auth

Paddy 2015-06-29 Parent:9e3ceddf29ad Child:0a2c3d677161

176:fc68085eb40d Go to Latest

auth/authd/server.go

Add kubernetes definitions. Define a replication controller that will spin up authd servers (using Ducky right now--other instances should rename the ducky parts appropriately). Also, my understanding of which labels go where may be shaky, which is probably evidenced by the fact that all of these things share the same lables. _Whatever_. It also hooks the generated pods up to the JWT secret volume, so they can properly read the JWT secret. Also, created a LoadBalancer Service that will route traffic to the pods created by the Replication Controller.

Download raw file
View source Diff to previous Annotate
History
1 package main
2
3 import (
4 "encoding/base64"
5 "html/template"
6 "log"
7 "net/http"
8 "os"
9
10 "code.secondbit.org/auth.hg"
11 "github.com/gorilla/mux"
12 )
13
14 func main() {
15 log.SetFlags(log.LstdFlags | log.Llongfile)
16 log.Printf("Running version '%s'\n", auth.Version)
17 var config auth.Config
18 var jwtSecret string
19 var err error
20 if os.Getenv("JWT_SECRET") == "" {
21 log.Fatal("JWT_SECRET must be set.")
22 } else {
23 jwtSecret = os.Getenv("JWT_SECRET")
24 }
25 if os.Getenv("JWT_SECRET_IS_BASE64_ENCODED") == "true" {
26 config.JWTPrivateKey, err = base64.StdEncoding.DecodeString(jwtSecret)
27 if err != nil {
28 panic(err)
29 }
30 } else {
31 config.JWTPrivateKey = []byte(jwtSecret)
32 }
33 if os.Getenv("AUTH_PG_DB") != "" {
34 p, err := auth.NewPostgres(os.Getenv("AUTH_PG_DB"))
35 if err != nil {
36 panic(err)
37 }
38 config.ClientStore = &p
39 config.AuthCodeStore = &p
40 config.ProfileStore = &p
41 config.TokenStore = &p
42 config.SessionStore = &p
43 config.ScopeStore = &p
44 } else {
45 store := auth.NewMemstore()
46 config.ClientStore = store
47 config.AuthCodeStore = store
48 config.ProfileStore = store
49 config.TokenStore = store
50 config.SessionStore = store
51 config.ScopeStore = store
52 }
53 config.Template = template.Must(template.New("base").ParseGlob("./templates/*.gotmpl"))
54 config.LoginURI = "/login"
55 if os.Getenv("AUTH_NSQD_ADDR") != "" {
56 n, err := auth.NewNSQNotifier(os.Getenv("AUTH_NSQD_ADDR"))
57 if err != nil {
58 log.Fatal(err)
59 }
60 config.LoginVerificationNotifier = n
61 } else {
62 config.LoginVerificationNotifier = auth.NewStdoutNotifier()
63 }
64 err = config.Init()
65 if err != nil {
66 log.Fatal(err)
67 }
68 context, err := auth.NewContext(config)
69 if err != nil {
70 panic(err)
71 }
72 err = context.CreateScopes([]auth.Scope{
73 auth.ScopeLoginAdmin,
74 {ID: "subscriptions", Name: "Manage subscriptions", Description: "Create, view, edit, and cancel your subscriptions."},
75 })
76 if err != nil && err != auth.ErrScopeAlreadyExists {
77 log.Fatal(err)
78 }
79
80 router := mux.NewRouter()
81 auth.RegisterOAuth2(router, context)
82 auth.RegisterSessionHandlers(router, context)
83 auth.RegisterProfileHandlers(router, context)
84 auth.RegisterClientHandlers(router, context)
85 http.Handle("/", router)
86 log.Println("Listening on port 9000")
87 log.Fatal(http.ListenAndServe("0.0.0.0:9000", nil))
88 }