-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for RHSSO and OpenId Connect #283
Changes from 50 commits
0292297
18239f8
df65b2b
6447dd6
63da32f
4b75007
b87f577
fee2aa2
c0d8f6e
aedd556
dcd18e2
56e692f
42bdbe1
214b826
7d284d6
f1bca2c
2219904
88857b8
e5c9e9e
a1d1326
b346109
5bbdda8
5e39edc
f904a1d
09305ce
8caf31b
9ab5f3c
e973277
88817f4
533ad9d
7a145fd
0b4eb07
bb9f962
c4af07e
da0dc81
31bcafc
9a5537d
69bb575
f42c19b
8b93cb4
19729ff
347aea4
4fe0262
99bd2d8
add69ad
1b8eec2
e163dad
2f7df3f
50260f0
2e3bb26
d66fdd6
4c40fae
50d71b1
efe016b
be86559
3a6a7b5
f3ffeab
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/usr/bin/env resty | ||
|
||
pcall(require, 'luarocks.loader') | ||
package.path = package.path .. ";./src/?.lua" | ||
|
||
local keycloak = require 'oauth.keycloak' | ||
local cjson = require 'cjson' | ||
|
||
local config = keycloak.load_configuration() | ||
|
||
ngx.say(cjson.encode(config)) |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,6 +7,8 @@ local remote_loader_v2 = require 'configuration_loader.remote_v2' | |
local util = require 'util' | ||
local env = require('resty.env') | ||
local synchronization = require('resty.synchronization').new(1) | ||
local keycloak = require 'oauth.keycloak' | ||
local cjson = require 'cjson' | ||
|
||
local error = error | ||
local len = string.len | ||
|
@@ -65,9 +67,9 @@ end | |
|
||
-- Cosocket API is not available in the init_by_lua* context (see more here: https://github.com/openresty/lua-nginx-module#cosockets-not-available-everywhere) | ||
-- For this reason a new process needs to be started to download the configuration through 3scale API | ||
function _M.init(cwd) | ||
function _M.init(cwd, cmd) | ||
cwd = cwd or env.get('TEST_NGINX_APICAST_PATH') or ngx.config.prefix() | ||
local config, err, code = util.system("cd '" .. cwd .."' && libexec/boot") | ||
local config, err, code = util.system("cd '" .. cwd .."' && libexec/"..(cmd or "boot")) | ||
|
||
-- Try to read the file in current working directory before changing to the prefix. | ||
if err then config = file_loader.call() end | ||
|
@@ -105,6 +107,12 @@ function boot.init(configuration) | |
ngx.log(ngx.EMERG, 'cache is off, cannot store configuration, exiting') | ||
os.exit(0) | ||
end | ||
|
||
local keycloak_config = _M.init(nil, "keycloak") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is pretty poor interface and should be improved. Passing nil is just weird. |
||
|
||
if keycloak_config then | ||
configuration.keycloak = cjson.decode(keycloak_config) | ||
end | ||
end | ||
|
||
local function refresh_configuration(configuration) | ||
|
@@ -121,6 +129,8 @@ end | |
function boot.init_worker(configuration) | ||
local interval = ttl() or 0 | ||
|
||
configuration.keycloak = keycloak.load_configuration() | ||
|
||
local function schedule(...) | ||
local ok, err = ngx.timer.at(...) | ||
|
||
|
@@ -156,6 +166,12 @@ end | |
local lazy = { init_worker = noop } | ||
|
||
function lazy.init(configuration) | ||
local keycloak_config = _M.init(nil, "keycloak") | ||
|
||
if keycloak_config then | ||
configuration.keycloak = cjson.decode(keycloak_config) | ||
end | ||
|
||
configuration.configured = true | ||
end | ||
|
||
|
@@ -174,6 +190,8 @@ function lazy.rewrite(configuration, host) | |
_M.configure(configuration, config) | ||
end | ||
|
||
configuration.keycloak = keycloak.load_configuration() | ||
|
||
if ok then | ||
synchronization:release(host) | ||
sema:post() | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,36 @@ | ||
local get_token = require 'get_token' | ||
local callback = require 'authorized_callback' | ||
local authorize = require 'authorize' | ||
|
||
local router = require 'router' | ||
local apicast_oauth = require 'oauth.apicast_oauth' | ||
local keycloak = require 'oauth.keycloak' | ||
|
||
local _M = { | ||
version = '0.0.1' | ||
_VERSION = '0.0.2' | ||
} | ||
|
||
function _M.router() | ||
-- TODO: use configuration to customize urls | ||
local r = router:new() | ||
function _M.new(configuration) | ||
if configuration.keycloak then | ||
ngx.log(ngx.INFO, "keycloak configured") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this is going to print this message on every request, not really necessary no ? |
||
return keycloak.new(configuration.keycloak) | ||
else | ||
return apicast_oauth.new() | ||
end | ||
end | ||
|
||
r:get('/authorize', authorize.call) | ||
r:post('/authorize', authorize.call) | ||
function _M.router(oauth, service) | ||
local r = router:new() | ||
r:get('/authorize', function() oauth:authorize(service) end) | ||
r:post('/authorize', function() oauth:authorize(service) end) | ||
|
||
r:post('/callback', callback.call) | ||
r:get('/callback', callback.call) | ||
-- TODO: only applies to apicast oauth... | ||
r:post('/callback', function() oauth:callback() end) | ||
r:get('/callback', function() oauth:callback() end) | ||
|
||
r:post('/oauth/token', get_token.call) | ||
r:post('/oauth/token', function() oauth:get_token(service) end) | ||
|
||
return r | ||
end | ||
|
||
function _M.call(method, uri, ...) | ||
local r = _M.router() | ||
function _M.call(oauth, service, method, uri, ...) | ||
local r = _M.router(oauth, service) | ||
|
||
local f, params = r:resolve(method or ngx.req.get_method(), | ||
uri or ngx.var.uri, | ||
|
@@ -34,5 +40,3 @@ function _M.call(method, uri, ...) | |
end | ||
|
||
return _M | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
local get_token = require 'oauth.apicast_oauth.get_token' | ||
local callback = require 'oauth.apicast_oauth.authorized_callback' | ||
local authorize = require 'oauth.apicast_oauth.authorize' | ||
local setmetatable = setmetatable | ||
|
||
local _M = { | ||
_VERSION = '0.1' | ||
} | ||
|
||
local mt = { __index = _M } | ||
|
||
function _M.new(service) | ||
return setmetatable( | ||
{ | ||
authorize = authorize.call, | ||
callback = callback.call, | ||
get_token = get_token.call, | ||
service = service | ||
}, mt) | ||
end | ||
|
||
function _M.transform_credentials(_, credentials) | ||
return credentials | ||
end | ||
|
||
return _M |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to give heads up to @rnc and @3scale/productization about this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ack. Creating jira for it