resource) error {
|
|
||||||
r := Rule{role, res}
|
|
||||||
return s.opts.Store.Write(&store.Record{Key: r.Key(), Value: r.Bytes()})
|
|
||||||
}
|
|
||||||
|
|
||||||
// Revoke access to a resource
|
|
||||||
func (s *Store) Revoke(role string, res *auth.Resource) error {
|
|
||||||
r := Rule{role, res}
|
|
||||||
|
|
||||||
err := s.opts.Store.Delete(r.Key())
|
|
||||||
if err == store.ErrNotFound {
|
|
||||||
return auth.ErrNotFound
|
|
||||||
}
|
|
||||||
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Verify an account has access to a resource
|
|
||||||
func (s *Store) Verify(acc *auth.Account, res *auth.Resource) error {
|
|
||||||
queries := [][]string{
|
|
||||||
{res.Type, "*"}, // check for wildcard resource type, e.g. service.*
|
|
||||||
{res.Type, res.Name, "*"}, // check for wildcard name, e.g. service.foo*
|
|
||||||
{res.Type, res.Name, res.Endpoint, "*"}, // check for wildcard endpoints, e.g. service.foo.ListFoo:*
|
|
||||||
{res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin
|
|
||||||
}
|
|
||||||
|
|
||||||
// endpoint is a url which can have wildcard excludes, e.g.
|
|
||||||
// "/foo/*" will allow "/foo/bar"
|
|
||||||
if comps := strings.Split(res.Endpoint, "/"); len(comps) > 1 {
|
|
||||||
for i := 1; i < len(comps); i++ {
|
|
||||||
wildcard := fmt.Sprintf("%v/*", strings.Join(comps[0:i], "/"))
|
|
||||||
queries = append(queries, []string{res.Type, res.Name, wildcard})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, q := range queries {
|
|
||||||
rules, err := s.listRules(q...)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, rule := range rules {
|
|
||||||
if isValidRule(rule, acc, res) {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return auth.ErrForbidden
|
|
||||||
}
|
|
||||||
|
|
||||||
// Inspect a token
|
|
||||||
func (s *Store) Inspect(t string) (*auth.Account, error) {
|
|
||||||
tok, err := s.tokenProvider.Inspect(t)
|
|
||||||
if err == token.ErrInvalidToken || err == token.ErrNotFound {
|
|
||||||
return nil, auth.ErrInvalidToken
|
|
||||||
} else if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return &auth.Account{
|
|
||||||
ID: tok.Subject,
|
|
||||||
Roles: tok.Roles,
|
|
||||||
Metadata: tok.Metadata,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Refresh an account using a secret
|
|
||||||
func (s *Store) Refresh(secret string, opts ...auth.RefreshOption) (*auth.Token, error) {
|
|
||||||
sec, err := s.secretProvider.Inspect(secret)
|
|
||||||
if err == token.ErrInvalidToken || err == token.ErrNotFound {
|
|
||||||
return nil, auth.ErrInvalidToken
|
|
||||||
} else if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
options := auth.NewRefreshOptions(opts...)
|
|
||||||
|
|
||||||
return s.tokenProvider.Generate(sec.Subject,
|
|
||||||
token.WithExpiry(options.TokenExpiry),
|
|
||||||
token.WithMetadata(sec.Metadata),
|
|
||||||
token.WithRoles(sec.Roles...),
|
|
||||||
)
|
|
||||||
}
|
|
@ -1,308 +0,0 @@
|
|||||||
package store
|
|
||||||
|
|
||||||
import (
|
|
||||||
"log"
|
|
||||||
"testing"
|
|
||||||
|
|
||||||
"github.com/micro/go-micro/v2/auth"
|
|
||||||
memStore "github.com/micro/go-micro/v2/store/memory"
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestGenerate(t *testing.T) {
|
|
||||||
s := memStore.NewStore()
|
|
||||||
a := NewAuth(auth.Store(s))
|
|
||||||
|
|
||||||
id := "test"
|
|
||||||
roles := []string{"admin"}
|
|
||||||
metadata := map[string]string{"foo": "bar"}
|
|
||||||
|
|
||||||
opts := []auth.GenerateOption{
|
|
||||||
auth.WithRoles(roles...),
|
|
||||||
auth.WithMetadata(metadata),
|
|
||||||
}
|
|
||||||
|
|
||||||
// generate the account
|
|
||||||
acc, err := a.Generate(id, opts...)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Generate returned an error: %v, expected nil", err)
|
|
||||||
}
|
|
||||||
// validate the account attributes were set correctly
|
|
||||||
if acc.ID != id {
|
|
||||||
t.Errorf("Generate returned %v as the ID, expected %v", acc.ID, id)
|
|
||||||
}
|
|
||||||
if len(acc.Roles) != len(roles) {
|
|
||||||
t.Errorf("Generate returned %v as the roles, expected %v", acc.Roles, roles)
|
|
||||||
}
|
|
||||||
if len(acc.Metadata) != len(metadata) {
|
|
||||||
t.Errorf("Generate returned %v as the metadata, expected %v", acc.Metadata, metadata)
|
|
||||||
}
|
|
||||||
|
|
||||||
// validate the secret is valid
|
|
||||||
if _, err := a.Refresh(acc.Secret.Token); err != nil {
|
|
||||||
t.Errorf("Generate returned an invalid secret, error: %v", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestGrant(t *testing.T) {
|
|
||||||
s := memStore.NewStore()
|
|
||||||
a := NewAuth(auth.Store(s))
|
|
||||||
|
|
||||||
res := &auth.Resource{Type: "service", Name: "Test", Endpoint: "Foo.Bar"}
|
|
||||||
if err := a.Grant("users.*", res); err != nil {
|
|
||||||
t.Fatalf("Grant returned an error: %v, expected nil", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
recs, err := s.List()
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Could not read from the store: %v", err)
|
|
||||||
}
|
|
||||||
if len(recs) != 1 {
|
|
||||||
t.Errorf("Expected Grant to write 1 record, actually wrote %v", len(recs))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestRevoke(t *testing.T) {
|
|
||||||
s := memStore.NewStore()
|
|
||||||
a := NewAuth(auth.Store(s))
|
|
||||||
|
|
||||||
res := &auth.Resource{Type: "service", Name: "Test", Endpoint: "Foo.Bar"}
|
|
||||||
if err := a.Grant("users.*", res); err != nil {
|
|
||||||
t.Fatalf("Grant returned an error: %v, expected nil", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
recs, err := s.List()
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Could not read from the store: %v", err)
|
|
||||||
}
|
|
||||||
if len(recs) != 1 {
|
|
||||||
t.Fatalf("Expected Grant to write 1 record, actually wrote %v", len(recs))
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := a.Revoke("users.*", res); err != nil {
|
|
||||||
t.Fatalf("Revoke returned an error: %v, expected nil", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
recs, err = s.List()
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Could not read from the store: %v", err)
|
|
||||||
}
|
|
||||||
if len(recs) != 0 {
|
|
||||||
t.Fatalf("Expected Revoke to delete 1 record, actually deleted %v", 1-len(recs))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestInspect(t *testing.T) {
|
|
||||||
a := NewAuth()
|
|
||||||
|
|
||||||
t.Run("Valid Token", func(t *testing.T) {
|
|
||||||
id := "test"
|
|
||||||
roles := []string{"admin"}
|
|
||||||
metadata := map[string]string{"foo": "bar"}
|
|
||||||
|
|
||||||
opts := []auth.GenerateOption{
|
|
||||||
auth.WithRoles(roles...),
|
|
||||||
auth.WithMetadata(metadata),
|
|
||||||
}
|
|
||||||
|
|
||||||
// generate and inspect the token
|
|
||||||
acc, err := a.Generate("test", opts...)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Generate returned an error: %v, expected nil", err)
|
|
||||||
}
|
|
||||||
tok, err := a.Refresh(acc.Secret.Token)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Refresh returned an error: %v, expected nil", err)
|
|
||||||
}
|
|
||||||
acc2, err := a.Inspect(tok.Token)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Inspect returned an error: %v, expected nil", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// validate the account attributes were retrieved correctly
|
|
||||||
if acc2.ID != id {
|
|
||||||
t.Errorf("Generate returned %v as the ID, expected %v", acc.ID, id)
|
|
||||||
}
|
|
||||||
if len(acc2.Roles) != len(roles) {
|
|
||||||
t.Errorf("Generate returned %v as the roles, expected %v", acc.Roles, roles)
|
|
||||||
}
|
|
||||||
if len(acc2.Metadata) != len(metadata) {
|
|
||||||
t.Errorf("Generate returned %v as the metadata, expected %v", acc.Metadata, metadata)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
|
|
||||||
t.Run("Invalid Token", func(t *testing.T) {
|
|
||||||
_, err := a.Inspect("invalid token")
|
|
||||||
if err != auth.ErrInvalidToken {
|
|
||||||
t.Errorf("Inspect returned %v error, expected %v", err, auth.ErrInvalidToken)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestRefresh(t *testing.T) {
|
|
||||||
a := NewAuth()
|
|
||||||
|
|
||||||
t.Run("Valid Secret", func(t *testing.T) {
|
|
||||||
roles := []string{"admin"}
|
|
||||||
metadata := map[string]string{"foo": "bar"}
|
|
||||||
|
|
||||||
opts := []auth.GenerateOption{
|
|
||||||
auth.WithRoles(roles...),
|
|
||||||
auth.WithMetadata(metadata),
|
|
||||||
}
|
|
||||||
|
|
||||||
// generate the account
|
|
||||||
acc, err := a.Generate("test", opts...)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Generate returned an error: %v, expected nil", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// refresh the token
|
|
||||||
tok, err := a.Refresh(acc.Secret.Token)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Refresh returned an error: %v, expected nil", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// validate the account attributes were set correctly
|
|
||||||
if acc.ID != tok.Subject {
|
|
||||||
t.Errorf("Refresh returned %v as the ID, expected %v", acc.ID, tok.Subject)
|
|
||||||
}
|
|
||||||
if len(acc.Roles) != len(tok.Roles) {
|
|
||||||
t.Errorf("Refresh returned %v as the roles, expected %v", acc.Roles, tok.Subject)
|
|
||||||
}
|
|
||||||
if len(acc.Metadata) != len(tok.Metadata) {
|
|
||||||
t.Errorf("Refresh returned %v as the metadata, expected %v", acc.Metadata, tok.Metadata)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
|
|
||||||
t.Run("Invalid Secret", func(t *testing.T) {
|
|
||||||
_, err := a.Refresh("invalid secret")
|
|
||||||
if err != auth.ErrInvalidToken {
|
|
||||||
t.Errorf("Inspect returned %v error, expected %v", err, auth.ErrInvalidToken)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestVerify(t *testing.T) {
|
|
||||||
testRules := []struct {
|
|
||||||
Role string
|
|
||||||
Resource *auth.Resource
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
Role: "*",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.PublicList"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Role: "*",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.web", Endpoint: "/foo"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Role: "*",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.web", Endpoint: "/bar/*"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Role: "user.*",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.List"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Role: "user.developer",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.Update"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Role: "admin",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.Delete"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Role: "admin",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "*", Endpoint: "*"},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
a := NewAuth()
|
|
||||||
for _, r := range testRules {
|
|
||||||
if err := a.Grant(r.Role, r.Resource); err != nil {
|
|
||||||
t.Fatalf("Grant returned an error: %v, expected nil", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
testTable := []struct {
|
|
||||||
Name string
|
|
||||||
Roles []string
|
|
||||||
Resource *auth.Resource
|
|
||||||
Error error
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
Name: "An account with no roles accessing a public endpoint",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.PublicList"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "An account with no roles accessing a private endpoint",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.Update"},
|
|
||||||
Error: auth.ErrForbidden,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "An account with the user role accessing a user* endpoint",
|
|
||||||
Roles: []string{"user"},
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.List"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "An account with the user role accessing a user.admin endpoint",
|
|
||||||
Roles: []string{"user"},
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.Delete"},
|
|
||||||
Error: auth.ErrForbidden,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "An account with the developer role accessing a user.developer endpoint",
|
|
||||||
Roles: []string{"user.developer"},
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.Update"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "An account with the developer role accessing an admin endpoint",
|
|
||||||
Roles: []string{"user.developer"},
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.Delete"},
|
|
||||||
Error: auth.ErrForbidden,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "An admin account accessing an admin endpoint",
|
|
||||||
Roles: []string{"admin"},
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.apps", Endpoint: "Apps.Delete"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "An admin account accessing a generic service endpoint",
|
|
||||||
Roles: []string{"admin"},
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.foo", Endpoint: "Foo.Bar"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "An admin account accessing an unauthorised endpoint",
|
|
||||||
Roles: []string{"admin"},
|
|
||||||
Resource: &auth.Resource{Type: "infra", Name: "go.micro.foo", Endpoint: "Foo.Bar"},
|
|
||||||
Error: auth.ErrForbidden,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "A account with no roles accessing an unauthorised endpoint",
|
|
||||||
Resource: &auth.Resource{Type: "infra", Name: "go.micro.foo", Endpoint: "Foo.Bar"},
|
|
||||||
Error: auth.ErrForbidden,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "Accessing a public web path",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.web", Endpoint: "/foo"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "Accessing a public web path with an invalid wildcard endpoint",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.web", Endpoint: "/foo/foo"},
|
|
||||||
Error: auth.ErrForbidden,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "Accessing a public web path with wildcard endpoint",
|
|
||||||
Resource: &auth.Resource{Type: "service", Name: "go.micro.web", Endpoint: "/bar/foo"},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, tc := range testTable {
|
|
||||||
t.Run(tc.Name, func(t *testing.T) {
|
|
||||||
acc := &auth.Account{Roles: tc.Roles}
|
|
||||||
if err := a.Verify(acc, tc.Resource); err != tc.Error {
|
|
||||||
t.Errorf("Verify returned %v error, expected %v", err, tc.Error)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
@ -71,7 +71,6 @@ import (
|
|||||||
|
|
||||||
// auth
|
// auth
|
||||||
svcAuth "github.com/micro/go-micro/v2/auth/service"
|
svcAuth "github.com/micro/go-micro/v2/auth/service"
|
||||||
storeAuth "github.com/micro/go-micro/v2/auth/store"
|
|
||||||
|
|
||||||
// auth providers
|
// auth providers
|
||||||
"github.com/micro/go-micro/v2/auth/provider/basic"
|
"github.com/micro/go-micro/v2/auth/provider/basic"
|
||||||
@ -360,7 +359,6 @@ var (
|
|||||||
|
|
||||||
DefaultAuths = map[string]func(...auth.Option) auth.Auth{
|
DefaultAuths = map[string]func(...auth.Option) auth.Auth{
|
||||||
"service": svcAuth.NewAuth,
|
"service": svcAuth.NewAuth,
|
||||||
"store": storeAuth.NewAuth,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
DefaultAuthProviders = map[string]func(...provider.Option) provider.Provider{
|
DefaultAuthProviders = map[string]func(...provider.Option) provider.Provider{
|
||||||
|
Loading…
Reference in New Issue
Block a user