From dc10f88c1269983dd422210fb15f20bc741166f2 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Tue, 19 May 2020 18:17:17 +0100 Subject: [PATCH 01/26] Replace auth account.Namespace with account.Scopes --- api/resolver/options.go | 4 +- auth/auth.go | 23 +- auth/auth_test.go | 13 + auth/default.go | 15 +- auth/jwt/jwt.go | 29 +- auth/options.go | 13 +- auth/service/proto/auth.pb.go | 135 ++- auth/service/proto/auth.proto | 5 +- auth/service/service.go | 79 +- auth/token/jwt/jwt.go | 24 +- config/cmd/cmd.go | 1 + server/proto/server.pb.go | 552 ++++++------ server/proto/server.pb.micro.go | 2 +- util/auth/auth.go | 6 +- util/file/proto/file.pb.go | 1452 ++++++++++++++---------------- util/file/proto/file.pb.micro.go | 2 +- util/wrapper/wrapper.go | 7 +- 17 files changed, 1108 insertions(+), 1254 deletions(-) diff --git a/api/resolver/options.go b/api/resolver/options.go index eb9ce875..a6fa0ab7 100644 --- a/api/resolver/options.go +++ b/api/resolver/options.go @@ -2,8 +2,6 @@ package resolver import ( "net/http" - - "github.com/micro/go-micro/v2/auth" ) // NewOptions returns new initialised options @@ -14,7 +12,7 @@ func NewOptions(opts ...Option) Options { } if options.Namespace == nil { - options.Namespace = StaticNamespace(auth.DefaultNamespace) + options.Namespace = StaticNamespace("go.micro") } return options diff --git a/auth/auth.go b/auth/auth.go index d7987a07..f3bcefb0 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -50,8 +50,6 @@ type Resource struct { Type string `json:"type"` // Endpoint resource e.g NotesService.Create Endpoint string `json:"endpoint"` - // Namespace the resource belongs to - Namespace string `json:"namespace"` } // Account provided by an auth provider @@ -66,12 +64,27 @@ type Account struct { Roles []string `json:"roles"` // Any other associated metadata Metadata map[string]string `json:"metadata"` - // Namespace the account belongs to - Namespace string `json:"namespace"` + // Scopes the account has access to + Scopes []string `json:"scopes"` // Secret for the account, e.g. the password Secret string `json:"secret"` } +// HasScope returns a boolean indicating if the account has the given scope +func (a *Account) HasScope(scope string) bool { + if a.Scopes == nil { + return false + } + + for _, s := range a.Scopes { + if s == scope { + return true + } + } + + return false +} + // HasRole returns a boolean indicating if the account has the given role func (a *Account) HasRole(role string) bool { if a.Roles == nil { @@ -100,8 +113,6 @@ type Token struct { } const ( - // DefaultNamespace used for auth - DefaultNamespace = "go.micro" // TokenCookieName is the name of the cookie which stores the auth token TokenCookieName = "micro-token" // BearerScheme used for Authorization header diff --git a/auth/auth_test.go b/auth/auth_test.go index 5283e81e..50f3a990 100644 --- a/auth/auth_test.go +++ b/auth/auth_test.go @@ -2,6 +2,19 @@ package auth import "testing" +func TestHasScope(t *testing.T) { + if new(Account).HasScope("namespace.foo") { + t.Errorf("Expected the blank account to not have a role") + } + + acc := Account{Scopes: []string{"namespace.foo"}} + if !acc.HasScope("namespace.foo") { + t.Errorf("Expected the account to have the namespace.foo role") + } + if acc.HasScope("namespace.bar") { + t.Errorf("Expected the account to not have the namespace.bar role") + } +} func TestHasRole(t *testing.T) { if new(Account).HasRole("foo") { t.Errorf("Expected the blank account to not have a role") diff --git a/auth/default.go b/auth/default.go index b9160a50..9fd42f2d 100644 --- a/auth/default.go +++ b/auth/default.go @@ -49,11 +49,11 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) { options := NewGenerateOptions(opts...) return &Account{ - ID: id, - Roles: options.Roles, - Secret: options.Secret, - Metadata: options.Metadata, - Namespace: DefaultNamespace, + ID: id, + Roles: options.Roles, + Secret: options.Secret, + Metadata: options.Metadata, + Scopes: options.Scopes, }, nil } @@ -74,10 +74,7 @@ func (n *noop) Verify(acc *Account, res *Resource) error { // Inspect a token func (n *noop) Inspect(token string) (*Account, error) { - return &Account{ - ID: uuid.New().String(), - Namespace: DefaultNamespace, - }, nil + return &Account{ID: uuid.New().String()}, nil } // Token generation using an account id and secret diff --git a/auth/jwt/jwt.go b/auth/jwt/jwt.go index 9c118e1a..310c110b 100644 --- a/auth/jwt/jwt.go +++ b/auth/jwt/jwt.go @@ -1,6 +1,7 @@ package jwt import ( + "fmt" "sync" "time" @@ -41,10 +42,6 @@ func (j *jwt) Init(opts ...auth.Option) { o(&j.options) } - if len(j.options.Namespace) == 0 { - j.options.Namespace = auth.DefaultNamespace - } - j.jwt = jwtToken.NewTokenProvider( token.WithPrivateKey(j.options.PrivateKey), token.WithPublicKey(j.options.PublicKey), @@ -60,12 +57,12 @@ func (j *jwt) Options() auth.Options { func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) { options := auth.NewGenerateOptions(opts...) account := &auth.Account{ - ID: id, - Type: options.Type, - Roles: options.Roles, - Provider: options.Provider, - Metadata: options.Metadata, - Namespace: options.Namespace, + ID: id, + Type: options.Type, + Roles: options.Roles, + Scopes: options.Scopes, + Provider: options.Provider, + Metadata: options.Metadata, } // generate a JWT secret which can be provided to the Token() method @@ -111,18 +108,18 @@ func (j *jwt) Revoke(role string, res *auth.Resource) error { } func (j *jwt) Verify(acc *auth.Account, res *auth.Resource) error { - j.Lock() - if len(res.Namespace) == 0 { - res.Namespace = j.options.Namespace + // check the scope + scope := "namespace." + j.options.Namespace + if acc != nil && !acc.HasScope(scope) { + return fmt.Errorf("Missing required scope: %v", scope) } + + j.Lock() rules := j.rules j.Unlock() for _, rule := range rules { // validate the rule applies to the requested resource - if rule.resource.Namespace != "*" && rule.resource.Namespace != res.Namespace { - continue - } if rule.resource.Type != "*" && rule.resource.Type != res.Type { continue } diff --git a/auth/options.go b/auth/options.go index bb120241..a498bb37 100644 --- a/auth/options.go +++ b/auth/options.go @@ -13,9 +13,6 @@ func NewOptions(opts ...Option) Options { for _, o := range opts { o(&options) } - if len(options.Namespace) == 0 { - options.Namespace = DefaultNamespace - } if options.Client == nil { options.Client = client.DefaultClient } @@ -126,8 +123,8 @@ type GenerateOptions struct { Metadata map[string]string // Roles/scopes associated with the account Roles []string - // Namespace the account belongs too - Namespace string + // Scopes the account hasaccess too + Scopes []string // Provider of the account, e.g. oauth Provider string // Type of the account, e.g. user @@ -166,10 +163,10 @@ func WithRoles(rs ...string) GenerateOption { } } -// WithNamespace for the generated account -func WithNamespace(n string) GenerateOption { +// WithScopes for the generated account +func WithScopes(s ...string) GenerateOption { return func(o *GenerateOptions) { - o.Namespace = n + o.Scopes = s } } diff --git a/auth/service/proto/auth.pb.go b/auth/service/proto/auth.pb.go index cba1c78f..43bb6ee1 100644 --- a/auth/service/proto/auth.pb.go +++ b/auth/service/proto/auth.pb.go @@ -190,7 +190,7 @@ type Account struct { Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"` Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"` Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"` + Scopes []string `protobuf:"bytes,5,rep,name=scopes,proto3" json:"scopes,omitempty"` Provider string `protobuf:"bytes,6,opt,name=provider,proto3" json:"provider,omitempty"` Secret string `protobuf:"bytes,7,opt,name=secret,proto3" json:"secret,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -251,11 +251,11 @@ func (m *Account) GetMetadata() map[string]string { return nil } -func (m *Account) GetNamespace() string { +func (m *Account) GetScopes() []string { if m != nil { - return m.Namespace + return m.Scopes } - return "" + return nil } func (m *Account) GetProvider() string { @@ -276,7 +276,6 @@ type Resource struct { Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"` Endpoint string `protobuf:"bytes,3,opt,name=endpoint,proto3" json:"endpoint,omitempty"` - Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -328,18 +327,11 @@ func (m *Resource) GetEndpoint() string { return "" } -func (m *Resource) GetNamespace() string { - if m != nil { - return m.Namespace - } - return "" -} - type GenerateRequest struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"` Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"` + Scopes []string `protobuf:"bytes,4,rep,name=scopes,proto3" json:"scopes,omitempty"` Secret string `protobuf:"bytes,5,opt,name=secret,proto3" json:"secret,omitempty"` Type string `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"` Provider string `protobuf:"bytes,7,opt,name=provider,proto3" json:"provider,omitempty"` @@ -394,11 +386,11 @@ func (m *GenerateRequest) GetMetadata() map[string]string { return nil } -func (m *GenerateRequest) GetNamespace() string { +func (m *GenerateRequest) GetScopes() []string { if m != nil { - return m.Namespace + return m.Scopes } - return "" + return nil } func (m *GenerateRequest) GetSecret() string { @@ -1157,64 +1149,63 @@ func init() { func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) } var fileDescriptor_21300bfacc51fc2a = []byte{ - // 900 bytes of a gzipped FileDescriptorProto + // 892 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x56, 0xdd, 0x8e, 0xdb, 0x44, - 0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xfc, 0x6c, 0x34, 0xdd, 0x16, 0x2b, 0xed, 0x96, 0xad, 0x8b, + 0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xc4, 0xd9, 0x68, 0xba, 0x2d, 0x96, 0xcb, 0x96, 0xad, 0x8b, 0xd0, 0x52, 0x41, 0x16, 0xa5, 0x37, 0x40, 0x6f, 0x58, 0x35, 0x51, 0x68, 0xa1, 0x41, 0x58, 0x45, - 0xe5, 0x06, 0x55, 0xc6, 0x39, 0xb0, 0xd6, 0x66, 0x6d, 0x33, 0x33, 0x5e, 0x91, 0x1b, 0x24, 0xde, - 0x81, 0x37, 0x80, 0x2b, 0x9e, 0x89, 0x7b, 0x5e, 0x03, 0xcd, 0x9f, 0x37, 0x76, 0x9c, 0xaa, 0x40, - 0x2f, 0xb8, 0x9b, 0x33, 0xe7, 0xf8, 0xcc, 0xf7, 0x7d, 0xe7, 0xcc, 0xf1, 0xc0, 0x51, 0x54, 0xf0, - 0xf3, 0x53, 0x86, 0xf4, 0x2a, 0x89, 0xf1, 0x34, 0xa7, 0x19, 0xcf, 0x4e, 0xc5, 0xd6, 0x58, 0x2e, - 0x49, 0xff, 0x87, 0x6c, 0x7c, 0x99, 0xc4, 0x34, 0x1b, 0x8b, 0xcd, 0xe0, 0x26, 0xdc, 0xf8, 0x22, - 0x61, 0xfc, 0x2c, 0x8e, 0xb3, 0x22, 0xe5, 0x2c, 0xc4, 0x1f, 0x0b, 0x64, 0x3c, 0x78, 0x0a, 0x87, - 0xd5, 0x6d, 0x96, 0x67, 0x29, 0x43, 0x32, 0x81, 0x4e, 0xa4, 0xf7, 0x7c, 0xeb, 0xd8, 0x39, 0xe9, - 0x4e, 0x6e, 0x8d, 0x2b, 0x09, 0xc7, 0xfa, 0x93, 0xb0, 0x8c, 0x0b, 0x7e, 0xb1, 0xa0, 0xf5, 0x3c, - 0xbb, 0xc0, 0x94, 0xdc, 0x83, 0x5e, 0x14, 0xc7, 0xc8, 0xd8, 0x4b, 0x2e, 0x6c, 0xdf, 0x3a, 0xb6, - 0x4e, 0xf6, 0xc3, 0xae, 0xda, 0x53, 0x21, 0xf7, 0xa1, 0x4f, 0xf1, 0x7b, 0x8a, 0xec, 0x5c, 0xc7, - 0xd8, 0x32, 0xa6, 0xa7, 0x37, 0x55, 0x90, 0x0f, 0xed, 0x98, 0x62, 0xc4, 0x71, 0xe9, 0x3b, 0xc7, - 0xd6, 0x89, 0x13, 0x1a, 0x93, 0xdc, 0x02, 0x0f, 0x7f, 0xca, 0x13, 0xba, 0xf6, 0x5d, 0xe9, 0xd0, - 0x56, 0xf0, 0xab, 0x0d, 0x6d, 0x8d, 0x8c, 0x0c, 0xc0, 0x4e, 0x96, 0xfa, 0x6c, 0x3b, 0x59, 0x12, - 0x02, 0x2e, 0x5f, 0xe7, 0xa8, 0x4f, 0x92, 0x6b, 0x72, 0x08, 0x2d, 0x9a, 0xad, 0x90, 0xf9, 0xce, - 0xb1, 0x73, 0xb2, 0x1f, 0x2a, 0x83, 0x7c, 0x0a, 0x9d, 0x4b, 0xe4, 0xd1, 0x32, 0xe2, 0x91, 0xef, - 0x4a, 0xf6, 0xef, 0x34, 0xb3, 0x1f, 0x3f, 0xd3, 0x61, 0xb3, 0x94, 0xd3, 0x75, 0x58, 0x7e, 0x45, - 0xee, 0xc0, 0x7e, 0x1a, 0x5d, 0x22, 0xcb, 0xa3, 0x18, 0xfd, 0x96, 0x3c, 0xf0, 0x7a, 0x83, 0x8c, - 0xa0, 0x93, 0xd3, 0xec, 0x2a, 0x59, 0x22, 0xf5, 0x3d, 0xe9, 0x2c, 0x6d, 0xc1, 0x8c, 0x61, 0x4c, - 0x91, 0xfb, 0x6d, 0xe9, 0xd1, 0xd6, 0xe8, 0x11, 0xf4, 0x2b, 0x87, 0x91, 0x21, 0x38, 0x17, 0xb8, - 0xd6, 0xfc, 0xc4, 0x52, 0x90, 0xb9, 0x8a, 0x56, 0x85, 0x61, 0xa8, 0x8c, 0x4f, 0xec, 0x8f, 0xac, - 0x60, 0x05, 0x9d, 0x10, 0x59, 0x56, 0xd0, 0x18, 0x85, 0x0c, 0x02, 0x89, 0xfe, 0x50, 0xae, 0x1b, - 0xa5, 0x19, 0x41, 0x07, 0xd3, 0x65, 0x9e, 0x25, 0x29, 0x97, 0xea, 0xef, 0x87, 0xa5, 0x5d, 0xa5, - 0xe7, 0xd6, 0xe8, 0x05, 0xbf, 0xdb, 0x70, 0x30, 0xc7, 0x14, 0x69, 0xc4, 0x51, 0x37, 0xda, 0x56, - 0x31, 0x4a, 0xe1, 0xed, 0x4d, 0xe1, 0x3f, 0xdb, 0x10, 0xde, 0x91, 0xc2, 0xbf, 0x5f, 0x13, 0xbe, - 0x96, 0xf7, 0xf5, 0x0a, 0x50, 0x47, 0xb8, 0x21, 0x72, 0x6b, 0x53, 0xe4, 0x52, 0x07, 0xaf, 0xaa, - 0x43, 0x59, 0xac, 0x76, 0xb5, 0x58, 0xff, 0xad, 0x28, 0x53, 0x18, 0x5e, 0xb3, 0xd1, 0xf7, 0xee, - 0x43, 0x68, 0xeb, 0xfb, 0x24, 0x73, 0xec, 0xbe, 0x76, 0x26, 0x2c, 0x78, 0x01, 0xbd, 0x39, 0x8d, - 0x52, 0x6e, 0x84, 0x26, 0xe0, 0x0a, 0x2d, 0x4d, 0x79, 0xc5, 0x9a, 0x3c, 0x84, 0x0e, 0xd5, 0xe5, - 0x97, 0x30, 0xba, 0x93, 0xb7, 0x6a, 0x69, 0x4d, 0x77, 0x84, 0x65, 0x60, 0x70, 0x00, 0x7d, 0x9d, - 0x58, 0x61, 0x0b, 0xbe, 0x81, 0x7e, 0x88, 0x57, 0xd9, 0x05, 0xbe, 0xf1, 0xa3, 0x86, 0x30, 0x30, - 0x99, 0xf5, 0x59, 0xef, 0xc2, 0xe0, 0x49, 0xca, 0x72, 0x8c, 0x4b, 0x5e, 0x87, 0xd0, 0xda, 0x1c, - 0x26, 0xca, 0x08, 0x1e, 0xc3, 0x41, 0x19, 0xf7, 0xaf, 0x25, 0xfc, 0x19, 0x7a, 0x72, 0xde, 0xec, - 0xea, 0xd5, 0xeb, 0x6e, 0xb1, 0x2b, 0xdd, 0xb2, 0x35, 0xc3, 0x9c, 0x86, 0x19, 0x76, 0x0f, 0x7a, - 0xd2, 0xf9, 0xb2, 0x32, 0xaf, 0xba, 0x72, 0x6f, 0xa6, 0x86, 0xd6, 0x23, 0xe8, 0xeb, 0xf3, 0x35, - 0x85, 0x07, 0x9b, 0x5c, 0xbb, 0x93, 0xc3, 0x1a, 0x01, 0x15, 0xac, 0x15, 0xf8, 0xc3, 0x02, 0x37, - 0x2c, 0x56, 0xd8, 0x34, 0xee, 0x64, 0x75, 0xec, 0x1d, 0xd5, 0x71, 0x5e, 0xb3, 0x3a, 0xe4, 0x03, - 0xf0, 0xd4, 0xe4, 0x96, 0xd8, 0x07, 0x93, 0x9b, 0xdb, 0x7a, 0x22, 0x63, 0xa1, 0x0e, 0x52, 0xf7, - 0x25, 0xc9, 0x68, 0xc2, 0xd7, 0xf2, 0x76, 0xb5, 0xc2, 0xd2, 0x0e, 0x7e, 0xb3, 0xa0, 0xff, 0x58, - 0x8e, 0xf0, 0x37, 0xdd, 0x43, 0x1b, 0x28, 0x9d, 0x7f, 0x8a, 0xd2, 0xad, 0xa1, 0x1c, 0xc2, 0xc0, - 0x80, 0xd4, 0xed, 0x28, 0x70, 0x4f, 0x71, 0x85, 0xff, 0x7b, 0xdc, 0x06, 0xa4, 0xc6, 0xdd, 0x87, - 0xae, 0xf8, 0xbd, 0x9b, 0xbf, 0xfd, 0xc7, 0xd0, 0x53, 0xa6, 0xee, 0xb3, 0xf7, 0xa0, 0x45, 0x0b, - 0x31, 0x84, 0xd5, 0x2f, 0xfe, 0x46, 0x1d, 0x6d, 0xb1, 0xc2, 0x50, 0x45, 0x3c, 0x18, 0x83, 0xa7, - 0x90, 0x90, 0x2e, 0xb4, 0xbf, 0x5e, 0x7c, 0xbe, 0xf8, 0xf2, 0xc5, 0x62, 0xb8, 0x27, 0x8c, 0x79, - 0x78, 0xb6, 0x78, 0x3e, 0x9b, 0x0e, 0x2d, 0x02, 0xe0, 0x4d, 0x67, 0x8b, 0x27, 0xb3, 0xe9, 0xd0, - 0x9e, 0xfc, 0x65, 0x81, 0x7b, 0x56, 0xf0, 0x73, 0xf2, 0x0c, 0x3a, 0x66, 0xca, 0x91, 0xbb, 0xaf, - 0x1e, 0xe6, 0xa3, 0xb7, 0x77, 0xfa, 0x35, 0x9f, 0x3d, 0xf2, 0x14, 0xda, 0xfa, 0xc2, 0x93, 0xa3, - 0x5a, 0x74, 0x75, 0x60, 0x8c, 0xee, 0xee, 0x72, 0x97, 0xb9, 0xa6, 0xe6, 0xbd, 0x72, 0xbb, 0xf1, - 0x82, 0xe9, 0x3c, 0x77, 0x9a, 0x9d, 0x26, 0xcb, 0xe4, 0x5b, 0xe8, 0x98, 0xe7, 0x13, 0xf9, 0x0a, - 0x5c, 0x21, 0x30, 0x09, 0x6a, 0xdf, 0x34, 0x3c, 0xbd, 0x46, 0xf7, 0x5f, 0x19, 0x53, 0xa6, 0xff, - 0xd3, 0x82, 0x96, 0x28, 0x04, 0x23, 0x73, 0xf0, 0x54, 0x5b, 0x92, 0x3a, 0xa4, 0xca, 0x95, 0x1a, - 0x1d, 0xed, 0xf0, 0x96, 0xbc, 0xe7, 0xe0, 0xa9, 0x3e, 0xd9, 0x4a, 0x54, 0xe9, 0xf1, 0xad, 0x44, - 0xb5, 0xe6, 0xda, 0x23, 0x67, 0x9a, 0xee, 0xa8, 0x81, 0x8a, 0x49, 0x72, 0xbb, 0xd1, 0x67, 0x52, - 0x7c, 0xe7, 0xc9, 0xd7, 0xea, 0xc3, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xdf, 0x67, 0x3c, 0x6e, - 0xce, 0x0a, 0x00, 0x00, + 0xe5, 0x06, 0x55, 0xc6, 0x39, 0xb0, 0xd6, 0x66, 0x6d, 0x33, 0x33, 0x5e, 0x91, 0x1b, 0x24, 0x5e, + 0x80, 0x47, 0xe0, 0x86, 0x3b, 0x9e, 0x89, 0x7b, 0x5e, 0x03, 0x79, 0x7e, 0xbc, 0xb1, 0xe3, 0x54, + 0x05, 0x7a, 0xd1, 0xbb, 0x39, 0x33, 0x67, 0xce, 0x7c, 0xdf, 0x77, 0x7e, 0x6c, 0x38, 0x8a, 0x0a, + 0x7e, 0x7e, 0xca, 0x90, 0x5e, 0x25, 0x31, 0x9e, 0xe6, 0x34, 0xe3, 0xd9, 0x69, 0xb9, 0x35, 0x16, + 0x4b, 0xe2, 0xfe, 0x98, 0x8d, 0x2f, 0x93, 0x98, 0x66, 0xe3, 0x72, 0x33, 0xb8, 0x09, 0x37, 0xbe, + 0x4c, 0x18, 0x3f, 0x8b, 0xe3, 0xac, 0x48, 0x39, 0x0b, 0xf1, 0xa7, 0x02, 0x19, 0x0f, 0x9e, 0xc0, + 0x61, 0x7d, 0x9b, 0xe5, 0x59, 0xca, 0x90, 0x4c, 0xa0, 0x17, 0xa9, 0x3d, 0xcf, 0x38, 0xb6, 0x4e, + 0xfa, 0x93, 0x5b, 0xe3, 0x5a, 0xc0, 0xb1, 0xba, 0x12, 0x56, 0x7e, 0xc1, 0xaf, 0x06, 0x74, 0x9e, + 0x65, 0x17, 0x98, 0x92, 0xbb, 0x30, 0x88, 0xe2, 0x18, 0x19, 0x7b, 0xc1, 0x4b, 0xdb, 0x33, 0x8e, + 0x8d, 0x93, 0xfd, 0xb0, 0x2f, 0xf7, 0xa4, 0xcb, 0x3d, 0x70, 0x29, 0xfe, 0x40, 0x91, 0x9d, 0x2b, + 0x1f, 0x53, 0xf8, 0x0c, 0xd4, 0xa6, 0x74, 0xf2, 0xa0, 0x1b, 0x53, 0x8c, 0x38, 0x2e, 0x3d, 0xeb, + 0xd8, 0x38, 0xb1, 0x42, 0x6d, 0x92, 0x5b, 0xe0, 0xe0, 0xcf, 0x79, 0x42, 0xd7, 0x9e, 0x2d, 0x0e, + 0x94, 0x15, 0xfc, 0x66, 0x42, 0x57, 0x21, 0x23, 0x43, 0x30, 0x93, 0xa5, 0x7a, 0xdb, 0x4c, 0x96, + 0x84, 0x80, 0xcd, 0xd7, 0x39, 0xaa, 0x97, 0xc4, 0x9a, 0x1c, 0x42, 0x87, 0x66, 0x2b, 0x64, 0x9e, + 0x75, 0x6c, 0x9d, 0xec, 0x87, 0xd2, 0x20, 0x9f, 0x41, 0xef, 0x12, 0x79, 0xb4, 0x8c, 0x78, 0xe4, + 0xd9, 0x82, 0xfd, 0xbb, 0xed, 0xec, 0xc7, 0x4f, 0x95, 0xdb, 0x2c, 0xe5, 0x74, 0x1d, 0x56, 0xb7, + 0x4a, 0x7c, 0x2c, 0xce, 0x72, 0x64, 0x5e, 0x47, 0x04, 0x56, 0x16, 0xf1, 0xa1, 0x97, 0xd3, 0xec, + 0x2a, 0x59, 0x22, 0xf5, 0x1c, 0x81, 0xa3, 0xb2, 0xc5, 0x1d, 0x8c, 0x29, 0x72, 0xaf, 0x2b, 0x4e, + 0x94, 0xe5, 0x3f, 0x04, 0xb7, 0xf6, 0x0c, 0x19, 0x81, 0x75, 0x81, 0x6b, 0xc5, 0xac, 0x5c, 0x96, + 0x34, 0xae, 0xa2, 0x55, 0xa1, 0xb9, 0x49, 0xe3, 0x53, 0xf3, 0x63, 0x23, 0x58, 0x40, 0x2f, 0x44, + 0x96, 0x15, 0x34, 0xc6, 0x52, 0x80, 0x34, 0xba, 0x44, 0x75, 0x51, 0xac, 0x5b, 0x45, 0xf1, 0xa1, + 0x87, 0xe9, 0x32, 0xcf, 0x92, 0x94, 0x0b, 0xdd, 0xf7, 0xc3, 0xca, 0x0e, 0x7e, 0x37, 0xe1, 0x60, + 0x8e, 0x29, 0xd2, 0x88, 0xa3, 0x2a, 0xa2, 0x2d, 0xa1, 0x2b, 0x51, 0xcd, 0x4d, 0x51, 0x3f, 0xdf, + 0x10, 0xd5, 0x12, 0xa2, 0x7e, 0xd0, 0x10, 0xb5, 0x11, 0xf7, 0x15, 0xc4, 0xb5, 0x6b, 0xe2, 0x5e, + 0x0b, 0xd8, 0xd9, 0x14, 0xb0, 0xe2, 0xe8, 0xd4, 0x39, 0x56, 0x89, 0xe8, 0xd6, 0x13, 0xf1, 0xff, + 0x04, 0x9f, 0xc2, 0xe8, 0x9a, 0x87, 0xea, 0xa6, 0x8f, 0xa0, 0xab, 0xba, 0x44, 0xc4, 0xd8, 0xdd, + 0x4c, 0xda, 0x2d, 0x78, 0x0e, 0x83, 0x39, 0x8d, 0x52, 0xae, 0x25, 0x26, 0x60, 0x97, 0x2a, 0xea, + 0xd4, 0x95, 0x6b, 0xf2, 0x00, 0x7a, 0x54, 0xa5, 0x56, 0xc0, 0xe8, 0x4f, 0xde, 0x6a, 0x84, 0xd5, + 0x99, 0x0f, 0x2b, 0xc7, 0xe0, 0x00, 0x5c, 0x15, 0x58, 0x62, 0x0b, 0xbe, 0x05, 0x37, 0xc4, 0xab, + 0xec, 0x02, 0x5f, 0xfb, 0x53, 0x23, 0x18, 0xea, 0xc8, 0xea, 0xad, 0xf7, 0x60, 0xf8, 0x38, 0x65, + 0x39, 0xc6, 0x15, 0xaf, 0x43, 0xe8, 0x6c, 0x8e, 0x08, 0x69, 0x04, 0x8f, 0xe0, 0xa0, 0xf2, 0xfb, + 0xcf, 0x12, 0xfe, 0x02, 0x03, 0x31, 0x45, 0x76, 0x55, 0xe9, 0x75, 0xb5, 0x98, 0xb5, 0x6a, 0xd9, + 0x9a, 0x4c, 0x56, 0xcb, 0x64, 0xba, 0x0b, 0x03, 0x71, 0xf8, 0xa2, 0x36, 0x85, 0xfa, 0x62, 0x6f, + 0x26, 0x47, 0xd1, 0x43, 0x70, 0xd5, 0xfb, 0x8a, 0xc2, 0xfd, 0x4d, 0xae, 0xfd, 0xc9, 0x61, 0x83, + 0x80, 0x74, 0x56, 0x0a, 0xfc, 0x69, 0x80, 0x1d, 0x16, 0x2b, 0x6c, 0x1b, 0x62, 0x22, 0x3b, 0xe6, + 0x8e, 0xec, 0x58, 0xaf, 0x98, 0x1d, 0xf2, 0x21, 0x38, 0x72, 0x1e, 0x0b, 0xec, 0xc3, 0xc9, 0xcd, + 0x6d, 0x3d, 0x91, 0xb1, 0x50, 0x39, 0xc9, 0x7e, 0x49, 0x32, 0x9a, 0xf0, 0xb5, 0xe8, 0xae, 0x4e, + 0x58, 0xd9, 0xc1, 0x1f, 0x06, 0xb8, 0x8f, 0xc4, 0x60, 0x7e, 0xdd, 0x35, 0xb4, 0x81, 0xd2, 0xfa, + 0xb7, 0x28, 0xed, 0x06, 0xca, 0x11, 0x0c, 0x35, 0x48, 0x55, 0x8e, 0x25, 0xee, 0x29, 0xae, 0xf0, + 0x8d, 0xc7, 0xad, 0x41, 0x2a, 0xdc, 0x2e, 0xf4, 0xcb, 0x8f, 0xb6, 0xfe, 0x86, 0x7f, 0x02, 0x03, + 0x69, 0xaa, 0x3a, 0x7b, 0x1f, 0x3a, 0xb4, 0x28, 0xc7, 0xaf, 0xfc, 0x70, 0xdf, 0x68, 0xa2, 0x2d, + 0x56, 0x18, 0x4a, 0x8f, 0xfb, 0x63, 0x70, 0x24, 0x12, 0xd2, 0x87, 0xee, 0x37, 0x8b, 0x2f, 0x16, + 0x5f, 0x3d, 0x5f, 0x8c, 0xf6, 0x4a, 0x63, 0x1e, 0x9e, 0x2d, 0x9e, 0xcd, 0xa6, 0x23, 0x83, 0x00, + 0x38, 0xd3, 0xd9, 0xe2, 0xf1, 0x6c, 0x3a, 0x32, 0x27, 0x7f, 0x1b, 0x60, 0x9f, 0x15, 0xfc, 0x9c, + 0x3c, 0x85, 0x9e, 0x9e, 0x72, 0xe4, 0xce, 0xcb, 0xc7, 0xb8, 0xff, 0xce, 0xce, 0x73, 0xc5, 0x67, + 0x8f, 0x3c, 0x81, 0xae, 0x6a, 0x78, 0x72, 0xd4, 0xf0, 0xae, 0x0f, 0x0c, 0xff, 0xce, 0xae, 0xe3, + 0x2a, 0xd6, 0x54, 0xff, 0x85, 0xdc, 0x6e, 0x6d, 0x30, 0x15, 0xe7, 0xed, 0xf6, 0x43, 0x1d, 0x65, + 0xf2, 0x1d, 0xf4, 0xf4, 0x4f, 0x11, 0xf9, 0x1a, 0xec, 0x52, 0x60, 0x12, 0x34, 0xee, 0xb4, 0xfc, + 0x50, 0xf9, 0xf7, 0x5e, 0xea, 0x53, 0x85, 0xff, 0xcb, 0x80, 0x4e, 0x99, 0x08, 0x46, 0xe6, 0xe0, + 0xc8, 0xb2, 0x24, 0x4d, 0x48, 0xb5, 0x96, 0xf2, 0x8f, 0x76, 0x9c, 0x56, 0xbc, 0xe7, 0xe0, 0xc8, + 0x3a, 0xd9, 0x0a, 0x54, 0xab, 0xf1, 0xad, 0x40, 0x8d, 0xe2, 0xda, 0x23, 0x67, 0x8a, 0xae, 0xdf, + 0x42, 0x45, 0x07, 0xb9, 0xdd, 0x7a, 0xa6, 0x43, 0x7c, 0xef, 0x88, 0x7f, 0xd0, 0x07, 0xff, 0x04, + 0x00, 0x00, 0xff, 0xff, 0x60, 0xd4, 0x97, 0x04, 0xa4, 0x0a, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. diff --git a/auth/service/proto/auth.proto b/auth/service/proto/auth.proto index 7590957a..65763bd0 100644 --- a/auth/service/proto/auth.proto +++ b/auth/service/proto/auth.proto @@ -37,7 +37,7 @@ message Account { string type = 2; repeated string roles = 3; map metadata = 4; - string namespace = 5; + repeated string scopes = 5; string provider = 6; string secret = 7; } @@ -46,14 +46,13 @@ message Resource{ string name = 1; string type = 2; string endpoint = 3; - string namespace = 4; } message GenerateRequest { string id = 1; repeated string roles = 2; map metadata = 3; - string namespace = 4; + repeated string scopes = 4; string secret = 5; string type = 6; string provider = 7; diff --git a/auth/service/service.go b/auth/service/service.go index 733244a6..27995ef7 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -63,13 +63,13 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e options := auth.NewGenerateOptions(opts...) rsp, err := s.auth.Generate(context.TODO(), &pb.GenerateRequest{ - Id: id, - Type: options.Type, - Secret: options.Secret, - Roles: options.Roles, - Metadata: options.Metadata, - Provider: options.Provider, - Namespace: options.Namespace, + Id: id, + Type: options.Type, + Secret: options.Secret, + Roles: options.Roles, + Scopes: options.Scopes, + Metadata: options.Metadata, + Provider: options.Provider, }) if err != nil { return nil, err @@ -84,10 +84,9 @@ func (s *svc) Grant(role string, res *auth.Resource) error { Role: role, Access: pb.Access_GRANTED, Resource: &pb.Resource{ - Namespace: res.Namespace, - Type: res.Type, - Name: res.Name, - Endpoint: res.Endpoint, + Type: res.Type, + Name: res.Name, + Endpoint: res.Endpoint, }, }) return err @@ -99,10 +98,9 @@ func (s *svc) Revoke(role string, res *auth.Resource) error { Role: role, Access: pb.Access_GRANTED, Resource: &pb.Resource{ - Namespace: res.Namespace, - Type: res.Type, - Name: res.Name, - Endpoint: res.Endpoint, + Type: res.Type, + Name: res.Name, + Endpoint: res.Endpoint, }, }) return err @@ -110,20 +108,20 @@ func (s *svc) Revoke(role string, res *auth.Resource) error { // Verify an account has access to a resource func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error { + // check the scope + scope := "namespace." + s.options.Namespace + if acc != nil && !acc.HasScope(scope) { + return fmt.Errorf("Missing required scope: %v", scope) + } + // load the rules if none are loaded s.loadRulesIfEmpty() - // set the namespace on the resource - if len(res.Namespace) == 0 { - res.Namespace = s.Options().Namespace - } - queries := [][]string{ - {res.Namespace, res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule) - {res.Namespace, res.Type, res.Name, "*"}, // check for wildcard endpoint, e.g. service.foo* - {res.Namespace, res.Type, "*"}, // check for wildcard name, e.g. service.* - {res.Namespace, "*"}, // check for wildcard type, e.g. * - {"*"}, // check for wildcard namespace + {res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule) + {res.Type, res.Name, "*"}, // check for wildcard endpoint, e.g. service.foo* + {res.Type, "*"}, // check for wildcard name, e.g. service.* + {"*"}, // check for wildcard type, e.g. * } // endpoint is a url which can have wildcard excludes, e.g. @@ -140,10 +138,6 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error { if len(logID) == 0 { logID = "[no account]" } - logNamespace := acc.Namespace - if len(logNamespace) == 0 { - logNamespace = "[no namespace]" - } for _, q := range queries { for _, rule := range s.listRules(q...) { @@ -151,17 +145,17 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error { case pb.Access_UNKNOWN: continue // rule did not specify access, check the next rule case pb.Access_GRANTED: - log.Tracef("%v:%v granted access to %v:%v:%v:%v by rule %v", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, rule.Id) + log.Tracef("%v granted access to %v:%v:%v by rule %v", logID, res.Type, res.Name, res.Endpoint, rule.Id) return nil // rule grants the account access to the resource case pb.Access_DENIED: - log.Tracef("%v:%v denied access to %v:%v:%v:%v by rule %v", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, rule.Id) + log.Tracef("%v denied access to %v:%v:%v by rule %v", logID, res.Type, res.Name, res.Endpoint, rule.Id) return auth.ErrForbidden // rule denies access to the resource } } } // no rules were found for the resource, default to denying access - log.Tracef("%v:%v denied access to %v:%v:%v:%v by lack of rule (%v rules found for namespace)", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, len(s.listRules(res.Namespace))) + log.Tracef("%v denied access to %v:%v:%v by lack of rule", logID, res.Type, res.Name, res.Endpoint) return auth.ErrForbidden } @@ -235,16 +229,13 @@ func (s *svc) listRules(filters ...string) []*pb.Rule { var rules []*pb.Rule for _, r := range s.rules { - if len(filters) > 0 && r.Resource.Namespace != filters[0] { + if len(filters) > 1 && r.Resource.Type != filters[0] { continue } - if len(filters) > 1 && r.Resource.Type != filters[1] { + if len(filters) > 2 && r.Resource.Name != filters[1] { continue } - if len(filters) > 2 && r.Resource.Name != filters[2] { - continue - } - if len(filters) > 3 && r.Resource.Endpoint != filters[3] { + if len(filters) > 3 && r.Resource.Endpoint != filters[2] { continue } @@ -294,12 +285,12 @@ func serializeToken(t *pb.Token) *auth.Token { func serializeAccount(a *pb.Account) *auth.Account { return &auth.Account{ - ID: a.Id, - Roles: a.Roles, - Secret: a.Secret, - Metadata: a.Metadata, - Provider: a.Provider, - Namespace: a.Namespace, + ID: a.Id, + Roles: a.Roles, + Secret: a.Secret, + Metadata: a.Metadata, + Provider: a.Provider, + Scopes: a.Scopes, } } diff --git a/auth/token/jwt/jwt.go b/auth/token/jwt/jwt.go index a633736d..01f35391 100644 --- a/auth/token/jwt/jwt.go +++ b/auth/token/jwt/jwt.go @@ -11,11 +11,11 @@ import ( // authClaims to be encoded in the JWT type authClaims struct { - Type string `json:"type"` - Roles []string `json:"roles"` - Provider string `json:"provider"` - Metadata map[string]string `json:"metadata"` - Namespace string `json:"namespace"` + Type string `json:"type"` + Roles []string `json:"roles"` + Scopes []string `json:"scopes"` + Provider string `json:"provider"` + Metadata map[string]string `json:"metadata"` jwt.StandardClaims } @@ -52,7 +52,7 @@ func (j *JWT) Generate(acc *auth.Account, opts ...token.GenerateOption) (*token. // generate the JWT expiry := time.Now().Add(options.Expiry) t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{ - acc.Type, acc.Roles, acc.Provider, acc.Metadata, acc.Namespace, jwt.StandardClaims{ + acc.Type, acc.Roles, acc.Scopes, acc.Provider, acc.Metadata, jwt.StandardClaims{ Subject: acc.ID, ExpiresAt: expiry.Unix(), }, @@ -97,12 +97,12 @@ func (j *JWT) Inspect(t string) (*auth.Account, error) { // return the token return &auth.Account{ - ID: claims.Subject, - Type: claims.Type, - Roles: claims.Roles, - Provider: claims.Provider, - Metadata: claims.Metadata, - Namespace: claims.Namespace, + ID: claims.Subject, + Type: claims.Type, + Roles: claims.Roles, + Scopes: claims.Scopes, + Provider: claims.Provider, + Metadata: claims.Metadata, }, nil } diff --git a/config/cmd/cmd.go b/config/cmd/cmd.go index 6ee8bd92..33b2493e 100644 --- a/config/cmd/cmd.go +++ b/config/cmd/cmd.go @@ -278,6 +278,7 @@ var ( Name: "auth_namespace", EnvVars: []string{"MICRO_AUTH_NAMESPACE"}, Usage: "Namespace for the services auth account", + Value: "go.micro", }, &cli.StringFlag{ Name: "auth_public_key", diff --git a/server/proto/server.pb.go b/server/proto/server.pb.go index ea21354b..5813ff28 100644 --- a/server/proto/server.pb.go +++ b/server/proto/server.pb.go @@ -1,350 +1,324 @@ // Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.22.0 -// protoc v3.6.1 -// source: github.com/micro/go-micro/server/proto/server.proto +// source: server/proto/server.proto package go_micro_server import ( + context "context" + fmt "fmt" proto "github.com/golang/protobuf/proto" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" + math "math" ) -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package type HandleRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Service string `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"` - Endpoint string `protobuf:"bytes,2,opt,name=endpoint,proto3" json:"endpoint,omitempty"` - Protocol string `protobuf:"bytes,3,opt,name=protocol,proto3" json:"protocol,omitempty"` + Service string `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"` + Endpoint string `protobuf:"bytes,2,opt,name=endpoint,proto3" json:"endpoint,omitempty"` + Protocol string `protobuf:"bytes,3,opt,name=protocol,proto3" json:"protocol,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *HandleRequest) Reset() { - *x = HandleRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HandleRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HandleRequest) ProtoMessage() {} - -func (x *HandleRequest) ProtoReflect() protoreflect.Message { - mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HandleRequest.ProtoReflect.Descriptor instead. +func (m *HandleRequest) Reset() { *m = HandleRequest{} } +func (m *HandleRequest) String() string { return proto.CompactTextString(m) } +func (*HandleRequest) ProtoMessage() {} func (*HandleRequest) Descriptor() ([]byte, []int) { - return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{0} + return fileDescriptor_1959cecd4d1121a1, []int{0} } -func (x *HandleRequest) GetService() string { - if x != nil { - return x.Service +func (m *HandleRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_HandleRequest.Unmarshal(m, b) +} +func (m *HandleRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_HandleRequest.Marshal(b, m, deterministic) +} +func (m *HandleRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_HandleRequest.Merge(m, src) +} +func (m *HandleRequest) XXX_Size() int { + return xxx_messageInfo_HandleRequest.Size(m) +} +func (m *HandleRequest) XXX_DiscardUnknown() { + xxx_messageInfo_HandleRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_HandleRequest proto.InternalMessageInfo + +func (m *HandleRequest) GetService() string { + if m != nil { + return m.Service } return "" } -func (x *HandleRequest) GetEndpoint() string { - if x != nil { - return x.Endpoint +func (m *HandleRequest) GetEndpoint() string { + if m != nil { + return m.Endpoint } return "" } -func (x *HandleRequest) GetProtocol() string { - if x != nil { - return x.Protocol +func (m *HandleRequest) GetProtocol() string { + if m != nil { + return m.Protocol } return "" } type HandleResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *HandleResponse) Reset() { - *x = HandleResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HandleResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HandleResponse) ProtoMessage() {} - -func (x *HandleResponse) ProtoReflect() protoreflect.Message { - mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HandleResponse.ProtoReflect.Descriptor instead. +func (m *HandleResponse) Reset() { *m = HandleResponse{} } +func (m *HandleResponse) String() string { return proto.CompactTextString(m) } +func (*HandleResponse) ProtoMessage() {} func (*HandleResponse) Descriptor() ([]byte, []int) { - return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{1} + return fileDescriptor_1959cecd4d1121a1, []int{1} } +func (m *HandleResponse) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_HandleResponse.Unmarshal(m, b) +} +func (m *HandleResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_HandleResponse.Marshal(b, m, deterministic) +} +func (m *HandleResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_HandleResponse.Merge(m, src) +} +func (m *HandleResponse) XXX_Size() int { + return xxx_messageInfo_HandleResponse.Size(m) +} +func (m *HandleResponse) XXX_DiscardUnknown() { + xxx_messageInfo_HandleResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_HandleResponse proto.InternalMessageInfo + type SubscribeRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Topic string `protobuf:"bytes,1,opt,name=topic,proto3" json:"topic,omitempty"` + Topic string `protobuf:"bytes,1,opt,name=topic,proto3" json:"topic,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *SubscribeRequest) Reset() { - *x = SubscribeRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SubscribeRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SubscribeRequest) ProtoMessage() {} - -func (x *SubscribeRequest) ProtoReflect() protoreflect.Message { - mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SubscribeRequest.ProtoReflect.Descriptor instead. +func (m *SubscribeRequest) Reset() { *m = SubscribeRequest{} } +func (m *SubscribeRequest) String() string { return proto.CompactTextString(m) } +func (*SubscribeRequest) ProtoMessage() {} func (*SubscribeRequest) Descriptor() ([]byte, []int) { - return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{2} + return fileDescriptor_1959cecd4d1121a1, []int{2} } -func (x *SubscribeRequest) GetTopic() string { - if x != nil { - return x.Topic +func (m *SubscribeRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_SubscribeRequest.Unmarshal(m, b) +} +func (m *SubscribeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_SubscribeRequest.Marshal(b, m, deterministic) +} +func (m *SubscribeRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_SubscribeRequest.Merge(m, src) +} +func (m *SubscribeRequest) XXX_Size() int { + return xxx_messageInfo_SubscribeRequest.Size(m) +} +func (m *SubscribeRequest) XXX_DiscardUnknown() { + xxx_messageInfo_SubscribeRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_SubscribeRequest proto.InternalMessageInfo + +func (m *SubscribeRequest) GetTopic() string { + if m != nil { + return m.Topic } return "" } type SubscribeResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *SubscribeResponse) Reset() { - *x = SubscribeResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SubscribeResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SubscribeResponse) ProtoMessage() {} - -func (x *SubscribeResponse) ProtoReflect() protoreflect.Message { - mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SubscribeResponse.ProtoReflect.Descriptor instead. +func (m *SubscribeResponse) Reset() { *m = SubscribeResponse{} } +func (m *SubscribeResponse) String() string { return proto.CompactTextString(m) } +func (*SubscribeResponse) ProtoMessage() {} func (*SubscribeResponse) Descriptor() ([]byte, []int) { - return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{3} + return fileDescriptor_1959cecd4d1121a1, []int{3} } -var File_github_com_micro_go_micro_server_proto_server_proto protoreflect.FileDescriptor - -var file_github_com_micro_go_micro_server_proto_server_proto_rawDesc = []byte{ - 0x0a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6d, 0x69, 0x63, - 0x72, 0x6f, 0x2f, 0x67, 0x6f, 0x2d, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2f, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0x61, 0x0a, 0x0d, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x1a, 0x0a, - 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x10, 0x0a, 0x0e, 0x48, 0x61, 0x6e, - 0x64, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x0a, 0x10, 0x53, - 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, - 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x70, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x74, 0x6f, 0x70, 0x69, 0x63, 0x22, 0x13, 0x0a, 0x11, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, - 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xab, 0x01, 0x0a, 0x06, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x4b, 0x0a, 0x06, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x12, - 0x1e, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x1f, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x22, 0x00, 0x12, 0x54, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12, - 0x21, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +func (m *SubscribeResponse) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_SubscribeResponse.Unmarshal(m, b) +} +func (m *SubscribeResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_SubscribeResponse.Marshal(b, m, deterministic) +} +func (m *SubscribeResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_SubscribeResponse.Merge(m, src) +} +func (m *SubscribeResponse) XXX_Size() int { + return xxx_messageInfo_SubscribeResponse.Size(m) +} +func (m *SubscribeResponse) XXX_DiscardUnknown() { + xxx_messageInfo_SubscribeResponse.DiscardUnknown(m) } -var ( - file_github_com_micro_go_micro_server_proto_server_proto_rawDescOnce sync.Once - file_github_com_micro_go_micro_server_proto_server_proto_rawDescData = file_github_com_micro_go_micro_server_proto_server_proto_rawDesc -) +var xxx_messageInfo_SubscribeResponse proto.InternalMessageInfo -func file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP() []byte { - file_github_com_micro_go_micro_server_proto_server_proto_rawDescOnce.Do(func() { - file_github_com_micro_go_micro_server_proto_server_proto_rawDescData = protoimpl.X.CompressGZIP(file_github_com_micro_go_micro_server_proto_server_proto_rawDescData) - }) - return file_github_com_micro_go_micro_server_proto_server_proto_rawDescData +func init() { + proto.RegisterType((*HandleRequest)(nil), "go.micro.server.HandleRequest") + proto.RegisterType((*HandleResponse)(nil), "go.micro.server.HandleResponse") + proto.RegisterType((*SubscribeRequest)(nil), "go.micro.server.SubscribeRequest") + proto.RegisterType((*SubscribeResponse)(nil), "go.micro.server.SubscribeResponse") } -var file_github_com_micro_go_micro_server_proto_server_proto_msgTypes = make([]protoimpl.MessageInfo, 4) -var file_github_com_micro_go_micro_server_proto_server_proto_goTypes = []interface{}{ - (*HandleRequest)(nil), // 0: go.micro.server.HandleRequest - (*HandleResponse)(nil), // 1: go.micro.server.HandleResponse - (*SubscribeRequest)(nil), // 2: go.micro.server.SubscribeRequest - (*SubscribeResponse)(nil), // 3: go.micro.server.SubscribeResponse -} -var file_github_com_micro_go_micro_server_proto_server_proto_depIdxs = []int32{ - 0, // 0: go.micro.server.Server.Handle:input_type -> go.micro.server.HandleRequest - 2, // 1: go.micro.server.Server.Subscribe:input_type -> go.micro.server.SubscribeRequest - 1, // 2: go.micro.server.Server.Handle:output_type -> go.micro.server.HandleResponse - 3, // 3: go.micro.server.Server.Subscribe:output_type -> go.micro.server.SubscribeResponse - 2, // [2:4] is the sub-list for method output_type - 0, // [0:2] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name +func init() { proto.RegisterFile("server/proto/server.proto", fileDescriptor_1959cecd4d1121a1) } + +var fileDescriptor_1959cecd4d1121a1 = []byte{ + // 223 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x2c, 0x4e, 0x2d, 0x2a, + 0x4b, 0x2d, 0xd2, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0xd7, 0x87, 0x70, 0xf4, 0xc0, 0x1c, 0x21, 0xfe, + 0xf4, 0x7c, 0xbd, 0xdc, 0xcc, 0xe4, 0xa2, 0x7c, 0x3d, 0x88, 0xb0, 0x52, 0x22, 0x17, 0xaf, 0x47, + 0x62, 0x5e, 0x4a, 0x4e, 0x6a, 0x50, 0x6a, 0x61, 0x69, 0x6a, 0x71, 0x89, 0x90, 0x04, 0x17, 0x3b, + 0x48, 0x2a, 0x33, 0x39, 0x55, 0x82, 0x51, 0x81, 0x51, 0x83, 0x33, 0x08, 0xc6, 0x15, 0x92, 0xe2, + 0xe2, 0x48, 0xcd, 0x4b, 0x29, 0xc8, 0xcf, 0xcc, 0x2b, 0x91, 0x60, 0x02, 0x4b, 0xc1, 0xf9, 0x20, + 0x39, 0xb0, 0x05, 0xc9, 0xf9, 0x39, 0x12, 0xcc, 0x10, 0x39, 0x18, 0x5f, 0x49, 0x80, 0x8b, 0x0f, + 0x66, 0x45, 0x71, 0x41, 0x7e, 0x5e, 0x71, 0xaa, 0x92, 0x06, 0x97, 0x40, 0x70, 0x69, 0x52, 0x71, + 0x72, 0x51, 0x66, 0x12, 0xdc, 0x5e, 0x11, 0x2e, 0xd6, 0x92, 0xfc, 0x82, 0xcc, 0x64, 0xa8, 0xad, + 0x10, 0x8e, 0x92, 0x30, 0x97, 0x20, 0x92, 0x4a, 0x88, 0x76, 0xa3, 0xd5, 0x8c, 0x5c, 0x6c, 0xc1, + 0x60, 0xe7, 0x0b, 0x79, 0x73, 0xb1, 0x41, 0xcc, 0x16, 0x92, 0xd3, 0x43, 0xf3, 0x9a, 0x1e, 0x8a, + 0xbf, 0xa4, 0xe4, 0x71, 0xca, 0x43, 0x1d, 0xc5, 0x20, 0x14, 0xc2, 0xc5, 0x09, 0xb7, 0x4c, 0x48, + 0x11, 0x43, 0x3d, 0xba, 0x93, 0xa5, 0x94, 0xf0, 0x29, 0x81, 0x99, 0x9a, 0xc4, 0x06, 0x0e, 0x08, + 0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa4, 0x3f, 0x79, 0x80, 0x96, 0x01, 0x00, 0x00, } -func init() { file_github_com_micro_go_micro_server_proto_server_proto_init() } -func file_github_com_micro_go_micro_server_proto_server_proto_init() { - if File_github_com_micro_go_micro_server_proto_server_proto != nil { - return +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConn + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion4 + +// ServerClient is the client API for Server service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type ServerClient interface { + Handle(ctx context.Context, in *HandleRequest, opts ...grpc.CallOption) (*HandleResponse, error) + Subscribe(ctx context.Context, in *SubscribeRequest, opts ...grpc.CallOption) (*SubscribeResponse, error) +} + +type serverClient struct { + cc *grpc.ClientConn +} + +func NewServerClient(cc *grpc.ClientConn) ServerClient { + return &serverClient{cc} +} + +func (c *serverClient) Handle(ctx context.Context, in *HandleRequest, opts ...grpc.CallOption) (*HandleResponse, error) { + out := new(HandleResponse) + err := c.cc.Invoke(ctx, "/go.micro.server.Server/Handle", in, out, opts...) + if err != nil { + return nil, err } - if !protoimpl.UnsafeEnabled { - file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HandleRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HandleResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SubscribeRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SubscribeResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } + return out, nil +} + +func (c *serverClient) Subscribe(ctx context.Context, in *SubscribeRequest, opts ...grpc.CallOption) (*SubscribeResponse, error) { + out := new(SubscribeResponse) + err := c.cc.Invoke(ctx, "/go.micro.server.Server/Subscribe", in, out, opts...) + if err != nil { + return nil, err } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_github_com_micro_go_micro_server_proto_server_proto_rawDesc, - NumEnums: 0, - NumMessages: 4, - NumExtensions: 0, - NumServices: 1, + return out, nil +} + +// ServerServer is the server API for Server service. +type ServerServer interface { + Handle(context.Context, *HandleRequest) (*HandleResponse, error) + Subscribe(context.Context, *SubscribeRequest) (*SubscribeResponse, error) +} + +// UnimplementedServerServer can be embedded to have forward compatible implementations. +type UnimplementedServerServer struct { +} + +func (*UnimplementedServerServer) Handle(ctx context.Context, req *HandleRequest) (*HandleResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Handle not implemented") +} +func (*UnimplementedServerServer) Subscribe(ctx context.Context, req *SubscribeRequest) (*SubscribeResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Subscribe not implemented") +} + +func RegisterServerServer(s *grpc.Server, srv ServerServer) { + s.RegisterService(&_Server_serviceDesc, srv) +} + +func _Server_Handle_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(HandleRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ServerServer).Handle(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/go.micro.server.Server/Handle", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ServerServer).Handle(ctx, req.(*HandleRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Server_Subscribe_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SubscribeRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ServerServer).Subscribe(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/go.micro.server.Server/Subscribe", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ServerServer).Subscribe(ctx, req.(*SubscribeRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _Server_serviceDesc = grpc.ServiceDesc{ + ServiceName: "go.micro.server.Server", + HandlerType: (*ServerServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Handle", + Handler: _Server_Handle_Handler, }, - GoTypes: file_github_com_micro_go_micro_server_proto_server_proto_goTypes, - DependencyIndexes: file_github_com_micro_go_micro_server_proto_server_proto_depIdxs, - MessageInfos: file_github_com_micro_go_micro_server_proto_server_proto_msgTypes, - }.Build() - File_github_com_micro_go_micro_server_proto_server_proto = out.File - file_github_com_micro_go_micro_server_proto_server_proto_rawDesc = nil - file_github_com_micro_go_micro_server_proto_server_proto_goTypes = nil - file_github_com_micro_go_micro_server_proto_server_proto_depIdxs = nil + { + MethodName: "Subscribe", + Handler: _Server_Subscribe_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "server/proto/server.proto", } diff --git a/server/proto/server.pb.micro.go b/server/proto/server.pb.micro.go index 61ba016f..5d84eda9 100644 --- a/server/proto/server.pb.micro.go +++ b/server/proto/server.pb.micro.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-micro. DO NOT EDIT. -// source: github.com/micro/go-micro/server/proto/server.proto +// source: server/proto/server.proto package go_micro_server diff --git a/util/auth/auth.go b/util/auth/auth.go index 454c5e9e..b0fdeb5b 100644 --- a/util/auth/auth.go +++ b/util/auth/auth.go @@ -18,17 +18,19 @@ func Generate(id string, name string, a auth.Auth) error { // if no credentials were provided, generate an account if len(accID) == 0 || len(accSecret) == 0 { name := fmt.Sprintf("%v-%v", name, id) + scope := "namespace." + a.Options().Namespace + opts := []auth.GenerateOption{ auth.WithType("service"), auth.WithRoles("service"), - auth.WithNamespace(a.Options().Namespace), + auth.WithScopes(scope), } acc, err := a.Generate(name, opts...) if err != nil { return err } - logger.Infof("Auth [%v] Authenticated as %v in the %v namespace", a, name, acc.Namespace) + logger.Infof("Auth [%v] Authenticated as %v in the %v scope", a, name, scope) accID = acc.ID accSecret = acc.Secret diff --git a/util/file/proto/file.pb.go b/util/file/proto/file.pb.go index 3e2e7799..826ca43b 100644 --- a/util/file/proto/file.pb.go +++ b/util/file/proto/file.pb.go @@ -1,968 +1,854 @@ // Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.22.0 -// protoc v3.6.1 -// source: micro/go-micro/util/file/proto/file.proto +// source: util/file/proto/file.proto package go_micro_server import ( + context "context" + fmt "fmt" proto "github.com/golang/protobuf/proto" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" + math "math" ) -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package type OpenRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Filename string `protobuf:"bytes,1,opt,name=filename,proto3" json:"filename,omitempty"` - Truncate bool `protobuf:"varint,2,opt,name=truncate,proto3" json:"truncate,omitempty"` + Filename string `protobuf:"bytes,1,opt,name=filename,proto3" json:"filename,omitempty"` + Truncate bool `protobuf:"varint,2,opt,name=truncate,proto3" json:"truncate,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *OpenRequest) Reset() { - *x = OpenRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *OpenRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*OpenRequest) ProtoMessage() {} - -func (x *OpenRequest) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use OpenRequest.ProtoReflect.Descriptor instead. +func (m *OpenRequest) Reset() { *m = OpenRequest{} } +func (m *OpenRequest) String() string { return proto.CompactTextString(m) } +func (*OpenRequest) ProtoMessage() {} func (*OpenRequest) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{0} + return fileDescriptor_c90a6c4a93f92bf4, []int{0} } -func (x *OpenRequest) GetFilename() string { - if x != nil { - return x.Filename +func (m *OpenRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_OpenRequest.Unmarshal(m, b) +} +func (m *OpenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_OpenRequest.Marshal(b, m, deterministic) +} +func (m *OpenRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_OpenRequest.Merge(m, src) +} +func (m *OpenRequest) XXX_Size() int { + return xxx_messageInfo_OpenRequest.Size(m) +} +func (m *OpenRequest) XXX_DiscardUnknown() { + xxx_messageInfo_OpenRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_OpenRequest proto.InternalMessageInfo + +func (m *OpenRequest) GetFilename() string { + if m != nil { + return m.Filename } return "" } -func (x *OpenRequest) GetTruncate() bool { - if x != nil { - return x.Truncate +func (m *OpenRequest) GetTruncate() bool { + if m != nil { + return m.Truncate } return false } type OpenResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` - Result bool `protobuf:"varint,2,opt,name=result,proto3" json:"result,omitempty"` + Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` + Result bool `protobuf:"varint,2,opt,name=result,proto3" json:"result,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *OpenResponse) Reset() { - *x = OpenResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *OpenResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*OpenResponse) ProtoMessage() {} - -func (x *OpenResponse) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use OpenResponse.ProtoReflect.Descriptor instead. +func (m *OpenResponse) Reset() { *m = OpenResponse{} } +func (m *OpenResponse) String() string { return proto.CompactTextString(m) } +func (*OpenResponse) ProtoMessage() {} func (*OpenResponse) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{1} + return fileDescriptor_c90a6c4a93f92bf4, []int{1} } -func (x *OpenResponse) GetId() int64 { - if x != nil { - return x.Id +func (m *OpenResponse) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_OpenResponse.Unmarshal(m, b) +} +func (m *OpenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_OpenResponse.Marshal(b, m, deterministic) +} +func (m *OpenResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_OpenResponse.Merge(m, src) +} +func (m *OpenResponse) XXX_Size() int { + return xxx_messageInfo_OpenResponse.Size(m) +} +func (m *OpenResponse) XXX_DiscardUnknown() { + xxx_messageInfo_OpenResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_OpenResponse proto.InternalMessageInfo + +func (m *OpenResponse) GetId() int64 { + if m != nil { + return m.Id } return 0 } -func (x *OpenResponse) GetResult() bool { - if x != nil { - return x.Result +func (m *OpenResponse) GetResult() bool { + if m != nil { + return m.Result } return false } type CloseRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` + Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *CloseRequest) Reset() { - *x = CloseRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CloseRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CloseRequest) ProtoMessage() {} - -func (x *CloseRequest) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CloseRequest.ProtoReflect.Descriptor instead. +func (m *CloseRequest) Reset() { *m = CloseRequest{} } +func (m *CloseRequest) String() string { return proto.CompactTextString(m) } +func (*CloseRequest) ProtoMessage() {} func (*CloseRequest) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{2} + return fileDescriptor_c90a6c4a93f92bf4, []int{2} } -func (x *CloseRequest) GetId() int64 { - if x != nil { - return x.Id +func (m *CloseRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_CloseRequest.Unmarshal(m, b) +} +func (m *CloseRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_CloseRequest.Marshal(b, m, deterministic) +} +func (m *CloseRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_CloseRequest.Merge(m, src) +} +func (m *CloseRequest) XXX_Size() int { + return xxx_messageInfo_CloseRequest.Size(m) +} +func (m *CloseRequest) XXX_DiscardUnknown() { + xxx_messageInfo_CloseRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_CloseRequest proto.InternalMessageInfo + +func (m *CloseRequest) GetId() int64 { + if m != nil { + return m.Id } return 0 } type CloseResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *CloseResponse) Reset() { - *x = CloseResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CloseResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CloseResponse) ProtoMessage() {} - -func (x *CloseResponse) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CloseResponse.ProtoReflect.Descriptor instead. +func (m *CloseResponse) Reset() { *m = CloseResponse{} } +func (m *CloseResponse) String() string { return proto.CompactTextString(m) } +func (*CloseResponse) ProtoMessage() {} func (*CloseResponse) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{3} + return fileDescriptor_c90a6c4a93f92bf4, []int{3} } +func (m *CloseResponse) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_CloseResponse.Unmarshal(m, b) +} +func (m *CloseResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_CloseResponse.Marshal(b, m, deterministic) +} +func (m *CloseResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_CloseResponse.Merge(m, src) +} +func (m *CloseResponse) XXX_Size() int { + return xxx_messageInfo_CloseResponse.Size(m) +} +func (m *CloseResponse) XXX_DiscardUnknown() { + xxx_messageInfo_CloseResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_CloseResponse proto.InternalMessageInfo + type StatRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Filename string `protobuf:"bytes,1,opt,name=filename,proto3" json:"filename,omitempty"` + Filename string `protobuf:"bytes,1,opt,name=filename,proto3" json:"filename,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *StatRequest) Reset() { - *x = StatRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *StatRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*StatRequest) ProtoMessage() {} - -func (x *StatRequest) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use StatRequest.ProtoReflect.Descriptor instead. +func (m *StatRequest) Reset() { *m = StatRequest{} } +func (m *StatRequest) String() string { return proto.CompactTextString(m) } +func (*StatRequest) ProtoMessage() {} func (*StatRequest) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{4} + return fileDescriptor_c90a6c4a93f92bf4, []int{4} } -func (x *StatRequest) GetFilename() string { - if x != nil { - return x.Filename +func (m *StatRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_StatRequest.Unmarshal(m, b) +} +func (m *StatRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_StatRequest.Marshal(b, m, deterministic) +} +func (m *StatRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_StatRequest.Merge(m, src) +} +func (m *StatRequest) XXX_Size() int { + return xxx_messageInfo_StatRequest.Size(m) +} +func (m *StatRequest) XXX_DiscardUnknown() { + xxx_messageInfo_StatRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_StatRequest proto.InternalMessageInfo + +func (m *StatRequest) GetFilename() string { + if m != nil { + return m.Filename } return "" } type StatResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - Size int64 `protobuf:"varint,2,opt,name=size,proto3" json:"size,omitempty"` - LastModified int64 `protobuf:"varint,3,opt,name=last_modified,json=lastModified,proto3" json:"last_modified,omitempty"` + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + Size int64 `protobuf:"varint,2,opt,name=size,proto3" json:"size,omitempty"` + LastModified int64 `protobuf:"varint,3,opt,name=last_modified,json=lastModified,proto3" json:"last_modified,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *StatResponse) Reset() { - *x = StatResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *StatResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*StatResponse) ProtoMessage() {} - -func (x *StatResponse) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use StatResponse.ProtoReflect.Descriptor instead. +func (m *StatResponse) Reset() { *m = StatResponse{} } +func (m *StatResponse) String() string { return proto.CompactTextString(m) } +func (*StatResponse) ProtoMessage() {} func (*StatResponse) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{5} + return fileDescriptor_c90a6c4a93f92bf4, []int{5} } -func (x *StatResponse) GetType() string { - if x != nil { - return x.Type +func (m *StatResponse) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_StatResponse.Unmarshal(m, b) +} +func (m *StatResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_StatResponse.Marshal(b, m, deterministic) +} +func (m *StatResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_StatResponse.Merge(m, src) +} +func (m *StatResponse) XXX_Size() int { + return xxx_messageInfo_StatResponse.Size(m) +} +func (m *StatResponse) XXX_DiscardUnknown() { + xxx_messageInfo_StatResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_StatResponse proto.InternalMessageInfo + +func (m *StatResponse) GetType() string { + if m != nil { + return m.Type } return "" } -func (x *StatResponse) GetSize() int64 { - if x != nil { - return x.Size +func (m *StatResponse) GetSize() int64 { + if m != nil { + return m.Size } return 0 } -func (x *StatResponse) GetLastModified() int64 { - if x != nil { - return x.LastModified +func (m *StatResponse) GetLastModified() int64 { + if m != nil { + return m.LastModified } return 0 } type ReadRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` - Offset int64 `protobuf:"varint,2,opt,name=offset,proto3" json:"offset,omitempty"` - Size int64 `protobuf:"varint,3,opt,name=size,proto3" json:"size,omitempty"` + Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` + Offset int64 `protobuf:"varint,2,opt,name=offset,proto3" json:"offset,omitempty"` + Size int64 `protobuf:"varint,3,opt,name=size,proto3" json:"size,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *ReadRequest) Reset() { - *x = ReadRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ReadRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ReadRequest) ProtoMessage() {} - -func (x *ReadRequest) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ReadRequest.ProtoReflect.Descriptor instead. +func (m *ReadRequest) Reset() { *m = ReadRequest{} } +func (m *ReadRequest) String() string { return proto.CompactTextString(m) } +func (*ReadRequest) ProtoMessage() {} func (*ReadRequest) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{6} + return fileDescriptor_c90a6c4a93f92bf4, []int{6} } -func (x *ReadRequest) GetId() int64 { - if x != nil { - return x.Id +func (m *ReadRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_ReadRequest.Unmarshal(m, b) +} +func (m *ReadRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_ReadRequest.Marshal(b, m, deterministic) +} +func (m *ReadRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_ReadRequest.Merge(m, src) +} +func (m *ReadRequest) XXX_Size() int { + return xxx_messageInfo_ReadRequest.Size(m) +} +func (m *ReadRequest) XXX_DiscardUnknown() { + xxx_messageInfo_ReadRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_ReadRequest proto.InternalMessageInfo + +func (m *ReadRequest) GetId() int64 { + if m != nil { + return m.Id } return 0 } -func (x *ReadRequest) GetOffset() int64 { - if x != nil { - return x.Offset +func (m *ReadRequest) GetOffset() int64 { + if m != nil { + return m.Offset } return 0 } -func (x *ReadRequest) GetSize() int64 { - if x != nil { - return x.Size +func (m *ReadRequest) GetSize() int64 { + if m != nil { + return m.Size } return 0 } type ReadResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Size int64 `protobuf:"varint,1,opt,name=size,proto3" json:"size,omitempty"` - Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"` - Eof bool `protobuf:"varint,3,opt,name=eof,proto3" json:"eof,omitempty"` + Size int64 `protobuf:"varint,1,opt,name=size,proto3" json:"size,omitempty"` + Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"` + Eof bool `protobuf:"varint,3,opt,name=eof,proto3" json:"eof,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *ReadResponse) Reset() { - *x = ReadResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ReadResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ReadResponse) ProtoMessage() {} - -func (x *ReadResponse) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ReadResponse.ProtoReflect.Descriptor instead. +func (m *ReadResponse) Reset() { *m = ReadResponse{} } +func (m *ReadResponse) String() string { return proto.CompactTextString(m) } +func (*ReadResponse) ProtoMessage() {} func (*ReadResponse) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{7} + return fileDescriptor_c90a6c4a93f92bf4, []int{7} } -func (x *ReadResponse) GetSize() int64 { - if x != nil { - return x.Size +func (m *ReadResponse) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_ReadResponse.Unmarshal(m, b) +} +func (m *ReadResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_ReadResponse.Marshal(b, m, deterministic) +} +func (m *ReadResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_ReadResponse.Merge(m, src) +} +func (m *ReadResponse) XXX_Size() int { + return xxx_messageInfo_ReadResponse.Size(m) +} +func (m *ReadResponse) XXX_DiscardUnknown() { + xxx_messageInfo_ReadResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_ReadResponse proto.InternalMessageInfo + +func (m *ReadResponse) GetSize() int64 { + if m != nil { + return m.Size } return 0 } -func (x *ReadResponse) GetData() []byte { - if x != nil { - return x.Data +func (m *ReadResponse) GetData() []byte { + if m != nil { + return m.Data } return nil } -func (x *ReadResponse) GetEof() bool { - if x != nil { - return x.Eof +func (m *ReadResponse) GetEof() bool { + if m != nil { + return m.Eof } return false } type GetRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` - BlockId int64 `protobuf:"varint,2,opt,name=block_id,json=blockId,proto3" json:"block_id,omitempty"` + Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` + BlockId int64 `protobuf:"varint,2,opt,name=block_id,json=blockId,proto3" json:"block_id,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *GetRequest) Reset() { - *x = GetRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GetRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GetRequest) ProtoMessage() {} - -func (x *GetRequest) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GetRequest.ProtoReflect.Descriptor instead. +func (m *GetRequest) Reset() { *m = GetRequest{} } +func (m *GetRequest) String() string { return proto.CompactTextString(m) } +func (*GetRequest) ProtoMessage() {} func (*GetRequest) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{8} + return fileDescriptor_c90a6c4a93f92bf4, []int{8} } -func (x *GetRequest) GetId() int64 { - if x != nil { - return x.Id +func (m *GetRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_GetRequest.Unmarshal(m, b) +} +func (m *GetRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_GetRequest.Marshal(b, m, deterministic) +} +func (m *GetRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_GetRequest.Merge(m, src) +} +func (m *GetRequest) XXX_Size() int { + return xxx_messageInfo_GetRequest.Size(m) +} +func (m *GetRequest) XXX_DiscardUnknown() { + xxx_messageInfo_GetRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_GetRequest proto.InternalMessageInfo + +func (m *GetRequest) GetId() int64 { + if m != nil { + return m.Id } return 0 } -func (x *GetRequest) GetBlockId() int64 { - if x != nil { - return x.BlockId +func (m *GetRequest) GetBlockId() int64 { + if m != nil { + return m.BlockId } return 0 } type GetResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - BlockId int64 `protobuf:"varint,1,opt,name=block_id,json=blockId,proto3" json:"block_id,omitempty"` - Size int64 `protobuf:"varint,2,opt,name=size,proto3" json:"size,omitempty"` - Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` + BlockId int64 `protobuf:"varint,1,opt,name=block_id,json=blockId,proto3" json:"block_id,omitempty"` + Size int64 `protobuf:"varint,2,opt,name=size,proto3" json:"size,omitempty"` + Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *GetResponse) Reset() { - *x = GetResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GetResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GetResponse) ProtoMessage() {} - -func (x *GetResponse) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GetResponse.ProtoReflect.Descriptor instead. +func (m *GetResponse) Reset() { *m = GetResponse{} } +func (m *GetResponse) String() string { return proto.CompactTextString(m) } +func (*GetResponse) ProtoMessage() {} func (*GetResponse) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{9} + return fileDescriptor_c90a6c4a93f92bf4, []int{9} } -func (x *GetResponse) GetBlockId() int64 { - if x != nil { - return x.BlockId +func (m *GetResponse) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_GetResponse.Unmarshal(m, b) +} +func (m *GetResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_GetResponse.Marshal(b, m, deterministic) +} +func (m *GetResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_GetResponse.Merge(m, src) +} +func (m *GetResponse) XXX_Size() int { + return xxx_messageInfo_GetResponse.Size(m) +} +func (m *GetResponse) XXX_DiscardUnknown() { + xxx_messageInfo_GetResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_GetResponse proto.InternalMessageInfo + +func (m *GetResponse) GetBlockId() int64 { + if m != nil { + return m.BlockId } return 0 } -func (x *GetResponse) GetSize() int64 { - if x != nil { - return x.Size +func (m *GetResponse) GetSize() int64 { + if m != nil { + return m.Size } return 0 } -func (x *GetResponse) GetData() []byte { - if x != nil { - return x.Data +func (m *GetResponse) GetData() []byte { + if m != nil { + return m.Data } return nil } type WriteRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` - Offset int64 `protobuf:"varint,2,opt,name=offset,proto3" json:"offset,omitempty"` - Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` + Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` + Offset int64 `protobuf:"varint,2,opt,name=offset,proto3" json:"offset,omitempty"` + Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *WriteRequest) Reset() { - *x = WriteRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WriteRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WriteRequest) ProtoMessage() {} - -func (x *WriteRequest) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WriteRequest.ProtoReflect.Descriptor instead. +func (m *WriteRequest) Reset() { *m = WriteRequest{} } +func (m *WriteRequest) String() string { return proto.CompactTextString(m) } +func (*WriteRequest) ProtoMessage() {} func (*WriteRequest) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{10} + return fileDescriptor_c90a6c4a93f92bf4, []int{10} } -func (x *WriteRequest) GetId() int64 { - if x != nil { - return x.Id +func (m *WriteRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_WriteRequest.Unmarshal(m, b) +} +func (m *WriteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_WriteRequest.Marshal(b, m, deterministic) +} +func (m *WriteRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_WriteRequest.Merge(m, src) +} +func (m *WriteRequest) XXX_Size() int { + return xxx_messageInfo_WriteRequest.Size(m) +} +func (m *WriteRequest) XXX_DiscardUnknown() { + xxx_messageInfo_WriteRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_WriteRequest proto.InternalMessageInfo + +func (m *WriteRequest) GetId() int64 { + if m != nil { + return m.Id } return 0 } -func (x *WriteRequest) GetOffset() int64 { - if x != nil { - return x.Offset +func (m *WriteRequest) GetOffset() int64 { + if m != nil { + return m.Offset } return 0 } -func (x *WriteRequest) GetData() []byte { - if x != nil { - return x.Data +func (m *WriteRequest) GetData() []byte { + if m != nil { + return m.Data } return nil } type WriteResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *WriteResponse) Reset() { - *x = WriteResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WriteResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WriteResponse) ProtoMessage() {} - -func (x *WriteResponse) ProtoReflect() protoreflect.Message { - mi := &file_micro_go_micro_util_file_proto_file_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WriteResponse.ProtoReflect.Descriptor instead. +func (m *WriteResponse) Reset() { *m = WriteResponse{} } +func (m *WriteResponse) String() string { return proto.CompactTextString(m) } +func (*WriteResponse) ProtoMessage() {} func (*WriteResponse) Descriptor() ([]byte, []int) { - return file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP(), []int{11} + return fileDescriptor_c90a6c4a93f92bf4, []int{11} } -var File_micro_go_micro_util_file_proto_file_proto protoreflect.FileDescriptor - -var file_micro_go_micro_util_file_proto_file_proto_rawDesc = []byte{ - 0x0a, 0x29, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2f, 0x67, 0x6f, 0x2d, 0x6d, 0x69, 0x63, 0x72, 0x6f, - 0x2f, 0x75, 0x74, 0x69, 0x6c, 0x2f, 0x66, 0x69, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2f, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x2e, - 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0x45, 0x0a, 0x0b, - 0x4f, 0x70, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x66, - 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, - 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x72, 0x75, 0x6e, 0x63, - 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x72, 0x75, 0x6e, 0x63, - 0x61, 0x74, 0x65, 0x22, 0x36, 0x0a, 0x0c, 0x4f, 0x70, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, - 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x22, 0x1e, 0x0a, 0x0c, 0x43, - 0x6c, 0x6f, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x0f, 0x0a, 0x0d, 0x43, - 0x6c, 0x6f, 0x73, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x29, 0x0a, 0x0b, - 0x53, 0x74, 0x61, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x66, - 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, - 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x5b, 0x0a, 0x0c, 0x53, 0x74, 0x61, 0x74, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x73, - 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, - 0x23, 0x0a, 0x0d, 0x6c, 0x61, 0x73, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x6c, 0x61, 0x73, 0x74, 0x4d, 0x6f, 0x64, 0x69, - 0x66, 0x69, 0x65, 0x64, 0x22, 0x49, 0x0a, 0x0b, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, - 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x03, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x73, - 0x69, 0x7a, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x22, - 0x48, 0x0a, 0x0c, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, - 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x73, - 0x69, 0x7a, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6f, 0x66, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x65, 0x6f, 0x66, 0x22, 0x37, 0x0a, 0x0a, 0x47, 0x65, 0x74, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x6c, 0x6f, 0x63, 0x6b, - 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x62, 0x6c, 0x6f, 0x63, 0x6b, - 0x49, 0x64, 0x22, 0x50, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x03, 0x52, 0x07, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, - 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, - 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, - 0x64, 0x61, 0x74, 0x61, 0x22, 0x4a, 0x0a, 0x0c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, - 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x12, 0x0a, 0x04, - 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, - 0x22, 0x0f, 0x0a, 0x0d, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x32, 0xef, 0x02, 0x0a, 0x04, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x45, 0x0a, 0x04, 0x4f, 0x70, - 0x65, 0x6e, 0x12, 0x1c, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x4f, 0x70, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x1d, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x4f, 0x70, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x00, 0x12, 0x45, 0x0a, 0x04, 0x53, 0x74, 0x61, 0x74, 0x12, 0x1c, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, - 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x53, 0x74, 0x61, 0x74, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, - 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x45, 0x0a, 0x04, 0x52, 0x65, 0x61, 0x64, - 0x12, 0x1c, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, - 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x2e, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, - 0x48, 0x0a, 0x05, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, - 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, - 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x05, 0x43, 0x6c, 0x6f, - 0x73, 0x65, 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x2e, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +func (m *WriteResponse) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_WriteResponse.Unmarshal(m, b) +} +func (m *WriteResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_WriteResponse.Marshal(b, m, deterministic) +} +func (m *WriteResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_WriteResponse.Merge(m, src) +} +func (m *WriteResponse) XXX_Size() int { + return xxx_messageInfo_WriteResponse.Size(m) +} +func (m *WriteResponse) XXX_DiscardUnknown() { + xxx_messageInfo_WriteResponse.DiscardUnknown(m) } -var ( - file_micro_go_micro_util_file_proto_file_proto_rawDescOnce sync.Once - file_micro_go_micro_util_file_proto_file_proto_rawDescData = file_micro_go_micro_util_file_proto_file_proto_rawDesc -) +var xxx_messageInfo_WriteResponse proto.InternalMessageInfo -func file_micro_go_micro_util_file_proto_file_proto_rawDescGZIP() []byte { - file_micro_go_micro_util_file_proto_file_proto_rawDescOnce.Do(func() { - file_micro_go_micro_util_file_proto_file_proto_rawDescData = protoimpl.X.CompressGZIP(file_micro_go_micro_util_file_proto_file_proto_rawDescData) - }) - return file_micro_go_micro_util_file_proto_file_proto_rawDescData +func init() { + proto.RegisterType((*OpenRequest)(nil), "go.micro.server.OpenRequest") + proto.RegisterType((*OpenResponse)(nil), "go.micro.server.OpenResponse") + proto.RegisterType((*CloseRequest)(nil), "go.micro.server.CloseRequest") + proto.RegisterType((*CloseResponse)(nil), "go.micro.server.CloseResponse") + proto.RegisterType((*StatRequest)(nil), "go.micro.server.StatRequest") + proto.RegisterType((*StatResponse)(nil), "go.micro.server.StatResponse") + proto.RegisterType((*ReadRequest)(nil), "go.micro.server.ReadRequest") + proto.RegisterType((*ReadResponse)(nil), "go.micro.server.ReadResponse") + proto.RegisterType((*GetRequest)(nil), "go.micro.server.GetRequest") + proto.RegisterType((*GetResponse)(nil), "go.micro.server.GetResponse") + proto.RegisterType((*WriteRequest)(nil), "go.micro.server.WriteRequest") + proto.RegisterType((*WriteResponse)(nil), "go.micro.server.WriteResponse") } -var file_micro_go_micro_util_file_proto_file_proto_msgTypes = make([]protoimpl.MessageInfo, 12) -var file_micro_go_micro_util_file_proto_file_proto_goTypes = []interface{}{ - (*OpenRequest)(nil), // 0: go.micro.server.OpenRequest - (*OpenResponse)(nil), // 1: go.micro.server.OpenResponse - (*CloseRequest)(nil), // 2: go.micro.server.CloseRequest - (*CloseResponse)(nil), // 3: go.micro.server.CloseResponse - (*StatRequest)(nil), // 4: go.micro.server.StatRequest - (*StatResponse)(nil), // 5: go.micro.server.StatResponse - (*ReadRequest)(nil), // 6: go.micro.server.ReadRequest - (*ReadResponse)(nil), // 7: go.micro.server.ReadResponse - (*GetRequest)(nil), // 8: go.micro.server.GetRequest - (*GetResponse)(nil), // 9: go.micro.server.GetResponse - (*WriteRequest)(nil), // 10: go.micro.server.WriteRequest - (*WriteResponse)(nil), // 11: go.micro.server.WriteResponse -} -var file_micro_go_micro_util_file_proto_file_proto_depIdxs = []int32{ - 0, // 0: go.micro.server.File.Open:input_type -> go.micro.server.OpenRequest - 4, // 1: go.micro.server.File.Stat:input_type -> go.micro.server.StatRequest - 6, // 2: go.micro.server.File.Read:input_type -> go.micro.server.ReadRequest - 10, // 3: go.micro.server.File.Write:input_type -> go.micro.server.WriteRequest - 2, // 4: go.micro.server.File.Close:input_type -> go.micro.server.CloseRequest - 1, // 5: go.micro.server.File.Open:output_type -> go.micro.server.OpenResponse - 5, // 6: go.micro.server.File.Stat:output_type -> go.micro.server.StatResponse - 7, // 7: go.micro.server.File.Read:output_type -> go.micro.server.ReadResponse - 11, // 8: go.micro.server.File.Write:output_type -> go.micro.server.WriteResponse - 3, // 9: go.micro.server.File.Close:output_type -> go.micro.server.CloseResponse - 5, // [5:10] is the sub-list for method output_type - 0, // [0:5] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name +func init() { proto.RegisterFile("util/file/proto/file.proto", fileDescriptor_c90a6c4a93f92bf4) } + +var fileDescriptor_c90a6c4a93f92bf4 = []byte{ + // 447 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x94, 0xcf, 0x8e, 0xd3, 0x30, + 0x10, 0xc6, 0x9b, 0x3f, 0x2c, 0x61, 0x92, 0x52, 0xe4, 0x03, 0x2a, 0x11, 0xac, 0x56, 0xe6, 0xb2, + 0x5c, 0xb2, 0x12, 0x48, 0xf0, 0x00, 0x68, 0x61, 0x17, 0x09, 0x81, 0xcc, 0x81, 0x03, 0x87, 0x55, + 0xb6, 0x9e, 0x20, 0x8b, 0x34, 0x0e, 0xb1, 0x83, 0x04, 0x2f, 0xcd, 0x2b, 0x20, 0x3b, 0x6e, 0xeb, + 0xb6, 0x89, 0x84, 0xf6, 0x36, 0xe3, 0x19, 0xff, 0xfc, 0xd9, 0xf9, 0x26, 0x90, 0xf7, 0x5a, 0xd4, + 0x17, 0x95, 0xa8, 0xf1, 0xa2, 0xed, 0xa4, 0x96, 0x36, 0x2c, 0x6c, 0x48, 0x16, 0xdf, 0x65, 0xb1, + 0x16, 0xab, 0x4e, 0x16, 0x0a, 0xbb, 0x5f, 0xd8, 0xd1, 0x4b, 0x48, 0x3f, 0xb5, 0xd8, 0x30, 0xfc, + 0xd9, 0xa3, 0xd2, 0x24, 0x87, 0xc4, 0x74, 0x37, 0xe5, 0x1a, 0x97, 0xc1, 0x59, 0x70, 0xfe, 0x80, + 0x6d, 0x73, 0x53, 0xd3, 0x5d, 0xdf, 0xac, 0x4a, 0x8d, 0xcb, 0xf0, 0x2c, 0x38, 0x4f, 0xd8, 0x36, + 0xa7, 0xaf, 0x21, 0x1b, 0x30, 0xaa, 0x95, 0x8d, 0x42, 0xf2, 0x10, 0x42, 0xc1, 0x2d, 0x21, 0x62, + 0xa1, 0xe0, 0xe4, 0x31, 0x9c, 0x74, 0xa8, 0xfa, 0x5a, 0xbb, 0x9d, 0x2e, 0xa3, 0xa7, 0x90, 0xbd, + 0xad, 0xa5, 0xc2, 0xcd, 0xf9, 0x07, 0xfb, 0xe8, 0x02, 0xe6, 0xae, 0x3e, 0x80, 0xe9, 0x0b, 0x48, + 0xbf, 0xe8, 0x52, 0xff, 0x87, 0x5e, 0xfa, 0x0d, 0xb2, 0xa1, 0xd5, 0x69, 0x22, 0x10, 0xeb, 0xdf, + 0xed, 0xa6, 0xcf, 0xc6, 0x66, 0x4d, 0x89, 0x3f, 0xc3, 0x7d, 0x22, 0x66, 0x63, 0xf2, 0x1c, 0xe6, + 0x75, 0xa9, 0xf4, 0xcd, 0x5a, 0x72, 0x51, 0x09, 0xe4, 0xcb, 0xc8, 0x16, 0x33, 0xb3, 0xf8, 0xd1, + 0xad, 0xd1, 0x6b, 0x48, 0x19, 0x96, 0x7c, 0x42, 0xb7, 0xb9, 0xaf, 0xac, 0x2a, 0x85, 0xda, 0x91, + 0x5d, 0xb6, 0x3d, 0x2f, 0xda, 0x9d, 0x47, 0xaf, 0x20, 0x1b, 0x50, 0x3b, 0x9d, 0xb6, 0x27, 0xf0, + 0x34, 0x11, 0x88, 0x79, 0xa9, 0x4b, 0x4b, 0xcb, 0x98, 0x8d, 0xc9, 0x23, 0x88, 0x50, 0x56, 0x16, + 0x95, 0x30, 0x13, 0xd2, 0x37, 0x00, 0xef, 0x51, 0x4f, 0x69, 0x7a, 0x02, 0xc9, 0x6d, 0x2d, 0x57, + 0x3f, 0x6e, 0x04, 0x77, 0xaa, 0xee, 0xdb, 0xfc, 0x9a, 0xd3, 0xcf, 0x90, 0xda, 0x8d, 0x4e, 0x81, + 0xdf, 0x19, 0xec, 0x75, 0x8e, 0x3e, 0xd8, 0x46, 0x5c, 0xb4, 0x13, 0x47, 0x3f, 0x40, 0xf6, 0xb5, + 0x13, 0x1a, 0xef, 0xf0, 0x40, 0x47, 0xac, 0x05, 0xcc, 0x1d, 0x6b, 0xd0, 0xf7, 0xf2, 0x6f, 0x08, + 0xf1, 0x3b, 0x51, 0x23, 0xb9, 0x84, 0xd8, 0xd8, 0x8e, 0x3c, 0x2d, 0x0e, 0x7c, 0x5d, 0x78, 0xa6, + 0xce, 0x9f, 0x4d, 0x54, 0x9d, 0xa5, 0x66, 0x06, 0x63, 0x9c, 0x32, 0x82, 0xf1, 0xbc, 0x36, 0x82, + 0xf1, 0xed, 0x35, 0x60, 0xcc, 0x87, 0x1c, 0xc1, 0x78, 0x56, 0x19, 0xc1, 0xf8, 0x5f, 0x9f, 0xce, + 0xc8, 0x15, 0xdc, 0xb3, 0xd7, 0x25, 0xc7, 0x9d, 0xfe, 0x93, 0xe6, 0xa7, 0x53, 0x65, 0x9f, 0x64, + 0xa7, 0x67, 0x84, 0xe4, 0x4f, 0xdd, 0x08, 0x69, 0x7f, 0xe8, 0x66, 0xb7, 0x27, 0xf6, 0xf7, 0xf1, + 0xea, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xaf, 0x08, 0x7e, 0x74, 0x5c, 0x04, 0x00, 0x00, } -func init() { file_micro_go_micro_util_file_proto_file_proto_init() } -func file_micro_go_micro_util_file_proto_file_proto_init() { - if File_micro_go_micro_util_file_proto_file_proto != nil { - return +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConn + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion4 + +// FileClient is the client API for File service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type FileClient interface { + Open(ctx context.Context, in *OpenRequest, opts ...grpc.CallOption) (*OpenResponse, error) + Stat(ctx context.Context, in *StatRequest, opts ...grpc.CallOption) (*StatResponse, error) + Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error) + Write(ctx context.Context, in *WriteRequest, opts ...grpc.CallOption) (*WriteResponse, error) + Close(ctx context.Context, in *CloseRequest, opts ...grpc.CallOption) (*CloseResponse, error) +} + +type fileClient struct { + cc *grpc.ClientConn +} + +func NewFileClient(cc *grpc.ClientConn) FileClient { + return &fileClient{cc} +} + +func (c *fileClient) Open(ctx context.Context, in *OpenRequest, opts ...grpc.CallOption) (*OpenResponse, error) { + out := new(OpenResponse) + err := c.cc.Invoke(ctx, "/go.micro.server.File/Open", in, out, opts...) + if err != nil { + return nil, err } - if !protoimpl.UnsafeEnabled { - file_micro_go_micro_util_file_proto_file_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OpenRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OpenResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CloseRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CloseResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*StatRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*StatResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReadRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReadResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WriteRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_micro_go_micro_util_file_proto_file_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WriteResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } + return out, nil +} + +func (c *fileClient) Stat(ctx context.Context, in *StatRequest, opts ...grpc.CallOption) (*StatResponse, error) { + out := new(StatResponse) + err := c.cc.Invoke(ctx, "/go.micro.server.File/Stat", in, out, opts...) + if err != nil { + return nil, err } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_micro_go_micro_util_file_proto_file_proto_rawDesc, - NumEnums: 0, - NumMessages: 12, - NumExtensions: 0, - NumServices: 1, + return out, nil +} + +func (c *fileClient) Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ReadResponse, error) { + out := new(ReadResponse) + err := c.cc.Invoke(ctx, "/go.micro.server.File/Read", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *fileClient) Write(ctx context.Context, in *WriteRequest, opts ...grpc.CallOption) (*WriteResponse, error) { + out := new(WriteResponse) + err := c.cc.Invoke(ctx, "/go.micro.server.File/Write", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *fileClient) Close(ctx context.Context, in *CloseRequest, opts ...grpc.CallOption) (*CloseResponse, error) { + out := new(CloseResponse) + err := c.cc.Invoke(ctx, "/go.micro.server.File/Close", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// FileServer is the server API for File service. +type FileServer interface { + Open(context.Context, *OpenRequest) (*OpenResponse, error) + Stat(context.Context, *StatRequest) (*StatResponse, error) + Read(context.Context, *ReadRequest) (*ReadResponse, error) + Write(context.Context, *WriteRequest) (*WriteResponse, error) + Close(context.Context, *CloseRequest) (*CloseResponse, error) +} + +// UnimplementedFileServer can be embedded to have forward compatible implementations. +type UnimplementedFileServer struct { +} + +func (*UnimplementedFileServer) Open(ctx context.Context, req *OpenRequest) (*OpenResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Open not implemented") +} +func (*UnimplementedFileServer) Stat(ctx context.Context, req *StatRequest) (*StatResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Stat not implemented") +} +func (*UnimplementedFileServer) Read(ctx context.Context, req *ReadRequest) (*ReadResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Read not implemented") +} +func (*UnimplementedFileServer) Write(ctx context.Context, req *WriteRequest) (*WriteResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Write not implemented") +} +func (*UnimplementedFileServer) Close(ctx context.Context, req *CloseRequest) (*CloseResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Close not implemented") +} + +func RegisterFileServer(s *grpc.Server, srv FileServer) { + s.RegisterService(&_File_serviceDesc, srv) +} + +func _File_Open_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(OpenRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(FileServer).Open(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/go.micro.server.File/Open", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(FileServer).Open(ctx, req.(*OpenRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _File_Stat_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(StatRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(FileServer).Stat(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/go.micro.server.File/Stat", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(FileServer).Stat(ctx, req.(*StatRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _File_Read_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ReadRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(FileServer).Read(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/go.micro.server.File/Read", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(FileServer).Read(ctx, req.(*ReadRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _File_Write_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(WriteRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(FileServer).Write(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/go.micro.server.File/Write", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(FileServer).Write(ctx, req.(*WriteRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _File_Close_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CloseRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(FileServer).Close(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/go.micro.server.File/Close", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(FileServer).Close(ctx, req.(*CloseRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _File_serviceDesc = grpc.ServiceDesc{ + ServiceName: "go.micro.server.File", + HandlerType: (*FileServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Open", + Handler: _File_Open_Handler, }, - GoTypes: file_micro_go_micro_util_file_proto_file_proto_goTypes, - DependencyIndexes: file_micro_go_micro_util_file_proto_file_proto_depIdxs, - MessageInfos: file_micro_go_micro_util_file_proto_file_proto_msgTypes, - }.Build() - File_micro_go_micro_util_file_proto_file_proto = out.File - file_micro_go_micro_util_file_proto_file_proto_rawDesc = nil - file_micro_go_micro_util_file_proto_file_proto_goTypes = nil - file_micro_go_micro_util_file_proto_file_proto_depIdxs = nil + { + MethodName: "Stat", + Handler: _File_Stat_Handler, + }, + { + MethodName: "Read", + Handler: _File_Read_Handler, + }, + { + MethodName: "Write", + Handler: _File_Write_Handler, + }, + { + MethodName: "Close", + Handler: _File_Close_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "util/file/proto/file.proto", } diff --git a/util/file/proto/file.pb.micro.go b/util/file/proto/file.pb.micro.go index fc4e6928..ac135745 100644 --- a/util/file/proto/file.pb.micro.go +++ b/util/file/proto/file.pb.micro.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-micro. DO NOT EDIT. -// source: micro/go-micro/util/file/proto/file.proto +// source: util/file/proto/file.proto package go_micro_server diff --git a/util/wrapper/wrapper.go b/util/wrapper/wrapper.go index 51672f0a..de62288d 100644 --- a/util/wrapper/wrapper.go +++ b/util/wrapper/wrapper.go @@ -197,10 +197,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper { } // Inspect the token and get the account - account, err := a.Inspect(token) - if err != nil { - account = &auth.Account{Namespace: a.Options().Namespace} - } + account, _ := a.Inspect(token) // construct the resource res := &auth.Resource{ @@ -210,7 +207,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper { } // Verify the caller has access to the resource - err = a.Verify(account, res) + err := a.Verify(account, res) if err != nil && len(account.ID) > 0 { return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID) } else if err != nil { From f6d9416a9e9d88058095e1e2745c614a52b323c1 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Wed, 20 May 2020 11:59:01 +0100 Subject: [PATCH 02/26] Add Rule to Auth interface --- auth/auth.go | 79 ++++++++++----- auth/default.go | 9 +- auth/jwt/jwt.go | 74 +++----------- auth/rules/rules.go | 99 ++++++++++++++++++ auth/service/proto/auth.pb.go | 186 +++++++++++++--------------------- auth/service/proto/auth.proto | 10 +- auth/service/service.go | 148 ++++++++++----------------- util/auth/auth.go | 2 +- 8 files changed, 296 insertions(+), 311 deletions(-) create mode 100644 auth/rules/rules.go diff --git a/auth/auth.go b/auth/auth.go index f3bcefb0..0a03eda5 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -7,16 +7,13 @@ import ( "time" ) +// BearerScheme used for Authorization header +const BearerScheme = "Bearer " + var ( - // ErrNotFound is returned when a resouce cannot be found - ErrNotFound = errors.New("not found") - // ErrEncodingToken is returned when the service encounters an error during encoding - ErrEncodingToken = errors.New("error encoding the token") - // ErrInvalidToken is returned when the token provided is not valid + // ErrInvalidToken is when the token provided is not valid ErrInvalidToken = errors.New("invalid token provided") - // ErrInvalidRole is returned when the role provided was invalid - ErrInvalidRole = errors.New("invalid role") - // ErrForbidden is returned when a user does not have the necessary roles to access a resource + // ErrForbidden is when a user does not have the necessary roles or scoeps to access a resource ErrForbidden = errors.New("resource forbidden") ) @@ -28,30 +25,22 @@ type Auth interface { Options() Options // Generate a new account Generate(id string, opts ...GenerateOption) (*Account, error) - // Grant access to a resource - Grant(role string, res *Resource) error - // Revoke access to a resource - Revoke(role string, res *Resource) error - // Verify an account has access to a resource + // Verify an account has access to a resource using the rules Verify(acc *Account, res *Resource) error // Inspect a token Inspect(token string) (*Account, error) - // Token generated using refresh token + // Token generated using refresh token or credentials Token(opts ...TokenOption) (*Token, error) + // Grant access to a resource + Grant(rule *Rule) error + // Revoke access to a resource + Revoke(rule *Rule) error + // Rules returns all the rules used to verify requests + Rules() ([]*Rule, error) // String returns the name of the implementation String() string } -// Resource is an entity such as a user or -type Resource struct { - // Name of the resource - Name string `json:"name"` - // Type of resource, e.g. - Type string `json:"type"` - // Endpoint resource e.g NotesService.Create - Endpoint string `json:"endpoint"` -} - // Account provided by an auth provider type Account struct { // ID of the account e.g. email @@ -112,13 +101,47 @@ type Token struct { Expiry time.Time `json:"expiry"` } +// Expired returns a boolean indicating if the token needs to be refreshed +func (t *Token) Expired() bool { + return t.Expiry.Unix() < time.Now().Unix() +} + +// Resource is an entity such as a user or +type Resource struct { + // Name of the resource, e.g. go.micro.service.notes + Name string `json:"name"` + // Type of resource, e.g. service + Type string `json:"type"` + // Endpoint resource e.g NotesService.Create + Endpoint string `json:"endpoint"` +} + +// Access defines the type of access a rule grants +type Access int + const ( - // TokenCookieName is the name of the cookie which stores the auth token - TokenCookieName = "micro-token" - // BearerScheme used for Authorization header - BearerScheme = "Bearer " + // AccessGranted to a resource + AccessGranted Access = iota + // AccessDenied to a resource + AccessDenied ) +// Rule is used to verify access to a resource +type Rule struct { + // ID of the rule, e.g. "public" + ID string + // Role the rule requires, a blank role indicates open to the public and * indicates the rule + // applies to any valid account + Role string + // Resource the rule applies to + Resource *Resource + // Access determines if the rule grants or denies access to the resource + Access Access + // Priority the rule should take when verifying a request, the higher the value the sooner the + // rule will be applied + Priority int32 +} + type accountKey struct{} // AccountFromContext gets the account from the context, which diff --git a/auth/default.go b/auth/default.go index 9fd42f2d..11f9e6ae 100644 --- a/auth/default.go +++ b/auth/default.go @@ -58,15 +58,20 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) { } // Grant access to a resource -func (n *noop) Grant(role string, res *Resource) error { +func (n *noop) Grant(rule *Rule) error { return nil } // Revoke access to a resource -func (n *noop) Revoke(role string, res *Resource) error { +func (n *noop) Revoke(rule *Rule) error { return nil } +// Rules used to verify requests +func (n *noop) Rules() ([]*Rule, error) { + return []*Rule{}, nil +} + // Verify an account has access to a resource func (n *noop) Verify(acc *Account, res *Resource) error { return nil diff --git a/auth/jwt/jwt.go b/auth/jwt/jwt.go index 310c110b..2397586f 100644 --- a/auth/jwt/jwt.go +++ b/auth/jwt/jwt.go @@ -1,11 +1,11 @@ package jwt import ( - "fmt" "sync" "time" "github.com/micro/go-micro/v2/auth" + "github.com/micro/go-micro/v2/auth/rules" "github.com/micro/go-micro/v2/auth/token" jwtToken "github.com/micro/go-micro/v2/auth/token/jwt" ) @@ -25,7 +25,7 @@ type rule struct { type jwt struct { options auth.Options jwt token.Provider - rules []*rule + rules []*auth.Rule sync.Mutex } @@ -77,84 +77,38 @@ func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e return account, nil } -func (j *jwt) Grant(role string, res *auth.Resource) error { +func (j *jwt) Grant(rule *auth.Rule) error { j.Lock() defer j.Unlock() - j.rules = append(j.rules, &rule{role, res}) + j.rules = append(j.rules, rule) return nil } -func (j *jwt) Revoke(role string, res *auth.Resource) error { +func (j *jwt) Revoke(rule *auth.Rule) error { j.Lock() defer j.Unlock() - rules := make([]*rule, 0, len(j.rules)) - - var ruleFound bool + rules := []*auth.Rule{} for _, r := range rules { - if r.role == role && r.resource == res { - ruleFound = true - } else { + if r.ID != rule.ID { rules = append(rules, r) } } - if !ruleFound { - return auth.ErrNotFound - } - j.rules = rules return nil } func (j *jwt) Verify(acc *auth.Account, res *auth.Resource) error { - // check the scope - scope := "namespace." + j.options.Namespace - if acc != nil && !acc.HasScope(scope) { - return fmt.Errorf("Missing required scope: %v", scope) - } - j.Lock() - rules := j.rules - j.Unlock() + defer j.Unlock() + return rules.Verify(j.options.Namespace, j.rules, acc, res) +} - for _, rule := range rules { - // validate the rule applies to the requested resource - if rule.resource.Type != "*" && rule.resource.Type != res.Type { - continue - } - if rule.resource.Name != "*" && rule.resource.Name != res.Name { - continue - } - if rule.resource.Endpoint != "*" && rule.resource.Endpoint != res.Endpoint { - continue - } - - // a blank role indicates anyone can access the resource, even without an account - if rule.role == "" { - return nil - } - - // all furter checks require an account - if acc == nil { - continue - } - - // this rule allows any account access, allow the request - if rule.role == "*" { - return nil - } - - // if the account has the necessary role, allow the request - for _, r := range acc.Roles { - if r == rule.role { - return nil - } - } - } - - // no rules matched, forbid the request - return auth.ErrForbidden +func (j *jwt) Rules() ([]*auth.Rule, error) { + j.Lock() + defer j.Unlock() + return j.rules, nil } func (j *jwt) Inspect(token string) (*auth.Account, error) { diff --git a/auth/rules/rules.go b/auth/rules/rules.go new file mode 100644 index 00000000..35736a8b --- /dev/null +++ b/auth/rules/rules.go @@ -0,0 +1,99 @@ +package rules + +import ( + "fmt" + "sort" + "strings" + + "github.com/micro/go-micro/v2/auth" +) + +// Verify an account has access to a resource using the rules provided. If the account does not have +// access an error will be returned. If there are no rules provided which match the resource, an error +// will be returned +func Verify(namespace string, rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error { + // ensure the account has the necessary scope. Some rules allow for public access so we don't + // error if the account is nil. + if acc != nil && !acc.HasScope("namespace."+namespace) { + return fmt.Errorf("Missing required scope: %v", "namespace."+namespace) + } + + // the rule is only to be applied if the type matches the resource or is catch-all (*) + validTypes := []string{"*", res.Type} + + // the rule is only to be applied if the name matches the resource or is catch-all (*) + validNames := []string{"*", res.Name} + + // rules can have wildcard excludes on endpoints since this can also be a path for web services, + // e.g. /foo/* would include /foo/bar. We also want to check for wildcards and the exact endpoint + validEndpoints := []string{"*", res.Endpoint} + if comps := strings.Split(res.Endpoint, "/"); len(comps) > 1 { + for i := 1; i < len(comps); i++ { + wildcard := fmt.Sprintf("%v/*", strings.Join(comps[0:i], "/")) + validEndpoints = append(validEndpoints, wildcard) + } + } + + // filter the rules to the ones which match the criteria above + filteredRules := make([]*auth.Rule, 0) + for _, rule := range rules { + if !include(validTypes, rule.Resource.Type) { + continue + } + if !include(validNames, rule.Resource.Name) { + continue + } + if !include(validEndpoints, rule.Resource.Endpoint) { + continue + } + filteredRules = append(filteredRules, rule) + } + + // sort the filtered rules by priority, highest to lowest + sort.SliceStable(filteredRules, func(i, j int) bool { + return filteredRules[i].Priority > filteredRules[j].Priority + }) + + // loop through the rules and check for a rule which applies to this account + for _, rule := range filteredRules { + // a blank role indicates the rule applies to everyone, even nil accounts + if rule.Role == "" && rule.Access == auth.AccessDenied { + return auth.ErrForbidden + } else if rule.Role == "" && rule.Access == auth.AccessGranted { + return nil + } + + // all furter checks require an account + if acc == nil { + continue + } + + // this rule applies to any account + if rule.Role == "*" && rule.Access == auth.AccessDenied { + return auth.ErrForbidden + } else if rule.Role == "" && rule.Access == auth.AccessGranted { + return nil + } + + // if the account has the necessary role + if include(acc.Roles, rule.Role) && rule.Access == auth.AccessDenied { + return auth.ErrForbidden + } else if rule.Role == "" && rule.Access == auth.AccessGranted { + return nil + } + } + + // if no rules matched then return forbidden + return auth.ErrForbidden +} + +// include is a helper function which checks to see if the slice contains the value. includes is +// not case sensitive. +func include(slice []string, val string) bool { + for _, s := range slice { + if strings.ToLower(s) == strings.ToLower(val) { + return true + } + } + return false +} diff --git a/auth/service/proto/auth.pb.go b/auth/service/proto/auth.pb.go index 43bb6ee1..26ea23bb 100644 --- a/auth/service/proto/auth.pb.go +++ b/auth/service/proto/auth.pb.go @@ -861,13 +861,10 @@ func (m *Rule) GetPriority() int32 { } type CreateRequest struct { - Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"` - Resource *Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"` - Access Access `protobuf:"varint,3,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"` - Priority int32 `protobuf:"varint,4,opt,name=priority,proto3" json:"priority,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Rule *Rule `protobuf:"bytes,1,opt,name=rule,proto3" json:"rule,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *CreateRequest) Reset() { *m = CreateRequest{} } @@ -895,34 +892,13 @@ func (m *CreateRequest) XXX_DiscardUnknown() { var xxx_messageInfo_CreateRequest proto.InternalMessageInfo -func (m *CreateRequest) GetRole() string { +func (m *CreateRequest) GetRule() *Rule { if m != nil { - return m.Role - } - return "" -} - -func (m *CreateRequest) GetResource() *Resource { - if m != nil { - return m.Resource + return m.Rule } return nil } -func (m *CreateRequest) GetAccess() Access { - if m != nil { - return m.Access - } - return Access_UNKNOWN -} - -func (m *CreateRequest) GetPriority() int32 { - if m != nil { - return m.Priority - } - return 0 -} - type CreateResponse struct { XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -955,13 +931,10 @@ func (m *CreateResponse) XXX_DiscardUnknown() { var xxx_messageInfo_CreateResponse proto.InternalMessageInfo type DeleteRequest struct { - Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"` - Resource *Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"` - Access Access `protobuf:"varint,3,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"` - Priority int32 `protobuf:"varint,4,opt,name=priority,proto3" json:"priority,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Rule *Rule `protobuf:"bytes,1,opt,name=rule,proto3" json:"rule,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *DeleteRequest) Reset() { *m = DeleteRequest{} } @@ -989,34 +962,13 @@ func (m *DeleteRequest) XXX_DiscardUnknown() { var xxx_messageInfo_DeleteRequest proto.InternalMessageInfo -func (m *DeleteRequest) GetRole() string { +func (m *DeleteRequest) GetRule() *Rule { if m != nil { - return m.Role - } - return "" -} - -func (m *DeleteRequest) GetResource() *Resource { - if m != nil { - return m.Resource + return m.Rule } return nil } -func (m *DeleteRequest) GetAccess() Access { - if m != nil { - return m.Access - } - return Access_UNKNOWN -} - -func (m *DeleteRequest) GetPriority() int32 { - if m != nil { - return m.Priority - } - return 0 -} - type DeleteResponse struct { XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -1149,63 +1101,63 @@ func init() { func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) } var fileDescriptor_21300bfacc51fc2a = []byte{ - // 892 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x56, 0xdd, 0x8e, 0xdb, 0x44, - 0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xc4, 0xd9, 0x68, 0xba, 0x2d, 0x96, 0xcb, 0x96, 0xad, 0x8b, - 0xd0, 0x52, 0x41, 0x16, 0xa5, 0x37, 0x40, 0x6f, 0x58, 0x35, 0x51, 0x68, 0xa1, 0x41, 0x58, 0x45, - 0xe5, 0x06, 0x55, 0xc6, 0x39, 0xb0, 0xd6, 0x66, 0x6d, 0x33, 0x33, 0x5e, 0x91, 0x1b, 0x24, 0x5e, - 0x80, 0x47, 0xe0, 0x86, 0x3b, 0x9e, 0x89, 0x7b, 0x5e, 0x03, 0x79, 0x7e, 0xbc, 0xb1, 0xe3, 0x54, - 0x05, 0x7a, 0xd1, 0xbb, 0x39, 0x33, 0x67, 0xce, 0x7c, 0xdf, 0x77, 0x7e, 0x6c, 0x38, 0x8a, 0x0a, - 0x7e, 0x7e, 0xca, 0x90, 0x5e, 0x25, 0x31, 0x9e, 0xe6, 0x34, 0xe3, 0xd9, 0x69, 0xb9, 0x35, 0x16, - 0x4b, 0xe2, 0xfe, 0x98, 0x8d, 0x2f, 0x93, 0x98, 0x66, 0xe3, 0x72, 0x33, 0xb8, 0x09, 0x37, 0xbe, - 0x4c, 0x18, 0x3f, 0x8b, 0xe3, 0xac, 0x48, 0x39, 0x0b, 0xf1, 0xa7, 0x02, 0x19, 0x0f, 0x9e, 0xc0, - 0x61, 0x7d, 0x9b, 0xe5, 0x59, 0xca, 0x90, 0x4c, 0xa0, 0x17, 0xa9, 0x3d, 0xcf, 0x38, 0xb6, 0x4e, - 0xfa, 0x93, 0x5b, 0xe3, 0x5a, 0xc0, 0xb1, 0xba, 0x12, 0x56, 0x7e, 0xc1, 0xaf, 0x06, 0x74, 0x9e, - 0x65, 0x17, 0x98, 0x92, 0xbb, 0x30, 0x88, 0xe2, 0x18, 0x19, 0x7b, 0xc1, 0x4b, 0xdb, 0x33, 0x8e, - 0x8d, 0x93, 0xfd, 0xb0, 0x2f, 0xf7, 0xa4, 0xcb, 0x3d, 0x70, 0x29, 0xfe, 0x40, 0x91, 0x9d, 0x2b, - 0x1f, 0x53, 0xf8, 0x0c, 0xd4, 0xa6, 0x74, 0xf2, 0xa0, 0x1b, 0x53, 0x8c, 0x38, 0x2e, 0x3d, 0xeb, - 0xd8, 0x38, 0xb1, 0x42, 0x6d, 0x92, 0x5b, 0xe0, 0xe0, 0xcf, 0x79, 0x42, 0xd7, 0x9e, 0x2d, 0x0e, - 0x94, 0x15, 0xfc, 0x66, 0x42, 0x57, 0x21, 0x23, 0x43, 0x30, 0x93, 0xa5, 0x7a, 0xdb, 0x4c, 0x96, - 0x84, 0x80, 0xcd, 0xd7, 0x39, 0xaa, 0x97, 0xc4, 0x9a, 0x1c, 0x42, 0x87, 0x66, 0x2b, 0x64, 0x9e, - 0x75, 0x6c, 0x9d, 0xec, 0x87, 0xd2, 0x20, 0x9f, 0x41, 0xef, 0x12, 0x79, 0xb4, 0x8c, 0x78, 0xe4, - 0xd9, 0x82, 0xfd, 0xbb, 0xed, 0xec, 0xc7, 0x4f, 0x95, 0xdb, 0x2c, 0xe5, 0x74, 0x1d, 0x56, 0xb7, - 0x4a, 0x7c, 0x2c, 0xce, 0x72, 0x64, 0x5e, 0x47, 0x04, 0x56, 0x16, 0xf1, 0xa1, 0x97, 0xd3, 0xec, - 0x2a, 0x59, 0x22, 0xf5, 0x1c, 0x81, 0xa3, 0xb2, 0xc5, 0x1d, 0x8c, 0x29, 0x72, 0xaf, 0x2b, 0x4e, - 0x94, 0xe5, 0x3f, 0x04, 0xb7, 0xf6, 0x0c, 0x19, 0x81, 0x75, 0x81, 0x6b, 0xc5, 0xac, 0x5c, 0x96, - 0x34, 0xae, 0xa2, 0x55, 0xa1, 0xb9, 0x49, 0xe3, 0x53, 0xf3, 0x63, 0x23, 0x58, 0x40, 0x2f, 0x44, - 0x96, 0x15, 0x34, 0xc6, 0x52, 0x80, 0x34, 0xba, 0x44, 0x75, 0x51, 0xac, 0x5b, 0x45, 0xf1, 0xa1, - 0x87, 0xe9, 0x32, 0xcf, 0x92, 0x94, 0x0b, 0xdd, 0xf7, 0xc3, 0xca, 0x0e, 0x7e, 0x37, 0xe1, 0x60, - 0x8e, 0x29, 0xd2, 0x88, 0xa3, 0x2a, 0xa2, 0x2d, 0xa1, 0x2b, 0x51, 0xcd, 0x4d, 0x51, 0x3f, 0xdf, - 0x10, 0xd5, 0x12, 0xa2, 0x7e, 0xd0, 0x10, 0xb5, 0x11, 0xf7, 0x15, 0xc4, 0xb5, 0x6b, 0xe2, 0x5e, - 0x0b, 0xd8, 0xd9, 0x14, 0xb0, 0xe2, 0xe8, 0xd4, 0x39, 0x56, 0x89, 0xe8, 0xd6, 0x13, 0xf1, 0xff, - 0x04, 0x9f, 0xc2, 0xe8, 0x9a, 0x87, 0xea, 0xa6, 0x8f, 0xa0, 0xab, 0xba, 0x44, 0xc4, 0xd8, 0xdd, - 0x4c, 0xda, 0x2d, 0x78, 0x0e, 0x83, 0x39, 0x8d, 0x52, 0xae, 0x25, 0x26, 0x60, 0x97, 0x2a, 0xea, - 0xd4, 0x95, 0x6b, 0xf2, 0x00, 0x7a, 0x54, 0xa5, 0x56, 0xc0, 0xe8, 0x4f, 0xde, 0x6a, 0x84, 0xd5, - 0x99, 0x0f, 0x2b, 0xc7, 0xe0, 0x00, 0x5c, 0x15, 0x58, 0x62, 0x0b, 0xbe, 0x05, 0x37, 0xc4, 0xab, - 0xec, 0x02, 0x5f, 0xfb, 0x53, 0x23, 0x18, 0xea, 0xc8, 0xea, 0xad, 0xf7, 0x60, 0xf8, 0x38, 0x65, - 0x39, 0xc6, 0x15, 0xaf, 0x43, 0xe8, 0x6c, 0x8e, 0x08, 0x69, 0x04, 0x8f, 0xe0, 0xa0, 0xf2, 0xfb, - 0xcf, 0x12, 0xfe, 0x02, 0x03, 0x31, 0x45, 0x76, 0x55, 0xe9, 0x75, 0xb5, 0x98, 0xb5, 0x6a, 0xd9, - 0x9a, 0x4c, 0x56, 0xcb, 0x64, 0xba, 0x0b, 0x03, 0x71, 0xf8, 0xa2, 0x36, 0x85, 0xfa, 0x62, 0x6f, - 0x26, 0x47, 0xd1, 0x43, 0x70, 0xd5, 0xfb, 0x8a, 0xc2, 0xfd, 0x4d, 0xae, 0xfd, 0xc9, 0x61, 0x83, - 0x80, 0x74, 0x56, 0x0a, 0xfc, 0x69, 0x80, 0x1d, 0x16, 0x2b, 0x6c, 0x1b, 0x62, 0x22, 0x3b, 0xe6, - 0x8e, 0xec, 0x58, 0xaf, 0x98, 0x1d, 0xf2, 0x21, 0x38, 0x72, 0x1e, 0x0b, 0xec, 0xc3, 0xc9, 0xcd, - 0x6d, 0x3d, 0x91, 0xb1, 0x50, 0x39, 0xc9, 0x7e, 0x49, 0x32, 0x9a, 0xf0, 0xb5, 0xe8, 0xae, 0x4e, - 0x58, 0xd9, 0xc1, 0x1f, 0x06, 0xb8, 0x8f, 0xc4, 0x60, 0x7e, 0xdd, 0x35, 0xb4, 0x81, 0xd2, 0xfa, - 0xb7, 0x28, 0xed, 0x06, 0xca, 0x11, 0x0c, 0x35, 0x48, 0x55, 0x8e, 0x25, 0xee, 0x29, 0xae, 0xf0, - 0x8d, 0xc7, 0xad, 0x41, 0x2a, 0xdc, 0x2e, 0xf4, 0xcb, 0x8f, 0xb6, 0xfe, 0x86, 0x7f, 0x02, 0x03, - 0x69, 0xaa, 0x3a, 0x7b, 0x1f, 0x3a, 0xb4, 0x28, 0xc7, 0xaf, 0xfc, 0x70, 0xdf, 0x68, 0xa2, 0x2d, - 0x56, 0x18, 0x4a, 0x8f, 0xfb, 0x63, 0x70, 0x24, 0x12, 0xd2, 0x87, 0xee, 0x37, 0x8b, 0x2f, 0x16, - 0x5f, 0x3d, 0x5f, 0x8c, 0xf6, 0x4a, 0x63, 0x1e, 0x9e, 0x2d, 0x9e, 0xcd, 0xa6, 0x23, 0x83, 0x00, - 0x38, 0xd3, 0xd9, 0xe2, 0xf1, 0x6c, 0x3a, 0x32, 0x27, 0x7f, 0x1b, 0x60, 0x9f, 0x15, 0xfc, 0x9c, - 0x3c, 0x85, 0x9e, 0x9e, 0x72, 0xe4, 0xce, 0xcb, 0xc7, 0xb8, 0xff, 0xce, 0xce, 0x73, 0xc5, 0x67, - 0x8f, 0x3c, 0x81, 0xae, 0x6a, 0x78, 0x72, 0xd4, 0xf0, 0xae, 0x0f, 0x0c, 0xff, 0xce, 0xae, 0xe3, - 0x2a, 0xd6, 0x54, 0xff, 0x85, 0xdc, 0x6e, 0x6d, 0x30, 0x15, 0xe7, 0xed, 0xf6, 0x43, 0x1d, 0x65, - 0xf2, 0x1d, 0xf4, 0xf4, 0x4f, 0x11, 0xf9, 0x1a, 0xec, 0x52, 0x60, 0x12, 0x34, 0xee, 0xb4, 0xfc, - 0x50, 0xf9, 0xf7, 0x5e, 0xea, 0x53, 0x85, 0xff, 0xcb, 0x80, 0x4e, 0x99, 0x08, 0x46, 0xe6, 0xe0, - 0xc8, 0xb2, 0x24, 0x4d, 0x48, 0xb5, 0x96, 0xf2, 0x8f, 0x76, 0x9c, 0x56, 0xbc, 0xe7, 0xe0, 0xc8, - 0x3a, 0xd9, 0x0a, 0x54, 0xab, 0xf1, 0xad, 0x40, 0x8d, 0xe2, 0xda, 0x23, 0x67, 0x8a, 0xae, 0xdf, - 0x42, 0x45, 0x07, 0xb9, 0xdd, 0x7a, 0xa6, 0x43, 0x7c, 0xef, 0x88, 0x7f, 0xd0, 0x07, 0xff, 0x04, - 0x00, 0x00, 0xff, 0xff, 0x60, 0xd4, 0x97, 0x04, 0xa4, 0x0a, 0x00, 0x00, + // 888 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0xdd, 0x8e, 0xdb, 0x44, + 0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xc4, 0xbb, 0xd1, 0x74, 0x5b, 0xac, 0x94, 0x2d, 0x5b, 0x17, + 0xc1, 0x52, 0x41, 0x16, 0xb9, 0x37, 0x0b, 0xbd, 0x61, 0xd5, 0x44, 0xa1, 0x85, 0x06, 0x61, 0x15, + 0x95, 0x1b, 0x54, 0x19, 0xe7, 0xc0, 0x5a, 0x9b, 0xb5, 0xcd, 0xcc, 0x38, 0x22, 0x37, 0x48, 0xbc, + 0x00, 0x8f, 0xc0, 0x03, 0xf0, 0x4c, 0xdc, 0xf3, 0x1a, 0xc8, 0xf3, 0xe3, 0x8d, 0x1d, 0xa7, 0xaa, + 0x0a, 0x77, 0x73, 0x66, 0xce, 0xf9, 0xe6, 0x7c, 0xdf, 0x39, 0x73, 0x6c, 0x38, 0x8e, 0x0a, 0x7e, + 0x79, 0xc6, 0x90, 0xae, 0x92, 0x18, 0xcf, 0x72, 0x9a, 0xf1, 0xec, 0xac, 0xdc, 0x1a, 0x8b, 0x25, + 0x71, 0x7f, 0xce, 0xc6, 0xd7, 0x49, 0x4c, 0xb3, 0x71, 0xb9, 0xe9, 0xdf, 0x86, 0x5b, 0x5f, 0x27, + 0x8c, 0x5f, 0xc4, 0x71, 0x56, 0xa4, 0x9c, 0x85, 0xf8, 0x4b, 0x81, 0x8c, 0xfb, 0xcf, 0xe0, 0xa8, + 0xbe, 0xcd, 0xf2, 0x2c, 0x65, 0x48, 0x02, 0xe8, 0x45, 0x6a, 0xcf, 0x33, 0x4e, 0xac, 0xd3, 0x7e, + 0x70, 0x67, 0x5c, 0x03, 0x1c, 0xab, 0x90, 0xb0, 0xf2, 0xf3, 0x7f, 0x37, 0xa0, 0xf3, 0x22, 0xbb, + 0xc2, 0x94, 0xdc, 0x87, 0x41, 0x14, 0xc7, 0xc8, 0xd8, 0x2b, 0x5e, 0xda, 0x9e, 0x71, 0x62, 0x9c, + 0xee, 0x87, 0x7d, 0xb9, 0x27, 0x5d, 0x1e, 0x80, 0x4b, 0xf1, 0x27, 0x8a, 0xec, 0x52, 0xf9, 0x98, + 0xc2, 0x67, 0xa0, 0x36, 0xa5, 0x93, 0x07, 0xdd, 0x98, 0x62, 0xc4, 0x71, 0xe1, 0x59, 0x27, 0xc6, + 0xa9, 0x15, 0x6a, 0x93, 0xdc, 0x01, 0x07, 0x7f, 0xcd, 0x13, 0xba, 0xf6, 0x6c, 0x71, 0xa0, 0x2c, + 0xff, 0x0f, 0x13, 0xba, 0x2a, 0x33, 0x72, 0x00, 0x66, 0xb2, 0x50, 0x77, 0x9b, 0xc9, 0x82, 0x10, + 0xb0, 0xf9, 0x3a, 0x47, 0x75, 0x93, 0x58, 0x93, 0x23, 0xe8, 0xd0, 0x6c, 0x89, 0xcc, 0xb3, 0x4e, + 0xac, 0xd3, 0xfd, 0x50, 0x1a, 0xe4, 0x0b, 0xe8, 0x5d, 0x23, 0x8f, 0x16, 0x11, 0x8f, 0x3c, 0x5b, + 0xb0, 0x7f, 0xbf, 0x9d, 0xfd, 0xf8, 0xb9, 0x72, 0x9b, 0xa6, 0x9c, 0xae, 0xc3, 0x2a, 0xaa, 0xcc, + 0x8f, 0xc5, 0x59, 0x8e, 0xcc, 0xeb, 0x08, 0x60, 0x65, 0x91, 0x11, 0xf4, 0x72, 0x9a, 0xad, 0x92, + 0x05, 0x52, 0xcf, 0x11, 0x79, 0x54, 0xb6, 0x88, 0xc1, 0x98, 0x22, 0xf7, 0xba, 0xe2, 0x44, 0x59, + 0xa3, 0xc7, 0xe0, 0xd6, 0xae, 0x21, 0x43, 0xb0, 0xae, 0x70, 0xad, 0x98, 0x95, 0xcb, 0x92, 0xc6, + 0x2a, 0x5a, 0x16, 0x9a, 0x9b, 0x34, 0x3e, 0x37, 0xcf, 0x0d, 0x7f, 0x0e, 0xbd, 0x10, 0x59, 0x56, + 0xd0, 0x18, 0x4b, 0x01, 0xd2, 0xe8, 0x1a, 0x55, 0xa0, 0x58, 0xb7, 0x8a, 0x32, 0x82, 0x1e, 0xa6, + 0x8b, 0x3c, 0x4b, 0x52, 0x2e, 0x74, 0xdf, 0x0f, 0x2b, 0xdb, 0xff, 0xd3, 0x84, 0xc3, 0x19, 0xa6, + 0x48, 0x23, 0x8e, 0xaa, 0x89, 0xb6, 0x84, 0xae, 0x44, 0x35, 0x37, 0x45, 0xfd, 0x72, 0x43, 0x54, + 0x4b, 0x88, 0xfa, 0x71, 0x43, 0xd4, 0x06, 0xee, 0x1b, 0x88, 0x6b, 0xd7, 0xc4, 0xbd, 0x11, 0xb0, + 0xb3, 0x29, 0x60, 0xc5, 0xd1, 0xa9, 0x73, 0xac, 0x0a, 0xd1, 0xad, 0x17, 0xe2, 0xbf, 0x09, 0x3e, + 0x81, 0xe1, 0x0d, 0x0f, 0xf5, 0x9a, 0x3e, 0x85, 0xae, 0x7a, 0x25, 0x02, 0x63, 0xf7, 0x63, 0xd2, + 0x6e, 0xfe, 0x4b, 0x18, 0xcc, 0x68, 0x94, 0x72, 0x2d, 0x31, 0x01, 0xbb, 0x54, 0x51, 0x97, 0xae, + 0x5c, 0x93, 0x47, 0xd0, 0xa3, 0xaa, 0xb4, 0x22, 0x8d, 0x7e, 0xf0, 0x4e, 0x03, 0x56, 0x57, 0x3e, + 0xac, 0x1c, 0xfd, 0x43, 0x70, 0x15, 0xb0, 0xcc, 0xcd, 0xff, 0x1e, 0xdc, 0x10, 0x57, 0xd9, 0x15, + 0xfe, 0xef, 0x57, 0x0d, 0xe1, 0x40, 0x23, 0xab, 0xbb, 0x3e, 0x80, 0x83, 0xa7, 0x29, 0xcb, 0x31, + 0xae, 0x78, 0x1d, 0x41, 0x67, 0x73, 0x44, 0x48, 0xc3, 0x7f, 0x02, 0x87, 0x95, 0xdf, 0x5b, 0x4b, + 0xf8, 0x1b, 0x0c, 0xc4, 0x14, 0xd9, 0xd5, 0xa5, 0x37, 0xdd, 0x62, 0xd6, 0xba, 0x65, 0x6b, 0x32, + 0x59, 0x2d, 0x93, 0xe9, 0x3e, 0x0c, 0xc4, 0xe1, 0xab, 0xda, 0x14, 0xea, 0x8b, 0xbd, 0xa9, 0x1c, + 0x45, 0x8f, 0xc1, 0x55, 0xf7, 0x2b, 0x0a, 0x0f, 0x37, 0xb9, 0xf6, 0x83, 0xa3, 0x06, 0x01, 0xe9, + 0xac, 0x14, 0xf8, 0xcb, 0x00, 0x3b, 0x2c, 0x96, 0xd8, 0x36, 0xc4, 0x44, 0x75, 0xcc, 0x1d, 0xd5, + 0xb1, 0xde, 0xb0, 0x3a, 0xe4, 0x13, 0x70, 0xe4, 0x3c, 0x16, 0xb9, 0x1f, 0x04, 0xb7, 0xb7, 0xf5, + 0x44, 0xc6, 0x42, 0xe5, 0x24, 0xdf, 0x4b, 0x92, 0xd1, 0x84, 0xaf, 0xc5, 0xeb, 0xea, 0x84, 0x95, + 0xed, 0x9f, 0x83, 0xfb, 0x44, 0xcc, 0x65, 0x2d, 0xf5, 0x87, 0x60, 0xd3, 0x42, 0xb5, 0x50, 0x3f, + 0xb8, 0xd5, 0x4c, 0xa6, 0x58, 0x62, 0x28, 0x1c, 0xca, 0x16, 0xd1, 0x91, 0xaa, 0x45, 0xce, 0xc1, + 0x9d, 0xe0, 0x12, 0xdf, 0x0e, 0x4b, 0x47, 0x2a, 0x2c, 0x17, 0xfa, 0xe5, 0xc7, 0x4d, 0x7f, 0xeb, + 0x3e, 0x83, 0x81, 0x34, 0x55, 0x3d, 0x3e, 0x82, 0x4e, 0x19, 0xa8, 0x3f, 0x70, 0xad, 0xd0, 0xd2, + 0xe3, 0xe1, 0x18, 0x1c, 0xa9, 0x07, 0xe9, 0x43, 0xf7, 0xbb, 0xf9, 0x57, 0xf3, 0x6f, 0x5e, 0xce, + 0x87, 0x7b, 0xa5, 0x31, 0x0b, 0x2f, 0xe6, 0x2f, 0xa6, 0x93, 0xa1, 0x41, 0x00, 0x9c, 0xc9, 0x74, + 0xfe, 0x74, 0x3a, 0x19, 0x9a, 0xc1, 0x3f, 0x06, 0xd8, 0x17, 0x05, 0xbf, 0x24, 0xcf, 0xa1, 0xa7, + 0xa7, 0x01, 0xb9, 0xf7, 0xfa, 0x71, 0x37, 0x7a, 0x6f, 0xe7, 0xb9, 0xe2, 0xb3, 0x47, 0x9e, 0x41, + 0x57, 0x3d, 0x0c, 0x72, 0xdc, 0xf0, 0xae, 0x3f, 0xac, 0xd1, 0xbd, 0x5d, 0xc7, 0x15, 0xd6, 0x44, + 0x7f, 0xad, 0xef, 0xb6, 0x36, 0xa2, 0xc2, 0x79, 0xb7, 0xfd, 0x50, 0xa3, 0x04, 0x3f, 0x40, 0x4f, + 0xff, 0x3c, 0x90, 0x6f, 0xc1, 0x2e, 0x05, 0x26, 0x7e, 0x23, 0xa6, 0xe5, 0xc7, 0x63, 0xf4, 0xe0, + 0xb5, 0x3e, 0x15, 0xfc, 0xdf, 0x06, 0x74, 0xca, 0x42, 0x30, 0x32, 0x03, 0x47, 0xb6, 0x0a, 0x69, + 0xa6, 0x54, 0xeb, 0xbd, 0xd1, 0xf1, 0x8e, 0xd3, 0x8a, 0xf7, 0x0c, 0x1c, 0xd9, 0x27, 0x5b, 0x40, + 0xb5, 0xc6, 0xdb, 0x02, 0x6a, 0x34, 0xd7, 0x1e, 0xb9, 0x50, 0x74, 0x47, 0x2d, 0x54, 0x34, 0xc8, + 0xdd, 0xd6, 0x33, 0x0d, 0xf1, 0xa3, 0x23, 0xfe, 0xd5, 0x1e, 0xfd, 0x1b, 0x00, 0x00, 0xff, 0xff, + 0x7f, 0x20, 0xd5, 0xb8, 0xcc, 0x09, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. diff --git a/auth/service/proto/auth.proto b/auth/service/proto/auth.proto index 65763bd0..0080b67e 100644 --- a/auth/service/proto/auth.proto +++ b/auth/service/proto/auth.proto @@ -110,19 +110,13 @@ message Rule { } message CreateRequest { - string role = 1; - Resource resource = 2; - Access access = 3; - int32 priority = 4; + Rule rule = 1; } message CreateResponse {} message DeleteRequest { - string role = 1; - Resource resource = 2; - Access access = 3; - int32 priority = 4; + Rule rule = 1; } message DeleteResponse {} diff --git a/auth/service/service.go b/auth/service/service.go index 27995ef7..7f31b5a4 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -2,13 +2,12 @@ package service import ( "context" - "fmt" - "sort" "strings" "sync" "time" "github.com/micro/go-micro/v2/auth" + "github.com/micro/go-micro/v2/auth/rules" pb "github.com/micro/go-micro/v2/auth/service/proto" "github.com/micro/go-micro/v2/auth/token" "github.com/micro/go-micro/v2/auth/token/jwt" @@ -23,8 +22,7 @@ type svc struct { auth pb.AuthService rule pb.RulesService jwt token.Provider - - rules []*pb.Rule + rules []*auth.Rule sync.Mutex } @@ -79,84 +77,53 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e } // Grant access to a resource -func (s *svc) Grant(role string, res *auth.Resource) error { +func (s *svc) Grant(rule *auth.Rule) error { _, err := s.rule.Create(context.TODO(), &pb.CreateRequest{ - Role: role, - Access: pb.Access_GRANTED, - Resource: &pb.Resource{ - Type: res.Type, - Name: res.Name, - Endpoint: res.Endpoint, + Rule: &pb.Rule{ + Id: rule.ID, + Role: rule.Role, + Priority: rule.Priority, + Access: pb.Access_GRANTED, + Resource: &pb.Resource{ + Type: rule.Resource.Type, + Name: rule.Resource.Name, + Endpoint: rule.Resource.Endpoint, + }, }, }) + go s.loadRules() return err } // Revoke access to a resource -func (s *svc) Revoke(role string, res *auth.Resource) error { +func (s *svc) Revoke(rule *auth.Rule) error { _, err := s.rule.Delete(context.TODO(), &pb.DeleteRequest{ - Role: role, - Access: pb.Access_GRANTED, - Resource: &pb.Resource{ - Type: res.Type, - Name: res.Name, - Endpoint: res.Endpoint, + Rule: &pb.Rule{ + Id: rule.ID, + Role: rule.Role, + Priority: rule.Priority, + Access: pb.Access_GRANTED, + Resource: &pb.Resource{ + Type: rule.Resource.Type, + Name: rule.Resource.Name, + Endpoint: rule.Resource.Endpoint, + }, }, }) + go s.loadRules() return err } +func (s *svc) Rules() ([]*auth.Rule, error) { + return s.rules, nil +} + // Verify an account has access to a resource func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error { - // check the scope - scope := "namespace." + s.options.Namespace - if acc != nil && !acc.HasScope(scope) { - return fmt.Errorf("Missing required scope: %v", scope) - } - // load the rules if none are loaded s.loadRulesIfEmpty() - - queries := [][]string{ - {res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule) - {res.Type, res.Name, "*"}, // check for wildcard endpoint, e.g. service.foo* - {res.Type, "*"}, // check for wildcard name, e.g. service.* - {"*"}, // check for wildcard type, e.g. * - } - - // endpoint is a url which can have wildcard excludes, e.g. - // "/foo/*" will allow "/foo/bar" - if comps := strings.Split(res.Endpoint, "/"); len(comps) > 1 { - for i := 1; i < len(comps); i++ { - wildcard := fmt.Sprintf("%v/*", strings.Join(comps[0:i], "/")) - queries = append(queries, []string{res.Type, res.Name, wildcard}) - } - } - - // set a default account id / namespace to log - logID := acc.ID - if len(logID) == 0 { - logID = "[no account]" - } - - for _, q := range queries { - for _, rule := range s.listRules(q...) { - switch accessForRule(rule, acc, res) { - case pb.Access_UNKNOWN: - continue // rule did not specify access, check the next rule - case pb.Access_GRANTED: - log.Tracef("%v granted access to %v:%v:%v by rule %v", logID, res.Type, res.Name, res.Endpoint, rule.Id) - return nil // rule grants the account access to the resource - case pb.Access_DENIED: - log.Tracef("%v denied access to %v:%v:%v by rule %v", logID, res.Type, res.Name, res.Endpoint, rule.Id) - return auth.ErrForbidden // rule denies access to the resource - } - } - } - - // no rules were found for the resource, default to denying access - log.Tracef("%v denied access to %v:%v:%v by lack of rule", logID, res.Type, res.Name, res.Endpoint) - return auth.ErrForbidden + // verify the request using the rules + return rules.Verify(s.options.Namespace, s.rules, acc, res) } // Inspect a token @@ -221,35 +188,6 @@ func accessForRule(rule *pb.Rule, acc *auth.Account, res *auth.Resource) pb.Acce return pb.Access_UNKNOWN } -// listRules gets all the rules from the store which match the filters. -// filters are namespace, type, name and then endpoint. -func (s *svc) listRules(filters ...string) []*pb.Rule { - s.Lock() - defer s.Unlock() - - var rules []*pb.Rule - for _, r := range s.rules { - if len(filters) > 1 && r.Resource.Type != filters[0] { - continue - } - if len(filters) > 2 && r.Resource.Name != filters[1] { - continue - } - if len(filters) > 3 && r.Resource.Endpoint != filters[2] { - continue - } - - rules = append(rules, r) - } - - // sort rules by priority - sort.Slice(rules, func(i, j int) bool { - return rules[i].Priority < rules[j].Priority - }) - - return rules -} - // loadRules retrieves the rules from the auth service func (s *svc) loadRules() { rsp, err := s.rule.List(context.TODO(), &pb.ListRequest{}) @@ -261,7 +199,27 @@ func (s *svc) loadRules() { return } - s.rules = rsp.Rules + s.rules = make([]*auth.Rule, 0, len(rsp.Rules)) + for _, r := range rsp.Rules { + var access auth.Access + if r.Access == pb.Access_GRANTED { + access = auth.AccessGranted + } else { + access = auth.AccessDenied + } + + s.rules = append(s.rules, &auth.Rule{ + ID: r.Id, + Role: r.Role, + Access: access, + Priority: r.Priority, + Resource: &auth.Resource{ + Type: r.Resource.Type, + Name: r.Resource.Name, + Endpoint: r.Resource.Endpoint, + }, + }) + } } func (s *svc) loadRulesIfEmpty() { diff --git a/util/auth/auth.go b/util/auth/auth.go index b0fdeb5b..ef69f45c 100644 --- a/util/auth/auth.go +++ b/util/auth/auth.go @@ -66,7 +66,7 @@ func Generate(id string, name string, a auth.Auth) error { // generate the first token tok, err := a.Token( - auth.WithCredentials(accID, accSecret), + auth.WithToken(tok.RefreshToken), auth.WithExpiry(time.Minute*10), ) if err != nil { From 5d14970a55ab954c05f4dceabd0b7f6a146e6995 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Wed, 20 May 2020 16:11:34 +0100 Subject: [PATCH 03/26] Fix nil account bug --- auth/auth.go | 5 +++-- auth/auth_test.go | 6 +++--- util/wrapper/wrapper.go | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index 0a03eda5..3651fa92 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -4,6 +4,7 @@ package auth import ( "context" "errors" + "strings" "time" ) @@ -60,13 +61,13 @@ type Account struct { } // HasScope returns a boolean indicating if the account has the given scope -func (a *Account) HasScope(scope string) bool { +func (a *Account) HasScope(scopes ...string) bool { if a.Scopes == nil { return false } for _, s := range a.Scopes { - if s == scope { + if s == strings.Join(scopes, ".") { return true } } diff --git a/auth/auth_test.go b/auth/auth_test.go index 50f3a990..7985ff76 100644 --- a/auth/auth_test.go +++ b/auth/auth_test.go @@ -3,15 +3,15 @@ package auth import "testing" func TestHasScope(t *testing.T) { - if new(Account).HasScope("namespace.foo") { + if new(Account).HasScope("namespace", "foo") { t.Errorf("Expected the blank account to not have a role") } acc := Account{Scopes: []string{"namespace.foo"}} - if !acc.HasScope("namespace.foo") { + if !acc.HasScope("namespace", "foo") { t.Errorf("Expected the account to have the namespace.foo role") } - if acc.HasScope("namespace.bar") { + if acc.HasScope("namespace", "bar") { t.Errorf("Expected the account to not have the namespace.bar role") } } diff --git a/util/wrapper/wrapper.go b/util/wrapper/wrapper.go index de62288d..bf0f4a3a 100644 --- a/util/wrapper/wrapper.go +++ b/util/wrapper/wrapper.go @@ -208,14 +208,14 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper { // Verify the caller has access to the resource err := a.Verify(account, res) - if err != nil && len(account.ID) > 0 { + if err != nil && account != nil { return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID) } else if err != nil { return errors.Unauthorized(req.Service(), "Unauthorised call made to %v:%v", req.Service(), req.Endpoint()) } // There is an account, set it in the context - if len(account.ID) > 0 { + if account != nil { ctx = auth.ContextWithAccount(ctx, account) } From 344ce061ced90ae353dda64b3c898ead03e15870 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Wed, 20 May 2020 16:49:52 +0100 Subject: [PATCH 04/26] Verify Options --- auth/auth.go | 2 +- auth/default.go | 2 +- auth/jwt/jwt.go | 10 ++++++++-- auth/options.go | 15 ++++++++++++++- auth/rules/rules.go | 11 +++-------- auth/service/service.go | 10 ++++++++-- 6 files changed, 35 insertions(+), 15 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index 3651fa92..07a9ddab 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -27,7 +27,7 @@ type Auth interface { // Generate a new account Generate(id string, opts ...GenerateOption) (*Account, error) // Verify an account has access to a resource using the rules - Verify(acc *Account, res *Resource) error + Verify(acc *Account, res *Resource, opts ...VerifyOption) error // Inspect a token Inspect(token string) (*Account, error) // Token generated using refresh token or credentials diff --git a/auth/default.go b/auth/default.go index 11f9e6ae..ac0ae534 100644 --- a/auth/default.go +++ b/auth/default.go @@ -73,7 +73,7 @@ func (n *noop) Rules() ([]*Rule, error) { } // Verify an account has access to a resource -func (n *noop) Verify(acc *Account, res *Resource) error { +func (n *noop) Verify(acc *Account, res *Resource, opts ...VerifyOption) error { return nil } diff --git a/auth/jwt/jwt.go b/auth/jwt/jwt.go index 2397586f..4dafc7e3 100644 --- a/auth/jwt/jwt.go +++ b/auth/jwt/jwt.go @@ -99,10 +99,16 @@ func (j *jwt) Revoke(rule *auth.Rule) error { return nil } -func (j *jwt) Verify(acc *auth.Account, res *auth.Resource) error { +func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error { j.Lock() defer j.Unlock() - return rules.Verify(j.options.Namespace, j.rules, acc, res) + + options := auth.VerifyOptions{Scope: j.options.Namespace} + for _, o := range opts { + o(&options) + } + + return rules.Verify(options.Scope, j.rules, acc, res) } func (j *jwt) Rules() ([]*auth.Rule, error) { diff --git a/auth/options.go b/auth/options.go index a498bb37..2dd6cc48 100644 --- a/auth/options.go +++ b/auth/options.go @@ -123,7 +123,7 @@ type GenerateOptions struct { Metadata map[string]string // Roles/scopes associated with the account Roles []string - // Scopes the account hasaccess too + // Scopes the account has access too Scopes []string // Provider of the account, e.g. oauth Provider string @@ -233,3 +233,16 @@ func NewTokenOptions(opts ...TokenOption) TokenOptions { return options } + +type VerifyOptions struct { + Scope string +} + +type VerifyOption func(o *VerifyOptions) + +// WithScope to require when verifying +func WithScope(s string) VerifyOption { + return func(o *VerifyOptions) { + o.Scope = s + } +} diff --git a/auth/rules/rules.go b/auth/rules/rules.go index 35736a8b..c3e96fa9 100644 --- a/auth/rules/rules.go +++ b/auth/rules/rules.go @@ -12,12 +12,6 @@ import ( // access an error will be returned. If there are no rules provided which match the resource, an error // will be returned func Verify(namespace string, rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error { - // ensure the account has the necessary scope. Some rules allow for public access so we don't - // error if the account is nil. - if acc != nil && !acc.HasScope("namespace."+namespace) { - return fmt.Errorf("Missing required scope: %v", "namespace."+namespace) - } - // the rule is only to be applied if the type matches the resource or is catch-all (*) validTypes := []string{"*", res.Type} @@ -37,6 +31,7 @@ func Verify(namespace string, rules []*auth.Rule, acc *auth.Account, res *auth.R // filter the rules to the ones which match the criteria above filteredRules := make([]*auth.Rule, 0) for _, rule := range rules { + fmt.Printf("All rules: %v\n", rule.ID) if !include(validTypes, rule.Resource.Type) { continue } @@ -63,8 +58,8 @@ func Verify(namespace string, rules []*auth.Rule, acc *auth.Account, res *auth.R return nil } - // all furter checks require an account - if acc == nil { + // all further checks require an account within the current scope + if acc == nil || !acc.HasScope("namespace", namespace) { continue } diff --git a/auth/service/service.go b/auth/service/service.go index 7f31b5a4..621e5fb7 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -119,11 +119,17 @@ func (s *svc) Rules() ([]*auth.Rule, error) { } // Verify an account has access to a resource -func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error { +func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error { + options := auth.VerifyOptions{Scope: s.options.Namespace} + for _, o := range opts { + o(&options) + } + // load the rules if none are loaded s.loadRulesIfEmpty() + // verify the request using the rules - return rules.Verify(s.options.Namespace, s.rules, acc, res) + return rules.Verify(options.Scope, s.rules, acc, res) } // Inspect a token From 287992cef3e83333a96798cb14bb2a82f10dafa3 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Thu, 21 May 2020 11:35:07 +0100 Subject: [PATCH 05/26] Fix service => service namespace bug --- auth/rules/rules.go | 1 - util/auth/auth.go | 2 +- util/wrapper/wrapper.go | 8 ++++++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/auth/rules/rules.go b/auth/rules/rules.go index c3e96fa9..bfe3594b 100644 --- a/auth/rules/rules.go +++ b/auth/rules/rules.go @@ -31,7 +31,6 @@ func Verify(namespace string, rules []*auth.Rule, acc *auth.Account, res *auth.R // filter the rules to the ones which match the criteria above filteredRules := make([]*auth.Rule, 0) for _, rule := range rules { - fmt.Printf("All rules: %v\n", rule.ID) if !include(validTypes, rule.Resource.Type) { continue } diff --git a/util/auth/auth.go b/util/auth/auth.go index ef69f45c..4c7eaa34 100644 --- a/util/auth/auth.go +++ b/util/auth/auth.go @@ -30,7 +30,7 @@ func Generate(id string, name string, a auth.Auth) error { if err != nil { return err } - logger.Infof("Auth [%v] Authenticated as %v in the %v scope", a, name, scope) + logger.Infof("Auth [%v] Authenticated as %v in the %v namespace", a, name, a.Options().Namespace) accID = acc.ID accSecret = acc.Secret diff --git a/util/wrapper/wrapper.go b/util/wrapper/wrapper.go index bf0f4a3a..5ca359e1 100644 --- a/util/wrapper/wrapper.go +++ b/util/wrapper/wrapper.go @@ -3,7 +3,6 @@ package wrapper import ( "context" "strings" - "time" "github.com/micro/go-micro/v2/auth" "github.com/micro/go-micro/v2/client" @@ -156,9 +155,14 @@ func (a *authWrapper) Call(ctx context.Context, req client.Request, rsp interfac return a.Client.Call(ctx, req, rsp, opts...) } + // set the namespace header if it has not been set (e.g. on a service to service request) + if _, ok := metadata.Get(ctx, "Micro-Namespace"); !ok { + ctx = metadata.Set(ctx, "Micro-Namespace", aa.Options().Namespace) + } + // check to see if we have a valid access token aaOpts := aa.Options() - if aaOpts.Token != nil && aaOpts.Token.Expiry.Unix() > time.Now().Unix() { + if aaOpts.Token != nil && !aaOpts.Token.Expired() { ctx = metadata.Set(ctx, "Authorization", auth.BearerScheme+aaOpts.Token.AccessToken) return a.Client.Call(ctx, req, rsp, opts...) } From 8f5ef012ff8b5b158906eaa5bad01517925892dc Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Thu, 21 May 2020 12:07:22 +0100 Subject: [PATCH 06/26] Update Rules.Delete proto --- auth/service/proto/auth.pb.go | 120 +++++++++++++++++----------------- auth/service/proto/auth.proto | 2 +- auth/service/service.go | 12 +--- 3 files changed, 62 insertions(+), 72 deletions(-) diff --git a/auth/service/proto/auth.pb.go b/auth/service/proto/auth.pb.go index 26ea23bb..8a6e4ea5 100644 --- a/auth/service/proto/auth.pb.go +++ b/auth/service/proto/auth.pb.go @@ -931,7 +931,7 @@ func (m *CreateResponse) XXX_DiscardUnknown() { var xxx_messageInfo_CreateResponse proto.InternalMessageInfo type DeleteRequest struct { - Rule *Rule `protobuf:"bytes,1,opt,name=rule,proto3" json:"rule,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -962,11 +962,11 @@ func (m *DeleteRequest) XXX_DiscardUnknown() { var xxx_messageInfo_DeleteRequest proto.InternalMessageInfo -func (m *DeleteRequest) GetRule() *Rule { +func (m *DeleteRequest) GetId() string { if m != nil { - return m.Rule + return m.Id } - return nil + return "" } type DeleteResponse struct { @@ -1101,63 +1101,63 @@ func init() { func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) } var fileDescriptor_21300bfacc51fc2a = []byte{ - // 888 bytes of a gzipped FileDescriptorProto + // 890 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0xdd, 0x8e, 0xdb, 0x44, - 0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xc4, 0xbb, 0xd1, 0x74, 0x5b, 0xac, 0x94, 0x2d, 0x5b, 0x17, - 0xc1, 0x52, 0x41, 0x16, 0xb9, 0x37, 0x0b, 0xbd, 0x61, 0xd5, 0x44, 0xa1, 0x85, 0x06, 0x61, 0x15, - 0x95, 0x1b, 0x54, 0x19, 0xe7, 0xc0, 0x5a, 0x9b, 0xb5, 0xcd, 0xcc, 0x38, 0x22, 0x37, 0x48, 0xbc, - 0x00, 0x8f, 0xc0, 0x03, 0xf0, 0x4c, 0xdc, 0xf3, 0x1a, 0xc8, 0xf3, 0xe3, 0x8d, 0x1d, 0xa7, 0xaa, - 0x0a, 0x77, 0x73, 0x66, 0xce, 0xf9, 0xe6, 0x7c, 0xdf, 0x39, 0x73, 0x6c, 0x38, 0x8e, 0x0a, 0x7e, - 0x79, 0xc6, 0x90, 0xae, 0x92, 0x18, 0xcf, 0x72, 0x9a, 0xf1, 0xec, 0xac, 0xdc, 0x1a, 0x8b, 0x25, - 0x71, 0x7f, 0xce, 0xc6, 0xd7, 0x49, 0x4c, 0xb3, 0x71, 0xb9, 0xe9, 0xdf, 0x86, 0x5b, 0x5f, 0x27, - 0x8c, 0x5f, 0xc4, 0x71, 0x56, 0xa4, 0x9c, 0x85, 0xf8, 0x4b, 0x81, 0x8c, 0xfb, 0xcf, 0xe0, 0xa8, - 0xbe, 0xcd, 0xf2, 0x2c, 0x65, 0x48, 0x02, 0xe8, 0x45, 0x6a, 0xcf, 0x33, 0x4e, 0xac, 0xd3, 0x7e, - 0x70, 0x67, 0x5c, 0x03, 0x1c, 0xab, 0x90, 0xb0, 0xf2, 0xf3, 0x7f, 0x37, 0xa0, 0xf3, 0x22, 0xbb, - 0xc2, 0x94, 0xdc, 0x87, 0x41, 0x14, 0xc7, 0xc8, 0xd8, 0x2b, 0x5e, 0xda, 0x9e, 0x71, 0x62, 0x9c, - 0xee, 0x87, 0x7d, 0xb9, 0x27, 0x5d, 0x1e, 0x80, 0x4b, 0xf1, 0x27, 0x8a, 0xec, 0x52, 0xf9, 0x98, - 0xc2, 0x67, 0xa0, 0x36, 0xa5, 0x93, 0x07, 0xdd, 0x98, 0x62, 0xc4, 0x71, 0xe1, 0x59, 0x27, 0xc6, - 0xa9, 0x15, 0x6a, 0x93, 0xdc, 0x01, 0x07, 0x7f, 0xcd, 0x13, 0xba, 0xf6, 0x6c, 0x71, 0xa0, 0x2c, - 0xff, 0x0f, 0x13, 0xba, 0x2a, 0x33, 0x72, 0x00, 0x66, 0xb2, 0x50, 0x77, 0x9b, 0xc9, 0x82, 0x10, - 0xb0, 0xf9, 0x3a, 0x47, 0x75, 0x93, 0x58, 0x93, 0x23, 0xe8, 0xd0, 0x6c, 0x89, 0xcc, 0xb3, 0x4e, - 0xac, 0xd3, 0xfd, 0x50, 0x1a, 0xe4, 0x0b, 0xe8, 0x5d, 0x23, 0x8f, 0x16, 0x11, 0x8f, 0x3c, 0x5b, - 0xb0, 0x7f, 0xbf, 0x9d, 0xfd, 0xf8, 0xb9, 0x72, 0x9b, 0xa6, 0x9c, 0xae, 0xc3, 0x2a, 0xaa, 0xcc, - 0x8f, 0xc5, 0x59, 0x8e, 0xcc, 0xeb, 0x08, 0x60, 0x65, 0x91, 0x11, 0xf4, 0x72, 0x9a, 0xad, 0x92, - 0x05, 0x52, 0xcf, 0x11, 0x79, 0x54, 0xb6, 0x88, 0xc1, 0x98, 0x22, 0xf7, 0xba, 0xe2, 0x44, 0x59, - 0xa3, 0xc7, 0xe0, 0xd6, 0xae, 0x21, 0x43, 0xb0, 0xae, 0x70, 0xad, 0x98, 0x95, 0xcb, 0x92, 0xc6, - 0x2a, 0x5a, 0x16, 0x9a, 0x9b, 0x34, 0x3e, 0x37, 0xcf, 0x0d, 0x7f, 0x0e, 0xbd, 0x10, 0x59, 0x56, - 0xd0, 0x18, 0x4b, 0x01, 0xd2, 0xe8, 0x1a, 0x55, 0xa0, 0x58, 0xb7, 0x8a, 0x32, 0x82, 0x1e, 0xa6, - 0x8b, 0x3c, 0x4b, 0x52, 0x2e, 0x74, 0xdf, 0x0f, 0x2b, 0xdb, 0xff, 0xd3, 0x84, 0xc3, 0x19, 0xa6, - 0x48, 0x23, 0x8e, 0xaa, 0x89, 0xb6, 0x84, 0xae, 0x44, 0x35, 0x37, 0x45, 0xfd, 0x72, 0x43, 0x54, - 0x4b, 0x88, 0xfa, 0x71, 0x43, 0xd4, 0x06, 0xee, 0x1b, 0x88, 0x6b, 0xd7, 0xc4, 0xbd, 0x11, 0xb0, - 0xb3, 0x29, 0x60, 0xc5, 0xd1, 0xa9, 0x73, 0xac, 0x0a, 0xd1, 0xad, 0x17, 0xe2, 0xbf, 0x09, 0x3e, - 0x81, 0xe1, 0x0d, 0x0f, 0xf5, 0x9a, 0x3e, 0x85, 0xae, 0x7a, 0x25, 0x02, 0x63, 0xf7, 0x63, 0xd2, - 0x6e, 0xfe, 0x4b, 0x18, 0xcc, 0x68, 0x94, 0x72, 0x2d, 0x31, 0x01, 0xbb, 0x54, 0x51, 0x97, 0xae, - 0x5c, 0x93, 0x47, 0xd0, 0xa3, 0xaa, 0xb4, 0x22, 0x8d, 0x7e, 0xf0, 0x4e, 0x03, 0x56, 0x57, 0x3e, - 0xac, 0x1c, 0xfd, 0x43, 0x70, 0x15, 0xb0, 0xcc, 0xcd, 0xff, 0x1e, 0xdc, 0x10, 0x57, 0xd9, 0x15, - 0xfe, 0xef, 0x57, 0x0d, 0xe1, 0x40, 0x23, 0xab, 0xbb, 0x3e, 0x80, 0x83, 0xa7, 0x29, 0xcb, 0x31, - 0xae, 0x78, 0x1d, 0x41, 0x67, 0x73, 0x44, 0x48, 0xc3, 0x7f, 0x02, 0x87, 0x95, 0xdf, 0x5b, 0x4b, - 0xf8, 0x1b, 0x0c, 0xc4, 0x14, 0xd9, 0xd5, 0xa5, 0x37, 0xdd, 0x62, 0xd6, 0xba, 0x65, 0x6b, 0x32, - 0x59, 0x2d, 0x93, 0xe9, 0x3e, 0x0c, 0xc4, 0xe1, 0xab, 0xda, 0x14, 0xea, 0x8b, 0xbd, 0xa9, 0x1c, - 0x45, 0x8f, 0xc1, 0x55, 0xf7, 0x2b, 0x0a, 0x0f, 0x37, 0xb9, 0xf6, 0x83, 0xa3, 0x06, 0x01, 0xe9, - 0xac, 0x14, 0xf8, 0xcb, 0x00, 0x3b, 0x2c, 0x96, 0xd8, 0x36, 0xc4, 0x44, 0x75, 0xcc, 0x1d, 0xd5, - 0xb1, 0xde, 0xb0, 0x3a, 0xe4, 0x13, 0x70, 0xe4, 0x3c, 0x16, 0xb9, 0x1f, 0x04, 0xb7, 0xb7, 0xf5, - 0x44, 0xc6, 0x42, 0xe5, 0x24, 0xdf, 0x4b, 0x92, 0xd1, 0x84, 0xaf, 0xc5, 0xeb, 0xea, 0x84, 0x95, - 0xed, 0x9f, 0x83, 0xfb, 0x44, 0xcc, 0x65, 0x2d, 0xf5, 0x87, 0x60, 0xd3, 0x42, 0xb5, 0x50, 0x3f, - 0xb8, 0xd5, 0x4c, 0xa6, 0x58, 0x62, 0x28, 0x1c, 0xca, 0x16, 0xd1, 0x91, 0xaa, 0x45, 0xce, 0xc1, - 0x9d, 0xe0, 0x12, 0xdf, 0x0e, 0x4b, 0x47, 0x2a, 0x2c, 0x17, 0xfa, 0xe5, 0xc7, 0x4d, 0x7f, 0xeb, - 0x3e, 0x83, 0x81, 0x34, 0x55, 0x3d, 0x3e, 0x82, 0x4e, 0x19, 0xa8, 0x3f, 0x70, 0xad, 0xd0, 0xd2, - 0xe3, 0xe1, 0x18, 0x1c, 0xa9, 0x07, 0xe9, 0x43, 0xf7, 0xbb, 0xf9, 0x57, 0xf3, 0x6f, 0x5e, 0xce, - 0x87, 0x7b, 0xa5, 0x31, 0x0b, 0x2f, 0xe6, 0x2f, 0xa6, 0x93, 0xa1, 0x41, 0x00, 0x9c, 0xc9, 0x74, - 0xfe, 0x74, 0x3a, 0x19, 0x9a, 0xc1, 0x3f, 0x06, 0xd8, 0x17, 0x05, 0xbf, 0x24, 0xcf, 0xa1, 0xa7, - 0xa7, 0x01, 0xb9, 0xf7, 0xfa, 0x71, 0x37, 0x7a, 0x6f, 0xe7, 0xb9, 0xe2, 0xb3, 0x47, 0x9e, 0x41, - 0x57, 0x3d, 0x0c, 0x72, 0xdc, 0xf0, 0xae, 0x3f, 0xac, 0xd1, 0xbd, 0x5d, 0xc7, 0x15, 0xd6, 0x44, - 0x7f, 0xad, 0xef, 0xb6, 0x36, 0xa2, 0xc2, 0x79, 0xb7, 0xfd, 0x50, 0xa3, 0x04, 0x3f, 0x40, 0x4f, - 0xff, 0x3c, 0x90, 0x6f, 0xc1, 0x2e, 0x05, 0x26, 0x7e, 0x23, 0xa6, 0xe5, 0xc7, 0x63, 0xf4, 0xe0, - 0xb5, 0x3e, 0x15, 0xfc, 0xdf, 0x06, 0x74, 0xca, 0x42, 0x30, 0x32, 0x03, 0x47, 0xb6, 0x0a, 0x69, - 0xa6, 0x54, 0xeb, 0xbd, 0xd1, 0xf1, 0x8e, 0xd3, 0x8a, 0xf7, 0x0c, 0x1c, 0xd9, 0x27, 0x5b, 0x40, - 0xb5, 0xc6, 0xdb, 0x02, 0x6a, 0x34, 0xd7, 0x1e, 0xb9, 0x50, 0x74, 0x47, 0x2d, 0x54, 0x34, 0xc8, - 0xdd, 0xd6, 0x33, 0x0d, 0xf1, 0xa3, 0x23, 0xfe, 0xd5, 0x1e, 0xfd, 0x1b, 0x00, 0x00, 0xff, 0xff, - 0x7f, 0x20, 0xd5, 0xb8, 0xcc, 0x09, 0x00, 0x00, + 0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xc4, 0xbb, 0xd1, 0x74, 0x5b, 0xac, 0x94, 0x6d, 0xb7, 0x2e, + 0x82, 0xa5, 0x82, 0x2c, 0x4a, 0x6f, 0x0a, 0xbd, 0x61, 0xd5, 0x44, 0xa1, 0x85, 0x06, 0x61, 0x15, + 0x95, 0x1b, 0x54, 0x19, 0xe7, 0xc0, 0x5a, 0x9b, 0xb5, 0xc3, 0xcc, 0x38, 0x22, 0x37, 0x48, 0xbc, + 0x00, 0x8f, 0xc0, 0x03, 0xf0, 0x4c, 0xdc, 0xf3, 0x1a, 0x68, 0xfe, 0xbc, 0xb1, 0xe3, 0x54, 0x2b, + 0xe0, 0x6e, 0xce, 0xcc, 0x77, 0xce, 0x9c, 0xef, 0x3b, 0x67, 0x8e, 0x0d, 0xc7, 0x71, 0xc1, 0x2f, + 0xce, 0x18, 0xd2, 0x55, 0x9a, 0xe0, 0xd9, 0x92, 0xe6, 0x3c, 0x3f, 0x13, 0x5b, 0x43, 0xb9, 0x24, + 0xfe, 0x4f, 0xf9, 0xf0, 0x2a, 0x4d, 0x68, 0x3e, 0x14, 0x9b, 0xe1, 0x6d, 0xb8, 0xf5, 0x55, 0xca, + 0xf8, 0x79, 0x92, 0xe4, 0x45, 0xc6, 0x59, 0x84, 0x3f, 0x17, 0xc8, 0x78, 0xf8, 0x02, 0x8e, 0xaa, + 0xdb, 0x6c, 0x99, 0x67, 0x0c, 0xc9, 0x08, 0x3a, 0xb1, 0xde, 0x0b, 0xac, 0x13, 0xe7, 0xb4, 0x3b, + 0xba, 0x33, 0xac, 0x04, 0x1c, 0x6a, 0x97, 0xa8, 0xc4, 0x85, 0xbf, 0x59, 0xd0, 0x7a, 0x95, 0x5f, + 0x62, 0x46, 0x1e, 0x40, 0x2f, 0x4e, 0x12, 0x64, 0xec, 0x0d, 0x17, 0x76, 0x60, 0x9d, 0x58, 0xa7, + 0xfb, 0x51, 0x57, 0xed, 0x29, 0xc8, 0x43, 0xf0, 0x29, 0xfe, 0x48, 0x91, 0x5d, 0x68, 0x8c, 0x2d, + 0x31, 0x3d, 0xbd, 0xa9, 0x40, 0x01, 0xb4, 0x13, 0x8a, 0x31, 0xc7, 0x79, 0xe0, 0x9c, 0x58, 0xa7, + 0x4e, 0x64, 0x4c, 0x72, 0x07, 0x3c, 0xfc, 0x65, 0x99, 0xd2, 0x75, 0xe0, 0xca, 0x03, 0x6d, 0x85, + 0xbf, 0xdb, 0xd0, 0xd6, 0x99, 0x91, 0x03, 0xb0, 0xd3, 0xb9, 0xbe, 0xdb, 0x4e, 0xe7, 0x84, 0x80, + 0xcb, 0xd7, 0x4b, 0xd4, 0x37, 0xc9, 0x35, 0x39, 0x82, 0x16, 0xcd, 0x17, 0xc8, 0x02, 0xe7, 0xc4, + 0x39, 0xdd, 0x8f, 0x94, 0x41, 0x3e, 0x87, 0xce, 0x15, 0xf2, 0x78, 0x1e, 0xf3, 0x38, 0x70, 0x25, + 0xfb, 0xf7, 0x9a, 0xd9, 0x0f, 0x5f, 0x6a, 0xd8, 0x24, 0xe3, 0x74, 0x1d, 0x95, 0x5e, 0x22, 0x3f, + 0x96, 0xe4, 0x4b, 0x64, 0x41, 0x4b, 0x06, 0xd6, 0x16, 0x19, 0x40, 0x67, 0x49, 0xf3, 0x55, 0x3a, + 0x47, 0x1a, 0x78, 0x32, 0x8f, 0xd2, 0x96, 0x3e, 0x98, 0x50, 0xe4, 0x41, 0x5b, 0x9e, 0x68, 0x6b, + 0xf0, 0x14, 0xfc, 0xca, 0x35, 0xa4, 0x0f, 0xce, 0x25, 0xae, 0x35, 0x33, 0xb1, 0x14, 0x34, 0x56, + 0xf1, 0xa2, 0x30, 0xdc, 0x94, 0xf1, 0x99, 0xfd, 0xc4, 0x0a, 0x67, 0xd0, 0x89, 0x90, 0xe5, 0x05, + 0x4d, 0x50, 0x08, 0x90, 0xc5, 0x57, 0xa8, 0x1d, 0xe5, 0xba, 0x51, 0x94, 0x01, 0x74, 0x30, 0x9b, + 0x2f, 0xf3, 0x34, 0xe3, 0x52, 0xf7, 0xfd, 0xa8, 0xb4, 0xc3, 0x3f, 0x6c, 0x38, 0x9c, 0x62, 0x86, + 0x34, 0xe6, 0xa8, 0x9b, 0x68, 0x4b, 0xe8, 0x52, 0x54, 0x7b, 0x53, 0xd4, 0x2f, 0x36, 0x44, 0x75, + 0xa4, 0xa8, 0x1f, 0xd5, 0x44, 0xad, 0xc5, 0xbd, 0x81, 0xb8, 0x6e, 0x45, 0xdc, 0x6b, 0x01, 0x5b, + 0x9b, 0x02, 0x96, 0x1c, 0xbd, 0x2a, 0xc7, 0xb2, 0x10, 0xed, 0x6a, 0x21, 0xfe, 0x9b, 0xe0, 0x63, + 0xe8, 0x5f, 0xf3, 0xd0, 0xaf, 0xe9, 0x13, 0x68, 0xeb, 0x57, 0x22, 0x63, 0xec, 0x7e, 0x4c, 0x06, + 0x16, 0xbe, 0x86, 0xde, 0x94, 0xc6, 0x19, 0x37, 0x12, 0x13, 0x70, 0x85, 0x8a, 0xa6, 0x74, 0x62, + 0x4d, 0x1e, 0x43, 0x87, 0xea, 0xd2, 0xca, 0x34, 0xba, 0xa3, 0x77, 0x6a, 0x61, 0x4d, 0xe5, 0xa3, + 0x12, 0x18, 0x1e, 0x82, 0xaf, 0x03, 0xab, 0xdc, 0xc2, 0xef, 0xc0, 0x8f, 0x70, 0x95, 0x5f, 0xe2, + 0xff, 0x7e, 0x55, 0x1f, 0x0e, 0x4c, 0x64, 0x7d, 0xd7, 0xfb, 0x70, 0xf0, 0x3c, 0x63, 0x4b, 0x4c, + 0x4a, 0x5e, 0x47, 0xd0, 0xda, 0x1c, 0x11, 0xca, 0x08, 0x9f, 0xc1, 0x61, 0x89, 0xfb, 0xd7, 0x12, + 0xfe, 0x0a, 0x3d, 0x39, 0x45, 0x76, 0x75, 0xe9, 0x75, 0xb7, 0xd8, 0x95, 0x6e, 0xd9, 0x9a, 0x4c, + 0x4e, 0xc3, 0x64, 0x7a, 0x00, 0x3d, 0x79, 0xf8, 0xa6, 0x32, 0x85, 0xba, 0x72, 0x6f, 0xa2, 0x46, + 0xd1, 0x53, 0xf0, 0xf5, 0xfd, 0x9a, 0xc2, 0xa3, 0x4d, 0xae, 0xdd, 0xd1, 0x51, 0x8d, 0x80, 0x02, + 0x6b, 0x05, 0xfe, 0xb4, 0xc0, 0x8d, 0x8a, 0x05, 0x36, 0x0d, 0x31, 0x59, 0x1d, 0x7b, 0x47, 0x75, + 0x9c, 0x1b, 0x56, 0x87, 0x7c, 0x0c, 0x9e, 0x9a, 0xc7, 0x32, 0xf7, 0x83, 0xd1, 0xed, 0x6d, 0x3d, + 0x91, 0xb1, 0x48, 0x83, 0xd4, 0x7b, 0x49, 0x73, 0x9a, 0xf2, 0xb5, 0x7c, 0x5d, 0xad, 0xa8, 0xb4, + 0xc3, 0x27, 0xe0, 0x3f, 0x93, 0x73, 0xd9, 0x48, 0xfd, 0x01, 0xb8, 0xb4, 0xd0, 0x2d, 0xd4, 0x1d, + 0xdd, 0xaa, 0x27, 0x53, 0x2c, 0x30, 0x92, 0x00, 0xd1, 0x22, 0xc6, 0x53, 0xb7, 0xc8, 0x7d, 0xf0, + 0xc7, 0xb8, 0xc0, 0x9d, 0xc3, 0x45, 0xb8, 0x18, 0x80, 0x76, 0xf1, 0xa1, 0x2b, 0xbe, 0x61, 0xe6, + 0x93, 0xf6, 0x29, 0xf4, 0x94, 0xa9, 0x65, 0xff, 0x10, 0x5a, 0xe2, 0x2e, 0xf3, 0x1d, 0x6b, 0xcc, + 0x46, 0x21, 0x1e, 0x0d, 0xc1, 0x53, 0xb4, 0x49, 0x17, 0xda, 0xdf, 0xce, 0xbe, 0x9c, 0x7d, 0xfd, + 0x7a, 0xd6, 0xdf, 0x13, 0xc6, 0x34, 0x3a, 0x9f, 0xbd, 0x9a, 0x8c, 0xfb, 0x16, 0x01, 0xf0, 0xc6, + 0x93, 0xd9, 0xf3, 0xc9, 0xb8, 0x6f, 0x8f, 0xfe, 0xb6, 0xc0, 0x3d, 0x2f, 0xf8, 0x05, 0x79, 0x09, + 0x1d, 0xf3, 0xe8, 0xc9, 0xbd, 0xb7, 0x4f, 0xb5, 0xc1, 0xfd, 0x9d, 0xe7, 0x9a, 0xcf, 0x1e, 0x79, + 0x01, 0x6d, 0xdd, 0xff, 0xe4, 0xb8, 0x86, 0xae, 0xbe, 0x9f, 0xc1, 0xbd, 0x5d, 0xc7, 0x65, 0xac, + 0xb1, 0xf9, 0x28, 0xdf, 0x6d, 0xec, 0x37, 0x1d, 0xe7, 0xdd, 0xe6, 0x43, 0x13, 0x65, 0xf4, 0x3d, + 0x74, 0xcc, 0x3f, 0x02, 0xf9, 0x06, 0x5c, 0x21, 0x30, 0x09, 0x6b, 0x3e, 0x0d, 0xff, 0x17, 0x83, + 0x87, 0x6f, 0xc5, 0x94, 0xe1, 0xff, 0xb2, 0xa0, 0x25, 0x0a, 0xc1, 0xc8, 0x14, 0x3c, 0xd5, 0x11, + 0xa4, 0x9e, 0x52, 0xa5, 0xc5, 0x06, 0xc7, 0x3b, 0x4e, 0x4b, 0xde, 0x53, 0xf0, 0x54, 0x9f, 0x6c, + 0x05, 0xaa, 0xf4, 0xd7, 0x56, 0xa0, 0x5a, 0x73, 0xed, 0x91, 0x73, 0x4d, 0x77, 0xd0, 0x40, 0xc5, + 0x04, 0xb9, 0xdb, 0x78, 0x66, 0x42, 0xfc, 0xe0, 0xc9, 0x5f, 0xb2, 0xc7, 0xff, 0x04, 0x00, 0x00, + 0xff, 0xff, 0x27, 0x7b, 0xf3, 0x60, 0xb3, 0x09, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. diff --git a/auth/service/proto/auth.proto b/auth/service/proto/auth.proto index 0080b67e..56ddaade 100644 --- a/auth/service/proto/auth.proto +++ b/auth/service/proto/auth.proto @@ -116,7 +116,7 @@ message CreateRequest { message CreateResponse {} message DeleteRequest { - Rule rule = 1; + string id = 1; } message DeleteResponse {} diff --git a/auth/service/service.go b/auth/service/service.go index 621e5fb7..0832a263 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -98,17 +98,7 @@ func (s *svc) Grant(rule *auth.Rule) error { // Revoke access to a resource func (s *svc) Revoke(rule *auth.Rule) error { _, err := s.rule.Delete(context.TODO(), &pb.DeleteRequest{ - Rule: &pb.Rule{ - Id: rule.ID, - Role: rule.Role, - Priority: rule.Priority, - Access: pb.Access_GRANTED, - Resource: &pb.Resource{ - Type: rule.Resource.Type, - Name: rule.Resource.Name, - Endpoint: rule.Resource.Endpoint, - }, - }, + Id: rule.ID, }) go s.loadRules() return err From e876cb917d994043638a597f06a3f11f1b341c1f Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Thu, 21 May 2020 12:25:47 +0100 Subject: [PATCH 07/26] auth/service support for micro clients (rules from mutltiple namespaces --- auth/service/service.go | 45 ++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/auth/service/service.go b/auth/service/service.go index 0832a263..e4c731db 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -6,6 +6,8 @@ import ( "sync" "time" + "github.com/micro/go-micro/v2/metadata" + "github.com/micro/go-micro/v2/auth" "github.com/micro/go-micro/v2/auth/rules" pb "github.com/micro/go-micro/v2/auth/service/proto" @@ -22,7 +24,7 @@ type svc struct { auth pb.AuthService rule pb.RulesService jwt token.Provider - rules []*auth.Rule + rules map[string][]*auth.Rule sync.Mutex } @@ -91,7 +93,7 @@ func (s *svc) Grant(rule *auth.Rule) error { }, }, }) - go s.loadRules() + go s.loadRules(s.options.Namespace) return err } @@ -100,12 +102,12 @@ func (s *svc) Revoke(rule *auth.Rule) error { _, err := s.rule.Delete(context.TODO(), &pb.DeleteRequest{ Id: rule.ID, }) - go s.loadRules() + go s.loadRules(s.options.Namespace) return err } func (s *svc) Rules() ([]*auth.Rule, error) { - return s.rules, nil + return s.rules[s.options.Namespace], nil } // Verify an account has access to a resource @@ -116,10 +118,10 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO } // load the rules if none are loaded - s.loadRulesIfEmpty() + s.loadRulesIfEmpty(options.Scope) // verify the request using the rules - return rules.Verify(options.Scope, s.rules, acc, res) + return rules.Verify(options.Scope, s.rules[options.Scope], acc, res) } // Inspect a token @@ -184,18 +186,17 @@ func accessForRule(rule *pb.Rule, acc *auth.Account, res *auth.Resource) pb.Acce return pb.Access_UNKNOWN } -// loadRules retrieves the rules from the auth service -func (s *svc) loadRules() { - rsp, err := s.rule.List(context.TODO(), &pb.ListRequest{}) - s.Lock() - defer s.Unlock() - +// loadRules retrieves the rules from the auth service. Since this implementation is used by micro +// clients, which support muti-tenancy we may have to persist rules in multiple namespaces. +func (s *svc) loadRules(namespace string) { + ctx := metadata.Set(context.TODO(), "Micro-Namespace", namespace) + rsp, err := s.rule.List(ctx, &pb.ListRequest{}) if err != nil { log.Errorf("Error listing rules: %v", err) return } - s.rules = make([]*auth.Rule, 0, len(rsp.Rules)) + rules := make([]*auth.Rule, 0, len(rsp.Rules)) for _, r := range rsp.Rules { var access auth.Access if r.Access == pb.Access_GRANTED { @@ -204,7 +205,7 @@ func (s *svc) loadRules() { access = auth.AccessDenied } - s.rules = append(s.rules, &auth.Rule{ + rules = append(rules, &auth.Rule{ ID: r.Id, Role: r.Role, Access: access, @@ -216,15 +217,19 @@ func (s *svc) loadRules() { }, }) } + + s.Lock() + s.rules[namespace] = rules + s.Unlock() } -func (s *svc) loadRulesIfEmpty() { +func (s *svc) loadRulesIfEmpty(namespace string) { s.Lock() rules := s.rules s.Unlock() - if len(rules) == 0 { - s.loadRules() + if _, ok := rules[namespace]; !ok { + s.loadRules(namespace) } } @@ -258,6 +263,7 @@ func NewAuth(opts ...auth.Option) auth.Auth { service := &svc{ auth: pb.NewAuthService("go.micro.auth", options.Client), rule: pb.NewRulesService("go.micro.auth", options.Client), + rules: make(map[string][]*auth.Rule), options: options, } @@ -268,7 +274,10 @@ func NewAuth(opts ...auth.Option) auth.Auth { for { <-ruleTimer.C time.Sleep(jitter.Do(time.Second * 5)) - service.loadRules() + + for ns := range service.rules { + service.loadRules(ns) + } } }() From 4de19805ba30cf2e38a6c28503174c264c1cd106 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Thu, 21 May 2020 12:33:58 +0100 Subject: [PATCH 08/26] Remove redundant test --- auth/service/service.go | 3 +-- auth/service/sevice_test.go | 26 -------------------------- 2 files changed, 1 insertion(+), 28 deletions(-) delete mode 100644 auth/service/sevice_test.go diff --git a/auth/service/service.go b/auth/service/service.go index e4c731db..fb77d9b0 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -6,8 +6,6 @@ import ( "sync" "time" - "github.com/micro/go-micro/v2/metadata" - "github.com/micro/go-micro/v2/auth" "github.com/micro/go-micro/v2/auth/rules" pb "github.com/micro/go-micro/v2/auth/service/proto" @@ -15,6 +13,7 @@ import ( "github.com/micro/go-micro/v2/auth/token/jwt" "github.com/micro/go-micro/v2/client" log "github.com/micro/go-micro/v2/logger" + "github.com/micro/go-micro/v2/metadata" "github.com/micro/go-micro/v2/util/jitter" ) diff --git a/auth/service/sevice_test.go b/auth/service/sevice_test.go deleted file mode 100644 index 1c206ee3..00000000 --- a/auth/service/sevice_test.go +++ /dev/null @@ -1,26 +0,0 @@ -package service - -import ( - "testing" - - pb "github.com/micro/go-micro/v2/auth/service/proto" -) - -func TestListRulesSorting(t *testing.T) { - s := &svc{ - rules: []*pb.Rule{ - &pb.Rule{Priority: 1}, - &pb.Rule{Priority: 3}, - &pb.Rule{Priority: 2}, - }, - } - - var priorities []int32 - for _, r := range s.listRules() { - priorities = append(priorities, r.Priority) - } - - if priorities[0] != 1 || priorities[1] != 2 || priorities[2] != 3 { - t.Errorf("Incorrect Rule Sequence") - } -} From 856c73b3419a0513ac9395ec57a1353d004df3ed Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Thu, 21 May 2020 14:56:17 +0100 Subject: [PATCH 09/26] Remove roles (replaced with scope) --- auth/auth.go | 39 +-------- auth/auth_test.go | 30 ------- auth/default.go | 1 - auth/jwt/jwt.go | 6 -- auth/options.go | 9 -- auth/rules/rules.go | 20 ++--- auth/service/proto/auth.pb.go | 147 +++++++++++++++------------------ auth/service/proto/auth.proto | 8 +- auth/service/service.go | 35 +------- auth/token/basic/basic_test.go | 8 +- auth/token/jwt/jwt.go | 4 +- auth/token/jwt/jwt_test.go | 8 +- util/auth/auth.go | 4 +- 13 files changed, 93 insertions(+), 226 deletions(-) delete mode 100644 auth/auth_test.go diff --git a/auth/auth.go b/auth/auth.go index 07a9ddab..1bedc944 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -4,7 +4,6 @@ package auth import ( "context" "errors" - "strings" "time" ) @@ -14,7 +13,7 @@ const BearerScheme = "Bearer " var ( // ErrInvalidToken is when the token provided is not valid ErrInvalidToken = errors.New("invalid token provided") - // ErrForbidden is when a user does not have the necessary roles or scoeps to access a resource + // ErrForbidden is when a user does not have the necessary scope to access a resource ErrForbidden = errors.New("resource forbidden") ) @@ -50,8 +49,6 @@ type Account struct { Type string `json:"type"` // Provider who issued the account Provider string `json:"provider"` - // Roles associated with the Account - Roles []string `json:"roles"` // Any other associated metadata Metadata map[string]string `json:"metadata"` // Scopes the account has access to @@ -60,36 +57,6 @@ type Account struct { Secret string `json:"secret"` } -// HasScope returns a boolean indicating if the account has the given scope -func (a *Account) HasScope(scopes ...string) bool { - if a.Scopes == nil { - return false - } - - for _, s := range a.Scopes { - if s == strings.Join(scopes, ".") { - return true - } - } - - return false -} - -// HasRole returns a boolean indicating if the account has the given role -func (a *Account) HasRole(role string) bool { - if a.Roles == nil { - return false - } - - for _, r := range a.Roles { - if r == role { - return true - } - } - - return false -} - // Token can be short or long lived type Token struct { // The token to be used for accessing resources @@ -131,9 +98,9 @@ const ( type Rule struct { // ID of the rule, e.g. "public" ID string - // Role the rule requires, a blank role indicates open to the public and * indicates the rule + // Scope the rule requires, a blank scope indicates open to the public and * indicates the rule // applies to any valid account - Role string + Scope string // Resource the rule applies to Resource *Resource // Access determines if the rule grants or denies access to the resource diff --git a/auth/auth_test.go b/auth/auth_test.go deleted file mode 100644 index 7985ff76..00000000 --- a/auth/auth_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package auth - -import "testing" - -func TestHasScope(t *testing.T) { - if new(Account).HasScope("namespace", "foo") { - t.Errorf("Expected the blank account to not have a role") - } - - acc := Account{Scopes: []string{"namespace.foo"}} - if !acc.HasScope("namespace", "foo") { - t.Errorf("Expected the account to have the namespace.foo role") - } - if acc.HasScope("namespace", "bar") { - t.Errorf("Expected the account to not have the namespace.bar role") - } -} -func TestHasRole(t *testing.T) { - if new(Account).HasRole("foo") { - t.Errorf("Expected the blank account to not have a role") - } - - acc := Account{Roles: []string{"foo"}} - if !acc.HasRole("foo") { - t.Errorf("Expected the account to have the foo role") - } - if acc.HasRole("bar") { - t.Errorf("Expected the account to not have the bar role") - } -} diff --git a/auth/default.go b/auth/default.go index ac0ae534..668edbd3 100644 --- a/auth/default.go +++ b/auth/default.go @@ -50,7 +50,6 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) { return &Account{ ID: id, - Roles: options.Roles, Secret: options.Secret, Metadata: options.Metadata, Scopes: options.Scopes, diff --git a/auth/jwt/jwt.go b/auth/jwt/jwt.go index 4dafc7e3..2736ee5b 100644 --- a/auth/jwt/jwt.go +++ b/auth/jwt/jwt.go @@ -17,11 +17,6 @@ func NewAuth(opts ...auth.Option) auth.Auth { return j } -type rule struct { - role string - resource *auth.Resource -} - type jwt struct { options auth.Options jwt token.Provider @@ -59,7 +54,6 @@ func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e account := &auth.Account{ ID: id, Type: options.Type, - Roles: options.Roles, Scopes: options.Scopes, Provider: options.Provider, Metadata: options.Metadata, diff --git a/auth/options.go b/auth/options.go index 2dd6cc48..6d13a756 100644 --- a/auth/options.go +++ b/auth/options.go @@ -121,8 +121,6 @@ func WithClient(c client.Client) Option { type GenerateOptions struct { // Metadata associated with the account Metadata map[string]string - // Roles/scopes associated with the account - Roles []string // Scopes the account has access too Scopes []string // Provider of the account, e.g. oauth @@ -156,13 +154,6 @@ func WithMetadata(md map[string]string) GenerateOption { } } -// WithRoles for the generated account -func WithRoles(rs ...string) GenerateOption { - return func(o *GenerateOptions) { - o.Roles = rs - } -} - // WithScopes for the generated account func WithScopes(s ...string) GenerateOption { return func(o *GenerateOptions) { diff --git a/auth/rules/rules.go b/auth/rules/rules.go index bfe3594b..16dff5b3 100644 --- a/auth/rules/rules.go +++ b/auth/rules/rules.go @@ -50,29 +50,29 @@ func Verify(namespace string, rules []*auth.Rule, acc *auth.Account, res *auth.R // loop through the rules and check for a rule which applies to this account for _, rule := range filteredRules { - // a blank role indicates the rule applies to everyone, even nil accounts - if rule.Role == "" && rule.Access == auth.AccessDenied { + // a blank scope indicates the rule applies to everyone, even nil accounts + if rule.Scope == "" && rule.Access == auth.AccessDenied { return auth.ErrForbidden - } else if rule.Role == "" && rule.Access == auth.AccessGranted { + } else if rule.Scope == "" && rule.Access == auth.AccessGranted { return nil } - // all further checks require an account within the current scope - if acc == nil || !acc.HasScope("namespace", namespace) { + // all further checks require an account + if acc == nil { continue } // this rule applies to any account - if rule.Role == "*" && rule.Access == auth.AccessDenied { + if rule.Scope == "*" && rule.Access == auth.AccessDenied { return auth.ErrForbidden - } else if rule.Role == "" && rule.Access == auth.AccessGranted { + } else if rule.Scope == "" && rule.Access == auth.AccessGranted { return nil } - // if the account has the necessary role - if include(acc.Roles, rule.Role) && rule.Access == auth.AccessDenied { + // if the account has the necessary scope + if include(acc.Scopes, rule.Scope) && rule.Access == auth.AccessDenied { return auth.ErrForbidden - } else if rule.Role == "" && rule.Access == auth.AccessGranted { + } else if rule.Scope == "" && rule.Access == auth.AccessGranted { return nil } } diff --git a/auth/service/proto/auth.pb.go b/auth/service/proto/auth.pb.go index 8a6e4ea5..97f3a7b9 100644 --- a/auth/service/proto/auth.pb.go +++ b/auth/service/proto/auth.pb.go @@ -188,7 +188,6 @@ func (m *Token) GetExpiry() int64 { type Account struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"` - Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"` Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` Scopes []string `protobuf:"bytes,5,rep,name=scopes,proto3" json:"scopes,omitempty"` Provider string `protobuf:"bytes,6,opt,name=provider,proto3" json:"provider,omitempty"` @@ -237,13 +236,6 @@ func (m *Account) GetType() string { return "" } -func (m *Account) GetRoles() []string { - if m != nil { - return m.Roles - } - return nil -} - func (m *Account) GetMetadata() map[string]string { if m != nil { return m.Metadata @@ -329,7 +321,6 @@ func (m *Resource) GetEndpoint() string { type GenerateRequest struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"` Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` Scopes []string `protobuf:"bytes,4,rep,name=scopes,proto3" json:"scopes,omitempty"` Secret string `protobuf:"bytes,5,opt,name=secret,proto3" json:"secret,omitempty"` @@ -372,13 +363,6 @@ func (m *GenerateRequest) GetId() string { return "" } -func (m *GenerateRequest) GetRoles() []string { - if m != nil { - return m.Roles - } - return nil -} - func (m *GenerateRequest) GetMetadata() map[string]string { if m != nil { return m.Metadata @@ -454,7 +438,7 @@ func (m *GenerateResponse) GetAccount() *Account { } type GrantRequest struct { - Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"` + Scope string `protobuf:"bytes,1,opt,name=scope,proto3" json:"scope,omitempty"` Resource *Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -486,9 +470,9 @@ func (m *GrantRequest) XXX_DiscardUnknown() { var xxx_messageInfo_GrantRequest proto.InternalMessageInfo -func (m *GrantRequest) GetRole() string { +func (m *GrantRequest) GetScope() string { if m != nil { - return m.Role + return m.Scope } return "" } @@ -532,7 +516,7 @@ func (m *GrantResponse) XXX_DiscardUnknown() { var xxx_messageInfo_GrantResponse proto.InternalMessageInfo type RevokeRequest struct { - Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"` + Scope string `protobuf:"bytes,1,opt,name=scope,proto3" json:"scope,omitempty"` Resource *Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -564,9 +548,9 @@ func (m *RevokeRequest) XXX_DiscardUnknown() { var xxx_messageInfo_RevokeRequest proto.InternalMessageInfo -func (m *RevokeRequest) GetRole() string { +func (m *RevokeRequest) GetScope() string { if m != nil { - return m.Role + return m.Scope } return "" } @@ -791,7 +775,7 @@ func (m *TokenResponse) GetToken() *Token { type Rule struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` + Scope string `protobuf:"bytes,2,opt,name=scope,proto3" json:"scope,omitempty"` Resource *Resource `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"` Access Access `protobuf:"varint,4,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"` Priority int32 `protobuf:"varint,5,opt,name=priority,proto3" json:"priority,omitempty"` @@ -832,9 +816,9 @@ func (m *Rule) GetId() string { return "" } -func (m *Rule) GetRole() string { +func (m *Rule) GetScope() string { if m != nil { - return m.Role + return m.Scope } return "" } @@ -1101,63 +1085,62 @@ func init() { func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) } var fileDescriptor_21300bfacc51fc2a = []byte{ - // 890 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0xdd, 0x8e, 0xdb, 0x44, - 0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xc4, 0xbb, 0xd1, 0x74, 0x5b, 0xac, 0x94, 0x6d, 0xb7, 0x2e, - 0x82, 0xa5, 0x82, 0x2c, 0x4a, 0x6f, 0x0a, 0xbd, 0x61, 0xd5, 0x44, 0xa1, 0x85, 0x06, 0x61, 0x15, - 0x95, 0x1b, 0x54, 0x19, 0xe7, 0xc0, 0x5a, 0x9b, 0xb5, 0xc3, 0xcc, 0x38, 0x22, 0x37, 0x48, 0xbc, - 0x00, 0x8f, 0xc0, 0x03, 0xf0, 0x4c, 0xdc, 0xf3, 0x1a, 0x68, 0xfe, 0xbc, 0xb1, 0xe3, 0x54, 0x2b, - 0xe0, 0x6e, 0xce, 0xcc, 0x77, 0xce, 0x9c, 0xef, 0x3b, 0x67, 0x8e, 0x0d, 0xc7, 0x71, 0xc1, 0x2f, - 0xce, 0x18, 0xd2, 0x55, 0x9a, 0xe0, 0xd9, 0x92, 0xe6, 0x3c, 0x3f, 0x13, 0x5b, 0x43, 0xb9, 0x24, - 0xfe, 0x4f, 0xf9, 0xf0, 0x2a, 0x4d, 0x68, 0x3e, 0x14, 0x9b, 0xe1, 0x6d, 0xb8, 0xf5, 0x55, 0xca, - 0xf8, 0x79, 0x92, 0xe4, 0x45, 0xc6, 0x59, 0x84, 0x3f, 0x17, 0xc8, 0x78, 0xf8, 0x02, 0x8e, 0xaa, - 0xdb, 0x6c, 0x99, 0x67, 0x0c, 0xc9, 0x08, 0x3a, 0xb1, 0xde, 0x0b, 0xac, 0x13, 0xe7, 0xb4, 0x3b, - 0xba, 0x33, 0xac, 0x04, 0x1c, 0x6a, 0x97, 0xa8, 0xc4, 0x85, 0xbf, 0x59, 0xd0, 0x7a, 0x95, 0x5f, - 0x62, 0x46, 0x1e, 0x40, 0x2f, 0x4e, 0x12, 0x64, 0xec, 0x0d, 0x17, 0x76, 0x60, 0x9d, 0x58, 0xa7, - 0xfb, 0x51, 0x57, 0xed, 0x29, 0xc8, 0x43, 0xf0, 0x29, 0xfe, 0x48, 0x91, 0x5d, 0x68, 0x8c, 0x2d, - 0x31, 0x3d, 0xbd, 0xa9, 0x40, 0x01, 0xb4, 0x13, 0x8a, 0x31, 0xc7, 0x79, 0xe0, 0x9c, 0x58, 0xa7, - 0x4e, 0x64, 0x4c, 0x72, 0x07, 0x3c, 0xfc, 0x65, 0x99, 0xd2, 0x75, 0xe0, 0xca, 0x03, 0x6d, 0x85, - 0xbf, 0xdb, 0xd0, 0xd6, 0x99, 0x91, 0x03, 0xb0, 0xd3, 0xb9, 0xbe, 0xdb, 0x4e, 0xe7, 0x84, 0x80, - 0xcb, 0xd7, 0x4b, 0xd4, 0x37, 0xc9, 0x35, 0x39, 0x82, 0x16, 0xcd, 0x17, 0xc8, 0x02, 0xe7, 0xc4, - 0x39, 0xdd, 0x8f, 0x94, 0x41, 0x3e, 0x87, 0xce, 0x15, 0xf2, 0x78, 0x1e, 0xf3, 0x38, 0x70, 0x25, - 0xfb, 0xf7, 0x9a, 0xd9, 0x0f, 0x5f, 0x6a, 0xd8, 0x24, 0xe3, 0x74, 0x1d, 0x95, 0x5e, 0x22, 0x3f, - 0x96, 0xe4, 0x4b, 0x64, 0x41, 0x4b, 0x06, 0xd6, 0x16, 0x19, 0x40, 0x67, 0x49, 0xf3, 0x55, 0x3a, - 0x47, 0x1a, 0x78, 0x32, 0x8f, 0xd2, 0x96, 0x3e, 0x98, 0x50, 0xe4, 0x41, 0x5b, 0x9e, 0x68, 0x6b, - 0xf0, 0x14, 0xfc, 0xca, 0x35, 0xa4, 0x0f, 0xce, 0x25, 0xae, 0x35, 0x33, 0xb1, 0x14, 0x34, 0x56, - 0xf1, 0xa2, 0x30, 0xdc, 0x94, 0xf1, 0x99, 0xfd, 0xc4, 0x0a, 0x67, 0xd0, 0x89, 0x90, 0xe5, 0x05, - 0x4d, 0x50, 0x08, 0x90, 0xc5, 0x57, 0xa8, 0x1d, 0xe5, 0xba, 0x51, 0x94, 0x01, 0x74, 0x30, 0x9b, - 0x2f, 0xf3, 0x34, 0xe3, 0x52, 0xf7, 0xfd, 0xa8, 0xb4, 0xc3, 0x3f, 0x6c, 0x38, 0x9c, 0x62, 0x86, - 0x34, 0xe6, 0xa8, 0x9b, 0x68, 0x4b, 0xe8, 0x52, 0x54, 0x7b, 0x53, 0xd4, 0x2f, 0x36, 0x44, 0x75, - 0xa4, 0xa8, 0x1f, 0xd5, 0x44, 0xad, 0xc5, 0xbd, 0x81, 0xb8, 0x6e, 0x45, 0xdc, 0x6b, 0x01, 0x5b, - 0x9b, 0x02, 0x96, 0x1c, 0xbd, 0x2a, 0xc7, 0xb2, 0x10, 0xed, 0x6a, 0x21, 0xfe, 0x9b, 0xe0, 0x63, - 0xe8, 0x5f, 0xf3, 0xd0, 0xaf, 0xe9, 0x13, 0x68, 0xeb, 0x57, 0x22, 0x63, 0xec, 0x7e, 0x4c, 0x06, - 0x16, 0xbe, 0x86, 0xde, 0x94, 0xc6, 0x19, 0x37, 0x12, 0x13, 0x70, 0x85, 0x8a, 0xa6, 0x74, 0x62, - 0x4d, 0x1e, 0x43, 0x87, 0xea, 0xd2, 0xca, 0x34, 0xba, 0xa3, 0x77, 0x6a, 0x61, 0x4d, 0xe5, 0xa3, - 0x12, 0x18, 0x1e, 0x82, 0xaf, 0x03, 0xab, 0xdc, 0xc2, 0xef, 0xc0, 0x8f, 0x70, 0x95, 0x5f, 0xe2, - 0xff, 0x7e, 0x55, 0x1f, 0x0e, 0x4c, 0x64, 0x7d, 0xd7, 0xfb, 0x70, 0xf0, 0x3c, 0x63, 0x4b, 0x4c, - 0x4a, 0x5e, 0x47, 0xd0, 0xda, 0x1c, 0x11, 0xca, 0x08, 0x9f, 0xc1, 0x61, 0x89, 0xfb, 0xd7, 0x12, - 0xfe, 0x0a, 0x3d, 0x39, 0x45, 0x76, 0x75, 0xe9, 0x75, 0xb7, 0xd8, 0x95, 0x6e, 0xd9, 0x9a, 0x4c, - 0x4e, 0xc3, 0x64, 0x7a, 0x00, 0x3d, 0x79, 0xf8, 0xa6, 0x32, 0x85, 0xba, 0x72, 0x6f, 0xa2, 0x46, - 0xd1, 0x53, 0xf0, 0xf5, 0xfd, 0x9a, 0xc2, 0xa3, 0x4d, 0xae, 0xdd, 0xd1, 0x51, 0x8d, 0x80, 0x02, - 0x6b, 0x05, 0xfe, 0xb4, 0xc0, 0x8d, 0x8a, 0x05, 0x36, 0x0d, 0x31, 0x59, 0x1d, 0x7b, 0x47, 0x75, - 0x9c, 0x1b, 0x56, 0x87, 0x7c, 0x0c, 0x9e, 0x9a, 0xc7, 0x32, 0xf7, 0x83, 0xd1, 0xed, 0x6d, 0x3d, - 0x91, 0xb1, 0x48, 0x83, 0xd4, 0x7b, 0x49, 0x73, 0x9a, 0xf2, 0xb5, 0x7c, 0x5d, 0xad, 0xa8, 0xb4, - 0xc3, 0x27, 0xe0, 0x3f, 0x93, 0x73, 0xd9, 0x48, 0xfd, 0x01, 0xb8, 0xb4, 0xd0, 0x2d, 0xd4, 0x1d, - 0xdd, 0xaa, 0x27, 0x53, 0x2c, 0x30, 0x92, 0x00, 0xd1, 0x22, 0xc6, 0x53, 0xb7, 0xc8, 0x7d, 0xf0, - 0xc7, 0xb8, 0xc0, 0x9d, 0xc3, 0x45, 0xb8, 0x18, 0x80, 0x76, 0xf1, 0xa1, 0x2b, 0xbe, 0x61, 0xe6, - 0x93, 0xf6, 0x29, 0xf4, 0x94, 0xa9, 0x65, 0xff, 0x10, 0x5a, 0xe2, 0x2e, 0xf3, 0x1d, 0x6b, 0xcc, - 0x46, 0x21, 0x1e, 0x0d, 0xc1, 0x53, 0xb4, 0x49, 0x17, 0xda, 0xdf, 0xce, 0xbe, 0x9c, 0x7d, 0xfd, - 0x7a, 0xd6, 0xdf, 0x13, 0xc6, 0x34, 0x3a, 0x9f, 0xbd, 0x9a, 0x8c, 0xfb, 0x16, 0x01, 0xf0, 0xc6, - 0x93, 0xd9, 0xf3, 0xc9, 0xb8, 0x6f, 0x8f, 0xfe, 0xb6, 0xc0, 0x3d, 0x2f, 0xf8, 0x05, 0x79, 0x09, - 0x1d, 0xf3, 0xe8, 0xc9, 0xbd, 0xb7, 0x4f, 0xb5, 0xc1, 0xfd, 0x9d, 0xe7, 0x9a, 0xcf, 0x1e, 0x79, - 0x01, 0x6d, 0xdd, 0xff, 0xe4, 0xb8, 0x86, 0xae, 0xbe, 0x9f, 0xc1, 0xbd, 0x5d, 0xc7, 0x65, 0xac, - 0xb1, 0xf9, 0x28, 0xdf, 0x6d, 0xec, 0x37, 0x1d, 0xe7, 0xdd, 0xe6, 0x43, 0x13, 0x65, 0xf4, 0x3d, - 0x74, 0xcc, 0x3f, 0x02, 0xf9, 0x06, 0x5c, 0x21, 0x30, 0x09, 0x6b, 0x3e, 0x0d, 0xff, 0x17, 0x83, - 0x87, 0x6f, 0xc5, 0x94, 0xe1, 0xff, 0xb2, 0xa0, 0x25, 0x0a, 0xc1, 0xc8, 0x14, 0x3c, 0xd5, 0x11, - 0xa4, 0x9e, 0x52, 0xa5, 0xc5, 0x06, 0xc7, 0x3b, 0x4e, 0x4b, 0xde, 0x53, 0xf0, 0x54, 0x9f, 0x6c, - 0x05, 0xaa, 0xf4, 0xd7, 0x56, 0xa0, 0x5a, 0x73, 0xed, 0x91, 0x73, 0x4d, 0x77, 0xd0, 0x40, 0xc5, - 0x04, 0xb9, 0xdb, 0x78, 0x66, 0x42, 0xfc, 0xe0, 0xc9, 0x5f, 0xb2, 0xc7, 0xff, 0x04, 0x00, 0x00, - 0xff, 0xff, 0x27, 0x7b, 0xf3, 0x60, 0xb3, 0x09, 0x00, 0x00, + // 871 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x5f, 0x8f, 0xdb, 0x44, + 0x10, 0x3f, 0xe7, 0x8f, 0x93, 0x9b, 0xc4, 0x77, 0xd1, 0xf6, 0x5a, 0xac, 0x94, 0x6b, 0xaf, 0x2e, + 0x82, 0xa3, 0x82, 0x1c, 0x4a, 0x5f, 0x0a, 0x7d, 0xe1, 0xd4, 0x44, 0xa1, 0x85, 0x06, 0x61, 0x15, + 0x21, 0x90, 0x50, 0x65, 0x9c, 0x81, 0xb3, 0x2e, 0x67, 0x9b, 0xdd, 0x75, 0x44, 0x5e, 0x90, 0x78, + 0xe3, 0xc3, 0xf0, 0x91, 0x78, 0xe7, 0x2b, 0xf0, 0x88, 0xbc, 0x3b, 0xeb, 0x8b, 0x1d, 0xa7, 0x3a, + 0x81, 0x78, 0xf3, 0xec, 0xfe, 0x76, 0x66, 0x7e, 0xbf, 0x9d, 0x99, 0x35, 0x1c, 0x07, 0x99, 0xbc, + 0x38, 0x13, 0xc8, 0x57, 0x51, 0x88, 0x67, 0x29, 0x4f, 0x64, 0x72, 0x96, 0x2f, 0x8d, 0xd4, 0x27, + 0x73, 0x7e, 0x4a, 0x46, 0x57, 0x51, 0xc8, 0x93, 0x51, 0xbe, 0xe8, 0xdd, 0x86, 0x5b, 0x5f, 0x44, + 0x42, 0x9e, 0x87, 0x61, 0x92, 0xc5, 0x52, 0xf8, 0xf8, 0x73, 0x86, 0x42, 0x7a, 0x2f, 0xe0, 0xa8, + 0xbc, 0x2c, 0xd2, 0x24, 0x16, 0xc8, 0xc6, 0xd0, 0x0d, 0x68, 0xcd, 0xb5, 0x4e, 0x9a, 0xa7, 0xbd, + 0xf1, 0x9d, 0x51, 0xc9, 0xe1, 0x88, 0x8e, 0xf8, 0x05, 0xce, 0xfb, 0xcd, 0x82, 0xf6, 0xab, 0xe4, + 0x12, 0x63, 0xf6, 0x00, 0xfa, 0x41, 0x18, 0xa2, 0x10, 0xaf, 0x65, 0x6e, 0xbb, 0xd6, 0x89, 0x75, + 0xba, 0xef, 0xf7, 0xf4, 0x9a, 0x86, 0x3c, 0x04, 0x87, 0xe3, 0x8f, 0x1c, 0xc5, 0x05, 0x61, 0x1a, + 0x0a, 0xd3, 0xa7, 0x45, 0x0d, 0x72, 0xa1, 0x13, 0x72, 0x0c, 0x24, 0x2e, 0xdc, 0xe6, 0x89, 0x75, + 0xda, 0xf4, 0x8d, 0xc9, 0xee, 0x80, 0x8d, 0xbf, 0xa4, 0x11, 0x5f, 0xbb, 0x2d, 0xb5, 0x41, 0x96, + 0xf7, 0xb7, 0x05, 0x1d, 0xca, 0x8c, 0x1d, 0x40, 0x23, 0x5a, 0x50, 0xec, 0x46, 0xb4, 0x60, 0x0c, + 0x5a, 0x72, 0x9d, 0x22, 0x45, 0x52, 0xdf, 0xec, 0x53, 0xe8, 0x5e, 0xa1, 0x0c, 0x16, 0x81, 0x0c, + 0xdc, 0x96, 0xe2, 0xf9, 0x4e, 0x3d, 0xcf, 0xd1, 0x4b, 0x82, 0x4d, 0x63, 0xc9, 0xd7, 0x7e, 0x71, + 0x2a, 0xcf, 0x44, 0x84, 0x49, 0x8a, 0xc2, 0x6d, 0x9f, 0x34, 0x4f, 0xf7, 0x7d, 0xb2, 0xd8, 0x10, + 0xba, 0x29, 0x4f, 0x56, 0xd1, 0x02, 0xb9, 0x6b, 0xab, 0x88, 0x85, 0xad, 0xce, 0x60, 0xc8, 0x51, + 0xba, 0x1d, 0xb5, 0x43, 0xd6, 0xf0, 0x29, 0x38, 0xa5, 0x30, 0x6c, 0x00, 0xcd, 0x4b, 0x5c, 0x13, + 0x87, 0xfc, 0x93, 0x1d, 0x41, 0x7b, 0x15, 0x2c, 0x33, 0xc3, 0x42, 0x1b, 0x9f, 0x34, 0x9e, 0x58, + 0xde, 0x1c, 0xba, 0x3e, 0x8a, 0x24, 0xe3, 0x21, 0xe6, 0x54, 0xe3, 0xe0, 0x0a, 0xe9, 0xa0, 0xfa, + 0xae, 0xa5, 0x3f, 0x84, 0x2e, 0xc6, 0x8b, 0x34, 0x89, 0x62, 0xa9, 0x14, 0xde, 0xf7, 0x0b, 0xdb, + 0xfb, 0xbd, 0x01, 0x87, 0x33, 0x8c, 0x91, 0x07, 0x12, 0xa9, 0x5c, 0xb6, 0x24, 0xfd, 0x6c, 0x43, + 0xbe, 0xa6, 0x92, 0xef, 0x83, 0x8a, 0x7c, 0x15, 0x0f, 0x37, 0x90, 0xb1, 0x55, 0x92, 0xf1, 0x5a, + 0xaa, 0xf6, 0xa6, 0x54, 0x05, 0x1b, 0xbb, 0xcc, 0xa6, 0x90, 0xbc, 0x53, 0x96, 0xfc, 0xbf, 0x49, + 0x3b, 0x81, 0xc1, 0x35, 0x0f, 0xea, 0x90, 0x8f, 0xa0, 0x43, 0x95, 0xaf, 0x7c, 0xec, 0x6e, 0x10, + 0x03, 0xf3, 0xbe, 0x85, 0xfe, 0x8c, 0x07, 0xb1, 0x34, 0x62, 0x1e, 0x41, 0x5b, 0x91, 0xa4, 0x1c, + 0xb4, 0xc1, 0x1e, 0x43, 0x97, 0xd3, 0x35, 0xaa, 0x44, 0x7a, 0xe3, 0xb7, 0x2a, 0x8e, 0xcd, 0x2d, + 0xfb, 0x05, 0xd0, 0x3b, 0x04, 0x87, 0x5c, 0xeb, 0xec, 0xbc, 0xef, 0xc0, 0xf1, 0x71, 0x95, 0x5c, + 0xe2, 0xff, 0x10, 0x6c, 0x00, 0x07, 0xc6, 0x37, 0x45, 0x7b, 0x17, 0x0e, 0x9e, 0xc7, 0x22, 0xc5, + 0x70, 0x93, 0xdb, 0x66, 0xeb, 0x6b, 0xc3, 0x7b, 0x06, 0x87, 0x05, 0xee, 0x5f, 0xcb, 0xf8, 0x2b, + 0xf4, 0xd5, 0x74, 0xd8, 0x55, 0x93, 0xd7, 0x15, 0xd3, 0x28, 0x55, 0xcc, 0xd6, 0xc4, 0x69, 0xd6, + 0x4c, 0x9c, 0x07, 0xd0, 0x57, 0x9b, 0xaf, 0x4b, 0xd3, 0xa5, 0xa7, 0xd6, 0xa6, 0x7a, 0xc4, 0x3c, + 0x05, 0x87, 0xe2, 0x13, 0x85, 0x47, 0x9b, 0x5c, 0x7b, 0xe3, 0xa3, 0x0a, 0x01, 0x0d, 0x26, 0x05, + 0xfe, 0xb0, 0xa0, 0xe5, 0x67, 0x4b, 0xdc, 0xca, 0xba, 0xb8, 0x9f, 0xc6, 0xae, 0xfb, 0x69, 0xde, + 0xf0, 0x7e, 0xd8, 0x87, 0x60, 0xeb, 0x49, 0xab, 0xb2, 0x3f, 0x18, 0xdf, 0xde, 0x56, 0x14, 0x85, + 0xf0, 0x09, 0xa4, 0xbb, 0x26, 0x4a, 0x78, 0x24, 0xd7, 0xaa, 0xc7, 0xda, 0x7e, 0x61, 0x7b, 0x4f, + 0xc0, 0x79, 0xa6, 0x26, 0xae, 0x11, 0xfb, 0x3d, 0x68, 0xf1, 0x6c, 0x89, 0x44, 0xf5, 0x56, 0x35, + 0x99, 0x6c, 0x89, 0xbe, 0x02, 0xe4, 0x45, 0x62, 0x4e, 0x52, 0x91, 0xdc, 0x07, 0x67, 0x82, 0x4b, + 0xdc, 0x39, 0x4c, 0xf2, 0x23, 0x06, 0x40, 0x47, 0x1c, 0xe8, 0xe5, 0xaf, 0x93, 0x79, 0xac, 0x3e, + 0x86, 0xbe, 0x36, 0x49, 0xf8, 0xf7, 0xa1, 0x9d, 0xc7, 0x32, 0x2f, 0x54, 0x6d, 0x36, 0x1a, 0xf1, + 0x68, 0x04, 0xb6, 0xa6, 0xcd, 0x7a, 0xd0, 0xf9, 0x7a, 0xfe, 0xf9, 0xfc, 0xcb, 0x6f, 0xe6, 0x83, + 0xbd, 0xdc, 0x98, 0xf9, 0xe7, 0xf3, 0x57, 0xd3, 0xc9, 0xc0, 0x62, 0x00, 0xf6, 0x64, 0x3a, 0x7f, + 0x3e, 0x9d, 0x0c, 0x1a, 0xe3, 0xbf, 0x2c, 0x68, 0x9d, 0x67, 0xf2, 0x82, 0xbd, 0x84, 0xae, 0x69, + 0x7d, 0x76, 0xef, 0xcd, 0xb3, 0x6d, 0x78, 0x7f, 0xe7, 0x3e, 0xf1, 0xd9, 0x63, 0x2f, 0xa0, 0x43, + 0x1d, 0xc0, 0x8e, 0x2b, 0xe8, 0x72, 0x07, 0x0d, 0xef, 0xed, 0xda, 0x2e, 0x7c, 0x4d, 0xcc, 0x73, + 0x7b, 0xb7, 0xb6, 0xe2, 0xc8, 0xcf, 0xdb, 0xf5, 0x9b, 0xc6, 0xcb, 0xf8, 0x7b, 0xe8, 0x9a, 0xd7, + 0x9f, 0x7d, 0x05, 0xad, 0x5c, 0x60, 0xe6, 0x55, 0xce, 0xd4, 0xfc, 0x39, 0x0c, 0x1f, 0xbe, 0x11, + 0x53, 0xb8, 0xff, 0xd3, 0x82, 0x76, 0x7e, 0x11, 0x82, 0xcd, 0xc0, 0xd6, 0x15, 0xc1, 0xaa, 0x29, + 0x95, 0x4a, 0x6c, 0x78, 0xbc, 0x63, 0xb7, 0xe0, 0x3d, 0x03, 0x5b, 0xd7, 0xc9, 0x96, 0xa3, 0x52, + 0x7d, 0x6d, 0x39, 0xaa, 0x14, 0xd7, 0x1e, 0x3b, 0x27, 0xba, 0xc3, 0x1a, 0x2a, 0xc6, 0xc9, 0xdd, + 0xda, 0x3d, 0xe3, 0xe2, 0x07, 0x5b, 0xfd, 0x6c, 0x3d, 0xfe, 0x27, 0x00, 0x00, 0xff, 0xff, 0xda, + 0xef, 0x0e, 0x5f, 0x8d, 0x09, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. diff --git a/auth/service/proto/auth.proto b/auth/service/proto/auth.proto index 56ddaade..79635f0c 100644 --- a/auth/service/proto/auth.proto +++ b/auth/service/proto/auth.proto @@ -35,7 +35,6 @@ message Token { message Account { string id = 1; string type = 2; - repeated string roles = 3; map metadata = 4; repeated string scopes = 5; string provider = 6; @@ -50,7 +49,6 @@ message Resource{ message GenerateRequest { string id = 1; - repeated string roles = 2; map metadata = 3; repeated string scopes = 4; string secret = 5; @@ -63,14 +61,14 @@ message GenerateResponse { } message GrantRequest { - string role = 1; + string scope = 1; Resource resource = 2; } message GrantResponse {} message RevokeRequest { - string role = 1; + string scope = 1; Resource resource = 2; } @@ -103,7 +101,7 @@ enum Access { message Rule { string id = 1; - string role = 2; + string scope = 2; Resource resource = 3; Access access = 4; int32 priority = 5; diff --git a/auth/service/service.go b/auth/service/service.go index fb77d9b0..c6586ecb 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -65,7 +65,6 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e Id: id, Type: options.Type, Secret: options.Secret, - Roles: options.Roles, Scopes: options.Scopes, Metadata: options.Metadata, Provider: options.Provider, @@ -82,7 +81,7 @@ func (s *svc) Grant(rule *auth.Rule) error { _, err := s.rule.Create(context.TODO(), &pb.CreateRequest{ Rule: &pb.Rule{ Id: rule.ID, - Role: rule.Role, + Scope: rule.Scope, Priority: rule.Priority, Access: pb.Access_GRANTED, Resource: &pb.Resource{ @@ -156,35 +155,6 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) { return serializeToken(rsp.Token), nil } -var ruleJoinKey = ":" - -// accessForRule returns a rule status, indicating if a rule permits access to a -// resource for a given account -func accessForRule(rule *pb.Rule, acc *auth.Account, res *auth.Resource) pb.Access { - // a blank role permits access to the public - if rule.Role == "" { - return rule.Access - } - - // a * role permits access to any user - if rule.Role == "*" && acc != nil { - return rule.Access - } - - for _, role := range acc.Roles { - if rule.Role == role { - return rule.Access - } - - // allow user.anything if role is user.* - if strings.HasSuffix(rule.Role, ".*") && strings.HasPrefix(rule.Role, role+".") { - return rule.Access - } - } - - return pb.Access_UNKNOWN -} - // loadRules retrieves the rules from the auth service. Since this implementation is used by micro // clients, which support muti-tenancy we may have to persist rules in multiple namespaces. func (s *svc) loadRules(namespace string) { @@ -206,7 +176,7 @@ func (s *svc) loadRules(namespace string) { rules = append(rules, &auth.Rule{ ID: r.Id, - Role: r.Role, + Scope: r.Scope, Access: access, Priority: r.Priority, Resource: &auth.Resource{ @@ -244,7 +214,6 @@ func serializeToken(t *pb.Token) *auth.Token { func serializeAccount(a *pb.Account) *auth.Account { return &auth.Account{ ID: a.Id, - Roles: a.Roles, Secret: a.Secret, Metadata: a.Metadata, Provider: a.Provider, diff --git a/auth/token/basic/basic_test.go b/auth/token/basic/basic_test.go index 127e201d..dd07bce1 100644 --- a/auth/token/basic/basic_test.go +++ b/auth/token/basic/basic_test.go @@ -32,10 +32,10 @@ func TestInspect(t *testing.T) { t.Run("Valid token", func(t *testing.T) { md := map[string]string{"foo": "bar"} - roles := []string{"admin"} + scopes := []string{"admin"} subject := "test" - tok, err := b.Generate(&auth.Account{ID: subject, Roles: roles, Metadata: md}) + tok, err := b.Generate(&auth.Account{ID: subject, Scopes: scopes, Metadata: md}) if err != nil { t.Fatalf("Generate returned %v error, expected nil", err) } @@ -47,8 +47,8 @@ func TestInspect(t *testing.T) { if tok2.ID != subject { t.Errorf("Inspect returned %v as the token subject, expected %v", tok2.ID, subject) } - if len(tok2.Roles) != len(roles) { - t.Errorf("Inspect returned %v roles, expected %v", len(tok2.Roles), len(roles)) + if len(tok2.Scopes) != len(scopes) { + t.Errorf("Inspect returned %v scopes, expected %v", len(tok2.Scopes), len(scopes)) } if len(tok2.Metadata) != len(md) { t.Errorf("Inspect returned %v as the token metadata, expected %v", tok2.Metadata, md) diff --git a/auth/token/jwt/jwt.go b/auth/token/jwt/jwt.go index 01f35391..1e865d64 100644 --- a/auth/token/jwt/jwt.go +++ b/auth/token/jwt/jwt.go @@ -12,7 +12,6 @@ import ( // authClaims to be encoded in the JWT type authClaims struct { Type string `json:"type"` - Roles []string `json:"roles"` Scopes []string `json:"scopes"` Provider string `json:"provider"` Metadata map[string]string `json:"metadata"` @@ -52,7 +51,7 @@ func (j *JWT) Generate(acc *auth.Account, opts ...token.GenerateOption) (*token. // generate the JWT expiry := time.Now().Add(options.Expiry) t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{ - acc.Type, acc.Roles, acc.Scopes, acc.Provider, acc.Metadata, jwt.StandardClaims{ + acc.Type, acc.Scopes, acc.Provider, acc.Metadata, jwt.StandardClaims{ Subject: acc.ID, ExpiresAt: expiry.Unix(), }, @@ -99,7 +98,6 @@ func (j *JWT) Inspect(t string) (*auth.Account, error) { return &auth.Account{ ID: claims.Subject, Type: claims.Type, - Roles: claims.Roles, Scopes: claims.Scopes, Provider: claims.Provider, Metadata: claims.Metadata, diff --git a/auth/token/jwt/jwt_test.go b/auth/token/jwt/jwt_test.go index 5d4b5591..a0281637 100644 --- a/auth/token/jwt/jwt_test.go +++ b/auth/token/jwt/jwt_test.go @@ -42,10 +42,10 @@ func TestInspect(t *testing.T) { t.Run("Valid token", func(t *testing.T) { md := map[string]string{"foo": "bar"} - roles := []string{"admin"} + scopes := []string{"admin"} subject := "test" - acc := &auth.Account{ID: subject, Roles: roles, Metadata: md} + acc := &auth.Account{ID: subject, Scopes: scopes, Metadata: md} tok, err := j.Generate(acc) if err != nil { t.Fatalf("Generate returned %v error, expected nil", err) @@ -58,8 +58,8 @@ func TestInspect(t *testing.T) { if acc.ID != subject { t.Errorf("Inspect returned %v as the token subject, expected %v", acc.ID, subject) } - if len(tok2.Roles) != len(roles) { - t.Errorf("Inspect returned %v roles, expected %v", len(tok2.Roles), len(roles)) + if len(tok2.Scopes) != len(scopes) { + t.Errorf("Inspect returned %v scopes, expected %v", len(tok2.Scopes), len(scopes)) } if len(tok2.Metadata) != len(md) { t.Errorf("Inspect returned %v as the token metadata, expected %v", tok2.Metadata, md) diff --git a/util/auth/auth.go b/util/auth/auth.go index 4c7eaa34..e26a6f1f 100644 --- a/util/auth/auth.go +++ b/util/auth/auth.go @@ -18,12 +18,10 @@ func Generate(id string, name string, a auth.Auth) error { // if no credentials were provided, generate an account if len(accID) == 0 || len(accSecret) == 0 { name := fmt.Sprintf("%v-%v", name, id) - scope := "namespace." + a.Options().Namespace opts := []auth.GenerateOption{ auth.WithType("service"), - auth.WithRoles("service"), - auth.WithScopes(scope), + auth.WithScopes("service"), } acc, err := a.Generate(name, opts...) From 12061bd00606b7b0a50e2e0dd86d5f078b8c2720 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Thu, 21 May 2020 16:41:55 +0100 Subject: [PATCH 10/26] Add account issuers --- auth/auth.go | 6 +- auth/jwt/jwt.go | 6 +- auth/options.go | 25 ++--- auth/rules/rules.go | 2 +- auth/service/proto/auth.pb.go | 116 +++++++++++----------- auth/service/proto/auth.proto | 2 +- auth/service/service.go | 19 +++- auth/token/jwt/jwt.go | 6 +- runtime/service/proto/runtime.pb.go | 148 +++++++++------------------- runtime/service/proto/runtime.proto | 12 --- runtime/service/service.go | 27 ++--- util/wrapper/wrapper.go | 18 +++- 12 files changed, 159 insertions(+), 228 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index 1bedc944..96434acd 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -17,7 +17,7 @@ var ( ErrForbidden = errors.New("resource forbidden") ) -// Auth providers authentication and authorization +// Auth provides authentication and authorization type Auth interface { // Init the auth Init(opts ...Option) @@ -47,8 +47,8 @@ type Account struct { ID string `json:"id"` // Type of the account, e.g. service Type string `json:"type"` - // Provider who issued the account - Provider string `json:"provider"` + // Issuer of the account + Issuer string `json:"issuer"` // Any other associated metadata Metadata map[string]string `json:"metadata"` // Scopes the account has access to diff --git a/auth/jwt/jwt.go b/auth/jwt/jwt.go index 2736ee5b..616d24c5 100644 --- a/auth/jwt/jwt.go +++ b/auth/jwt/jwt.go @@ -55,8 +55,8 @@ func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e ID: id, Type: options.Type, Scopes: options.Scopes, - Provider: options.Provider, Metadata: options.Metadata, + Issuer: j.Options().Namespace, } // generate a JWT secret which can be provided to the Token() method @@ -97,12 +97,12 @@ func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO j.Lock() defer j.Unlock() - options := auth.VerifyOptions{Scope: j.options.Namespace} + var options auth.VerifyOptions for _, o := range opts { o(&options) } - return rules.Verify(options.Scope, j.rules, acc, res) + return rules.Verify(j.rules, acc, res) } func (j *jwt) Rules() ([]*auth.Rule, error) { diff --git a/auth/options.go b/auth/options.go index 6d13a756..43ead6ac 100644 --- a/auth/options.go +++ b/auth/options.go @@ -154,13 +154,6 @@ func WithMetadata(md map[string]string) GenerateOption { } } -// WithScopes for the generated account -func WithScopes(s ...string) GenerateOption { - return func(o *GenerateOptions) { - o.Scopes = s - } -} - // WithProvider for the generated account func WithProvider(p string) GenerateOption { return func(o *GenerateOptions) { @@ -168,6 +161,13 @@ func WithProvider(p string) GenerateOption { } } +// WithScopes for the generated account +func WithScopes(s ...string) GenerateOption { + return func(o *GenerateOptions) { + o.Scopes = s + } +} + // NewGenerateOptions from a slice of options func NewGenerateOptions(opts ...GenerateOption) GenerateOptions { var options GenerateOptions @@ -225,15 +225,6 @@ func NewTokenOptions(opts ...TokenOption) TokenOptions { return options } -type VerifyOptions struct { - Scope string -} +type VerifyOptions struct{} type VerifyOption func(o *VerifyOptions) - -// WithScope to require when verifying -func WithScope(s string) VerifyOption { - return func(o *VerifyOptions) { - o.Scope = s - } -} diff --git a/auth/rules/rules.go b/auth/rules/rules.go index 16dff5b3..e17053a0 100644 --- a/auth/rules/rules.go +++ b/auth/rules/rules.go @@ -11,7 +11,7 @@ import ( // Verify an account has access to a resource using the rules provided. If the account does not have // access an error will be returned. If there are no rules provided which match the resource, an error // will be returned -func Verify(namespace string, rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error { +func Verify(rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error { // the rule is only to be applied if the type matches the resource or is catch-all (*) validTypes := []string{"*", res.Type} diff --git a/auth/service/proto/auth.pb.go b/auth/service/proto/auth.pb.go index 97f3a7b9..fe13d389 100644 --- a/auth/service/proto/auth.pb.go +++ b/auth/service/proto/auth.pb.go @@ -190,7 +190,7 @@ type Account struct { Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"` Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` Scopes []string `protobuf:"bytes,5,rep,name=scopes,proto3" json:"scopes,omitempty"` - Provider string `protobuf:"bytes,6,opt,name=provider,proto3" json:"provider,omitempty"` + Issuer string `protobuf:"bytes,6,opt,name=issuer,proto3" json:"issuer,omitempty"` Secret string `protobuf:"bytes,7,opt,name=secret,proto3" json:"secret,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -250,9 +250,9 @@ func (m *Account) GetScopes() []string { return nil } -func (m *Account) GetProvider() string { +func (m *Account) GetIssuer() string { if m != nil { - return m.Provider + return m.Issuer } return "" } @@ -1085,62 +1085,62 @@ func init() { func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) } var fileDescriptor_21300bfacc51fc2a = []byte{ - // 871 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x5f, 0x8f, 0xdb, 0x44, - 0x10, 0x3f, 0xe7, 0x8f, 0x93, 0x9b, 0xc4, 0x77, 0xd1, 0xf6, 0x5a, 0xac, 0x94, 0x6b, 0xaf, 0x2e, + // 872 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x51, 0x8f, 0xdb, 0x44, + 0x10, 0x3e, 0x27, 0xb1, 0x93, 0x9b, 0xc4, 0x77, 0xd1, 0xf6, 0x5a, 0xac, 0x94, 0x6b, 0xaf, 0x2e, 0x82, 0xa3, 0x82, 0x1c, 0x4a, 0x5f, 0x0a, 0x7d, 0xe1, 0xd4, 0x44, 0xa1, 0x85, 0x06, 0x61, 0x15, - 0x21, 0x90, 0x50, 0x65, 0x9c, 0x81, 0xb3, 0x2e, 0x67, 0x9b, 0xdd, 0x75, 0x44, 0x5e, 0x90, 0x78, - 0xe3, 0xc3, 0xf0, 0x91, 0x78, 0xe7, 0x2b, 0xf0, 0x88, 0xbc, 0x3b, 0xeb, 0x8b, 0x1d, 0xa7, 0x3a, - 0x81, 0x78, 0xf3, 0xec, 0xfe, 0x76, 0x66, 0x7e, 0xbf, 0x9d, 0x99, 0x35, 0x1c, 0x07, 0x99, 0xbc, - 0x38, 0x13, 0xc8, 0x57, 0x51, 0x88, 0x67, 0x29, 0x4f, 0x64, 0x72, 0x96, 0x2f, 0x8d, 0xd4, 0x27, - 0x73, 0x7e, 0x4a, 0x46, 0x57, 0x51, 0xc8, 0x93, 0x51, 0xbe, 0xe8, 0xdd, 0x86, 0x5b, 0x5f, 0x44, - 0x42, 0x9e, 0x87, 0x61, 0x92, 0xc5, 0x52, 0xf8, 0xf8, 0x73, 0x86, 0x42, 0x7a, 0x2f, 0xe0, 0xa8, - 0xbc, 0x2c, 0xd2, 0x24, 0x16, 0xc8, 0xc6, 0xd0, 0x0d, 0x68, 0xcd, 0xb5, 0x4e, 0x9a, 0xa7, 0xbd, - 0xf1, 0x9d, 0x51, 0xc9, 0xe1, 0x88, 0x8e, 0xf8, 0x05, 0xce, 0xfb, 0xcd, 0x82, 0xf6, 0xab, 0xe4, - 0x12, 0x63, 0xf6, 0x00, 0xfa, 0x41, 0x18, 0xa2, 0x10, 0xaf, 0x65, 0x6e, 0xbb, 0xd6, 0x89, 0x75, - 0xba, 0xef, 0xf7, 0xf4, 0x9a, 0x86, 0x3c, 0x04, 0x87, 0xe3, 0x8f, 0x1c, 0xc5, 0x05, 0x61, 0x1a, - 0x0a, 0xd3, 0xa7, 0x45, 0x0d, 0x72, 0xa1, 0x13, 0x72, 0x0c, 0x24, 0x2e, 0xdc, 0xe6, 0x89, 0x75, - 0xda, 0xf4, 0x8d, 0xc9, 0xee, 0x80, 0x8d, 0xbf, 0xa4, 0x11, 0x5f, 0xbb, 0x2d, 0xb5, 0x41, 0x96, - 0xf7, 0xb7, 0x05, 0x1d, 0xca, 0x8c, 0x1d, 0x40, 0x23, 0x5a, 0x50, 0xec, 0x46, 0xb4, 0x60, 0x0c, - 0x5a, 0x72, 0x9d, 0x22, 0x45, 0x52, 0xdf, 0xec, 0x53, 0xe8, 0x5e, 0xa1, 0x0c, 0x16, 0x81, 0x0c, - 0xdc, 0x96, 0xe2, 0xf9, 0x4e, 0x3d, 0xcf, 0xd1, 0x4b, 0x82, 0x4d, 0x63, 0xc9, 0xd7, 0x7e, 0x71, - 0x2a, 0xcf, 0x44, 0x84, 0x49, 0x8a, 0xc2, 0x6d, 0x9f, 0x34, 0x4f, 0xf7, 0x7d, 0xb2, 0xd8, 0x10, - 0xba, 0x29, 0x4f, 0x56, 0xd1, 0x02, 0xb9, 0x6b, 0xab, 0x88, 0x85, 0xad, 0xce, 0x60, 0xc8, 0x51, - 0xba, 0x1d, 0xb5, 0x43, 0xd6, 0xf0, 0x29, 0x38, 0xa5, 0x30, 0x6c, 0x00, 0xcd, 0x4b, 0x5c, 0x13, - 0x87, 0xfc, 0x93, 0x1d, 0x41, 0x7b, 0x15, 0x2c, 0x33, 0xc3, 0x42, 0x1b, 0x9f, 0x34, 0x9e, 0x58, - 0xde, 0x1c, 0xba, 0x3e, 0x8a, 0x24, 0xe3, 0x21, 0xe6, 0x54, 0xe3, 0xe0, 0x0a, 0xe9, 0xa0, 0xfa, - 0xae, 0xa5, 0x3f, 0x84, 0x2e, 0xc6, 0x8b, 0x34, 0x89, 0x62, 0xa9, 0x14, 0xde, 0xf7, 0x0b, 0xdb, - 0xfb, 0xbd, 0x01, 0x87, 0x33, 0x8c, 0x91, 0x07, 0x12, 0xa9, 0x5c, 0xb6, 0x24, 0xfd, 0x6c, 0x43, - 0xbe, 0xa6, 0x92, 0xef, 0x83, 0x8a, 0x7c, 0x15, 0x0f, 0x37, 0x90, 0xb1, 0x55, 0x92, 0xf1, 0x5a, - 0xaa, 0xf6, 0xa6, 0x54, 0x05, 0x1b, 0xbb, 0xcc, 0xa6, 0x90, 0xbc, 0x53, 0x96, 0xfc, 0xbf, 0x49, - 0x3b, 0x81, 0xc1, 0x35, 0x0f, 0xea, 0x90, 0x8f, 0xa0, 0x43, 0x95, 0xaf, 0x7c, 0xec, 0x6e, 0x10, - 0x03, 0xf3, 0xbe, 0x85, 0xfe, 0x8c, 0x07, 0xb1, 0x34, 0x62, 0x1e, 0x41, 0x5b, 0x91, 0xa4, 0x1c, - 0xb4, 0xc1, 0x1e, 0x43, 0x97, 0xd3, 0x35, 0xaa, 0x44, 0x7a, 0xe3, 0xb7, 0x2a, 0x8e, 0xcd, 0x2d, - 0xfb, 0x05, 0xd0, 0x3b, 0x04, 0x87, 0x5c, 0xeb, 0xec, 0xbc, 0xef, 0xc0, 0xf1, 0x71, 0x95, 0x5c, - 0xe2, 0xff, 0x10, 0x6c, 0x00, 0x07, 0xc6, 0x37, 0x45, 0x7b, 0x17, 0x0e, 0x9e, 0xc7, 0x22, 0xc5, - 0x70, 0x93, 0xdb, 0x66, 0xeb, 0x6b, 0xc3, 0x7b, 0x06, 0x87, 0x05, 0xee, 0x5f, 0xcb, 0xf8, 0x2b, - 0xf4, 0xd5, 0x74, 0xd8, 0x55, 0x93, 0xd7, 0x15, 0xd3, 0x28, 0x55, 0xcc, 0xd6, 0xc4, 0x69, 0xd6, - 0x4c, 0x9c, 0x07, 0xd0, 0x57, 0x9b, 0xaf, 0x4b, 0xd3, 0xa5, 0xa7, 0xd6, 0xa6, 0x7a, 0xc4, 0x3c, - 0x05, 0x87, 0xe2, 0x13, 0x85, 0x47, 0x9b, 0x5c, 0x7b, 0xe3, 0xa3, 0x0a, 0x01, 0x0d, 0x26, 0x05, - 0xfe, 0xb0, 0xa0, 0xe5, 0x67, 0x4b, 0xdc, 0xca, 0xba, 0xb8, 0x9f, 0xc6, 0xae, 0xfb, 0x69, 0xde, - 0xf0, 0x7e, 0xd8, 0x87, 0x60, 0xeb, 0x49, 0xab, 0xb2, 0x3f, 0x18, 0xdf, 0xde, 0x56, 0x14, 0x85, - 0xf0, 0x09, 0xa4, 0xbb, 0x26, 0x4a, 0x78, 0x24, 0xd7, 0xaa, 0xc7, 0xda, 0x7e, 0x61, 0x7b, 0x4f, - 0xc0, 0x79, 0xa6, 0x26, 0xae, 0x11, 0xfb, 0x3d, 0x68, 0xf1, 0x6c, 0x89, 0x44, 0xf5, 0x56, 0x35, - 0x99, 0x6c, 0x89, 0xbe, 0x02, 0xe4, 0x45, 0x62, 0x4e, 0x52, 0x91, 0xdc, 0x07, 0x67, 0x82, 0x4b, - 0xdc, 0x39, 0x4c, 0xf2, 0x23, 0x06, 0x40, 0x47, 0x1c, 0xe8, 0xe5, 0xaf, 0x93, 0x79, 0xac, 0x3e, - 0x86, 0xbe, 0x36, 0x49, 0xf8, 0xf7, 0xa1, 0x9d, 0xc7, 0x32, 0x2f, 0x54, 0x6d, 0x36, 0x1a, 0xf1, - 0x68, 0x04, 0xb6, 0xa6, 0xcd, 0x7a, 0xd0, 0xf9, 0x7a, 0xfe, 0xf9, 0xfc, 0xcb, 0x6f, 0xe6, 0x83, - 0xbd, 0xdc, 0x98, 0xf9, 0xe7, 0xf3, 0x57, 0xd3, 0xc9, 0xc0, 0x62, 0x00, 0xf6, 0x64, 0x3a, 0x7f, - 0x3e, 0x9d, 0x0c, 0x1a, 0xe3, 0xbf, 0x2c, 0x68, 0x9d, 0x67, 0xf2, 0x82, 0xbd, 0x84, 0xae, 0x69, - 0x7d, 0x76, 0xef, 0xcd, 0xb3, 0x6d, 0x78, 0x7f, 0xe7, 0x3e, 0xf1, 0xd9, 0x63, 0x2f, 0xa0, 0x43, - 0x1d, 0xc0, 0x8e, 0x2b, 0xe8, 0x72, 0x07, 0x0d, 0xef, 0xed, 0xda, 0x2e, 0x7c, 0x4d, 0xcc, 0x73, - 0x7b, 0xb7, 0xb6, 0xe2, 0xc8, 0xcf, 0xdb, 0xf5, 0x9b, 0xc6, 0xcb, 0xf8, 0x7b, 0xe8, 0x9a, 0xd7, - 0x9f, 0x7d, 0x05, 0xad, 0x5c, 0x60, 0xe6, 0x55, 0xce, 0xd4, 0xfc, 0x39, 0x0c, 0x1f, 0xbe, 0x11, - 0x53, 0xb8, 0xff, 0xd3, 0x82, 0x76, 0x7e, 0x11, 0x82, 0xcd, 0xc0, 0xd6, 0x15, 0xc1, 0xaa, 0x29, - 0x95, 0x4a, 0x6c, 0x78, 0xbc, 0x63, 0xb7, 0xe0, 0x3d, 0x03, 0x5b, 0xd7, 0xc9, 0x96, 0xa3, 0x52, - 0x7d, 0x6d, 0x39, 0xaa, 0x14, 0xd7, 0x1e, 0x3b, 0x27, 0xba, 0xc3, 0x1a, 0x2a, 0xc6, 0xc9, 0xdd, - 0xda, 0x3d, 0xe3, 0xe2, 0x07, 0x5b, 0xfd, 0x6c, 0x3d, 0xfe, 0x27, 0x00, 0x00, 0xff, 0xff, 0xda, - 0xef, 0x0e, 0x5f, 0x8d, 0x09, 0x00, 0x00, + 0x21, 0x90, 0x50, 0x65, 0x9c, 0x81, 0xb3, 0x2e, 0x67, 0x9b, 0xdd, 0xf5, 0x89, 0xbc, 0x20, 0xf1, + 0xc6, 0x8f, 0xe1, 0x27, 0xf1, 0xce, 0x1f, 0xe0, 0x07, 0x20, 0xef, 0xce, 0xba, 0xb1, 0xe3, 0x54, + 0x15, 0x88, 0x37, 0xcf, 0xec, 0xb7, 0xb3, 0xf3, 0x7d, 0x3b, 0x33, 0x6b, 0x38, 0x0e, 0x73, 0x79, + 0x71, 0x26, 0x90, 0x5f, 0xc7, 0x11, 0x9e, 0x65, 0x3c, 0x95, 0xe9, 0x59, 0xe1, 0x1a, 0xab, 0x4f, + 0xe6, 0xfe, 0x94, 0x8e, 0xaf, 0xe2, 0x88, 0xa7, 0xe3, 0xc2, 0xe9, 0xdf, 0x84, 0x1b, 0x5f, 0xc4, + 0x42, 0x9e, 0x47, 0x51, 0x9a, 0x27, 0x52, 0x04, 0xf8, 0x73, 0x8e, 0x42, 0xfa, 0xcf, 0xe0, 0xa8, + 0xea, 0x16, 0x59, 0x9a, 0x08, 0x64, 0x13, 0xe8, 0x85, 0xe4, 0xf3, 0xac, 0x93, 0xf6, 0x69, 0x7f, + 0x72, 0x6b, 0x5c, 0x09, 0x38, 0xa6, 0x2d, 0x41, 0x89, 0xf3, 0x7f, 0xb3, 0xc0, 0x7e, 0x91, 0x5e, + 0x62, 0xc2, 0xee, 0xc1, 0x20, 0x8c, 0x22, 0x14, 0xe2, 0xa5, 0x2c, 0x6c, 0xcf, 0x3a, 0xb1, 0x4e, + 0xf7, 0x83, 0xbe, 0xf6, 0x69, 0xc8, 0x7d, 0x70, 0x39, 0xfe, 0xc8, 0x51, 0x5c, 0x10, 0xa6, 0xa5, + 0x30, 0x03, 0x72, 0x6a, 0x90, 0x07, 0xdd, 0x88, 0x63, 0x28, 0x71, 0xe9, 0xb5, 0x4f, 0xac, 0xd3, + 0x76, 0x60, 0x4c, 0x76, 0x0b, 0x1c, 0xfc, 0x25, 0x8b, 0xf9, 0xda, 0xeb, 0xa8, 0x05, 0xb2, 0xfc, + 0xbf, 0x2d, 0xe8, 0x52, 0x66, 0xec, 0x00, 0x5a, 0xf1, 0x92, 0xce, 0x6e, 0xc5, 0x4b, 0xc6, 0xa0, + 0x23, 0xd7, 0x19, 0xd2, 0x49, 0xea, 0x9b, 0x7d, 0x0a, 0xbd, 0x2b, 0x94, 0xe1, 0x32, 0x94, 0xa1, + 0xd7, 0x51, 0x3c, 0xdf, 0x69, 0xe6, 0x39, 0x7e, 0x4e, 0xb0, 0x59, 0x22, 0xf9, 0x3a, 0x28, 0x77, + 0x15, 0x99, 0x88, 0x28, 0xcd, 0x50, 0x78, 0xf6, 0x49, 0xfb, 0x74, 0x3f, 0x20, 0xab, 0xf0, 0xc7, + 0x42, 0xe4, 0xc8, 0x3d, 0x47, 0x9d, 0x47, 0x96, 0xc2, 0x63, 0xc4, 0x51, 0x7a, 0x5d, 0xed, 0xd7, + 0xd6, 0xe8, 0x31, 0xb8, 0x95, 0x23, 0xd8, 0x10, 0xda, 0x97, 0xb8, 0xa6, 0xfc, 0x8b, 0x4f, 0x76, + 0x04, 0xf6, 0x75, 0xb8, 0xca, 0x0d, 0x03, 0x6d, 0x7c, 0xd2, 0x7a, 0x64, 0xf9, 0x0b, 0xe8, 0x05, + 0x28, 0xd2, 0x9c, 0x47, 0x58, 0xd0, 0x4c, 0xc2, 0x2b, 0xa4, 0x8d, 0xea, 0xbb, 0x91, 0xfa, 0x08, + 0x7a, 0x98, 0x2c, 0xb3, 0x34, 0x4e, 0xa4, 0x52, 0x77, 0x3f, 0x28, 0x6d, 0xff, 0xf7, 0x16, 0x1c, + 0xce, 0x31, 0x41, 0x1e, 0x4a, 0xa4, 0x52, 0xd9, 0x92, 0xf3, 0xb3, 0x0d, 0xe9, 0xda, 0x4a, 0xba, + 0x0f, 0x6a, 0xd2, 0xd5, 0x22, 0xbc, 0x81, 0x84, 0x9d, 0xba, 0x84, 0x24, 0x95, 0xbd, 0x29, 0x55, + 0xc9, 0xc6, 0xa9, 0xb2, 0xc9, 0x78, 0x7a, 0x1d, 0x2f, 0x91, 0x93, 0xb0, 0xa5, 0xfd, 0xdf, 0xa4, + 0x9d, 0xc2, 0xf0, 0x15, 0x0f, 0xea, 0x8e, 0x8f, 0xa0, 0x4b, 0x55, 0xaf, 0x62, 0xec, 0x6e, 0x0e, + 0x03, 0xf3, 0xbf, 0x85, 0xc1, 0x9c, 0x87, 0x89, 0x34, 0x62, 0x1e, 0x81, 0xad, 0x48, 0x52, 0x0e, + 0xda, 0x60, 0x0f, 0xa1, 0xc7, 0xe9, 0x1a, 0x55, 0x22, 0xfd, 0xc9, 0x5b, 0xb5, 0xc0, 0xe6, 0x96, + 0x83, 0x12, 0xe8, 0x1f, 0x82, 0x4b, 0xa1, 0x75, 0x76, 0xfe, 0x77, 0xe0, 0x06, 0x78, 0x9d, 0x5e, + 0xe2, 0xff, 0x70, 0xd8, 0x10, 0x0e, 0x4c, 0x6c, 0x3a, 0xed, 0x5d, 0x38, 0x78, 0x9a, 0x88, 0x0c, + 0xa3, 0x4d, 0x6e, 0x9b, 0x6d, 0xaf, 0x0d, 0xff, 0x09, 0x1c, 0x96, 0xb8, 0x7f, 0x2d, 0xe3, 0xaf, + 0x30, 0x50, 0x93, 0x61, 0x57, 0x4d, 0xbe, 0xaa, 0x98, 0x56, 0xa5, 0x62, 0xb6, 0xa6, 0x4d, 0xbb, + 0x61, 0xda, 0xdc, 0x83, 0x81, 0x5a, 0x7c, 0x59, 0x99, 0x2c, 0x7d, 0xe5, 0x9b, 0xe9, 0xf1, 0xf2, + 0x18, 0x5c, 0x3a, 0x9f, 0x28, 0x3c, 0xd8, 0xe4, 0xda, 0x9f, 0x1c, 0xd5, 0x08, 0x68, 0x30, 0x29, + 0xf0, 0x87, 0x05, 0x9d, 0x20, 0x5f, 0xe1, 0x56, 0xd6, 0xe5, 0xfd, 0xb4, 0x76, 0xdd, 0x4f, 0xfb, + 0x0d, 0xef, 0x87, 0x7d, 0x08, 0x8e, 0x9e, 0xb2, 0x2a, 0xfb, 0x83, 0xc9, 0xcd, 0x6d, 0x45, 0x51, + 0x88, 0x80, 0x40, 0xba, 0x6b, 0xe2, 0x94, 0xc7, 0x72, 0xad, 0x7a, 0xcc, 0x0e, 0x4a, 0xdb, 0x7f, + 0x04, 0xee, 0x13, 0x35, 0x6d, 0x8d, 0xd8, 0xef, 0x41, 0x87, 0xe7, 0x2b, 0x24, 0xaa, 0x37, 0xea, + 0xc9, 0xe4, 0x2b, 0x0c, 0x14, 0xa0, 0x28, 0x12, 0xb3, 0x93, 0x8a, 0xe4, 0x2e, 0xb8, 0x53, 0x5c, + 0xe1, 0xce, 0x61, 0x52, 0x6c, 0x31, 0x00, 0xda, 0xe2, 0x42, 0xbf, 0x78, 0x99, 0xcc, 0x43, 0xf5, + 0x31, 0x0c, 0xb4, 0x49, 0xc2, 0xbf, 0x0f, 0x76, 0x71, 0x96, 0x79, 0x9d, 0x1a, 0xb3, 0xd1, 0x88, + 0x07, 0x63, 0x70, 0x34, 0x6d, 0xd6, 0x87, 0xee, 0xd7, 0x8b, 0xcf, 0x17, 0x5f, 0x7e, 0xb3, 0x18, + 0xee, 0x15, 0xc6, 0x3c, 0x38, 0x5f, 0xbc, 0x98, 0x4d, 0x87, 0x16, 0x03, 0x70, 0xa6, 0xb3, 0xc5, + 0xd3, 0xd9, 0x74, 0xd8, 0x9a, 0xfc, 0x65, 0x41, 0xe7, 0x3c, 0x97, 0x17, 0xec, 0x39, 0xf4, 0x4c, + 0xeb, 0xb3, 0x3b, 0xaf, 0x9f, 0x6d, 0xa3, 0xbb, 0x3b, 0xd7, 0x89, 0xcf, 0x1e, 0x7b, 0x06, 0x5d, + 0xea, 0x00, 0x76, 0x5c, 0x43, 0x57, 0x3b, 0x68, 0x74, 0x67, 0xd7, 0x72, 0x19, 0x6b, 0x6a, 0x9e, + 0xda, 0xdb, 0x8d, 0x15, 0x47, 0x71, 0xde, 0x6e, 0x5e, 0x34, 0x51, 0x26, 0xdf, 0x43, 0xcf, 0xbc, + 0xfc, 0xec, 0x2b, 0xe8, 0x14, 0x02, 0x33, 0xbf, 0xb6, 0xa7, 0xe1, 0xaf, 0x61, 0x74, 0xff, 0xb5, + 0x98, 0x32, 0xfc, 0x9f, 0x16, 0xd8, 0xc5, 0x45, 0x08, 0x36, 0x07, 0x47, 0x57, 0x04, 0xab, 0xa7, + 0x54, 0x29, 0xb1, 0xd1, 0xf1, 0x8e, 0xd5, 0x92, 0xf7, 0x1c, 0x1c, 0x5d, 0x27, 0x5b, 0x81, 0x2a, + 0xf5, 0xb5, 0x15, 0xa8, 0x56, 0x5c, 0x7b, 0xec, 0x9c, 0xe8, 0x8e, 0x1a, 0xa8, 0x98, 0x20, 0xb7, + 0x1b, 0xd7, 0x4c, 0x88, 0x1f, 0x1c, 0xf5, 0xa3, 0xf5, 0xf0, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, + 0x52, 0x12, 0xc2, 0xdb, 0x89, 0x09, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. diff --git a/auth/service/proto/auth.proto b/auth/service/proto/auth.proto index 79635f0c..5eb1d667 100644 --- a/auth/service/proto/auth.proto +++ b/auth/service/proto/auth.proto @@ -37,7 +37,7 @@ message Account { string type = 2; map metadata = 4; repeated string scopes = 5; - string provider = 6; + string issuer = 6; string secret = 7; } diff --git a/auth/service/service.go b/auth/service/service.go index c6586ecb..7f2222d4 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -78,12 +78,19 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e // Grant access to a resource func (s *svc) Grant(rule *auth.Rule) error { + access := pb.Access_UNKNOWN + if rule.Access == auth.AccessGranted { + access = pb.Access_GRANTED + } else if rule.Access == auth.AccessDenied { + access = pb.Access_DENIED + } + _, err := s.rule.Create(context.TODO(), &pb.CreateRequest{ Rule: &pb.Rule{ Id: rule.ID, Scope: rule.Scope, Priority: rule.Priority, - Access: pb.Access_GRANTED, + Access: access, Resource: &pb.Resource{ Type: rule.Resource.Type, Name: rule.Resource.Name, @@ -91,6 +98,7 @@ func (s *svc) Grant(rule *auth.Rule) error { }, }, }) + go s.loadRules(s.options.Namespace) return err } @@ -100,6 +108,7 @@ func (s *svc) Revoke(rule *auth.Rule) error { _, err := s.rule.Delete(context.TODO(), &pb.DeleteRequest{ Id: rule.ID, }) + go s.loadRules(s.options.Namespace) return err } @@ -110,16 +119,16 @@ func (s *svc) Rules() ([]*auth.Rule, error) { // Verify an account has access to a resource func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error { - options := auth.VerifyOptions{Scope: s.options.Namespace} + var options auth.VerifyOptions for _, o := range opts { o(&options) } // load the rules if none are loaded - s.loadRulesIfEmpty(options.Scope) + s.loadRulesIfEmpty(s.Options().Namespace) // verify the request using the rules - return rules.Verify(options.Scope, s.rules[options.Scope], acc, res) + return rules.Verify(s.rules[s.Options().Namespace], acc, res) } // Inspect a token @@ -215,8 +224,8 @@ func serializeAccount(a *pb.Account) *auth.Account { return &auth.Account{ ID: a.Id, Secret: a.Secret, + Issuer: a.Issuer, Metadata: a.Metadata, - Provider: a.Provider, Scopes: a.Scopes, } } diff --git a/auth/token/jwt/jwt.go b/auth/token/jwt/jwt.go index 1e865d64..04ce7d6f 100644 --- a/auth/token/jwt/jwt.go +++ b/auth/token/jwt/jwt.go @@ -13,7 +13,6 @@ import ( type authClaims struct { Type string `json:"type"` Scopes []string `json:"scopes"` - Provider string `json:"provider"` Metadata map[string]string `json:"metadata"` jwt.StandardClaims @@ -51,8 +50,9 @@ func (j *JWT) Generate(acc *auth.Account, opts ...token.GenerateOption) (*token. // generate the JWT expiry := time.Now().Add(options.Expiry) t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{ - acc.Type, acc.Scopes, acc.Provider, acc.Metadata, jwt.StandardClaims{ + acc.Type, acc.Scopes, acc.Metadata, jwt.StandardClaims{ Subject: acc.ID, + Issuer: acc.Issuer, ExpiresAt: expiry.Unix(), }, }) @@ -97,9 +97,9 @@ func (j *JWT) Inspect(t string) (*auth.Account, error) { // return the token return &auth.Account{ ID: claims.Subject, + Issuer: claims.Issuer, Type: claims.Type, Scopes: claims.Scopes, - Provider: claims.Provider, Metadata: claims.Metadata, }, nil } diff --git a/runtime/service/proto/runtime.pb.go b/runtime/service/proto/runtime.pb.go index de0f4e63..0573fc6a 100644 --- a/runtime/service/proto/runtime.pb.go +++ b/runtime/service/proto/runtime.pb.go @@ -166,9 +166,7 @@ type CreateOptions struct { // create type of service Type string `protobuf:"bytes,5,opt,name=type,proto3" json:"type,omitempty"` // image to use - Image string `protobuf:"bytes,6,opt,name=image,proto3" json:"image,omitempty"` - // namespace to use - Namespace string `protobuf:"bytes,7,opt,name=namespace,proto3" json:"namespace,omitempty"` + Image string `protobuf:"bytes,6,opt,name=image,proto3" json:"image,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -241,13 +239,6 @@ func (m *CreateOptions) GetImage() string { return "" } -func (m *CreateOptions) GetNamespace() string { - if m != nil { - return m.Namespace - } - return "" -} - type CreateRequest struct { Service *Service `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"` Options *CreateOptions `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"` @@ -332,9 +323,7 @@ type ReadOptions struct { // version of the service Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"` // type of service - Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` - // namespace of service - Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"` + Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -386,13 +375,6 @@ func (m *ReadOptions) GetType() string { return "" } -func (m *ReadOptions) GetNamespace() string { - if m != nil { - return m.Namespace - } - return "" -} - type ReadRequest struct { Options *ReadOptions `protobuf:"bytes,1,opt,name=options,proto3" json:"options,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -472,8 +454,6 @@ func (m *ReadResponse) GetServices() []*Service { } type DeleteOptions struct { - // namespace of the service - Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -504,13 +484,6 @@ func (m *DeleteOptions) XXX_DiscardUnknown() { var xxx_messageInfo_DeleteOptions proto.InternalMessageInfo -func (m *DeleteOptions) GetNamespace() string { - if m != nil { - return m.Namespace - } - return "" -} - type DeleteRequest struct { Service *Service `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"` Options *DeleteOptions `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"` @@ -590,8 +563,6 @@ func (m *DeleteResponse) XXX_DiscardUnknown() { var xxx_messageInfo_DeleteResponse proto.InternalMessageInfo type UpdateOptions struct { - // namespace of the service - Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -622,13 +593,6 @@ func (m *UpdateOptions) XXX_DiscardUnknown() { var xxx_messageInfo_UpdateOptions proto.InternalMessageInfo -func (m *UpdateOptions) GetNamespace() string { - if m != nil { - return m.Namespace - } - return "" -} - type UpdateRequest struct { Service *Service `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"` Options *UpdateOptions `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"` @@ -708,8 +672,6 @@ func (m *UpdateResponse) XXX_DiscardUnknown() { var xxx_messageInfo_UpdateResponse proto.InternalMessageInfo type ListOptions struct { - // namespace to list from - Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -740,13 +702,6 @@ func (m *ListOptions) XXX_DiscardUnknown() { var xxx_messageInfo_ListOptions proto.InternalMessageInfo -func (m *ListOptions) GetNamespace() string { - if m != nil { - return m.Namespace - } - return "" -} - type ListRequest struct { Options *ListOptions `protobuf:"bytes,1,opt,name=options,proto3" json:"options,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -826,8 +781,6 @@ func (m *ListResponse) GetServices() []*Service { } type LogsOptions struct { - // namespace of the service - Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -858,13 +811,6 @@ func (m *LogsOptions) XXX_DiscardUnknown() { var xxx_messageInfo_LogsOptions proto.InternalMessageInfo -func (m *LogsOptions) GetNamespace() string { - if m != nil { - return m.Namespace - } - return "" -} - type LogsRequest struct { // service to request logs for Service string `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"` @@ -1031,52 +977,50 @@ func init() { } var fileDescriptor_2434d8152598889b = []byte{ - // 711 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x4d, 0x6f, 0xd3, 0x4c, - 0x10, 0xae, 0x63, 0x27, 0x69, 0x27, 0x6f, 0x5e, 0x55, 0xab, 0x0a, 0x99, 0xf2, 0x15, 0x99, 0x03, - 0x45, 0xa8, 0x2e, 0x4a, 0x85, 0xf8, 0x3a, 0x96, 0x94, 0x4b, 0x2b, 0x24, 0x23, 0x7e, 0xc0, 0xe2, - 0x8c, 0x22, 0x8b, 0xda, 0x6b, 0xbc, 0xeb, 0x48, 0x3d, 0x71, 0xe4, 0x8f, 0x70, 0xe7, 0x67, 0x70, - 0xe6, 0x1f, 0xa1, 0xfd, 0x8a, 0x3f, 0x1a, 0x47, 0xad, 0xaa, 0xde, 0x76, 0xc6, 0xb3, 0xb3, 0xcf, - 0xf3, 0xcc, 0xec, 0xac, 0xe1, 0x69, 0x51, 0x66, 0x22, 0x49, 0xf1, 0x88, 0x63, 0xb1, 0x4c, 0x62, - 0x3c, 0xca, 0x0b, 0x26, 0xd8, 0x91, 0xf1, 0x86, 0xca, 0x22, 0xbb, 0x0b, 0x16, 0xa6, 0x49, 0x5c, - 0xb0, 0xd0, 0xf8, 0x83, 0xbf, 0x0e, 0x0c, 0x3f, 0xeb, 0x1d, 0x84, 0x80, 0x97, 0xd1, 0x14, 0x7d, - 0x67, 0xe2, 0x1c, 0xec, 0x44, 0x6a, 0x4d, 0x7c, 0x18, 0x2e, 0xb1, 0xe0, 0x09, 0xcb, 0xfc, 0x9e, - 0x72, 0x5b, 0x93, 0xdc, 0x83, 0x01, 0x67, 0x65, 0x11, 0xa3, 0xef, 0xaa, 0x0f, 0xc6, 0x22, 0x27, - 0xb0, 0x9d, 0xa2, 0xa0, 0x73, 0x2a, 0xa8, 0xef, 0x4d, 0xdc, 0x83, 0xd1, 0xf4, 0x59, 0xd8, 0x3e, - 0x36, 0x34, 0x47, 0x86, 0xe7, 0x26, 0x72, 0x96, 0x89, 0xe2, 0x32, 0x5a, 0x6d, 0xdc, 0x7f, 0x0f, - 0xe3, 0xc6, 0x27, 0xb2, 0x0b, 0xee, 0x37, 0xbc, 0x34, 0xd0, 0xe4, 0x92, 0xec, 0x41, 0x7f, 0x49, - 0x2f, 0x4a, 0x34, 0xb8, 0xb4, 0xf1, 0xae, 0xf7, 0xc6, 0x09, 0x52, 0xe8, 0xcf, 0x96, 0x98, 0x09, - 0x49, 0x48, 0x5c, 0xe6, 0x2b, 0x42, 0x72, 0x4d, 0x1e, 0xc2, 0x8e, 0x44, 0xc0, 0x05, 0x4d, 0x73, - 0xb5, 0xd5, 0x8d, 0x2a, 0x87, 0xa4, 0x6b, 0xf4, 0x33, 0xac, 0xac, 0x59, 0x17, 0xc2, 0x6b, 0x08, - 0x11, 0xfc, 0x76, 0x60, 0x7c, 0x52, 0x20, 0x15, 0xf8, 0x29, 0x17, 0x09, 0xcb, 0xb8, 0x8c, 0x8d, - 0x59, 0x9a, 0xd2, 0x6c, 0xee, 0x3b, 0x13, 0x57, 0xc6, 0x1a, 0x53, 0x22, 0xa2, 0xc5, 0x82, 0xfb, - 0x3d, 0xe5, 0x56, 0x6b, 0x49, 0x0d, 0xb3, 0xa5, 0xef, 0x2a, 0x97, 0x5c, 0x4a, 0x69, 0x59, 0x29, - 0xf2, 0x52, 0x98, 0xa3, 0x8c, 0xb5, 0xe2, 0xd3, 0xaf, 0xf1, 0xd9, 0x83, 0x7e, 0x92, 0xd2, 0x05, - 0xfa, 0x03, 0x2d, 0x83, 0x32, 0x24, 0x4b, 0x59, 0x3e, 0x9e, 0xd3, 0x18, 0xfd, 0xa1, 0xfa, 0x52, - 0x39, 0x82, 0x1f, 0x16, 0x70, 0x84, 0xdf, 0x4b, 0xe4, 0x82, 0x1c, 0x57, 0xb4, 0xa5, 0x56, 0xa3, - 0xe9, 0xfd, 0xce, 0x92, 0x55, 0x8a, 0xbc, 0x85, 0x21, 0xd3, 0x84, 0x95, 0x8e, 0xa3, 0xe9, 0x93, - 0xab, 0x9b, 0x1a, 0xba, 0x44, 0x36, 0x3e, 0xd8, 0x85, 0xff, 0x2d, 0x00, 0x9e, 0xb3, 0x8c, 0x63, - 0xc0, 0x61, 0x14, 0x21, 0x9d, 0xd7, 0x14, 0xac, 0x03, 0x5a, 0x5f, 0x87, 0x56, 0x43, 0x5a, 0x75, - 0xdc, 0x66, 0xb5, 0x2b, 0x1d, 0xbc, 0xb6, 0x0e, 0xa7, 0xfa, 0x50, 0xab, 0xc2, 0xeb, 0x8a, 0x90, - 0x56, 0xe1, 0xd1, 0x55, 0x42, 0x35, 0x90, 0x15, 0x9d, 0x19, 0xfc, 0xa7, 0xf3, 0x68, 0x32, 0xe4, - 0x15, 0x6c, 0x1b, 0xb8, 0x5c, 0x35, 0xc0, 0x46, 0x3d, 0x57, 0xa1, 0xc1, 0x21, 0x8c, 0x3f, 0xe0, - 0x05, 0x56, 0x7d, 0xd4, 0x40, 0xef, 0xac, 0xa9, 0xa2, 0x0e, 0xbf, 0xf3, 0x2a, 0x36, 0x50, 0x35, - 0xaa, 0x68, 0x01, 0x98, 0x2a, 0x1e, 0xc2, 0xf8, 0x4b, 0x3e, 0xa7, 0x37, 0x60, 0xa0, 0xc3, 0xef, - 0x9c, 0x41, 0x03, 0x55, 0x83, 0x81, 0x05, 0x60, 0x18, 0xbc, 0x80, 0xd1, 0x59, 0xc2, 0xc5, 0xf5, - 0xf0, 0x9f, 0xea, 0xe0, 0x9b, 0xf4, 0x4f, 0x2d, 0x79, 0xa3, 0x7f, 0x74, 0x9e, 0xdb, 0xf5, 0x8f, - 0xc4, 0xce, 0x16, 0xfc, 0x7a, 0xd8, 0x7f, 0x39, 0x3a, 0xda, 0x82, 0xef, 0xbe, 0x71, 0x72, 0xd0, - 0x8b, 0x02, 0x69, 0xaa, 0xe4, 0xdd, 0x8e, 0x8c, 0x25, 0x27, 0x4f, 0xcc, 0xca, 0x4c, 0xa8, 0x0b, - 0xe7, 0x46, 0xda, 0x90, 0x5e, 0x9e, 0x64, 0xe6, 0xb6, 0xb9, 0x91, 0x36, 0xea, 0xd2, 0xf4, 0x3b, - 0xa5, 0xa9, 0xb0, 0x57, 0xd2, 0xfc, 0x71, 0x60, 0xe7, 0x8c, 0x2d, 0x22, 0x8c, 0x59, 0x31, 0x6f, - 0x0e, 0x6f, 0xa7, 0x3d, 0xbc, 0x67, 0xb5, 0x97, 0xa7, 0xa7, 0x64, 0x7b, 0xbe, 0xf6, 0x14, 0x9d, - 0xac, 0xeb, 0xed, 0x91, 0x4a, 0xa4, 0xc8, 0xb9, 0x9c, 0xa9, 0xe6, 0x0d, 0x30, 0xe6, 0xad, 0x5e, - 0xa5, 0xe9, 0x4f, 0x17, 0x86, 0x91, 0x06, 0x41, 0xce, 0x61, 0xa0, 0xe7, 0x1f, 0xe9, 0x9c, 0x99, - 0xa6, 0x2e, 0xfb, 0x93, 0xee, 0x00, 0xd3, 0xb2, 0x5b, 0xe4, 0x23, 0x78, 0x72, 0xfe, 0x90, 0x8e, - 0x79, 0x65, 0x53, 0x3d, 0xee, 0xfa, 0xbc, 0x4a, 0x74, 0x0e, 0x03, 0x7d, 0xa3, 0x49, 0xe7, 0x14, - 0xd8, 0x80, 0xab, 0x35, 0x0c, 0x54, 0x3a, 0x7d, 0xbd, 0x48, 0xe7, 0x95, 0xdc, 0x90, 0xae, 0x75, - 0x33, 0xb7, 0xc8, 0x29, 0x78, 0xb2, 0x47, 0x48, 0x47, 0xef, 0xd8, 0x54, 0x0f, 0x36, 0x14, 0x3d, - 0xd8, 0x7a, 0xe9, 0x7c, 0x1d, 0xa8, 0x9f, 0xa1, 0xe3, 0x7f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x8e, - 0x6c, 0x03, 0x59, 0x33, 0x09, 0x00, 0x00, + // 683 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0xcb, 0x6e, 0xd3, 0x40, + 0x14, 0xad, 0xe3, 0x3c, 0xda, 0x1b, 0x42, 0xab, 0x51, 0x85, 0x4c, 0x79, 0x45, 0x66, 0x41, 0xd9, + 0x38, 0x28, 0x15, 0xe2, 0xb5, 0x2c, 0x09, 0x9b, 0x46, 0x48, 0x46, 0xfd, 0x80, 0xc1, 0xb9, 0x8a, + 0x2c, 0x6a, 0x8f, 0xf1, 0x8c, 0x23, 0x65, 0xc5, 0x92, 0x35, 0xff, 0xc0, 0xbf, 0xb0, 0xe6, 0x8f, + 0xd0, 0xbc, 0xfc, 0x48, 0xeb, 0x48, 0xa8, 0xea, 0x6e, 0xce, 0xf5, 0xcc, 0x9d, 0x73, 0xce, 0x9d, + 0x7b, 0x65, 0x78, 0x9e, 0x17, 0xa9, 0x88, 0x13, 0x9c, 0x70, 0xcc, 0xd7, 0x71, 0x84, 0x93, 0x2c, + 0x67, 0x82, 0x4d, 0x4c, 0x34, 0x50, 0x88, 0x1c, 0xad, 0x58, 0x90, 0xc4, 0x51, 0xce, 0x02, 0x13, + 0xf7, 0xff, 0x3a, 0x30, 0xf8, 0xa2, 0x4f, 0x10, 0x02, 0xdd, 0x94, 0x26, 0xe8, 0x39, 0x63, 0xe7, + 0xf4, 0x20, 0x54, 0x6b, 0xe2, 0xc1, 0x60, 0x8d, 0x39, 0x8f, 0x59, 0xea, 0x75, 0x54, 0xd8, 0x42, + 0xf2, 0x00, 0xfa, 0x9c, 0x15, 0x79, 0x84, 0x9e, 0xab, 0x3e, 0x18, 0x44, 0xce, 0x61, 0x3f, 0x41, + 0x41, 0x97, 0x54, 0x50, 0xaf, 0x3b, 0x76, 0x4f, 0x87, 0xd3, 0x17, 0xc1, 0xf6, 0xb5, 0x81, 0xb9, + 0x32, 0x58, 0x98, 0x9d, 0xb3, 0x54, 0xe4, 0x9b, 0xb0, 0x3c, 0x78, 0xf2, 0x01, 0x46, 0x8d, 0x4f, + 0xe4, 0x08, 0xdc, 0x6f, 0xb8, 0x31, 0xd4, 0xe4, 0x92, 0x1c, 0x43, 0x6f, 0x4d, 0xaf, 0x0a, 0x34, + 0xbc, 0x34, 0x78, 0xdf, 0x79, 0xeb, 0xf8, 0x09, 0xf4, 0x66, 0x6b, 0x4c, 0x85, 0x14, 0x24, 0x36, + 0x59, 0x29, 0x48, 0xae, 0xc9, 0x63, 0x38, 0x90, 0x0c, 0xb8, 0xa0, 0x49, 0xa6, 0x8e, 0xba, 0x61, + 0x15, 0x90, 0x72, 0x8d, 0x7f, 0x46, 0x95, 0x85, 0x75, 0x23, 0xba, 0x0d, 0x23, 0xfc, 0x5f, 0x0e, + 0x8c, 0xce, 0x73, 0xa4, 0x02, 0x3f, 0x67, 0x22, 0x66, 0x29, 0x97, 0x7b, 0x23, 0x96, 0x24, 0x34, + 0x5d, 0x7a, 0xce, 0xd8, 0x95, 0x7b, 0x0d, 0x94, 0x8c, 0x68, 0xbe, 0xe2, 0x5e, 0x47, 0x85, 0xd5, + 0x5a, 0x4a, 0xc3, 0x74, 0xed, 0xb9, 0x2a, 0x24, 0x97, 0xd2, 0x5a, 0x56, 0x88, 0xac, 0x10, 0xe6, + 0x2a, 0x83, 0x4a, 0x3d, 0xbd, 0x9a, 0x9e, 0x63, 0xe8, 0xc5, 0x09, 0x5d, 0xa1, 0xd7, 0xd7, 0x36, + 0x28, 0xe0, 0xff, 0xb0, 0x94, 0x42, 0xfc, 0x5e, 0x20, 0x17, 0xe4, 0xac, 0x12, 0x26, 0xdd, 0x18, + 0x4e, 0x1f, 0xb6, 0x16, 0xa5, 0xd2, 0xfc, 0x0e, 0x06, 0x4c, 0x4b, 0x52, 0x4e, 0x0d, 0xa7, 0xcf, + 0xae, 0x1f, 0x6a, 0x28, 0x0f, 0xed, 0x7e, 0xff, 0x08, 0xee, 0x5b, 0x02, 0x3c, 0x63, 0x29, 0x47, + 0xff, 0x12, 0x86, 0x21, 0xd2, 0x65, 0xcd, 0xa3, 0x3a, 0xa1, 0x9b, 0x9d, 0xde, 0x7a, 0x72, 0x56, + 0xbf, 0x5b, 0xe9, 0xf7, 0xe7, 0x3a, 0xad, 0xd5, 0xf9, 0xa6, 0xa2, 0xac, 0x75, 0x3e, 0xb9, 0x4e, + 0xb9, 0x46, 0xa3, 0x22, 0x3c, 0x83, 0x7b, 0x3a, 0x8f, 0xa6, 0x4b, 0x5e, 0xc3, 0xbe, 0x21, 0xc4, + 0x55, 0x11, 0x77, 0x3a, 0x56, 0x6e, 0xf5, 0x0f, 0x61, 0xf4, 0x11, 0xaf, 0xb0, 0x74, 0x44, 0x56, + 0x42, 0x07, 0xee, 0xbc, 0x12, 0x8d, 0x7b, 0x1b, 0x95, 0xb0, 0x04, 0x4c, 0x25, 0x0e, 0x61, 0x74, + 0x99, 0x2d, 0x69, 0x83, 0xa3, 0x0e, 0xdc, 0x39, 0xc7, 0xc6, 0xbd, 0x0d, 0x8e, 0x96, 0x80, 0xe1, + 0x38, 0x82, 0xe1, 0x45, 0xcc, 0x85, 0x65, 0x38, 0xd7, 0xf0, 0x7f, 0xaa, 0x5c, 0x3b, 0xde, 0xa8, + 0xb2, 0xce, 0x73, 0xbb, 0x2a, 0x4b, 0x76, 0x6c, 0xc5, 0x2d, 0xbb, 0xdf, 0x8e, 0xc6, 0x96, 0x5e, + 0xfb, 0xdb, 0x96, 0x43, 0x53, 0xe4, 0x48, 0x13, 0x65, 0xd1, 0x7e, 0x68, 0x90, 0xec, 0xe2, 0x88, + 0x15, 0xa9, 0x50, 0x4f, 0xdb, 0x0d, 0x35, 0x90, 0x51, 0x1e, 0xa7, 0x11, 0xaa, 0x31, 0xe0, 0x86, + 0x1a, 0xd4, 0xc5, 0xf7, 0x5a, 0xc5, 0x57, 0xec, 0x2a, 0xf1, 0x7f, 0x1c, 0x38, 0xb8, 0x60, 0xab, + 0x10, 0x23, 0x96, 0x2f, 0x9b, 0x83, 0xd0, 0xd9, 0x1e, 0x84, 0xb3, 0xda, 0x14, 0xef, 0x28, 0x63, + 0x5e, 0xde, 0x78, 0x8b, 0x4e, 0xd6, 0x36, 0xc7, 0xa5, 0x13, 0x09, 0x72, 0x2e, 0xe7, 0x93, 0x99, + 0xa7, 0x06, 0xde, 0x6a, 0xc2, 0x4f, 0x7f, 0xba, 0x30, 0x08, 0x35, 0x09, 0xb2, 0x80, 0xbe, 0x9e, + 0x34, 0xa4, 0x75, 0x3a, 0x99, 0xba, 0x9c, 0x8c, 0xdb, 0x37, 0x98, 0x67, 0xb7, 0x47, 0x3e, 0x41, + 0x57, 0xce, 0x01, 0xd2, 0x32, 0x37, 0x6c, 0xaa, 0xa7, 0x6d, 0x9f, 0xcb, 0x44, 0x0b, 0xe8, 0xeb, + 0xbe, 0x23, 0xad, 0xbd, 0xba, 0x83, 0xd7, 0x56, 0xcb, 0xaa, 0x74, 0xba, 0x45, 0x48, 0x6b, 0x5b, + 0xed, 0x48, 0xb7, 0xd5, 0x5d, 0x7b, 0x64, 0x0e, 0x5d, 0xf9, 0x46, 0x48, 0xcb, 0xdb, 0xb1, 0xa9, + 0x1e, 0xed, 0x28, 0xba, 0xbf, 0xf7, 0xca, 0xf9, 0xda, 0x57, 0x3f, 0x16, 0x67, 0xff, 0x02, 0x00, + 0x00, 0xff, 0xff, 0xe1, 0x5b, 0x52, 0x93, 0x7f, 0x08, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. diff --git a/runtime/service/proto/runtime.proto b/runtime/service/proto/runtime.proto index b4464173..34b5a6df 100644 --- a/runtime/service/proto/runtime.proto +++ b/runtime/service/proto/runtime.proto @@ -41,8 +41,6 @@ message CreateOptions { string type = 5; // image to use string image = 6; - // namespace to use - string namespace = 7; } message CreateRequest { @@ -59,8 +57,6 @@ message ReadOptions { string version = 2; // type of service string type = 3; - // namespace of service - string namespace = 4; } message ReadRequest { @@ -72,8 +68,6 @@ message ReadResponse { } message DeleteOptions { - // namespace of the service - string namespace = 1; } message DeleteRequest { @@ -84,8 +78,6 @@ message DeleteRequest { message DeleteResponse {} message UpdateOptions { - // namespace of the service - string namespace = 1; } message UpdateRequest { @@ -96,8 +88,6 @@ message UpdateRequest { message UpdateResponse {} message ListOptions { - // namespace to list from - string namespace = 1; } message ListRequest { @@ -109,8 +99,6 @@ message ListResponse { } message LogsOptions { - // namespace of the service - string namespace = 1; } message LogsRequest{ diff --git a/runtime/service/service.go b/runtime/service/service.go index 90451028..fb2f1c24 100644 --- a/runtime/service/service.go +++ b/runtime/service/service.go @@ -54,12 +54,11 @@ func (s *svc) Create(svc *runtime.Service, opts ...runtime.CreateOption) error { Metadata: svc.Metadata, }, Options: &pb.CreateOptions{ - Command: options.Command, - Args: options.Args, - Env: options.Env, - Type: options.Type, - Image: options.Image, - Namespace: options.Namespace, + Command: options.Command, + Args: options.Args, + Env: options.Env, + Type: options.Type, + Image: options.Image, }, } @@ -84,9 +83,6 @@ func (s *svc) Logs(service *runtime.Service, opts ...runtime.LogsOption) (runtim Service: service.Name, Stream: options.Stream, Count: options.Count, - Options: &pb.LogsOptions{ - Namespace: options.Namespace, - }, }) if err != nil { return nil, err @@ -176,10 +172,9 @@ func (s *svc) Read(opts ...runtime.ReadOption) ([]*runtime.Service, error) { // runtime service create request req := &pb.ReadRequest{ Options: &pb.ReadOptions{ - Service: options.Service, - Version: options.Version, - Type: options.Type, - Namespace: options.Namespace, + Service: options.Service, + Version: options.Version, + Type: options.Type, }, } @@ -220,9 +215,6 @@ func (s *svc) Update(svc *runtime.Service, opts ...runtime.UpdateOption) error { Source: svc.Source, Metadata: svc.Metadata, }, - Options: &pb.UpdateOptions{ - Namespace: options.Namespace, - }, } if _, err := s.runtime.Update(options.Context, req); err != nil { @@ -250,9 +242,6 @@ func (s *svc) Delete(svc *runtime.Service, opts ...runtime.DeleteOption) error { Source: svc.Source, Metadata: svc.Metadata, }, - Options: &pb.DeleteOptions{ - Namespace: options.Namespace, - }, } if _, err := s.runtime.Delete(options.Context, req); err != nil { diff --git a/util/wrapper/wrapper.go b/util/wrapper/wrapper.go index 5ca359e1..dce54cb3 100644 --- a/util/wrapper/wrapper.go +++ b/util/wrapper/wrapper.go @@ -190,18 +190,28 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper { // Extract the token if present. Note: if noop is being used // then the token can be blank without erroring - var token string + var account *auth.Account if header, ok := metadata.Get(ctx, "Authorization"); ok { // Ensure the correct scheme is being used if !strings.HasPrefix(header, auth.BearerScheme) { return errors.Unauthorized(req.Service(), "invalid authorization header. expected Bearer schema") } - token = header[len(auth.BearerScheme):] + // Strip the prefix and inspect the resulting token + account, _ = a.Inspect(strings.TrimPrefix(header, auth.BearerScheme)) } - // Inspect the token and get the account - account, _ := a.Inspect(token) + // Extract the namespace header + ns, ok := metadata.Get(ctx, "Micro-Namespace") + if !ok { + ns = a.Options().Namespace + ctx = metadata.Set(ctx, "Micro-Namespace", ns) + } + + // Check the issuer matches the services namespace + if account != nil && account.Issuer != ns { + return errors.Forbidden(req.Service(), "Account was not issued by %v", ns) + } // construct the resource res := &auth.Resource{ From 1fce0f02b60f075585f6c144bf2a9801714c6d57 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Thu, 21 May 2020 18:11:35 +0100 Subject: [PATCH 11/26] Verify Namespace --- auth/options.go | 10 +++++++++- auth/service/service.go | 7 +++++-- util/wrapper/wrapper.go | 2 +- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/auth/options.go b/auth/options.go index 43ead6ac..ed450709 100644 --- a/auth/options.go +++ b/auth/options.go @@ -225,6 +225,14 @@ func NewTokenOptions(opts ...TokenOption) TokenOptions { return options } -type VerifyOptions struct{} +type VerifyOptions struct { + Namespace string +} type VerifyOption func(o *VerifyOptions) + +func VerifyNamespace(ns string) VerifyOption { + return func(o *VerifyOptions) { + o.Namespace = ns + } +} diff --git a/auth/service/service.go b/auth/service/service.go index 7f2222d4..bb14ece6 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -123,12 +123,15 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO for _, o := range opts { o(&options) } + if len(options.Namespace) == 0 { + options.Namespace = s.options.Namespace + } // load the rules if none are loaded - s.loadRulesIfEmpty(s.Options().Namespace) + s.loadRulesIfEmpty(options.Namespace) // verify the request using the rules - return rules.Verify(s.rules[s.Options().Namespace], acc, res) + return rules.Verify(s.rules[options.Namespace], acc, res) } // Inspect a token diff --git a/util/wrapper/wrapper.go b/util/wrapper/wrapper.go index dce54cb3..ffa3d61b 100644 --- a/util/wrapper/wrapper.go +++ b/util/wrapper/wrapper.go @@ -221,7 +221,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper { } // Verify the caller has access to the resource - err := a.Verify(account, res) + err := a.Verify(account, res, auth.VerifyNamespace(ns)) if err != nil && account != nil { return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID) } else if err != nil { From b2cf501952d960067d8c50905122cef0a4380ffb Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Fri, 22 May 2020 09:31:15 +0100 Subject: [PATCH 12/26] Auth Rules tests & bug fixes --- auth/rules/rules.go | 4 +- auth/rules/rules_test.go | 290 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 292 insertions(+), 2 deletions(-) create mode 100644 auth/rules/rules_test.go diff --git a/auth/rules/rules.go b/auth/rules/rules.go index e17053a0..221da415 100644 --- a/auth/rules/rules.go +++ b/auth/rules/rules.go @@ -65,14 +65,14 @@ func Verify(rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error { // this rule applies to any account if rule.Scope == "*" && rule.Access == auth.AccessDenied { return auth.ErrForbidden - } else if rule.Scope == "" && rule.Access == auth.AccessGranted { + } else if rule.Scope == "*" && rule.Access == auth.AccessGranted { return nil } // if the account has the necessary scope if include(acc.Scopes, rule.Scope) && rule.Access == auth.AccessDenied { return auth.ErrForbidden - } else if rule.Scope == "" && rule.Access == auth.AccessGranted { + } else if include(acc.Scopes, rule.Scope) && rule.Access == auth.AccessGranted { return nil } } diff --git a/auth/rules/rules_test.go b/auth/rules/rules_test.go new file mode 100644 index 00000000..773b81ed --- /dev/null +++ b/auth/rules/rules_test.go @@ -0,0 +1,290 @@ +package rules + +import ( + "testing" + + "github.com/micro/go-micro/v2/auth" +) + +func TestVerify(t *testing.T) { + srvResource := &auth.Resource{ + Type: "service", + Name: "go.micro.service.foo", + Endpoint: "Foo.Bar", + } + + webResource := &auth.Resource{ + Type: "service", + Name: "go.micro.web.foo", + Endpoint: "/foo/bar", + } + + catchallResource := &auth.Resource{ + Type: "*", + Name: "*", + Endpoint: "*", + } + + tt := []struct { + Name string + Rules []*auth.Rule + Account *auth.Account + Resource *auth.Resource + Error error + }{ + { + Name: "NoRules", + Rules: []*auth.Rule{}, + Account: nil, + Resource: srvResource, + Error: auth.ErrForbidden, + }, + { + Name: "CatchallPublicAccount", + Account: &auth.Account{}, + Resource: srvResource, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "", + Resource: catchallResource, + }, + }, + }, + { + Name: "CatchallPublicNoAccount", + Resource: srvResource, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "", + Resource: catchallResource, + }, + }, + }, + { + Name: "CatchallPrivateAccount", + Account: &auth.Account{}, + Resource: srvResource, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: catchallResource, + }, + }, + }, + { + Name: "CatchallPrivateNoAccount", + Resource: srvResource, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: catchallResource, + }, + }, + Error: auth.ErrForbidden, + }, + { + Name: "CatchallServiceRuleMatch", + Resource: srvResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: &auth.Resource{ + Type: srvResource.Type, + Name: srvResource.Name, + Endpoint: "*", + }, + }, + }, + }, + { + Name: "CatchallServiceRuleNoMatch", + Resource: srvResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: &auth.Resource{ + Type: srvResource.Type, + Name: "wrongname", + Endpoint: "*", + }, + }, + }, + Error: auth.ErrForbidden, + }, + { + Name: "ExactRuleValidScope", + Resource: srvResource, + Account: &auth.Account{ + Scopes: []string{"neededscope"}, + }, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "neededscope", + Resource: srvResource, + }, + }, + }, + { + Name: "ExactRuleInvalidScope", + Resource: srvResource, + Account: &auth.Account{ + Scopes: []string{"neededscope"}, + }, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "invalidscope", + Resource: srvResource, + }, + }, + Error: auth.ErrForbidden, + }, + { + Name: "CatchallDenyWithAccount", + Resource: srvResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: catchallResource, + Access: auth.AccessDenied, + }, + }, + Error: auth.ErrForbidden, + }, + { + Name: "CatchallDenyWithNoAccount", + Resource: srvResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: catchallResource, + Access: auth.AccessDenied, + }, + }, + Error: auth.ErrForbidden, + }, + { + Name: "RulePriorityGrantFirst", + Resource: srvResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: catchallResource, + Access: auth.AccessGranted, + Priority: 1, + }, + &auth.Rule{ + Scope: "*", + Resource: catchallResource, + Access: auth.AccessDenied, + Priority: 0, + }, + }, + }, + { + Name: "RulePriorityDenyFirst", + Resource: srvResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: catchallResource, + Access: auth.AccessGranted, + Priority: 0, + }, + &auth.Rule{ + Scope: "*", + Resource: catchallResource, + Access: auth.AccessDenied, + Priority: 1, + }, + }, + Error: auth.ErrForbidden, + }, + { + Name: "WebExactEndpointValid", + Resource: webResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: webResource, + }, + }, + }, + { + Name: "WebExactEndpointInalid", + Resource: webResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: &auth.Resource{ + Type: webResource.Type, + Name: webResource.Name, + Endpoint: "invalidendpoint", + }, + }, + }, + Error: auth.ErrForbidden, + }, + { + Name: "WebWildcardEndpoint", + Resource: webResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: &auth.Resource{ + Type: webResource.Type, + Name: webResource.Name, + Endpoint: "*", + }, + }, + }, + }, + { + Name: "WebWildcardPathEndpointValid", + Resource: webResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: &auth.Resource{ + Type: webResource.Type, + Name: webResource.Name, + Endpoint: "/foo/*", + }, + }, + }, + }, + { + Name: "WebWildcardPathEndpointInvalid", + Resource: webResource, + Account: &auth.Account{}, + Rules: []*auth.Rule{ + &auth.Rule{ + Scope: "*", + Resource: &auth.Resource{ + Type: webResource.Type, + Name: webResource.Name, + Endpoint: "/bar/*", + }, + }, + }, + Error: auth.ErrForbidden, + }, + } + + for _, tc := range tt { + t.Run(tc.Name, func(t *testing.T) { + if err := Verify(tc.Rules, tc.Account, tc.Resource); err != tc.Error { + t.Errorf("Expected %v but got %v", tc.Error, err) + } + }) + } +} From fbb91c6cb70e62ef501ba8840b3bae9f3651ec81 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Fri, 22 May 2020 10:44:18 +0100 Subject: [PATCH 13/26] Auth wrapper tests --- util/wrapper/wrapper_test.go | 312 ++++++++++++++++++++++++++++++++++- 1 file changed, 311 insertions(+), 1 deletion(-) diff --git a/util/wrapper/wrapper_test.go b/util/wrapper/wrapper_test.go index fa03af21..0905fac0 100644 --- a/util/wrapper/wrapper_test.go +++ b/util/wrapper/wrapper_test.go @@ -2,9 +2,13 @@ package wrapper import ( "context" + "net/http" "testing" + "github.com/micro/go-micro/v2/auth" + "github.com/micro/go-micro/v2/errors" "github.com/micro/go-micro/v2/metadata" + "github.com/micro/go-micro/v2/server" ) func TestWrapper(t *testing.T) { @@ -49,5 +53,311 @@ func TestWrapper(t *testing.T) { } } } - +} + +type testAuth struct { + verifyCount int + inspectCount int + namespace string + inspectAccount *auth.Account + verifyError error + + auth.Auth +} + +func (a *testAuth) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error { + a.verifyCount = a.verifyCount + 1 + return a.verifyError +} + +func (a *testAuth) Inspect(token string) (*auth.Account, error) { + a.inspectCount = a.inspectCount + 1 + return a.inspectAccount, nil +} + +func (a *testAuth) Options() auth.Options { + return auth.Options{Namespace: a.namespace} +} + +type testRequest struct { + service string + endpoint string + + server.Request +} + +func (r testRequest) Service() string { + return r.service +} + +func (r testRequest) Endpoint() string { + return r.endpoint +} + +func TestAuthHandler(t *testing.T) { + h := func(ctx context.Context, req server.Request, rsp interface{}) error { + return nil + } + + debugReq := testRequest{service: "go.micro.service.foo", endpoint: "Debug.Foo"} + serviceReq := testRequest{service: "go.micro.service.foo", endpoint: "Foo.Bar"} + + // Debug endpoints should be excluded from auth so auth.Verify should never get called + t.Run("DebugEndpoint", func(t *testing.T) { + a := testAuth{} + handler := AuthHandler(func() auth.Auth { + return &a + }) + + err := handler(h)(context.TODO(), debugReq, nil) + if err != nil { + t.Errorf("Expected nil error but got %v", err) + } + if a.verifyCount != 0 { + t.Errorf("Did not expect verify to be called") + } + }) + + // If the Authorization header is blank, no error should be returned and verify not called + t.Run("BlankAuthorizationHeader", func(t *testing.T) { + a := testAuth{} + handler := AuthHandler(func() auth.Auth { + return &a + }) + + err := handler(h)(context.TODO(), serviceReq, nil) + if err != nil { + t.Errorf("Expected nil error but got %v", err) + } + if a.inspectCount != 0 { + t.Errorf("Did not expect inspect to be called") + } + }) + + // If the Authorization header is invalid, an error should be returned and verify not called + t.Run("InvalidAuthorizationHeader", func(t *testing.T) { + a := testAuth{} + handler := AuthHandler(func() auth.Auth { + return &a + }) + + ctx := metadata.Set(context.TODO(), "Authorization", "Invalid") + err := handler(h)(ctx, serviceReq, nil) + if verr, ok := err.(*errors.Error); !ok || verr.Code != http.StatusUnauthorized { + t.Errorf("Expected unauthorized error but got %v", err) + } + if a.inspectCount != 0 { + t.Errorf("Did not expect inspect to be called") + } + }) + + // If the Authorization header is valid, no error should be returned and verify should called + t.Run("ValidAuthorizationHeader", func(t *testing.T) { + a := testAuth{} + handler := AuthHandler(func() auth.Auth { + return &a + }) + + ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") + err := handler(h)(ctx, serviceReq, nil) + if err != nil { + t.Errorf("Expected nil error but got %v", err) + } + if a.inspectCount != 1 { + t.Errorf("Expected inspect to be called") + } + }) + + // If the namespace header was not set on the request, the wrapper should set it to the auths + // own namespace + t.Run("BlankNamespaceHeader", func(t *testing.T) { + a := testAuth{namespace: "mynamespace"} + handler := AuthHandler(func() auth.Auth { + return &a + }) + + inCtx := context.TODO() + h := func(ctx context.Context, req server.Request, rsp interface{}) error { + inCtx = ctx + return nil + } + + err := handler(h)(inCtx, serviceReq, nil) + if err != nil { + t.Errorf("Expected nil error but got %v", err) + } + if ns, _ := metadata.Get(inCtx, "Micro-Namespace"); ns != a.namespace { + t.Errorf("Expected namespace to be set to %v but was %v", a.namespace, ns) + } + }) + t.Run("ValidNamespaceHeader", func(t *testing.T) { + a := testAuth{namespace: "mynamespace"} + handler := AuthHandler(func() auth.Auth { + return &a + }) + + inNs := "reqnamespace" + inCtx := metadata.Set(context.TODO(), "Micro-Namespace", inNs) + h := func(ctx context.Context, req server.Request, rsp interface{}) error { + inCtx = ctx + return nil + } + + err := handler(h)(inCtx, serviceReq, nil) + if err != nil { + t.Errorf("Expected nil error but got %v", err) + } + if ns, _ := metadata.Get(inCtx, "Micro-Namespace"); ns != inNs { + t.Errorf("Expected namespace to remain as %v but was set to %v", inNs, ns) + } + }) + + // If the callers account was set but the issuer didn't match that of the request, the request + // should be forbidden + t.Run("InvalidAccountIssuer", func(t *testing.T) { + a := testAuth{ + namespace: "validnamespace", + inspectAccount: &auth.Account{Issuer: "invalidnamespace"}, + } + + handler := AuthHandler(func() auth.Auth { + return &a + }) + + ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") + err := handler(h)(ctx, serviceReq, nil) + if verr, ok := err.(*errors.Error); !ok || verr.Code != http.StatusForbidden { + t.Errorf("Expected forbidden error but got %v", err) + } + }) + t.Run("ValidAccountIssuer", func(t *testing.T) { + a := testAuth{ + namespace: "validnamespace", + inspectAccount: &auth.Account{Issuer: "validnamespace"}, + } + + handler := AuthHandler(func() auth.Auth { + return &a + }) + + ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") + err := handler(h)(ctx, serviceReq, nil) + if err != nil { + t.Errorf("Expected nil error but got %v", err) + } + }) + + // If the caller had a nil account and verify returns an error, the request should be unauthorised + t.Run("NilAccountUnauthorized", func(t *testing.T) { + a := testAuth{verifyError: auth.ErrForbidden} + + handler := AuthHandler(func() auth.Auth { + return &a + }) + + err := handler(h)(context.TODO(), serviceReq, nil) + if verr, ok := err.(*errors.Error); !ok || verr.Code != http.StatusUnauthorized { + t.Errorf("Expected unauthorizard error but got %v", err) + } + }) + t.Run("AccountForbidden", func(t *testing.T) { + a := testAuth{verifyError: auth.ErrForbidden, inspectAccount: &auth.Account{}} + + handler := AuthHandler(func() auth.Auth { + return &a + }) + + ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") + err := handler(h)(ctx, serviceReq, nil) + if verr, ok := err.(*errors.Error); !ok || verr.Code != http.StatusForbidden { + t.Errorf("Expected forbidden error but got %v", err) + } + }) + t.Run("AccountValid", func(t *testing.T) { + a := testAuth{inspectAccount: &auth.Account{}} + + handler := AuthHandler(func() auth.Auth { + return &a + }) + + ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") + err := handler(h)(ctx, serviceReq, nil) + if err != nil { + t.Errorf("Expected nil error but got %v", err) + } + }) + + // If an account is returned from inspecting the token, it should be set in the context + t.Run("ContextWithAccount", func(t *testing.T) { + accID := "myaccountid" + a := testAuth{inspectAccount: &auth.Account{ID: accID}} + + handler := AuthHandler(func() auth.Auth { + return &a + }) + + inCtx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") + h := func(ctx context.Context, req server.Request, rsp interface{}) error { + inCtx = ctx + return nil + } + + err := handler(h)(inCtx, serviceReq, nil) + if err != nil { + t.Errorf("Expected nil error but got %v", err) + } + if acc, ok := auth.AccountFromContext(inCtx); !ok { + t.Errorf("Expected an account to be set in the context") + } else if acc.ID != accID { + t.Errorf("Expected the account in the context to have the ID %v but it actually had %v", accID, acc.ID) + } + }) + + // If verify returns an error the handler should not be called + t.Run("HandlerNotCalled", func(t *testing.T) { + a := testAuth{verifyError: auth.ErrForbidden} + + handler := AuthHandler(func() auth.Auth { + return &a + }) + + var handlerCalled bool + h := func(ctx context.Context, req server.Request, rsp interface{}) error { + handlerCalled = true + return nil + } + + ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") + err := handler(h)(ctx, serviceReq, nil) + if verr, ok := err.(*errors.Error); !ok || verr.Code != http.StatusUnauthorized { + t.Errorf("Expected unauthorizard error but got %v", err) + } + if handlerCalled { + t.Errorf("Expected the handler to not be called") + } + }) + + // If verify does not return an error the handler should be called + t.Run("HandlerNotCalled", func(t *testing.T) { + a := testAuth{} + + handler := AuthHandler(func() auth.Auth { + return &a + }) + + var handlerCalled bool + h := func(ctx context.Context, req server.Request, rsp interface{}) error { + handlerCalled = true + return nil + } + + ctx := metadata.Set(context.TODO(), "Authorization", auth.BearerScheme+"Token") + err := handler(h)(ctx, serviceReq, nil) + if err != nil { + t.Errorf("Expected nil error but got %v", err) + } + if !handlerCalled { + t.Errorf("Expected the handler be called") + } + }) } From 9c072a372cededba2078298ba6cf769cf5c024ac Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Fri, 22 May 2020 11:37:12 +0100 Subject: [PATCH 14/26] Add auth scope constants --- auth/auth.go | 10 ++++++++-- auth/rules/rules.go | 8 ++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index 96434acd..3e9afbc8 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -7,8 +7,14 @@ import ( "time" ) -// BearerScheme used for Authorization header -const BearerScheme = "Bearer " +const ( + // BearerScheme used for Authorization header + BearerScheme = "Bearer " + // ScopePublic is the scope applied to a rule to allow access to the public + ScopePublic = "" + // ScopeAccount is the scope applied to a rule to limit to users with any valid account + ScopeAccount = "*" +) var ( // ErrInvalidToken is when the token provided is not valid diff --git a/auth/rules/rules.go b/auth/rules/rules.go index 221da415..95d75904 100644 --- a/auth/rules/rules.go +++ b/auth/rules/rules.go @@ -51,9 +51,9 @@ func Verify(rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error { // loop through the rules and check for a rule which applies to this account for _, rule := range filteredRules { // a blank scope indicates the rule applies to everyone, even nil accounts - if rule.Scope == "" && rule.Access == auth.AccessDenied { + if rule.Scope == auth.ScopePublic && rule.Access == auth.AccessDenied { return auth.ErrForbidden - } else if rule.Scope == "" && rule.Access == auth.AccessGranted { + } else if rule.Scope == auth.ScopePublic && rule.Access == auth.AccessGranted { return nil } @@ -63,9 +63,9 @@ func Verify(rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error { } // this rule applies to any account - if rule.Scope == "*" && rule.Access == auth.AccessDenied { + if rule.Scope == auth.ScopeAccount && rule.Access == auth.AccessDenied { return auth.ErrForbidden - } else if rule.Scope == "*" && rule.Access == auth.AccessGranted { + } else if rule.Scope == auth.ScopeAccount && rule.Access == auth.AccessGranted { return nil } From f939200b3449e7b577829e3e31d00c55b737d551 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Fri, 22 May 2020 12:24:37 +0100 Subject: [PATCH 15/26] Improve service auth log --- auth/default.go | 1 + util/auth/auth.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/auth/default.go b/auth/default.go index 668edbd3..bc861d1f 100644 --- a/auth/default.go +++ b/auth/default.go @@ -53,6 +53,7 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) { Secret: options.Secret, Metadata: options.Metadata, Scopes: options.Scopes, + Issuer: n.Options().Namespace, }, nil } diff --git a/util/auth/auth.go b/util/auth/auth.go index e26a6f1f..c41c6a0e 100644 --- a/util/auth/auth.go +++ b/util/auth/auth.go @@ -28,7 +28,7 @@ func Generate(id string, name string, a auth.Auth) error { if err != nil { return err } - logger.Infof("Auth [%v] Authenticated as %v in the %v namespace", a, name, a.Options().Namespace) + logger.Infof("Auth [%v] Authenticated as %v issued by %v", a, name, acc.Issuer) accID = acc.ID accSecret = acc.Secret From dad011cab422e5c173d3c725a80c9ab7286a46ee Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Fri, 22 May 2020 12:40:34 +0100 Subject: [PATCH 16/26] Fix noop issuer bug --- auth/default.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth/default.go b/auth/default.go index bc861d1f..cf9c8cb6 100644 --- a/auth/default.go +++ b/auth/default.go @@ -79,7 +79,7 @@ func (n *noop) Verify(acc *Account, res *Resource, opts ...VerifyOption) error { // Inspect a token func (n *noop) Inspect(token string) (*Account, error) { - return &Account{ID: uuid.New().String()}, nil + return &Account{ID: uuid.New().String(), Issuer: n.Options().Namespace}, nil } // Token generation using an account id and secret From 877fe5fb0a3d3c0069da98e1ec50191d15388175 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Fri, 22 May 2020 14:02:02 +0100 Subject: [PATCH 17/26] Update web wildcard to enable /foo/bar/baz/* to verify /foo/bar/baz --- auth/rules/rules.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth/rules/rules.go b/auth/rules/rules.go index 95d75904..b6bc0b65 100644 --- a/auth/rules/rules.go +++ b/auth/rules/rules.go @@ -22,7 +22,7 @@ func Verify(rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error { // e.g. /foo/* would include /foo/bar. We also want to check for wildcards and the exact endpoint validEndpoints := []string{"*", res.Endpoint} if comps := strings.Split(res.Endpoint, "/"); len(comps) > 1 { - for i := 1; i < len(comps); i++ { + for i := 1; i < len(comps)+1; i++ { wildcard := fmt.Sprintf("%v/*", strings.Join(comps[0:i], "/")) validEndpoints = append(validEndpoints, wildcard) } From c800070477632c29e56e7f79f928a1dd467ddac3 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Fri, 22 May 2020 14:03:12 +0100 Subject: [PATCH 18/26] Check for error before loading rules --- auth/service/service.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/auth/service/service.go b/auth/service/service.go index bb14ece6..f43e863a 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -99,7 +99,10 @@ func (s *svc) Grant(rule *auth.Rule) error { }, }) - go s.loadRules(s.options.Namespace) + if err == nil { + go s.loadRules(s.options.Namespace) + } + return err } From cd283654ebadc6606a9332fb2da7e55742165c93 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Tue, 26 May 2020 15:53:28 +0100 Subject: [PATCH 19/26] Cache Rules --- auth/service/service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth/service/service.go b/auth/service/service.go index eb6dc004..9c3bd323 100644 --- a/auth/service/service.go +++ b/auth/service/service.go @@ -112,7 +112,7 @@ func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) { options.Context = context.TODO() } - rsp, err := s.rules.List(options.Context, &pb.ListRequest{}) + rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, client.WithCache(time.Second*30)) if err != nil { return nil, err } From c3b404bab004ef84d163a7f0eefc1aa1a0e531bb Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Tue, 26 May 2020 17:35:06 +0100 Subject: [PATCH 20/26] Fix server calling across namespace --- util/wrapper/wrapper.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/util/wrapper/wrapper.go b/util/wrapper/wrapper.go index 5149299b..9f3d1faa 100644 --- a/util/wrapper/wrapper.go +++ b/util/wrapper/wrapper.go @@ -209,8 +209,9 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper { ctx = metadata.Set(ctx, "Micro-Namespace", ns) } - // Check the issuer matches the services namespace - if account != nil && account.Issuer != ns { + // Check the issuer matches the services namespace. TODO: Stop allowing go.micro to access + // any namespace and instead check for the server issuer. + if account != nil && account.Issuer != ns && account.Issuer != "go.micro" { return errors.Forbidden(req.Service(), "Account was not issued by %v", ns) } From d6c1fbf841d77c23a644c448c3679396783b8c54 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Tue, 26 May 2020 17:43:45 +0100 Subject: [PATCH 21/26] Fix web service auth name --- web/service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/service.go b/web/service.go index bee94814..643c9dbc 100644 --- a/web/service.go +++ b/web/service.go @@ -444,7 +444,7 @@ func (s *service) Init(opts ...Option) error { func (s *service) Run() error { // generate an auth account srvID := s.opts.Service.Server().Options().Id - srvName := s.opts.Service.Name() + srvName := s.Options().Name if err := authutil.Generate(srvID, srvName, s.opts.Service.Options().Auth); err != nil { return err } From 9e9773c9c72d1c83a61333e616d882ffcff284a1 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Wed, 27 May 2020 09:07:59 +0100 Subject: [PATCH 22/26] Only use namespace for cache key --- client/cache.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/cache.go b/client/cache.go index 16bd9c70..a6ab71c1 100644 --- a/client/cache.go +++ b/client/cache.go @@ -48,10 +48,10 @@ func (c *Cache) List() map[string]string { // key returns a hash for the context and request func key(ctx context.Context, req *Request) string { - md, _ := metadata.FromContext(ctx) + ns, _ := metadata.Get(ctx, "Micro-Namespace") bytes, _ := json.Marshal(map[string]interface{}{ - "metadata": md, + "namespace": ns, "request": map[string]interface{}{ "service": (*req).Service(), "endpoint": (*req).Endpoint(), From e2d662608c1d9053898dde1339cfdeeaea50b3d5 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Wed, 27 May 2020 09:14:16 +0100 Subject: [PATCH 23/26] Fix tests --- client/cache_test.go | 2 +- util/wrapper/wrapper_test.go | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/client/cache_test.go b/client/cache_test.go index 337312c1..70721a23 100644 --- a/client/cache_test.go +++ b/client/cache_test.go @@ -65,7 +65,7 @@ func TestCacheKey(t *testing.T) { }) t.Run("DifferentMetadata", func(t *testing.T) { - mdCtx := metadata.Set(context.TODO(), "foo", "bar") + mdCtx := metadata.Set(context.TODO(), "Micro-Namespace", "bar") key1 := key(mdCtx, &req1) key2 := key(ctx, &req1) diff --git a/util/wrapper/wrapper_test.go b/util/wrapper/wrapper_test.go index c6696f35..94b59239 100644 --- a/util/wrapper/wrapper_test.go +++ b/util/wrapper/wrapper_test.go @@ -8,8 +8,8 @@ import ( "time" "github.com/micro/go-micro/v2/auth" - "github.com/micro/go-micro/v2/errors" "github.com/micro/go-micro/v2/client" + "github.com/micro/go-micro/v2/errors" "github.com/micro/go-micro/v2/metadata" "github.com/micro/go-micro/v2/server" ) @@ -361,6 +361,10 @@ func TestAuthHandler(t *testing.T) { } if !handlerCalled { t.Errorf("Expected the handler be called") + } + }) +} + type testClient struct { callCount int callRsp interface{} From bb5f2e5525d576455e6349430939f11c20192b7b Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Wed, 27 May 2020 12:12:34 +0100 Subject: [PATCH 24/26] Handle config service not found errors --- config/source/service/service.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config/source/service/service.go b/config/source/service/service.go index 9bacdf63..85c9f989 100644 --- a/config/source/service/service.go +++ b/config/source/service/service.go @@ -2,10 +2,12 @@ package service import ( "context" + "net/http" "github.com/micro/go-micro/v2/client" "github.com/micro/go-micro/v2/config/source" proto "github.com/micro/go-micro/v2/config/source/service/proto" + "github.com/micro/go-micro/v2/errors" "github.com/micro/go-micro/v2/logger" ) @@ -29,7 +31,9 @@ func (m *service) Read() (set *source.ChangeSet, err error) { Namespace: m.namespace, Path: m.path, }) - if err != nil { + if verr, ok := err.(*errors.Error); ok && verr.Code == http.StatusNotFound { + return &source.ChangeSet{Data: []byte{}}, nil + } else if err != nil { return nil, err } From d85b4197b41e5f96bedf08b60923d8be383c3edb Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Wed, 27 May 2020 12:20:31 +0100 Subject: [PATCH 25/26] Return nil changeset and not blank --- config/source/service/service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/source/service/service.go b/config/source/service/service.go index 85c9f989..25c06d52 100644 --- a/config/source/service/service.go +++ b/config/source/service/service.go @@ -32,7 +32,7 @@ func (m *service) Read() (set *source.ChangeSet, err error) { Path: m.path, }) if verr, ok := err.(*errors.Error); ok && verr.Code == http.StatusNotFound { - return &source.ChangeSet{Data: []byte{}}, nil + return nil, nil } else if err != nil { return nil, err } From e7ad031eb80b4ba3e6908c4d074b70d536d61907 Mon Sep 17 00:00:00 2001 From: Dominic Wong Date: Wed, 27 May 2020 15:18:03 +0100 Subject: [PATCH 26/26] Check ipv4 or ipv6 address is valid before assigning --- registry/mdns_registry.go | 4 ++-- util/mdns/client.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/registry/mdns_registry.go b/registry/mdns_registry.go index fde00f37..8ecd37ec 100644 --- a/registry/mdns_registry.go +++ b/registry/mdns_registry.go @@ -353,10 +353,10 @@ func (m *mdnsRegistry) GetService(service string, opts ...GetOption) ([]*Service } addr := "" // prefer ipv4 addrs - if e.AddrV4 != nil { + if len(e.AddrV4) > 0 { addr = e.AddrV4.String() // else use ipv6 - } else if e.AddrV6 != nil { + } else if len(e.AddrV6) > 0 { addr = "[" + e.AddrV6.String() + "]" } else { if logger.V(logger.InfoLevel, logger.DefaultLogger) { diff --git a/util/mdns/client.go b/util/mdns/client.go index 176ebac4..c7b84655 100644 --- a/util/mdns/client.go +++ b/util/mdns/client.go @@ -34,7 +34,7 @@ type ServiceEntry struct { // complete is used to check if we have all the info we need func (s *ServiceEntry) complete() bool { - return (s.AddrV4 != nil || s.AddrV6 != nil || s.Addr != nil) && s.Port != 0 && s.hasTXT + return (len(s.AddrV4) > 0 || len(s.AddrV6) > 0 || len(s.Addr) > 0) && s.Port != 0 && s.hasTXT } // QueryParam is used to customize how a Lookup is performed