auth

Paddy 2015-06-29 Parent:9e3ceddf29ad Child:0a2c3d677161

auth/authd/server.go

Add kubernetes definitions. Define a replication controller that will spin up authd servers (using Ducky right now--other instances should rename the ducky parts appropriately). Also, my understanding of which labels go where may be shaky, which is probably evidenced by the fact that all of these things share the same lables. _Whatever_. It also hooks the generated pods up to the JWT secret volume, so they can properly read the JWT secret. Also, created a LoadBalancer Service that will route traffic to the pods created by the Replication Controller.

Download raw file

View source Diff to previous Annotate

paddy@100	1 package main
paddy@100	2
paddy@100	3 import (
paddy@174	4 "encoding/base64"
paddy@100	5 "html/template"
paddy@100	6 "log"
paddy@100	7 "net/http"
paddy@157	8 "os"
paddy@100	9
paddy@107	10 "code.secondbit.org/auth.hg"
paddy@100	11 "github.com/gorilla/mux"
paddy@100	12 )
paddy@100	13
paddy@100	14 func main() {
paddy@151	15 log.SetFlags(log.LstdFlags \| log.Llongfile)
paddy@170	16 log.Printf("Running version '%s'\n", auth.Version)
paddy@157	17 var config auth.Config
paddy@174	18 var jwtSecret string
paddy@174	19 var err error
paddy@174	20 if os.Getenv("JWT_SECRET") == "" {
paddy@174	21 log.Fatal("JWT_SECRET must be set.")
paddy@174	22 } else {
paddy@174	23 jwtSecret = os.Getenv("JWT_SECRET")
paddy@174	24 }
paddy@174	25 if os.Getenv("JWT_SECRET_IS_BASE64_ENCODED") == "true" {
paddy@174	26 config.JWTPrivateKey, err = base64.StdEncoding.DecodeString(jwtSecret)
paddy@174	27 if err != nil {
paddy@174	28 panic(err)
paddy@174	29 }
paddy@174	30 } else {
paddy@174	31 config.JWTPrivateKey = []byte(jwtSecret)
paddy@174	32 }
paddy@157	33 if os.Getenv("AUTH_PG_DB") != "" {
paddy@157	34 p, err := auth.NewPostgres(os.Getenv("AUTH_PG_DB"))
paddy@157	35 if err != nil {
paddy@157	36 panic(err)
paddy@157	37 }
paddy@157	38 config.ClientStore = &p
paddy@157	39 config.AuthCodeStore = &p
paddy@157	40 config.ProfileStore = &p
paddy@157	41 config.TokenStore = &p
paddy@157	42 config.SessionStore = &p
paddy@157	43 config.ScopeStore = &p
paddy@157	44 } else {
paddy@157	45 store := auth.NewMemstore()
paddy@157	46 config.ClientStore = store
paddy@157	47 config.AuthCodeStore = store
paddy@157	48 config.ProfileStore = store
paddy@157	49 config.TokenStore = store
paddy@157	50 config.SessionStore = store
paddy@157	51 config.ScopeStore = store
paddy@149	52 }
paddy@157	53 config.Template = template.Must(template.New("base").ParseGlob("./templates/*.gotmpl"))
paddy@157	54 config.LoginURI = "/login"
paddy@170	55 if os.Getenv("AUTH_NSQD_ADDR") != "" {
paddy@170	56 n, err := auth.NewNSQNotifier(os.Getenv("AUTH_NSQD_ADDR"))
paddy@170	57 if err != nil {
paddy@170	58 log.Fatal(err)
paddy@170	59 }
paddy@170	60 config.LoginVerificationNotifier = n
paddy@170	61 } else {
paddy@170	62 config.LoginVerificationNotifier = auth.NewStdoutNotifier()
paddy@170	63 }
paddy@174	64 err = config.Init()
paddy@106	65 if err != nil {
paddy@106	66 log.Fatal(err)
paddy@106	67 }
paddy@100	68 context, err := auth.NewContext(config)
paddy@100	69 if err != nil {
paddy@100	70 panic(err)
paddy@100	71 }
paddy@149	72 err = context.CreateScopes([]auth.Scope{
paddy@173	73 auth.ScopeLoginAdmin,
paddy@174	74 {ID: "subscriptions", Name: "Manage subscriptions", Description: "Create, view, edit, and cancel your subscriptions."},
paddy@149	75 })
paddy@157	76 if err != nil && err != auth.ErrScopeAlreadyExists {
paddy@157	77 log.Fatal(err)
paddy@152	78 }
paddy@100	79
paddy@100	80 router := mux.NewRouter()
paddy@100	81 auth.RegisterOAuth2(router, context)
paddy@100	82 auth.RegisterSessionHandlers(router, context)
paddy@106	83 auth.RegisterProfileHandlers(router, context)
paddy@108	84 auth.RegisterClientHandlers(router, context)
paddy@100	85 http.Handle("/", router)
paddy@174	86 log.Println("Listening on port 9000")
paddy@174	87 log.Fatal(http.ListenAndServe("0.0.0.0:9000", nil))
paddy@100	88 }