From ee5638495bfedbac99d0f091b97306428324ea44 Mon Sep 17 00:00:00 2001 From: aeneasr Date: Sat, 8 Dec 2018 14:44:57 +0100 Subject: [PATCH 1/5] u Signed-off-by: aeneasr --- Gopkg.lock | 547 ------------------------ Gopkg.toml | 162 ------- Makefile | 31 ++ go.mod | 1 + sdk/go/oathkeeper/swagger/api_client.go | 2 +- 5 files changed, 33 insertions(+), 710 deletions(-) delete mode 100644 Gopkg.lock delete mode 100644 Gopkg.toml create mode 100644 Makefile create mode 100644 go.mod diff --git a/Gopkg.lock b/Gopkg.lock deleted file mode 100644 index 5167eaaea8..0000000000 --- a/Gopkg.lock +++ /dev/null @@ -1,547 +0,0 @@ -# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. - - -[[projects]] - branch = "master" - name = "github.com/Azure/go-ansiterm" - packages = [ - ".", - "winterm" - ] - revision = "d6e3b3328b783f23731bc4d058875b0371ff8109" - -[[projects]] - name = "github.com/Microsoft/go-winio" - packages = ["."] - revision = "7da180ee92d8bd8bb8c37fc560e673e6557c392f" - version = "v0.4.7" - -[[projects]] - branch = "master" - name = "github.com/Nvveen/Gotty" - packages = ["."] - revision = "cd527374f1e5bff4938207604a14f2e38a9cf512" - -[[projects]] - name = "github.com/asaskevich/govalidator" - packages = ["."] - revision = "73945b6115bfbbcc57d89b7316e28109364124e1" - version = "v7" - -[[projects]] - name = "github.com/cenkalti/backoff" - packages = ["."] - revision = "2ea60e5f094469f9e65adb9cd103795b73ae743e" - version = "v2.0.0" - -[[projects]] - branch = "master" - name = "github.com/containerd/continuity" - packages = ["pathdriver"] - revision = "c6cef34830231743494fe2969284df7b82cc0ad0" - -[[projects]] - name = "github.com/davecgh/go-spew" - packages = ["spew"] - revision = "346938d642f2ec3594ed81d874461961cd0faa76" - version = "v1.1.0" - -[[projects]] - name = "github.com/dgrijalva/jwt-go" - packages = ["."] - revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e" - version = "v3.2.0" - -[[projects]] - name = "github.com/docker/go-connections" - packages = ["nat"] - revision = "3ede32e2033de7505e6500d6c868c2b9ed9f169d" - version = "v0.3.0" - -[[projects]] - name = "github.com/docker/go-units" - packages = ["."] - revision = "47565b4f722fb6ceae66b95f853feed578a4a51c" - version = "v0.3.3" - -[[projects]] - name = "github.com/fsnotify/fsnotify" - packages = ["."] - revision = "c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9" - version = "v1.4.7" - -[[projects]] - name = "github.com/go-errors/errors" - packages = ["."] - revision = "a6af135bd4e28680facf08a3d206b454abc877a4" - version = "v1.0.1" - -[[projects]] - name = "github.com/go-resty/resty" - packages = ["."] - revision = "f0976a825c7520308909ce5a9e8b4f8675fdd6de" - version = "v1.5" - -[[projects]] - name = "github.com/go-sql-driver/mysql" - packages = ["."] - revision = "a0583e0143b1624142adab07e0e97fe106d99561" - version = "v1.3" - -[[projects]] - branch = "master" - name = "github.com/golang/gddo" - packages = [ - "httputil", - "httputil/header" - ] - revision = "416d5fc8c9c85e9ec9252a70d01e069f4b287ff0" - -[[projects]] - name = "github.com/golang/mock" - packages = ["gomock"] - revision = "c34cdb4725f4c3844d095133c6e40e448b86589b" - version = "v1.1.1" - -[[projects]] - name = "github.com/golang/protobuf" - packages = ["proto"] - revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265" - version = "v1.1.0" - -[[projects]] - branch = "master" - name = "github.com/hashicorp/hcl" - packages = [ - ".", - "hcl/ast", - "hcl/parser", - "hcl/printer", - "hcl/scanner", - "hcl/strconv", - "hcl/token", - "json/parser", - "json/scanner", - "json/token" - ] - revision = "ef8a98b0bbce4a65b5aa4c368430a80ddc533168" - -[[projects]] - name = "github.com/inconshreveable/mousetrap" - packages = ["."] - revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" - version = "v1.0" - -[[projects]] - branch = "master" - name = "github.com/jmoiron/sqlx" - packages = [ - ".", - "reflectx" - ] - revision = "2aeb6a910c2b94f2d5eb53d9895d80e27264ec41" - -[[projects]] - name = "github.com/julienschmidt/httprouter" - packages = ["."] - revision = "8c199fb6259ffc1af525cc3ad52ee60ba8359669" - version = "v1.1" - -[[projects]] - branch = "master" - name = "github.com/lib/pq" - packages = [ - ".", - "oid" - ] - revision = "d34b9ff171c21ad295489235aec8b6626023cd04" - -[[projects]] - name = "github.com/magiconair/properties" - packages = ["."] - revision = "c3beff4c2358b44d0493c7dda585e7db7ff28ae6" - version = "v1.7.6" - -[[projects]] - branch = "master" - name = "github.com/meatballhat/negroni-logrus" - packages = ["."] - revision = "31067281800f66f57548a7a32d9c6c5f963fef83" - -[[projects]] - branch = "master" - name = "github.com/mitchellh/mapstructure" - packages = ["."] - revision = "00c29f56e2386353d58c599509e8dc3801b0d716" - -[[projects]] - branch = "master" - name = "github.com/mohae/deepcopy" - packages = ["."] - revision = "c48cc78d482608239f6c4c92a4abd87eb8761c90" - -[[projects]] - name = "github.com/opencontainers/go-digest" - packages = ["."] - revision = "279bed98673dd5bef374d3b6e4b09e2af76183bf" - version = "v1.0.0-rc1" - -[[projects]] - name = "github.com/opencontainers/image-spec" - packages = [ - "specs-go", - "specs-go/v1" - ] - revision = "d60099175f88c47cd379c4738d158884749ed235" - version = "v1.0.1" - -[[projects]] - name = "github.com/opencontainers/runc" - packages = [ - "libcontainer/system", - "libcontainer/user" - ] - revision = "baf6536d6259209c3edfa2b22237af82942d3dfa" - version = "v0.1.1" - -[[projects]] - name = "github.com/ory/dockertest" - packages = [ - ".", - "docker", - "docker/opts", - "docker/pkg/archive", - "docker/pkg/fileutils", - "docker/pkg/homedir", - "docker/pkg/idtools", - "docker/pkg/ioutils", - "docker/pkg/jsonmessage", - "docker/pkg/longpath", - "docker/pkg/mount", - "docker/pkg/pools", - "docker/pkg/stdcopy", - "docker/pkg/system", - "docker/pkg/term", - "docker/pkg/term/windows", - "docker/types", - "docker/types/blkiodev", - "docker/types/container", - "docker/types/filters", - "docker/types/mount", - "docker/types/network", - "docker/types/registry", - "docker/types/strslice", - "docker/types/versions" - ] - revision = "2e92e7784b6fb199fd168aa46269a2f1b34f299e" - version = "v3.3.0" - -[[projects]] - name = "github.com/ory/fosite" - packages = ["."] - revision = "a07ce27c814538c7d0e6228ae814482be2e96e7e" - version = "v0.21.3" - -[[projects]] - name = "github.com/ory/go-convenience" - packages = [ - "corsx", - "jwtx", - "mapx", - "stringslice", - "stringsx" - ] - revision = "c47f601243faea2022b8bc0b90d7e1cd1f722807" - version = "v0.0.6" - -[[projects]] - name = "github.com/ory/graceful" - packages = ["."] - revision = "3d30c83329259f53a904d428b38d8cb8fba7bd77" - version = "v0.1.0" - -[[projects]] - name = "github.com/ory/herodot" - packages = ["."] - revision = "809d81bb89b684063f794913e1fe3635f0b20222" - version = "v0.2.2" - -[[projects]] - name = "github.com/ory/hydra" - packages = [ - "sdk/go/hydra", - "sdk/go/hydra/swagger" - ] - revision = "251bd5c5b1cf84b012c33cda0fc27db2cfdf48fa" - version = "master" - -[[projects]] - branch = "master" - name = "github.com/ory/keto" - packages = [ - "sdk/go/keto", - "sdk/go/keto/swagger" - ] - revision = "70b12adf5bcc0e890d6707e11e891e6cedfb3d87" - -[[projects]] - name = "github.com/ory/ladon" - packages = ["compiler"] - revision = "76e069e27b002d186005c14b1f1b86472cc209f2" - version = "v0.8.10" - -[[projects]] - branch = "master" - name = "github.com/ory/metrics-middleware" - packages = ["."] - revision = "db3300574e48a229d5ddb1e30ea4adfd139d493a" - -[[projects]] - name = "github.com/ory/pagination" - packages = ["."] - revision = "abd7ec33a01fdec119267449c8f3bad187f881f6" - version = "v0.0.1" - -[[projects]] - name = "github.com/ory/sqlcon" - packages = [ - ".", - "dockertest" - ] - revision = "08e1c6762dd59c776a735acc134889f757574f66" - version = "v0.0.2" - -[[projects]] - name = "github.com/pborman/uuid" - packages = ["."] - revision = "e790cca94e6cc75c7064b1332e63811d4aae1a53" - version = "v1.1" - -[[projects]] - name = "github.com/pelletier/go-toml" - packages = ["."] - revision = "acdc4509485b587f5e675510c4f2c63e90ff68a8" - version = "v1.1.0" - -[[projects]] - name = "github.com/pkg/errors" - packages = ["."] - revision = "645ef00459ed84a119197bfb8d8205042c6df63d" - version = "v0.8.0" - -[[projects]] - name = "github.com/pmezard/go-difflib" - packages = ["difflib"] - revision = "792786c7400a136282c1664665ae0a8db921c6c2" - version = "v1.0.0" - -[[projects]] - name = "github.com/rs/cors" - packages = ["."] - revision = "feef513b9575b32f84bafa580aad89b011259019" - version = "v1.3.0" - -[[projects]] - branch = "master" - name = "github.com/rubenv/sql-migrate" - packages = [ - ".", - "sqlparse" - ] - revision = "081fe17d19ff4e2dd9f5a0c1158e6bcf74da6906" - -[[projects]] - name = "github.com/segmentio/analytics-go" - packages = ["."] - revision = "1178b964a36694a8f9c161b19e6fe28cb37e8482" - version = "3.0.0" - -[[projects]] - branch = "master" - name = "github.com/segmentio/backo-go" - packages = ["."] - revision = "204274ad699c0983a70203a566887f17a717fef4" - -[[projects]] - name = "github.com/sirupsen/logrus" - packages = ["."] - revision = "c155da19408a8799da419ed3eeb0cb5db0ad5dbc" - version = "v1.0.5" - -[[projects]] - name = "github.com/spf13/afero" - packages = [ - ".", - "mem" - ] - revision = "63644898a8da0bc22138abf860edaf5277b6102e" - version = "v1.1.0" - -[[projects]] - name = "github.com/spf13/cast" - packages = ["."] - revision = "8965335b8c7107321228e3e3702cab9832751bac" - version = "v1.2.0" - -[[projects]] - name = "github.com/spf13/cobra" - packages = ["."] - revision = "a1f051bc3eba734da4772d60e2d677f47cf93ef4" - version = "v0.0.2" - -[[projects]] - branch = "master" - name = "github.com/spf13/jwalterweatherman" - packages = ["."] - revision = "7c0cea34c8ece3fbeb2b27ab9b59511d360fb394" - -[[projects]] - name = "github.com/spf13/pflag" - packages = ["."] - revision = "583c0c0531f06d5278b7d917446061adc344b5cd" - version = "v1.0.1" - -[[projects]] - name = "github.com/spf13/viper" - packages = ["."] - revision = "b5e8006cbee93ec955a89ab31e0e3ce3204f3736" - version = "v1.0.2" - -[[projects]] - name = "github.com/stretchr/testify" - packages = [ - "assert", - "require" - ] - revision = "12b6f73e6084dad08a7c6e575284b177ecafbc71" - version = "v1.2.1" - -[[projects]] - branch = "master" - name = "github.com/tomasen/realip" - packages = ["."] - revision = "b5850897b7b539a1c9f22cdaa3b547d1bd453db8" - -[[projects]] - name = "github.com/urfave/negroni" - packages = ["."] - revision = "5dbbc83f748fc3ad38585842b0aedab546d0ea1e" - version = "v0.3.0" - -[[projects]] - branch = "master" - name = "github.com/xtgo/uuid" - packages = ["."] - revision = "a0b114877d4caeffbd7f87e3757c17fce570fea7" - -[[projects]] - branch = "master" - name = "golang.org/x/crypto" - packages = [ - "bcrypt", - "blowfish", - "ed25519", - "ed25519/internal/edwards25519", - "ssh/terminal" - ] - revision = "4ec37c66abab2c7e02ae775328b2ff001c3f025a" - -[[projects]] - branch = "master" - name = "golang.org/x/net" - packages = [ - "context", - "context/ctxhttp", - "idna", - "publicsuffix" - ] - revision = "d11bb6cd8e3c4e60239c9cb20ef68586d74500d0" - -[[projects]] - branch = "master" - name = "golang.org/x/oauth2" - packages = [ - ".", - "clientcredentials", - "internal" - ] - revision = "cdc340f7c179dbbfa4afd43b7614e8fcadde4269" - -[[projects]] - branch = "master" - name = "golang.org/x/sys" - packages = [ - "unix", - "windows" - ] - revision = "7db1c3b1a98089d0071c84f646ff5c96aad43682" - -[[projects]] - name = "golang.org/x/text" - packages = [ - "collate", - "collate/build", - "internal/colltab", - "internal/gen", - "internal/tag", - "internal/triegen", - "internal/ucd", - "language", - "secure/bidirule", - "transform", - "unicode/bidi", - "unicode/cldr", - "unicode/norm", - "unicode/rangetable" - ] - revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0" - version = "v0.3.0" - -[[projects]] - name = "google.golang.org/appengine" - packages = [ - "internal", - "internal/base", - "internal/datastore", - "internal/log", - "internal/remote_api", - "internal/urlfetch", - "urlfetch" - ] - revision = "150dc57a1b433e64154302bdc40b6bb8aefa313a" - version = "v1.0.0" - -[[projects]] - name = "gopkg.in/go-resty/resty.v0" - packages = ["."] - revision = "cf81ed0a604d373be63b4c036c6b05c06520615f" - version = "v0.13" - -[[projects]] - name = "gopkg.in/gorp.v1" - packages = ["."] - revision = "c87af80f3cc5036b55b83d77171e156791085e2e" - version = "v1.7.1" - -[[projects]] - name = "gopkg.in/square/go-jose.v2" - packages = [ - ".", - "cipher", - "json" - ] - revision = "76dd09796242edb5b897103a75df2645c028c960" - version = "v2.1.6" - -[[projects]] - name = "gopkg.in/yaml.v2" - packages = ["."] - revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183" - version = "v2.2.1" - -[solve-meta] - analyzer-name = "dep" - analyzer-version = 1 - inputs-digest = "1a243d722f9e92c1f1366af096682f0e0c73df036d6bffb18856e82eea3950b7" - solver-name = "gps-cdcl" - solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml deleted file mode 100644 index 15f44a1d71..0000000000 --- a/Gopkg.toml +++ /dev/null @@ -1,162 +0,0 @@ -# Gopkg.toml example -# -# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md -# for detailed Gopkg.toml documentation. -# -# required = ["github.com/user/thing/cmd/thing"] -# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] -# -# [[constraint]] -# name = "github.com/user/project" -# version = "1.0.0" -# -# [[constraint]] -# name = "github.com/user/project2" -# branch = "dev" -# source = "github.com/myfork/project2" -# -# [[override]] -# name = "github.com/x/y" -# version = "2.4.0" -# -# [prune] -# non-go = false -# go-tests = true -# unused-packages = true - - -[[constraint]] - name = "github.com/asaskevich/govalidator" - version = "7.0.0" - -[[constraint]] - name = "github.com/dgrijalva/jwt-go" - version = "3.2.0" - -[[constraint]] - name = "github.com/go-errors/errors" - version = "1.0.1" - -[[constraint]] - name = "github.com/go-sql-driver/mysql" - version = "1.3.0" - -[[constraint]] - name = "github.com/golang/mock" - version = "1.1.1" - -[[constraint]] - branch = "master" - name = "github.com/jmoiron/sqlx" - -[[constraint]] - name = "github.com/julienschmidt/httprouter" - version = "1.1.0" - -[[constraint]] - branch = "master" - name = "github.com/lib/pq" - -[[constraint]] - branch = "master" - name = "github.com/meatballhat/negroni-logrus" - -[[constraint]] - name = "github.com/ory/dockertest" - version = "3.3.0" - -[[constraint]] - name = "github.com/ory/fosite" - version = "0.21.3" - -[[constraint]] - name = "github.com/ory/graceful" - version = "0.1.0" - -[[constraint]] - name = "github.com/ory/herodot" - version = "0.2.2" - -[[constraint]] - name = "github.com/ory/hydra" - version = "master" - -[[constraint]] - branch = "master" - name = "github.com/ory/keto" - -[[constraint]] - name = "github.com/ory/ladon" - version = "0.8.10" - -[[constraint]] - branch = "master" - name = "github.com/ory/metrics-middleware" - -[[constraint]] - name = "github.com/ory/pagination" - version = "0.0.1" - -[[constraint]] - version = "0.0.2" - name = "github.com/ory/sqlcon" - -[[constraint]] - name = "github.com/ory/go-convenience" - version = "0.0.6" - -[[constraint]] - name = "github.com/pborman/uuid" - version = "1.1.0" - -[[constraint]] - name = "github.com/pkg/errors" - version = "0.8.0" - -[[constraint]] - name = "github.com/rs/cors" - version = "1.3.0" - -[[constraint]] - branch = "master" - name = "github.com/rubenv/sql-migrate" - -[[constraint]] - name = "github.com/sirupsen/logrus" - version = "1.0.5" - -[[constraint]] - name = "github.com/spf13/cobra" - version = "0.0.2" - -[[constraint]] - name = "github.com/spf13/viper" - version = "1.0.2" - -[[constraint]] - name = "github.com/stretchr/testify" - version = "1.2.1" - -[[constraint]] - branch = "master" - name = "github.com/tomasen/realip" - -[[constraint]] - name = "github.com/urfave/negroni" - version = "0.3.0" - -[[constraint]] - branch = "master" - name = "golang.org/x/oauth2" - -[[constraint]] - name = "gopkg.in/go-resty/resty.v0" - version = "0.13.0" - -[[constraint]] - name = "gopkg.in/square/go-jose.v2" - version = "2.1.6" - -[prune] - go-tests = true - unused-packages = true diff --git a/Makefile b/Makefile new file mode 100644 index 0000000000..d96500a498 --- /dev/null +++ b/Makefile @@ -0,0 +1,31 @@ +SHELL=/bin/bash -o pipefail + +.PHONY: format +format: + goreturns -w -local github.com/ory $$(listx .) + +.PHONY: gen-mocks +gen-mocks: + mockgen -package proxy -destination proxy/keto_sdk_mock.go -source ./vendor/github.com/ory/keto/sdk/go/keto/sdk_warden.go WardenSDK + mockgen -package proxy -destination proxy/authenticator_oauth2_introspection_mock.go -source ./proxy/authenticator_oauth2_introspection.go authenticatorOAuth2IntrospectionHelper + +.PHONY: gen +gen: gen-mocks gen-sdk + +.PHONY: gen-sdk +gen-sdk: + swagger generate spec -m -o ./docs/api.swagger.json + swagger validate ./docs/api.swagger.json + + rm -rf ./sdk/go/oathkeeper/swagger + rm -rf ./sdk/js/swagger + + java -jar scripts/swagger-codegen-cli-2.2.3.jar generate -i ./docs/api.swagger.json -l go -o ./sdk/go/oathkeeper/swagger + java -jar scripts/swagger-codegen-cli-2.2.3.jar generate -i ./docs/api.swagger.json -l javascript -o ./sdk/js/swagger + + cd sdk/go; goreturns -w -i -local github.com/ory $$(listx .) + + git checkout HEAD -- sdk/go/oathkeeper/swagger/rule_handler.go + + rm -f ./sdk/js/swagger/package.json + rm -rf ./sdk/js/swagger/test diff --git a/go.mod b/go.mod new file mode 100644 index 0000000000..2a9e1b855c --- /dev/null +++ b/go.mod @@ -0,0 +1 @@ +module github.com/ory/oathkeeper diff --git a/sdk/go/oathkeeper/swagger/api_client.go b/sdk/go/oathkeeper/swagger/api_client.go index 091091e63c..7fca9ae031 100644 --- a/sdk/go/oathkeeper/swagger/api_client.go +++ b/sdk/go/oathkeeper/swagger/api_client.go @@ -19,7 +19,7 @@ import ( "reflect" "strings" - "gopkg.in/go-resty/resty.v0" + resty "gopkg.in/go-resty/resty.v1" ) type APIClient struct { From 8356703b478e5fd9a95d3ad336ae334483006cb2 Mon Sep 17 00:00:00 2001 From: aeneasr Date: Sat, 8 Dec 2018 15:21:42 +0100 Subject: [PATCH 2/5] proxy: Update to recent keto changes Signed-off-by: aeneasr --- Dockerfile | 15 +- Makefile | 6 +- cmd/helper_health.go | 1 + cmd/helper_server.go | 7 +- cmd/helper_sql.go | 3 +- cmd/migrate_sql.go | 3 +- cmd/rules_delete.go | 3 +- cmd/rules_get.go | 3 +- cmd/rules_import.go | 3 +- cmd/rules_list.go | 3 +- cmd/serve_api.go | 19 +- cmd/serve_proxy.go | 19 +- go.mod | 37 +++ go.sum | 269 ++++++++++++++++++ health/handler.go | 1 + health/handler_test.go | 5 +- judge/handler.go | 3 +- judge/handler_test.go | 5 +- proxy/authenticator.go | 1 + proxy/authenticator_anonymous.go | 3 +- proxy/authenticator_broken.go | 3 +- proxy/authenticator_jwt.go | 5 +- proxy/authenticator_jwt_test.go | 3 +- ...authenticator_oauth2_client_credentials.go | 5 +- ...nticator_oauth2_client_credentials_test.go | 5 +- proxy/authenticator_oauth2_introspection.go | 5 +- ...authenticator_oauth2_introspection_test.go | 5 +- proxy/authorizer_deny.go | 3 +- proxy/authorizer_keto_warden.go | 22 +- proxy/authorizer_keto_warden_test.go | 39 +-- proxy/credentials_issuer_cookies.go | 3 +- proxy/credentials_issuer_cookies_test.go | 3 +- proxy/credentials_issuer_headers.go | 3 +- proxy/credentials_issuer_headers_test.go | 3 +- proxy/credentials_issuer_id_token.go | 5 +- proxy/credentials_issuer_id_token_test.go | 3 +- proxy/keto_sdk_mock.go | 66 ----- proxy/keto_warden_sdk_mock.go | 43 +++ proxy/proxy.go | 5 +- proxy/proxy_test.go | 3 +- proxy/request_handler.go | 5 +- proxy/request_handler_test.go | 3 +- rsakey/handler.go | 3 +- rsakey/manager_hydra.go | 5 +- rsakey/manager_test.go | 5 +- rule/handler.go | 5 +- rule/handler_test.go | 5 +- rule/manager_memory.go | 3 +- rule/manager_sql.go | 3 +- rule/manager_test.go | 5 +- rule/matcher_cached.go | 3 +- rule/matcher_cached_http.go | 3 +- rule/matcher_test.go | 5 +- rule/rule.go | 3 +- rule/rule_validator.go | 3 +- rule/rule_validator_test.go | 3 +- sdk/go/oathkeeper/swagger/api_client.go | 2 +- 57 files changed, 527 insertions(+), 178 deletions(-) create mode 100644 go.sum delete mode 100644 proxy/keto_sdk_mock.go create mode 100644 proxy/keto_warden_sdk_mock.go diff --git a/Dockerfile b/Dockerfile index 07b1ff34d0..4309fad2d2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,19 +1,22 @@ -FROM golang:1.10-alpine +FROM golang:1.11-alpine ARG git_tag ARG git_commit -RUN apk add --no-cache git build-base curl -RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh +RUN apk add --no-cache git build-base WORKDIR /go/src/github.com/ory/oathkeeper -ADD ./Gopkg.lock ./Gopkg.lock -ADD ./Gopkg.toml ./Gopkg.toml -RUN dep ensure -vendor-only +ENV GO111MODULE=on + +ADD ./go.mod ./go.mod +ADD ./go.sum ./go.sum + +RUN go mod download ADD . . +RUN go mod verify RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-s -X github.com/ory/oathkeeper/cmd.Version=$git_tag -X github.com/ory/oathkeeper/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/oathkeeper/cmd.GitHash=$git_commit" -a -installsuffix cgo -o oathkeeper FROM scratch diff --git a/Makefile b/Makefile index d96500a498..00b4a3b709 100644 --- a/Makefile +++ b/Makefile @@ -6,11 +6,11 @@ format: .PHONY: gen-mocks gen-mocks: - mockgen -package proxy -destination proxy/keto_sdk_mock.go -source ./vendor/github.com/ory/keto/sdk/go/keto/sdk_warden.go WardenSDK - mockgen -package proxy -destination proxy/authenticator_oauth2_introspection_mock.go -source ./proxy/authenticator_oauth2_introspection.go authenticatorOAuth2IntrospectionHelper + mockgen -package proxy -destination proxy/keto_warden_sdk_mock.go -source ./proxy/authorizer_keto_warden.go KetoWardenSDK + mockgen -package proxy -destination proxy/authenticator_oauth2_introspection_mock.go -source ./proxy/authenticator_oauth2_introspection.go authenticatorOAuth2IntrospectionHelper .PHONY: gen -gen: gen-mocks gen-sdk + gen: gen-mocks gen-sdk .PHONY: gen-sdk gen-sdk: diff --git a/cmd/helper_health.go b/cmd/helper_health.go index 7c552c6490..2a0e4baaeb 100644 --- a/cmd/helper_health.go +++ b/cmd/helper_health.go @@ -22,6 +22,7 @@ package cmd import ( "github.com/julienschmidt/httprouter" + "github.com/ory/herodot" "github.com/ory/oathkeeper/health" ) diff --git a/cmd/helper_server.go b/cmd/helper_server.go index 0e96be8f1c..b0e18a62c9 100644 --- a/cmd/helper_server.go +++ b/cmd/helper_server.go @@ -28,6 +28,10 @@ import ( "strings" "time" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" + "github.com/spf13/viper" + "github.com/ory/fosite" "github.com/ory/go-convenience/stringsx" "github.com/ory/hydra/sdk/go/hydra" @@ -35,9 +39,6 @@ import ( "github.com/ory/oathkeeper/proxy" "github.com/ory/oathkeeper/rsakey" "github.com/ory/oathkeeper/rule" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - "github.com/spf13/viper" ) func getHydraSDK() hydra.SDK { diff --git a/cmd/helper_sql.go b/cmd/helper_sql.go index a99f120224..393637ab33 100644 --- a/cmd/helper_sql.go +++ b/cmd/helper_sql.go @@ -24,9 +24,10 @@ import ( "net/url" "github.com/jmoiron/sqlx" + "github.com/pkg/errors" + "github.com/ory/oathkeeper/rule" "github.com/ory/sqlcon" - "github.com/pkg/errors" ) func connectToSql(dburl string) (*sqlx.DB, error) { diff --git a/cmd/migrate_sql.go b/cmd/migrate_sql.go index 249905dd4b..f277ec9bb1 100644 --- a/cmd/migrate_sql.go +++ b/cmd/migrate_sql.go @@ -18,9 +18,10 @@ import ( "fmt" "os" - "github.com/ory/oathkeeper/rule" "github.com/spf13/cobra" "github.com/spf13/viper" + + "github.com/ory/oathkeeper/rule" ) // sqlCmd represents the sql command diff --git a/cmd/rules_delete.go b/cmd/rules_delete.go index 0250d85d61..fec7d71f22 100644 --- a/cmd/rules_delete.go +++ b/cmd/rules_delete.go @@ -24,8 +24,9 @@ import ( "fmt" "net/http" - "github.com/ory/oathkeeper/sdk/go/oathkeeper" "github.com/spf13/cobra" + + "github.com/ory/oathkeeper/sdk/go/oathkeeper" ) // deleteCmd represents the delete command diff --git a/cmd/rules_get.go b/cmd/rules_get.go index 44a24845eb..13275aca1b 100644 --- a/cmd/rules_get.go +++ b/cmd/rules_get.go @@ -24,8 +24,9 @@ import ( "fmt" "net/http" - "github.com/ory/oathkeeper/sdk/go/oathkeeper" "github.com/spf13/cobra" + + "github.com/ory/oathkeeper/sdk/go/oathkeeper" ) // getCmd represents the get command diff --git a/cmd/rules_import.go b/cmd/rules_import.go index 08c355ca4b..731687b736 100644 --- a/cmd/rules_import.go +++ b/cmd/rules_import.go @@ -27,10 +27,11 @@ import ( "io/ioutil" "net/http" + "github.com/spf13/cobra" + "github.com/ory/oathkeeper/rule" "github.com/ory/oathkeeper/sdk/go/oathkeeper" "github.com/ory/oathkeeper/sdk/go/oathkeeper/swagger" - "github.com/spf13/cobra" ) // importCmd represents the import command diff --git a/cmd/rules_list.go b/cmd/rules_list.go index ea67e9f905..9e80d05689 100644 --- a/cmd/rules_list.go +++ b/cmd/rules_list.go @@ -24,9 +24,10 @@ import ( "fmt" "net/http" + "github.com/spf13/cobra" + "github.com/ory/oathkeeper/pkg" "github.com/ory/oathkeeper/sdk/go/oathkeeper" - "github.com/spf13/cobra" ) // listCmd represents the list command diff --git a/cmd/serve_api.go b/cmd/serve_api.go index 7b9c87a6e7..f91586c324 100644 --- a/cmd/serve_api.go +++ b/cmd/serve_api.go @@ -27,18 +27,19 @@ import ( "github.com/julienschmidt/httprouter" "github.com/meatballhat/negroni-logrus" - "github.com/ory/go-convenience/corsx" + "github.com/rs/cors" + "github.com/spf13/cobra" + "github.com/spf13/viper" + "github.com/urfave/negroni" + "github.com/ory/graceful" "github.com/ory/herodot" - "github.com/ory/metrics-middleware" "github.com/ory/oathkeeper/judge" "github.com/ory/oathkeeper/proxy" "github.com/ory/oathkeeper/rsakey" "github.com/ory/oathkeeper/rule" - "github.com/rs/cors" - "github.com/spf13/cobra" - "github.com/spf13/viper" - "github.com/urfave/negroni" + "github.com/ory/x/corsx" + "github.com/ory/x/metricsx" ) // serveApiCmd represents the management command @@ -110,13 +111,15 @@ HTTP CONTROLS if ok, _ := cmd.Flags().GetBool("disable-telemetry"); !ok { logger.Println("Transmission of telemetry data is enabled, to learn more go to: https://www.ory.sh/docs/ecosystem/sqa") - segmentMiddleware := metrics.NewMetricsManager( - metrics.Hash(viper.GetString("DATABASE_URL")), + segmentMiddleware := metricsx.NewMetricsManager( + metricsx.Hash(viper.GetString("DATABASE_URL")), viper.GetString("DATABASE_URL") != "memory", "MSx9A6YQ1qodnkzEFOv22cxOmOCJXMFa", []string{"/rules", "/.well-known/jwks.json"}, logger, "ory-oathkeeper-api", + 100, + "", ) go segmentMiddleware.RegisterSegment(Version, GitHash, BuildTime) go segmentMiddleware.CommitMemoryStatistics() diff --git a/cmd/serve_proxy.go b/cmd/serve_proxy.go index 053914696c..45b9911422 100644 --- a/cmd/serve_proxy.go +++ b/cmd/serve_proxy.go @@ -27,17 +27,18 @@ import ( "net/http/httputil" "github.com/meatballhat/negroni-logrus" - "github.com/ory/go-convenience/corsx" + "github.com/rs/cors" + "github.com/spf13/cobra" + "github.com/spf13/viper" + "github.com/urfave/negroni" + "github.com/ory/graceful" "github.com/ory/keto/sdk/go/keto" - "github.com/ory/metrics-middleware" "github.com/ory/oathkeeper/proxy" "github.com/ory/oathkeeper/rule" "github.com/ory/oathkeeper/sdk/go/oathkeeper" - "github.com/rs/cors" - "github.com/spf13/cobra" - "github.com/spf13/viper" - "github.com/urfave/negroni" + "github.com/ory/x/corsx" + "github.com/ory/x/metricsx" ) // proxyCmd represents the proxy command @@ -225,13 +226,15 @@ OTHER CONTROLS if ok, _ := cmd.Flags().GetBool("disable-telemetry"); !ok { logger.Println("Transmission of telemetry data is enabled, to learn more go to: https://www.ory.sh/docs/ecosystem/sqa") - segmentMiddleware := metrics.NewMetricsManager( - metrics.Hash(viper.GetString("DATABASE_URL")), + segmentMiddleware := metricsx.NewMetricsManager( + metricsx.Hash(viper.GetString("DATABASE_URL")), viper.GetString("DATABASE_URL") != "memory", "MSx9A6YQ1qodnkzEFOv22cxOmOCJXMFa", []string{"/"}, logger, "ory-oathkeeper-proxy", + 100, + "", ) go segmentMiddleware.RegisterSegment(Version, GitHash, BuildTime) go segmentMiddleware.CommitMemoryStatistics() diff --git a/go.mod b/go.mod index 2a9e1b855c..d4bdd5f645 100644 --- a/go.mod +++ b/go.mod @@ -1 +1,38 @@ module github.com/ory/oathkeeper + +require ( + github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf + github.com/dgrijalva/jwt-go v3.2.0+incompatible + github.com/go-errors/errors v1.0.1 + github.com/go-sql-driver/mysql v1.4.0 + github.com/golang/mock v1.1.1 + github.com/jmoiron/sqlx v1.2.0 + github.com/julienschmidt/httprouter v1.2.0 + github.com/lib/pq v1.0.0 + github.com/meatballhat/negroni-logrus v0.0.0-20170801195057-31067281800f + github.com/ory/dockertest v3.3.2+incompatible + github.com/ory/fosite v0.28.0 + github.com/ory/go-convenience v0.1.0 + github.com/ory/graceful v0.1.0 + github.com/ory/herodot v0.5.0 + github.com/ory/hydra v0.0.0-20181208123928-e4bc6c269c6f + github.com/ory/keto v1.0.0-beta.9.0.20181208140000-637c78cba697 + github.com/ory/ladon v1.0.0 + github.com/ory/metrics-middleware v0.0.1 + github.com/ory/pagination v0.0.1 + github.com/ory/sqlcon v0.0.7 + github.com/ory/x v0.0.33 + github.com/pborman/uuid v1.2.0 + github.com/pkg/errors v0.8.0 + github.com/rs/cors v1.6.0 + github.com/rubenv/sql-migrate v0.0.0-20180704111356-ba2c6a7295c59448dbc195cef2f41df5163b3892 + github.com/sirupsen/logrus v1.1.1 + github.com/spf13/cobra v0.0.3 + github.com/spf13/viper v1.2.1 + github.com/stretchr/testify v1.2.2 + github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce + github.com/urfave/negroni v1.0.0 + golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4 + gopkg.in/resty.v1 v1.10.3 + gopkg.in/square/go-jose.v2 v2.1.9 +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000000..db186472b1 --- /dev/null +++ b/go.sum @@ -0,0 +1,269 @@ +cloud.google.com/go v0.23.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +contrib.go.opencensus.io/exporter/stackdriver v0.7.0/go.mod h1:hNe5qQofPbg6bLQY5wHCvQ7o+2E5P8PkegEuQ+MyRw0= +git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= +github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= +github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/Microsoft/go-winio v0.4.11 h1:zoIOcVf0xPN1tnMVbTtEdI+P8OofVk3NObnwOQ6nK2Q= +github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= +github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= +github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/akutz/goof v0.1.2/go.mod h1:w8jsAAm0/n4Tst8M4xYwGPMzn54u4pCA3wh4e2rNLlk= +github.com/akutz/gotil v0.1.0/go.mod h1:dQodnbCqWtMZSTC+JdTOerHMrsp0/EQx3qYG0c6PlxA= +github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf h1:eg0MeVzsP1G42dRafH3vf+al2vQIJU0YHX+1Tw87oco= +github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/aws/aws-sdk-go v1.15.31/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= +github.com/cenkalti/backoff v2.0.0+incompatible h1:5IIPUHhlnUZbcHQsQou5k1Tn58nJkeJL9U+ig5CHJbY= +github.com/cenkalti/backoff v2.0.0+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= +github.com/containerd/continuity v0.0.0-20181003075958-be9bd761db19/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/containerd/continuity v0.0.0-20181023183536-c220ac4f01b8 h1:lJeDcldQnYskl7krc3lTppg8NKomoQkmQg1AzOXtQbA= +github.com/containerd/continuity v0.0.0-20181023183536-c220ac4f01b8/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dchest/siphash v1.2.0/go.mod h1:q+IRvb2gOSrUnYoPqHiyHXS0FOBBOdl6tONBlVnOnt4= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= +github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk= +github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/elazarl/goproxy v0.0.0-20181003060214-f58a169a71a5/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= +github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= +github.com/go-sql-driver/mysql v1.4.0 h1:7LxgVwFb2hIQtMm87NdgAVfXjnt4OePseqT1tKx+opk= +github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/gobuffalo/envy v1.6.7/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ= +github.com/gobuffalo/packd v0.0.0-20181028162033-6d52e0eabf41/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI= +github.com/gobuffalo/packd v0.0.0-20181029140631-cf76bd87a5a6/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI= +github.com/gobuffalo/packr v1.16.0/go.mod h1:Yx/lcR/7mDLXhuJSzsz2MauD/HUwSc+EK6oigMRGGsM= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/golang/gddo v0.0.0-20180828051604-96d2a289f41e/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4= +github.com/golang/gddo v0.0.0-20181009135830-6c035858b4d7 h1:/3HWkMEOoIwIBP8hcnupurzoJJfdUPVy2qkpYzmPFmY= +github.com/golang/gddo v0.0.0-20181009135830-6c035858b4d7/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= +github.com/golang/mock v1.1.1 h1:G5FRp8JnTd7RQH5kemVNlMeyXQAztQ3mOWV95KxsXH8= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/uuid v1.0.0 h1:b4Gk+7WdP/d3HZH8EJsZpvV7EtDOgaZLtnaNGIu1adA= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= +github.com/gopherjs/gopherjs v0.0.0-20181004151105-1babbf986f6f/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/securecookie v0.0.0-20160422134519-667fe4e3466a/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v0.0.0-20160922145804-ca9ada445741/go.mod h1:+WVp8kdw6VhyKExm03PAMRn2ZxnPtm58pV0dBVPdhHE= +github.com/gotestyourself/gotestyourself v2.1.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY= +github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= +github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69/go.mod h1:YLEMZOtU+AZ7dhN9T/IpGhXVGly2bvkJQ+zxj3WeVQo= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/imdario/mergo v0.0.0-20171009183408-7fe0c75c13ab/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmoiron/sqlx v0.0.0-20180614180643-0dae4fefe7c0/go.mod h1:IiEW3SEiiErVyFdH8NTuWjSifiEQKUoyK3LNqr2kCHU= +github.com/jmoiron/sqlx v1.2.0 h1:41Ip0zITnmWNR/vHV+S4m+VoUivnWY5E4OJfLZjCJMA= +github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks= +github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= +github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/julienschmidt/httprouter v0.0.0-20180715161854-348b672cd90d/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.2.0 h1:TDTW5Yz1mjftljbcKqRcrYhd4XeOoI98t+9HbQbYf7g= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kardianos/osext v0.0.0-20170510131534-ae77be60afb1/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/konsorten/go-windows-terminal-sequences v0.0.0-20180402223658-b729f2633dfe/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A= +github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/luna-duclos/instrumentedsql v0.0.0-20181127104832-b7d587d28109/go.mod h1:PWUIzhtavmOR965zfawVsHXbEuU1G29BPZ/CB3C7jXk= +github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= +github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/meatballhat/negroni-logrus v0.0.0-20170801195057-31067281800f h1:V6GHkMOIsnpGDasS1iYiNxEYTY8TmyjQXEF8PqYkKQ8= +github.com/meatballhat/negroni-logrus v0.0.0-20170801195057-31067281800f/go.mod h1:Ylx55XGW4gjY7McWT0pgqU0aQquIOChDnYkOVbSuF/c= +github.com/mendsley/gojwk v0.0.0-20141217222730-4d5ec6e58103/go.mod h1:o9YPB5aGP8ob35Vy6+vyq3P3bWe7NQWzf+JLiXCiMaE= +github.com/mitchellh/mapstructure v1.0.0/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw= +github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= +github.com/moul/http2curl v0.0.0-20170919181001-9ac6cf4d929b/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= +github.com/oleiade/reflections v1.0.0/go.mod h1:RbATFBbKYkVdqmSFtx13Bb/tVhR0lgOBXunWTZKeL4w= +github.com/open-policy-agent/opa v0.10.1/go.mod h1:rlfeSeHuZmMEpmrcGla42AjkOUjP4rGIpS96H12un3o= +github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= +github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI= +github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opencontainers/runc v1.0.0-rc5/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= +github.com/ory/dockertest v3.3.2+incompatible h1:uO+NcwH6GuFof/Uz8yzjNi1g0sGT5SLAJbdBvD8bUYc= +github.com/ory/dockertest v3.3.2+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs= +github.com/ory/fosite v0.25.0/go.mod h1:uttCRNB0lM7+BJFX7CC8Bqo9gAPrcpmA9Ezc80Trwuw= +github.com/ory/fosite v0.28.0 h1:LxCkLXeU5PxYh9d/VbfGVn8GTKkSdOZfrHWdjmIE//c= +github.com/ory/fosite v0.28.0/go.mod h1:uttCRNB0lM7+BJFX7CC8Bqo9gAPrcpmA9Ezc80Trwuw= +github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTsTS8= +github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs= +github.com/ory/graceful v0.1.0 h1:zilpYtcR5vp4GubV4bN2GFJewHaSkMFnnRiJxyH8FAc= +github.com/ory/graceful v0.1.0/go.mod h1:zqu70l95WrKHF4AZ6tXHvAqAvpY6M7g6ttaAVcMm7KU= +github.com/ory/herodot v0.4.1/go.mod h1:3BOneqcyBsVybCPAJoi92KN2BpJHcmDqAMcAAaJiJow= +github.com/ory/herodot v0.5.0 h1:7HcKZnAVDXzDdCKPGLy5aTgb+n1mtPafVB4W0XetV2M= +github.com/ory/herodot v0.5.0/go.mod h1:3BOneqcyBsVybCPAJoi92KN2BpJHcmDqAMcAAaJiJow= +github.com/ory/hydra v0.0.0-20181208123928-e4bc6c269c6f h1:JtBY5qa5LoKO3ojmEZIh00aZplJOZGuRhY6tBjRdmdQ= +github.com/ory/hydra v0.0.0-20181208123928-e4bc6c269c6f/go.mod h1:pazH5G4yjtFtN9LC0imaOU6McHzsW+1ArENDx3nFi+w= +github.com/ory/keto v1.0.0-beta.9.0.20181208140000-637c78cba697 h1:HusI086C9L+rIk57d/QPbaZi1DtuMJROHLGa7swh56w= +github.com/ory/keto v1.0.0-beta.9.0.20181208140000-637c78cba697/go.mod h1:lj6ySeJD2QTXTD7jSW3fj7HobqeOIzSL6t+n8ecLY8w= +github.com/ory/ladon v1.0.0 h1:gIxadSxUefpAzEc0lSksKdyjKBhx+hV0Waa5z/IB9Xc= +github.com/ory/ladon v1.0.0/go.mod h1:1VhCA2mBtaMhRUS6VS0d9qrNVDQnFXqSRb5D0NvQUPY= +github.com/ory/metrics-middleware v0.0.1 h1:X5qndrJMa8/Sdp86wd8fBEsAL02wAgj3X1o1ktqM5Fk= +github.com/ory/metrics-middleware v0.0.1/go.mod h1:JRW0M1l5cwE4wLUNerOQ7XtQ0hFBtC6vQWwHG69niEg= +github.com/ory/pagination v0.0.1 h1:Zp+0n/UXSGYlJAMN0BuRjZhULsQRebGHfqByKtZXNYI= +github.com/ory/pagination v0.0.1/go.mod h1:d1ToRROAUleriPhmb2dYbhANhhLwZ8s395m2yJCDFh8= +github.com/ory/sqlcon v0.0.7 h1:PQl4ihs11Xzw9wyFk0YQmQEnPL0icdJjiStQNaoRTmM= +github.com/ory/sqlcon v0.0.7/go.mod h1:oOyCmOJWAs8F0bnGmmIvGA9/4K1JqVL0D9JgvAaVc3U= +github.com/ory/x v0.0.33 h1:Hfy1Xe+oKvOG8BN+B3ArM0eVfoCH7FElOmMzO0J/c0Q= +github.com/ory/x v0.0.33/go.mod h1:U7SUjn+NSVmHbWlS0LBSxbBk1hdPDmc2AJk9gZZZedA= +github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE= +github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g= +github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= +github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/phayes/freeport v0.0.0-20171002181615-b8543db493a5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= +github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/rcrowley/go-metrics v0.0.0-20180503174638-e2704e165165/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rs/cors v1.6.0 h1:G9tHG9lebljV9mfp9SNPDL36nCDxmo3zTlAf1YgvzmI= +github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= +github.com/rubenv/sql-migrate v0.0.0-20180704111356-3f452fc0ebeb/go.mod h1:WS0rl9eEliYI8DPnr3TOwz4439pay+qNgzJoVya/DmY= +github.com/rubenv/sql-migrate v0.0.0-20180704111356-ba2c6a7295c59448dbc195cef2f41df5163b3892 h1:dKonk0uAnxXkHVWh5vGV3rD3NKkLvuhhJN4zpicBc/M= +github.com/rubenv/sql-migrate v0.0.0-20180704111356-ba2c6a7295c59448dbc195cef2f41df5163b3892/go.mod h1:WS0rl9eEliYI8DPnr3TOwz4439pay+qNgzJoVya/DmY= +github.com/segmentio/analytics-go v3.0.1+incompatible h1:W7T3ieNQjPFMb+SE8SAVYo6mPkKK/Y37wYdiNf5lCVg= +github.com/segmentio/analytics-go v3.0.1+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48= +github.com/segmentio/backo-go v0.0.0-20160424052352-204274ad699c h1:rsRTAcCR5CeNLkvgBVSjQoDGRRt6kggsE6XYBqCv2KQ= +github.com/segmentio/backo-go v0.0.0-20160424052352-204274ad699c/go.mod h1:kJ9mm9YmoWSkk+oQ+5Cj8DEoRCX2JT6As4kEtIIOp1M= +github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= +github.com/sirupsen/logrus v1.1.1 h1:VzGj7lhU7KEB9e9gMpAV/v5XT2NVSvLJhJLCWbnkgXg= +github.com/sirupsen/logrus v1.1.1/go.mod h1:zrgwTnHtNr00buQ1vSptGe8m1f/BbgsPukg8qsT7A+A= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v0.0.0-20180222194500-ef6db91d284a/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s= +github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/cast v1.2.0 h1:HHl1DSRbEQN2i8tJmtS6ViPyHx35+p51amrdsiTCrkg= +github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= +github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/viper v1.2.1 h1:bIcUwXqLseLF3BDAZduuNfekWG87ibtFxi59Bq+oI9M= +github.com/spf13/viper v1.2.1/go.mod h1:P4AexN0a+C9tGAnUFNwDMYYZv3pjFuvmeiMyKRaNVlI= +github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce h1:fb190+cK2Xz/dvi9Hv8eCYJYvIGUTN2/KLq1pT6CjEc= +github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= +github.com/toqueteos/webbrowser v0.0.0-20150720201625-21fc9f95c834/go.mod h1:Hqqqmzj8AHn+VlZyVjaRWY20i25hoOZGAABCcg2el4A= +github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g= +github.com/uber/jaeger-client-go v2.15.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= +github.com/uber/jaeger-lib v1.5.0/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= +github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc= +github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= +github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c h1:3lbZUMbMiGUW/LMkfsEABsc5zNT9+b1CvsJx47JzJ8g= +github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM= +github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b/go.mod h1:HptNXiXVDcJjXe9SqMd0v2FsL9f8dz4GnXgltU6q/co= +github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0= +go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= +go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= +go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +golang.org/x/crypto v0.0.0-20180830192347-182538f80094/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181025113841-85e1b3f9139a/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0= +golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181029044818-c44066c5c816 h1:mVFkLpejdFLXVUv9E42f3XJVfMdqd0IVLVIVLjZWn5o= +golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/oauth2 v0.0.0-20180603041954-1e0a3fa8ba9a/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20181003184128-c57b0facaced/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4 h1:99CA0JJbUX4ozCnLon680Jc9e0T1i8HCaLVJMwtI8Hc= +golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180831094639-fa5fdf94c789/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180906133057-8cf3aee42992/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181025063200-d989b31c8746 h1:zTiiIq2XH/ldZGPA59ILL7NbDlz/btn3iJvO7H57mY8= +golang.org/x/sys v0.0.0-20181025063200-d989b31c8746/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +google.golang.org/api v0.0.0-20180603000442-8e296ef26005/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= +google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= +google.golang.org/api v0.0.0-20181025000501-39567f0042a0/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= +google.golang.org/appengine v1.0.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180601223552-81158efcc9f2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20181016170114-94acd270e44e/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/gorp.v1 v1.7.1 h1:GBB9KrWRATQZh95HJyVGUZrWwOPswitEYEyqlK8JbAA= +gopkg.in/gorp.v1 v1.7.1/go.mod h1:Wo3h+DBQZIxATwftsglhdD/62zRFPhGhTiu5jUJmCaw= +gopkg.in/resty.v1 v1.9.1/go.mod h1:vo52Hzryw9PnPHcJfPsBiFW62XhNx5OczbV9y+IMpgc= +gopkg.in/resty.v1 v1.10.3 h1:w8FjChB7PWrvE5z6JX/gfFzVwTDj38qiAQJKgdWDGvA= +gopkg.in/resty.v1 v1.10.3/go.mod h1:nrgQYbPhkRfn2BfT32NNTLfq3K9NuHRB0MsAcA9weWY= +gopkg.in/square/go-jose.v2 v2.1.9 h1:YCFbL5T2gbmC2sMG12s1x2PAlTK5TZNte3hjZEIcCAg= +gopkg.in/square/go-jose.v2 v2.1.9/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg= +gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gotest.tools v2.1.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= +honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/health/handler.go b/health/handler.go index f2c07588cf..2543a4a97f 100644 --- a/health/handler.go +++ b/health/handler.go @@ -24,6 +24,7 @@ import ( "net/http" "github.com/julienschmidt/httprouter" + "github.com/ory/herodot" ) diff --git a/health/handler_test.go b/health/handler_test.go index 66c997b76d..6b93fb952a 100644 --- a/health/handler_test.go +++ b/health/handler_test.go @@ -27,10 +27,11 @@ import ( "testing" "github.com/julienschmidt/httprouter" - "github.com/ory/herodot" - "github.com/ory/oathkeeper/sdk/go/oathkeeper/swagger" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/herodot" + "github.com/ory/oathkeeper/sdk/go/oathkeeper/swagger" ) func TestHealth(t *testing.T) { diff --git a/judge/handler.go b/judge/handler.go index f900f65fdb..0e28377080 100644 --- a/judge/handler.go +++ b/judge/handler.go @@ -24,11 +24,12 @@ import ( "net/http" "github.com/julienschmidt/httprouter" + "github.com/sirupsen/logrus" + "github.com/ory/herodot" "github.com/ory/oathkeeper/proxy" "github.com/ory/oathkeeper/rsakey" "github.com/ory/oathkeeper/rule" - "github.com/sirupsen/logrus" ) const ( diff --git a/judge/handler_test.go b/judge/handler_test.go index 930de6b188..d2364f2b10 100644 --- a/judge/handler_test.go +++ b/judge/handler_test.go @@ -28,10 +28,11 @@ import ( "testing" "github.com/julienschmidt/httprouter" - "github.com/ory/oathkeeper/proxy" - "github.com/ory/oathkeeper/rule" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/oathkeeper/proxy" + "github.com/ory/oathkeeper/rule" ) func TestJudge(t *testing.T) { diff --git a/proxy/authenticator.go b/proxy/authenticator.go index a6e179f8ad..fa81a842ad 100644 --- a/proxy/authenticator.go +++ b/proxy/authenticator.go @@ -5,6 +5,7 @@ import ( "net/http" "github.com/go-errors/errors" + "github.com/ory/oathkeeper/rule" ) diff --git a/proxy/authenticator_anonymous.go b/proxy/authenticator_anonymous.go index f800911417..ae923499ed 100644 --- a/proxy/authenticator_anonymous.go +++ b/proxy/authenticator_anonymous.go @@ -4,8 +4,9 @@ import ( "encoding/json" "net/http" - "github.com/ory/oathkeeper/rule" "github.com/pkg/errors" + + "github.com/ory/oathkeeper/rule" ) type AuthenticatorAnonymous struct { diff --git a/proxy/authenticator_broken.go b/proxy/authenticator_broken.go index 0900c62583..1bf353b92e 100644 --- a/proxy/authenticator_broken.go +++ b/proxy/authenticator_broken.go @@ -24,9 +24,10 @@ import ( "encoding/json" "net/http" + "github.com/pkg/errors" + "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/rule" - "github.com/pkg/errors" ) type AuthenticatorBroken struct{} diff --git a/proxy/authenticator_jwt.go b/proxy/authenticator_jwt.go index 3cae460a1f..af27d9c6aa 100644 --- a/proxy/authenticator_jwt.go +++ b/proxy/authenticator_jwt.go @@ -11,14 +11,15 @@ import ( "strings" "github.com/dgrijalva/jwt-go" + "github.com/pkg/errors" + "gopkg.in/square/go-jose.v2" + "github.com/ory/fosite" "github.com/ory/go-convenience/jwtx" "github.com/ory/go-convenience/mapx" "github.com/ory/go-convenience/stringslice" "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/rule" - "github.com/pkg/errors" - "gopkg.in/square/go-jose.v2" ) type AuthenticatorOAuth2JWTConfiguration struct { diff --git a/proxy/authenticator_jwt_test.go b/proxy/authenticator_jwt_test.go index b96acecbe3..848e2b3eef 100644 --- a/proxy/authenticator_jwt_test.go +++ b/proxy/authenticator_jwt_test.go @@ -33,11 +33,12 @@ import ( "time" "github.com/dgrijalva/jwt-go" - "github.com/ory/fosite" "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gopkg.in/square/go-jose.v2" + + "github.com/ory/fosite" ) var keys = map[string]interface{}{"HS256": []byte("some-secret")} diff --git a/proxy/authenticator_oauth2_client_credentials.go b/proxy/authenticator_oauth2_client_credentials.go index a7d1722509..ff9eb29acd 100644 --- a/proxy/authenticator_oauth2_client_credentials.go +++ b/proxy/authenticator_oauth2_client_credentials.go @@ -7,10 +7,11 @@ import ( "net/http" "net/url" - "github.com/ory/oathkeeper/helper" - "github.com/ory/oathkeeper/rule" "github.com/pkg/errors" "golang.org/x/oauth2/clientcredentials" + + "github.com/ory/oathkeeper/helper" + "github.com/ory/oathkeeper/rule" ) type AuthenticatorOAuth2Configuration struct { diff --git a/proxy/authenticator_oauth2_client_credentials_test.go b/proxy/authenticator_oauth2_client_credentials_test.go index a74070c09b..7cf3e5f37a 100644 --- a/proxy/authenticator_oauth2_client_credentials_test.go +++ b/proxy/authenticator_oauth2_client_credentials_test.go @@ -28,12 +28,13 @@ import ( "testing" "github.com/julienschmidt/httprouter" - "github.com/ory/herodot" - "github.com/ory/oathkeeper/helper" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/herodot" + "github.com/ory/oathkeeper/helper" ) func TestNewAuthenticatorOAuth2ClientCredentials(t *testing.T) { diff --git a/proxy/authenticator_oauth2_introspection.go b/proxy/authenticator_oauth2_introspection.go index b2d8fa8c71..3379c79961 100644 --- a/proxy/authenticator_oauth2_introspection.go +++ b/proxy/authenticator_oauth2_introspection.go @@ -9,13 +9,14 @@ import ( "net/url" "strings" + "github.com/pkg/errors" + "golang.org/x/oauth2/clientcredentials" + "github.com/ory/fosite" "github.com/ory/go-convenience/stringslice" "github.com/ory/hydra/sdk/go/hydra/swagger" "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/rule" - "github.com/pkg/errors" - "golang.org/x/oauth2/clientcredentials" ) type AuthenticatorOAuth2IntrospectionConfiguration struct { diff --git a/proxy/authenticator_oauth2_introspection_test.go b/proxy/authenticator_oauth2_introspection_test.go index 5805b73f92..8f282e5528 100644 --- a/proxy/authenticator_oauth2_introspection_test.go +++ b/proxy/authenticator_oauth2_introspection_test.go @@ -28,10 +28,11 @@ import ( "testing" "github.com/julienschmidt/httprouter" - "github.com/ory/fosite" - "github.com/ory/hydra/sdk/go/hydra/swagger" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/fosite" + "github.com/ory/hydra/sdk/go/hydra/swagger" ) func TestNewAuthenticatorOAuth2Introspection(t *testing.T) { diff --git a/proxy/authorizer_deny.go b/proxy/authorizer_deny.go index 47c785fc94..4d3e88be53 100644 --- a/proxy/authorizer_deny.go +++ b/proxy/authorizer_deny.go @@ -24,9 +24,10 @@ import ( "encoding/json" "net/http" + "github.com/pkg/errors" + "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/rule" - "github.com/pkg/errors" ) type AuthorizerDeny struct{} diff --git a/proxy/authorizer_keto_warden.go b/proxy/authorizer_keto_warden.go index 01ab7fec95..d89ff31e0a 100644 --- a/proxy/authorizer_keto_warden.go +++ b/proxy/authorizer_keto_warden.go @@ -29,26 +29,31 @@ import ( "time" "github.com/asaskevich/govalidator" - "github.com/ory/keto/sdk/go/keto" + "github.com/pkg/errors" + "github.com/tomasen/realip" + "github.com/ory/keto/sdk/go/keto/swagger" "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/rule" - "github.com/pkg/errors" - "github.com/tomasen/realip" ) +type KetoWardenSDK interface { + DoOryAccessControlPoliciesAllow(flavor string, body swagger.OryAccessControlPolicyAllowedInput) (*swagger.AuthorizationResult, *swagger.APIResponse, error) +} + type AuthorizerKetoWardenConfiguration struct { RequiredAction string `json:"required_action" valid:",required"` RequiredResource string `json:"required_resource" valid:",required"` Subject string `json:"subject"` + Flavor string `json:"flavor"` } type AuthorizerKetoWarden struct { - K keto.WardenSDK + K KetoWardenSDK contextCreator authorizerKetoWardenContext } -func NewAuthorizerKetoWarden(k keto.WardenSDK) *AuthorizerKetoWarden { +func NewAuthorizerKetoWarden(k KetoWardenSDK) *AuthorizerKetoWarden { return &AuthorizerKetoWarden{ K: k, contextCreator: contextFromRequest, @@ -101,7 +106,12 @@ func (a *AuthorizerKetoWarden) Authorize(r *http.Request, session *Authenticatio } } - defaultSession, response, err := a.K.IsSubjectAuthorized(swagger.WardenSubjectAuthorizationRequest{ + flavor := "regex" + if len(cf.Flavor) > 0 { + flavor = cf.Flavor + } + + defaultSession, response, err := a.K.DoOryAccessControlPoliciesAllow(flavor, swagger.OryAccessControlPolicyAllowedInput{ Action: compiled.ReplaceAllString(r.URL.String(), cf.RequiredAction), Resource: compiled.ReplaceAllString(r.URL.String(), cf.RequiredResource), Context: a.contextCreator(r), diff --git a/proxy/authorizer_keto_warden_test.go b/proxy/authorizer_keto_warden_test.go index a5359bd533..67ebdae8d0 100644 --- a/proxy/authorizer_keto_warden_test.go +++ b/proxy/authorizer_keto_warden_test.go @@ -28,11 +28,12 @@ import ( "testing" "github.com/golang/mock/gomock" - "github.com/ory/keto/sdk/go/keto/swagger" - "github.com/ory/oathkeeper/rule" "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/keto/sdk/go/keto/swagger" + "github.com/ory/oathkeeper/rule" ) func mustParseURL(t *testing.T, u string) *url.URL { @@ -45,7 +46,7 @@ func TestAuthorizerKetoWarden(t *testing.T) { assert.NotEmpty(t, NewAuthorizerKetoWarden(nil).GetID()) for k, tc := range []struct { - setup func(*testing.T, *MockWardenSDK) + setup func(*testing.T, *MockKetoWardenSDK) r *http.Request session *AuthenticationSession config json.RawMessage @@ -64,14 +65,14 @@ func TestAuthorizerKetoWarden(t *testing.T) { }, }, r: &http.Request{URL: &url.URL{}}, - setup: func(t *testing.T, m *MockWardenSDK) { - m.EXPECT().IsSubjectAuthorized(gomock.Any()).Return(nil, nil, errors.New("foo")) + setup: func(t *testing.T, m *MockKetoWardenSDK) { + m.EXPECT().DoOryAccessControlPoliciesAllow(gomock.Eq("regex"), gomock.Any()).Return(nil, nil, errors.New("foo")) }, session: new(AuthenticationSession), expectErr: true, }, { - config: []byte(`{ "required_action": "action", "required_resource": "resource" }`), + config: []byte(`{ "required_action": "action", "required_resource": "resource", "flavor": "regex" }`), rule: &rule.Rule{ Match: rule.RuleMatch{ Methods: []string{"POST"}, @@ -79,14 +80,14 @@ func TestAuthorizerKetoWarden(t *testing.T) { }, }, r: &http.Request{URL: &url.URL{}}, - setup: func(t *testing.T, m *MockWardenSDK) { - m.EXPECT().IsSubjectAuthorized(gomock.Any()).Return(nil, &swagger.APIResponse{Response: &http.Response{StatusCode: http.StatusInternalServerError}}, nil) + setup: func(t *testing.T, m *MockKetoWardenSDK) { + m.EXPECT().DoOryAccessControlPoliciesAllow(gomock.Eq("regex"), gomock.Any()).Return(nil, &swagger.APIResponse{Response: &http.Response{StatusCode: http.StatusInternalServerError}}, nil) }, session: new(AuthenticationSession), expectErr: true, }, { - config: []byte(`{ "required_action": "action", "required_resource": "resource" }`), + config: []byte(`{ "required_action": "action", "required_resource": "resource", "flavor": "exact" }`), rule: &rule.Rule{ Match: rule.RuleMatch{ Methods: []string{"POST"}, @@ -94,9 +95,9 @@ func TestAuthorizerKetoWarden(t *testing.T) { }, }, r: &http.Request{URL: &url.URL{}}, - setup: func(t *testing.T, m *MockWardenSDK) { - m.EXPECT().IsSubjectAuthorized(gomock.Any()).Return( - &swagger.WardenSubjectAuthorizationResponse{Allowed: false}, + setup: func(t *testing.T, m *MockKetoWardenSDK) { + m.EXPECT().DoOryAccessControlPoliciesAllow(gomock.Eq("exact"), gomock.Any()).Return( + &swagger.AuthorizationResult{Allowed: false}, &swagger.APIResponse{Response: &http.Response{StatusCode: http.StatusOK}}, nil, ) @@ -113,14 +114,14 @@ func TestAuthorizerKetoWarden(t *testing.T) { }, }, r: &http.Request{URL: mustParseURL(t, "https://localhost/api/users/1234/abcde")}, - setup: func(t *testing.T, m *MockWardenSDK) { - m.EXPECT().IsSubjectAuthorized(gomock.Eq(swagger.WardenSubjectAuthorizationRequest{ + setup: func(t *testing.T, m *MockKetoWardenSDK) { + m.EXPECT().DoOryAccessControlPoliciesAllow(gomock.Any(), gomock.Eq(swagger.OryAccessControlPolicyAllowedInput{ Action: "action:1234:abcde", Resource: "resource:1234:abcde", Context: map[string]interface{}{}, Subject: "peter", })).Return( - &swagger.WardenSubjectAuthorizationResponse{Allowed: true}, + &swagger.AuthorizationResult{Allowed: true}, &swagger.APIResponse{Response: &http.Response{StatusCode: http.StatusOK}}, nil, ) @@ -137,14 +138,14 @@ func TestAuthorizerKetoWarden(t *testing.T) { }, }, r: &http.Request{URL: mustParseURL(t, "https://localhost/api/users/1234/abcde")}, - setup: func(t *testing.T, m *MockWardenSDK) { - m.EXPECT().IsSubjectAuthorized(gomock.Eq(swagger.WardenSubjectAuthorizationRequest{ + setup: func(t *testing.T, m *MockKetoWardenSDK) { + m.EXPECT().DoOryAccessControlPoliciesAllow(gomock.Any(), gomock.Eq(swagger.OryAccessControlPolicyAllowedInput{ Action: "action:1234:abcde", Resource: "resource:1234:abcde", Context: map[string]interface{}{}, Subject: "peter", })).Return( - &swagger.WardenSubjectAuthorizationResponse{Allowed: true}, + &swagger.AuthorizationResult{Allowed: true}, &swagger.APIResponse{Response: &http.Response{StatusCode: http.StatusOK}}, nil, ) @@ -157,7 +158,7 @@ func TestAuthorizerKetoWarden(t *testing.T) { c := gomock.NewController(t) defer c.Finish() - sdk := NewMockWardenSDK(c) + sdk := NewMockKetoWardenSDK(c) if tc.setup != nil { tc.setup(t, sdk) } diff --git a/proxy/credentials_issuer_cookies.go b/proxy/credentials_issuer_cookies.go index 9bda8c851b..fe79ce0125 100644 --- a/proxy/credentials_issuer_cookies.go +++ b/proxy/credentials_issuer_cookies.go @@ -7,8 +7,9 @@ import ( "net/http" "text/template" - "github.com/ory/oathkeeper/rule" "github.com/pkg/errors" + + "github.com/ory/oathkeeper/rule" ) type CredentialsCookiesConfig struct { diff --git a/proxy/credentials_issuer_cookies_test.go b/proxy/credentials_issuer_cookies_test.go index a2745ea420..12b4f2f198 100644 --- a/proxy/credentials_issuer_cookies_test.go +++ b/proxy/credentials_issuer_cookies_test.go @@ -8,10 +8,11 @@ import ( "testing" "text/template" - "github.com/ory/oathkeeper/rule" "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/oathkeeper/rule" ) func TestCredentialsIssuerCookies(t *testing.T) { diff --git a/proxy/credentials_issuer_headers.go b/proxy/credentials_issuer_headers.go index 31ef6ab29b..67c61b086c 100644 --- a/proxy/credentials_issuer_headers.go +++ b/proxy/credentials_issuer_headers.go @@ -7,8 +7,9 @@ import ( "net/http" "text/template" - "github.com/ory/oathkeeper/rule" "github.com/pkg/errors" + + "github.com/ory/oathkeeper/rule" ) type CredentialsHeadersConfig struct { diff --git a/proxy/credentials_issuer_headers_test.go b/proxy/credentials_issuer_headers_test.go index 9f3deab807..72cf52371a 100644 --- a/proxy/credentials_issuer_headers_test.go +++ b/proxy/credentials_issuer_headers_test.go @@ -8,10 +8,11 @@ import ( "testing" "text/template" - "github.com/ory/oathkeeper/rule" "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/oathkeeper/rule" ) func TestCredentialsIssuerHeaders(t *testing.T) { diff --git a/proxy/credentials_issuer_id_token.go b/proxy/credentials_issuer_id_token.go index d58f41c3e5..6a8e14f465 100644 --- a/proxy/credentials_issuer_id_token.go +++ b/proxy/credentials_issuer_id_token.go @@ -27,11 +27,12 @@ import ( "time" "github.com/dgrijalva/jwt-go" - "github.com/ory/oathkeeper/rsakey" - "github.com/ory/oathkeeper/rule" "github.com/pborman/uuid" "github.com/pkg/errors" "github.com/sirupsen/logrus" + + "github.com/ory/oathkeeper/rsakey" + "github.com/ory/oathkeeper/rule" ) type CredentialsIDTokenConfig struct { diff --git a/proxy/credentials_issuer_id_token_test.go b/proxy/credentials_issuer_id_token_test.go index a1864ba0fb..94b3d82e56 100644 --- a/proxy/credentials_issuer_id_token_test.go +++ b/proxy/credentials_issuer_id_token_test.go @@ -30,10 +30,11 @@ import ( "github.com/dgrijalva/jwt-go" "github.com/go-errors/errors" - "github.com/ory/oathkeeper/rsakey" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/oathkeeper/rsakey" ) func TestCredentialsIssuerIDToken(t *testing.T) { diff --git a/proxy/keto_sdk_mock.go b/proxy/keto_sdk_mock.go deleted file mode 100644 index 9ecdd88738..0000000000 --- a/proxy/keto_sdk_mock.go +++ /dev/null @@ -1,66 +0,0 @@ -// Automatically generated by MockGen. DO NOT EDIT! -// Source: ./vendor/github.com/ory/keto/sdk/go/keto/sdk_warden.go - -package proxy - -import ( - gomock "github.com/golang/mock/gomock" - swagger "github.com/ory/keto/sdk/go/keto/swagger" -) - -// Mock of WardenSDK interface -type MockWardenSDK struct { - ctrl *gomock.Controller - recorder *_MockWardenSDKRecorder -} - -// Recorder for MockWardenSDK (not exported) -type _MockWardenSDKRecorder struct { - mock *MockWardenSDK -} - -func NewMockWardenSDK(ctrl *gomock.Controller) *MockWardenSDK { - mock := &MockWardenSDK{ctrl: ctrl} - mock.recorder = &_MockWardenSDKRecorder{mock} - return mock -} - -func (_m *MockWardenSDK) EXPECT() *_MockWardenSDKRecorder { - return _m.recorder -} - -func (_m *MockWardenSDK) IsSubjectAuthorized(body swagger.WardenSubjectAuthorizationRequest) (*swagger.WardenSubjectAuthorizationResponse, *swagger.APIResponse, error) { - ret := _m.ctrl.Call(_m, "IsSubjectAuthorized", body) - ret0, _ := ret[0].(*swagger.WardenSubjectAuthorizationResponse) - ret1, _ := ret[1].(*swagger.APIResponse) - ret2, _ := ret[2].(error) - return ret0, ret1, ret2 -} - -func (_mr *_MockWardenSDKRecorder) IsSubjectAuthorized(arg0 interface{}) *gomock.Call { - return _mr.mock.ctrl.RecordCall(_mr.mock, "IsSubjectAuthorized", arg0) -} - -func (_m *MockWardenSDK) IsOAuth2AccessTokenAuthorized(body swagger.WardenOAuth2AccessTokenAuthorizationRequest) (*swagger.WardenOAuth2AccessTokenAuthorizationResponse, *swagger.APIResponse, error) { - ret := _m.ctrl.Call(_m, "IsOAuth2AccessTokenAuthorized", body) - ret0, _ := ret[0].(*swagger.WardenOAuth2AccessTokenAuthorizationResponse) - ret1, _ := ret[1].(*swagger.APIResponse) - ret2, _ := ret[2].(error) - return ret0, ret1, ret2 -} - -func (_mr *_MockWardenSDKRecorder) IsOAuth2AccessTokenAuthorized(arg0 interface{}) *gomock.Call { - return _mr.mock.ctrl.RecordCall(_mr.mock, "IsOAuth2AccessTokenAuthorized", arg0) -} - -func (_m *MockWardenSDK) IsOAuth2ClientAuthorized(body swagger.WardenOAuth2ClientAuthorizationRequest) (*swagger.WardenOAuth2ClientAuthorizationResponse, *swagger.APIResponse, error) { - ret := _m.ctrl.Call(_m, "IsOAuth2ClientAuthorized", body) - ret0, _ := ret[0].(*swagger.WardenOAuth2ClientAuthorizationResponse) - ret1, _ := ret[1].(*swagger.APIResponse) - ret2, _ := ret[2].(error) - return ret0, ret1, ret2 -} - -func (_mr *_MockWardenSDKRecorder) IsOAuth2ClientAuthorized(arg0 interface{}) *gomock.Call { - return _mr.mock.ctrl.RecordCall(_mr.mock, "IsOAuth2ClientAuthorized", arg0) -} diff --git a/proxy/keto_warden_sdk_mock.go b/proxy/keto_warden_sdk_mock.go new file mode 100644 index 0000000000..a07452578c --- /dev/null +++ b/proxy/keto_warden_sdk_mock.go @@ -0,0 +1,43 @@ +// Automatically generated by MockGen. DO NOT EDIT! +// Source: ./proxy/authorizer_keto_warden.go + +package proxy + +import ( + gomock "github.com/golang/mock/gomock" + + swagger "github.com/ory/keto/sdk/go/keto/swagger" +) + +// Mock of KetoWardenSDK interface +type MockKetoWardenSDK struct { + ctrl *gomock.Controller + recorder *_MockKetoWardenSDKRecorder +} + +// Recorder for MockKetoWardenSDK (not exported) +type _MockKetoWardenSDKRecorder struct { + mock *MockKetoWardenSDK +} + +func NewMockKetoWardenSDK(ctrl *gomock.Controller) *MockKetoWardenSDK { + mock := &MockKetoWardenSDK{ctrl: ctrl} + mock.recorder = &_MockKetoWardenSDKRecorder{mock} + return mock +} + +func (_m *MockKetoWardenSDK) EXPECT() *_MockKetoWardenSDKRecorder { + return _m.recorder +} + +func (_m *MockKetoWardenSDK) DoOryAccessControlPoliciesAllow(flavor string, body swagger.OryAccessControlPolicyAllowedInput) (*swagger.AuthorizationResult, *swagger.APIResponse, error) { + ret := _m.ctrl.Call(_m, "DoOryAccessControlPoliciesAllow", flavor, body) + ret0, _ := ret[0].(*swagger.AuthorizationResult) + ret1, _ := ret[1].(*swagger.APIResponse) + ret2, _ := ret[2].(error) + return ret0, ret1, ret2 +} + +func (_mr *_MockKetoWardenSDKRecorder) DoOryAccessControlPoliciesAllow(arg0, arg1 interface{}) *gomock.Call { + return _mr.mock.ctrl.RecordCall(_mr.mock, "DoOryAccessControlPoliciesAllow", arg0, arg1) +} diff --git a/proxy/proxy.go b/proxy/proxy.go index aad9e3d017..41decc787e 100644 --- a/proxy/proxy.go +++ b/proxy/proxy.go @@ -27,11 +27,12 @@ import ( "net/url" "strings" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" + "github.com/ory/herodot" "github.com/ory/oathkeeper/rsakey" "github.com/ory/oathkeeper/rule" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" ) func NewProxy(handler *RequestHandler, logger logrus.FieldLogger, matcher rule.Matcher) *Proxy { diff --git a/proxy/proxy_test.go b/proxy/proxy_test.go index 0f2ce1720f..0280f8004a 100644 --- a/proxy/proxy_test.go +++ b/proxy/proxy_test.go @@ -31,9 +31,10 @@ import ( "strings" "testing" - "github.com/ory/oathkeeper/rule" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/oathkeeper/rule" ) //type jurorDenyAll struct{} diff --git a/proxy/request_handler.go b/proxy/request_handler.go index 8522a9f9b9..4e8d903c94 100644 --- a/proxy/request_handler.go +++ b/proxy/request_handler.go @@ -23,10 +23,11 @@ package proxy import ( "net/http" - "github.com/ory/oathkeeper/helper" - "github.com/ory/oathkeeper/rule" "github.com/pkg/errors" "github.com/sirupsen/logrus" + + "github.com/ory/oathkeeper/helper" + "github.com/ory/oathkeeper/rule" ) type RequestHandler struct { diff --git a/proxy/request_handler_test.go b/proxy/request_handler_test.go index 79eaf2dfc1..6f54e6c409 100644 --- a/proxy/request_handler_test.go +++ b/proxy/request_handler_test.go @@ -27,9 +27,10 @@ import ( "regexp" "testing" + "github.com/stretchr/testify/require" + "github.com/ory/ladon/compiler" "github.com/ory/oathkeeper/rule" - "github.com/stretchr/testify/require" ) func mustCompileRegex(t *testing.T, pattern string) *regexp.Regexp { diff --git a/rsakey/handler.go b/rsakey/handler.go index dbe007d14d..2993019280 100644 --- a/rsakey/handler.go +++ b/rsakey/handler.go @@ -24,8 +24,9 @@ import ( "net/http" "github.com/julienschmidt/httprouter" - "github.com/ory/herodot" "gopkg.in/square/go-jose.v2" + + "github.com/ory/herodot" ) type Handler struct { diff --git a/rsakey/manager_hydra.go b/rsakey/manager_hydra.go index d5f418eeb5..cc2dad0a52 100644 --- a/rsakey/manager_hydra.go +++ b/rsakey/manager_hydra.go @@ -26,10 +26,11 @@ import ( "net/http" "strings" - "github.com/ory/hydra/sdk/go/hydra" - "github.com/ory/hydra/sdk/go/hydra/swagger" "github.com/pkg/errors" "gopkg.in/square/go-jose.v2" + + "github.com/ory/hydra/sdk/go/hydra" + "github.com/ory/hydra/sdk/go/hydra/swagger" ) type HydraManager struct { diff --git a/rsakey/manager_test.go b/rsakey/manager_test.go index 304b796f36..0dda9e2baa 100644 --- a/rsakey/manager_test.go +++ b/rsakey/manager_test.go @@ -28,11 +28,12 @@ import ( "testing" "time" - "github.com/ory/dockertest" - "github.com/ory/hydra/sdk/go/hydra" "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/dockertest" + "github.com/ory/hydra/sdk/go/hydra" ) var resources []*dockertest.Resource diff --git a/rule/handler.go b/rule/handler.go index 31715a604d..5078749f7a 100644 --- a/rule/handler.go +++ b/rule/handler.go @@ -25,12 +25,13 @@ import ( "net/http" "github.com/julienschmidt/httprouter" + "github.com/pborman/uuid" + "github.com/pkg/errors" + "github.com/ory/herodot" "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/pkg" "github.com/ory/pagination" - "github.com/pborman/uuid" - "github.com/pkg/errors" ) type Handler struct { diff --git a/rule/handler_test.go b/rule/handler_test.go index a0a341c04f..1571327317 100644 --- a/rule/handler_test.go +++ b/rule/handler_test.go @@ -26,11 +26,12 @@ import ( "testing" "github.com/julienschmidt/httprouter" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/ory/herodot" "github.com/ory/oathkeeper/pkg" "github.com/ory/oathkeeper/sdk/go/oathkeeper/swagger" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestHandler(t *testing.T) { diff --git a/rule/manager_memory.go b/rule/manager_memory.go index bfd2b769ec..4eb4e07a93 100644 --- a/rule/manager_memory.go +++ b/rule/manager_memory.go @@ -21,9 +21,10 @@ package rule import ( + "github.com/pkg/errors" + "github.com/ory/oathkeeper/helper" "github.com/ory/pagination" - "github.com/pkg/errors" ) type MemoryManager struct { diff --git a/rule/manager_sql.go b/rule/manager_sql.go index d4251b77e2..07afc1d464 100644 --- a/rule/manager_sql.go +++ b/rule/manager_sql.go @@ -27,9 +27,10 @@ import ( "github.com/jmoiron/sqlx" _ "github.com/lib/pq" - "github.com/ory/oathkeeper/helper" "github.com/pkg/errors" "github.com/rubenv/sql-migrate" + + "github.com/ory/oathkeeper/helper" ) func NewSQLManager(db *sqlx.DB) *SQLManager { diff --git a/rule/manager_test.go b/rule/manager_test.go index 6d6c053ece..119be054fb 100644 --- a/rule/manager_test.go +++ b/rule/manager_test.go @@ -25,11 +25,12 @@ import ( _ "github.com/go-sql-driver/mysql" _ "github.com/lib/pq" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/pkg" "github.com/ory/sqlcon/dockertest" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestMain(m *testing.M) { diff --git a/rule/matcher_cached.go b/rule/matcher_cached.go index cd1ec743bf..9d150ce8a4 100644 --- a/rule/matcher_cached.go +++ b/rule/matcher_cached.go @@ -24,9 +24,10 @@ import ( "net/url" "sync" + "github.com/pkg/errors" + "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/pkg" - "github.com/pkg/errors" ) type CachedMatcher struct { diff --git a/rule/matcher_cached_http.go b/rule/matcher_cached_http.go index 88c23c646d..f42e0c119a 100644 --- a/rule/matcher_cached_http.go +++ b/rule/matcher_cached_http.go @@ -23,9 +23,10 @@ package rule import ( "net/http" + "github.com/pkg/errors" + "github.com/ory/oathkeeper/pkg" "github.com/ory/oathkeeper/sdk/go/oathkeeper" - "github.com/pkg/errors" ) type HTTPMatcher struct { diff --git a/rule/matcher_test.go b/rule/matcher_test.go index 82bde2cc6a..8899a7ded7 100644 --- a/rule/matcher_test.go +++ b/rule/matcher_test.go @@ -26,11 +26,12 @@ import ( "testing" "github.com/julienschmidt/httprouter" - "github.com/ory/herodot" - "github.com/ory/oathkeeper/sdk/go/oathkeeper" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/herodot" + "github.com/ory/oathkeeper/sdk/go/oathkeeper" ) var testRules = []Rule{ diff --git a/rule/rule.go b/rule/rule.go index e297b32fd1..68fb47ce0c 100644 --- a/rule/rule.go +++ b/rule/rule.go @@ -28,8 +28,9 @@ import ( "regexp" "strings" - "github.com/ory/ladon/compiler" "github.com/pkg/errors" + + "github.com/ory/ladon/compiler" ) type RuleMatch struct { diff --git a/rule/rule_validator.go b/rule/rule_validator.go index f6d782e20d..e450cf9c36 100644 --- a/rule/rule_validator.go +++ b/rule/rule_validator.go @@ -24,9 +24,10 @@ import ( "fmt" "github.com/asaskevich/govalidator" + "github.com/pkg/errors" + "github.com/ory/go-convenience/stringslice" "github.com/ory/oathkeeper/helper" - "github.com/pkg/errors" ) func ValidateRule( diff --git a/rule/rule_validator_test.go b/rule/rule_validator_test.go index 84e4ea74a0..c3bae773cd 100644 --- a/rule/rule_validator_test.go +++ b/rule/rule_validator_test.go @@ -24,10 +24,11 @@ import ( "strings" "testing" - "github.com/ory/herodot" "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/ory/herodot" ) func TestValidateRule(t *testing.T) { diff --git a/sdk/go/oathkeeper/swagger/api_client.go b/sdk/go/oathkeeper/swagger/api_client.go index 7fca9ae031..774e5a3acd 100644 --- a/sdk/go/oathkeeper/swagger/api_client.go +++ b/sdk/go/oathkeeper/swagger/api_client.go @@ -19,7 +19,7 @@ import ( "reflect" "strings" - resty "gopkg.in/go-resty/resty.v1" + resty "gopkg.in/resty.v1" ) type APIClient struct { From 9534117d967cb32285debe0119c900fb196f0475 Mon Sep 17 00:00:00 2001 From: aeneasr Date: Sat, 8 Dec 2018 15:26:19 +0100 Subject: [PATCH 3/5] u Signed-off-by: aeneasr --- .circleci/config.yml | 96 +++++++++++++++++++++++++------------------- 1 file changed, 54 insertions(+), 42 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 7983432154..fee25468ed 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,34 +5,48 @@ version: 2 jobs: format: docker: - - image: circleci/golang:1.10 - working_directory: /go/src/github.com/ory/oathkeeper + - image: circleci/golang:1.11 + working_directory: /go/src/github.com/ory/hydra steps: - - checkout - - run: curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh - - run: go get -u golang.org/x/tools/cmd/goimports - - run: dep ensure -vendor-only - - run: ./scripts/test-format.sh + # This is disabled for now because goimports is really slow when go modules are used, see + # https://github.com/golang/go/issues/27287 + # + # - run: + # name: Enable go1.11 modules + # command: | + # echo 'export GO111MODULE=on' >> $BASH_ENV + # source $BASH_ENV + - checkout + - run: + name: Enable go1.11 modules + command: | + echo 'export GO111MODULE=on' >> $BASH_ENV + source $BASH_ENV + - run: curl -L https://git.io/vp6lP | sh + - run: mv ./bin/* $GOPATH/bin + - run: go mod download + - run: go mod vendor + - run: GO111MODULE=off gometalinter --disable-all --enable=goimports --enable=vet --vendor ./... - swagger: - docker: - - image: circleci/golang:1.10 - working_directory: /go/src/github.com/ory/oathkeeper - steps: - - checkout - - run: curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh - - run: go get -u github.com/go-swagger/go-swagger/cmd/swagger golang.org/x/tools/cmd/goimports - - run: dep ensure -vendor-only - - run: ./scripts/run-genswag.sh +# swagger: +# docker: +# - image: circleci/golang:1.11 +# working_directory: /go/src/github.com/ory/oathkeeper +# steps: +# - checkout +# - run: curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh +# - run: go get -u github.com/go-swagger/go-swagger/cmd/swagger golang.org/x/tools/cmd/goimports +# - run: dep ensure -vendor-only +# - run: ./scripts/run-genswag.sh test: docker: - - image: circleci/golang:1.10 + - image: circleci/golang:1.11 environment: - TEST_DATABASE_POSTGRESQL=postgres://test:test@localhost:5432/oathkeeper?sslmode=disable - TEST_DATABASE_MYSQL=root:test@(localhost:3306)/mysql?parseTime=true - TEST_HYDRA_ADMIN_URL=http://localhost:4445 - - image: oryd/hydra:v1.0.0-beta.8 + - image: oryd/hydra:v1.0.0-rc.3_oryOS.9 environment: - DATABASE_URL=memory command: "serve all --dangerous-force-http" @@ -46,20 +60,15 @@ jobs: - POSTGRES_DB=oathkeeper working_directory: /go/src/github.com/ory/oathkeeper steps: + - run: + name: Enable go1.11 modules + command: | + echo 'export GO111MODULE=on' >> $BASH_ENV + source $BASH_ENV - checkout - - run: go get -u github.com/go-swagger/go-swagger/cmd/swagger github.com/bradfitz/goimports github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/ory/go-acc - - run: curl -L -s https://github.com/golang/dep/releases/download/v0.4.1/dep-linux-amd64 -o /go/bin/dep && chmod +x /go/bin/dep - - # Installation - - run: curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - - - run: dep ensure -vendor-only - - run: go install github.com/ory/oathkeeper - - # Tests - - run: go test -race -short $(go list ./... | grep -v cmd) - - run: go-acc -o coverage.txt ./... - - # Submit coverage details + - run: go mod download + - run: go get -u github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/ory/go-acc + - run: go-acc -o coverage.txt ./... -- -failfast -timeout=20m - run: test -z "$CIRCLE_PR_NUMBER" && goveralls -service=circle-ci -coverprofile=coverage.txt -repotoken=$COVERALLS_REPO_TOKEN || echo "forks are not allowed to push to coveralls" build-docker: @@ -74,7 +83,7 @@ jobs: release-docker: docker: - - image: circleci/golang:1.10 + - image: circleci/golang:1.11 working_directory: /go/src/github.com/ory/oathkeeper steps: - checkout @@ -120,13 +129,16 @@ jobs: release-binaries: docker: - - image: circleci/golang:1.10 + - image: circleci/golang:1.11 working_directory: /go/src/github.com/ory/oathkeeper steps: + - run: + name: Enable go1.11 modules + command: | + echo 'export GO111MODULE=on' >> $BASH_ENV + source $BASH_ENV - checkout - - run: curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh - run: go get -u github.com/mitchellh/gox github.com/tcnksm/ghr - - run: dep ensure -vendor-only - run: | gox -parallel=2 -ldflags "-X github.com/ory/oathkeeper/cmd.Version=`git describe --tags` -X github.com/ory/oathkeeper/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/oathkeeper/cmd.GitHash=`git rev-parse HEAD`" -output "dist/{{.Dir}}-{{.OS}}-{{.Arch}}"; - run: ghr -t $GITHUB_TOKEN -u $CIRCLE_PROJECT_USERNAME -r $CIRCLE_PROJECT_REPONAME --replace `git describe --tags` dist/ @@ -159,15 +171,15 @@ workflows: - release-docs: filters: branches: - only: master - - swagger: - filters: - tags: - only: /.*/ +# only: master +# - swagger: +# filters: +# tags: +# only: /.*/ - build-docker: requires: - test - - swagger +# - swagger - format filters: tags: From 330f65006da764ab76d81e86973e1fab01ddc201 Mon Sep 17 00:00:00 2001 From: aeneasr Date: Sat, 8 Dec 2018 17:44:57 +0100 Subject: [PATCH 4/5] u Signed-off-by: aeneasr --- cmd/helper_sql.go | 2 +- go.mod | 7 ++----- go.sum | 6 ++++++ rule/handler.go | 2 +- rule/manager_memory.go | 2 +- rule/manager_test.go | 2 +- 6 files changed, 12 insertions(+), 9 deletions(-) diff --git a/cmd/helper_sql.go b/cmd/helper_sql.go index 393637ab33..1fd53a9a39 100644 --- a/cmd/helper_sql.go +++ b/cmd/helper_sql.go @@ -27,7 +27,7 @@ import ( "github.com/pkg/errors" "github.com/ory/oathkeeper/rule" - "github.com/ory/sqlcon" + "github.com/ory/x/sqlcon" ) func connectToSql(dburl string) (*sqlx.DB, error) { diff --git a/go.mod b/go.mod index d4bdd5f645..f42de539b9 100644 --- a/go.mod +++ b/go.mod @@ -16,12 +16,9 @@ require ( github.com/ory/graceful v0.1.0 github.com/ory/herodot v0.5.0 github.com/ory/hydra v0.0.0-20181208123928-e4bc6c269c6f - github.com/ory/keto v1.0.0-beta.9.0.20181208140000-637c78cba697 + github.com/ory/keto v1.0.0-beta.9.0.20181208142658-3dd5f7d61bb4 github.com/ory/ladon v1.0.0 - github.com/ory/metrics-middleware v0.0.1 - github.com/ory/pagination v0.0.1 - github.com/ory/sqlcon v0.0.7 - github.com/ory/x v0.0.33 + github.com/ory/x v0.0.34 github.com/pborman/uuid v1.2.0 github.com/pkg/errors v0.8.0 github.com/rs/cors v1.6.0 diff --git a/go.sum b/go.sum index db186472b1..a4d1ba5ebc 100644 --- a/go.sum +++ b/go.sum @@ -95,6 +95,7 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/luna-duclos/instrumentedsql v0.0.0-20181127104832-b7d587d28109 h1:SSbnT1UH/TdSedRIy8XVB1dsVUOFP8iHaa/+QE0/q2k= github.com/luna-duclos/instrumentedsql v0.0.0-20181127104832-b7d587d28109/go.mod h1:PWUIzhtavmOR965zfawVsHXbEuU1G29BPZ/CB3C7jXk= github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -118,6 +119,7 @@ github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVo github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc5/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opentracing/opentracing-go v1.0.2 h1:3jA2P6O1F9UOrWVpwrIo17pu01KWvNWg4X946/Y5Zwg= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/ory/dockertest v3.3.2+incompatible h1:uO+NcwH6GuFof/Uz8yzjNi1g0sGT5SLAJbdBvD8bUYc= @@ -136,6 +138,8 @@ github.com/ory/hydra v0.0.0-20181208123928-e4bc6c269c6f h1:JtBY5qa5LoKO3ojmEZIh0 github.com/ory/hydra v0.0.0-20181208123928-e4bc6c269c6f/go.mod h1:pazH5G4yjtFtN9LC0imaOU6McHzsW+1ArENDx3nFi+w= github.com/ory/keto v1.0.0-beta.9.0.20181208140000-637c78cba697 h1:HusI086C9L+rIk57d/QPbaZi1DtuMJROHLGa7swh56w= github.com/ory/keto v1.0.0-beta.9.0.20181208140000-637c78cba697/go.mod h1:lj6ySeJD2QTXTD7jSW3fj7HobqeOIzSL6t+n8ecLY8w= +github.com/ory/keto v1.0.0-beta.9.0.20181208142658-3dd5f7d61bb4 h1:8ZiAYSKrRrjxX8pbjwN1L/FHBonQ+qU3bAa6ksAQNyo= +github.com/ory/keto v1.0.0-beta.9.0.20181208142658-3dd5f7d61bb4/go.mod h1:lj6ySeJD2QTXTD7jSW3fj7HobqeOIzSL6t+n8ecLY8w= github.com/ory/ladon v1.0.0 h1:gIxadSxUefpAzEc0lSksKdyjKBhx+hV0Waa5z/IB9Xc= github.com/ory/ladon v1.0.0/go.mod h1:1VhCA2mBtaMhRUS6VS0d9qrNVDQnFXqSRb5D0NvQUPY= github.com/ory/metrics-middleware v0.0.1 h1:X5qndrJMa8/Sdp86wd8fBEsAL02wAgj3X1o1ktqM5Fk= @@ -146,6 +150,8 @@ github.com/ory/sqlcon v0.0.7 h1:PQl4ihs11Xzw9wyFk0YQmQEnPL0icdJjiStQNaoRTmM= github.com/ory/sqlcon v0.0.7/go.mod h1:oOyCmOJWAs8F0bnGmmIvGA9/4K1JqVL0D9JgvAaVc3U= github.com/ory/x v0.0.33 h1:Hfy1Xe+oKvOG8BN+B3ArM0eVfoCH7FElOmMzO0J/c0Q= github.com/ory/x v0.0.33/go.mod h1:U7SUjn+NSVmHbWlS0LBSxbBk1hdPDmc2AJk9gZZZedA= +github.com/ory/x v0.0.34 h1:uNd3Ggn41jc85z3gr+2vXhMYDWXBVM9LWq/S1Qf/RIA= +github.com/ory/x v0.0.34/go.mod h1:U7SUjn+NSVmHbWlS0LBSxbBk1hdPDmc2AJk9gZZZedA= github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE= github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= diff --git a/rule/handler.go b/rule/handler.go index 5078749f7a..e4c7f947db 100644 --- a/rule/handler.go +++ b/rule/handler.go @@ -31,7 +31,7 @@ import ( "github.com/ory/herodot" "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/pkg" - "github.com/ory/pagination" + "github.com/ory/x/pagination" ) type Handler struct { diff --git a/rule/manager_memory.go b/rule/manager_memory.go index 4eb4e07a93..f484c387e5 100644 --- a/rule/manager_memory.go +++ b/rule/manager_memory.go @@ -24,7 +24,7 @@ import ( "github.com/pkg/errors" "github.com/ory/oathkeeper/helper" - "github.com/ory/pagination" + "github.com/ory/x/pagination" ) type MemoryManager struct { diff --git a/rule/manager_test.go b/rule/manager_test.go index 119be054fb..0e2909a067 100644 --- a/rule/manager_test.go +++ b/rule/manager_test.go @@ -30,7 +30,7 @@ import ( "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/pkg" - "github.com/ory/sqlcon/dockertest" + "github.com/ory/x/sqlcon/dockertest" ) func TestMain(m *testing.M) { From 577f7a35d8d1073d28068b35b282b5d68a021177 Mon Sep 17 00:00:00 2001 From: aeneasr Date: Wed, 12 Dec 2018 23:57:42 +0100 Subject: [PATCH 5/5] proxy: Adapt to keto authorizer changes Signed-off-by: aeneasr --- .dockerignore | 3 ++- UPGRADE.md | 44 ++++++++++++++++++++++++++++----- cmd/helper_server.go | 4 +-- cmd/serve_proxy.go | 8 +++--- proxy/authorizer_keto_warden.go | 6 ++--- 5 files changed, 49 insertions(+), 16 deletions(-) diff --git a/.dockerignore b/.dockerignore index a725465aee..67508e1e16 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,2 @@ -vendor/ \ No newline at end of file +vendor/ +node_modules \ No newline at end of file diff --git a/UPGRADE.md b/UPGRADE.md index 44f390e729..4e1cadf78a 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -25,12 +25,44 @@ before finalizing the upgrade process. -## Most recent release - -### Refresh Configuration - -Environment variables `HTTP_TLS_xxx` are now called -`HTTPS_TLS_xxx`. +## master + +## v0.14.0+oryOS.10 + +### Changes to the ORY Keto Authorizer + +As ORY Keto's API and scope have changed, the `keto_warden` authorizer has changed as well. The most important +change is that the identifier changed from `keto_warden` to `keto_engine_acp_ory`. This reflects the new ORY Keto concept +which supports different engines. The functionality of the authorizer itself remains the same. A new configuration +option called `flavor` was added, which sets what flavor (e.g. `regex`, `exact`, ...). Here's an exemplary diff +of a rule using `keto_warden` + +``` +{ + "id": "...", + "upstream": ..., + "match": ..., + "authenticators": ..., + "authorizer": { +- "handler": "keto_warden", ++ "handler": "keto_engine_acp_ory", + "config": { + "required_action": "...", + "required_resource": ...", + "subject": ...", ++ "flavor": "exact" (optional, defaults to `regex`) + } + }, + "credentials_issuer": ... +} +``` + +As part of this change, environment variable `AUTHORIZER_KETO_WARDEN_KETO_URL` was renamed to `AUTHORIZER_KETO_URL`. + +### Environment variables + +- Environment variables `HTTP_TLS_xxx` are now called `HTTPS_TLS_xxx`. +- Environment variable `AUTHORIZER_KETO_WARDEN_KETO_URL` is now `AUTHORIZER_KETO_URL`. ## v0.13.9+oryOS.9 diff --git a/cmd/helper_server.go b/cmd/helper_server.go index b0e18a62c9..60445218b1 100644 --- a/cmd/helper_server.go +++ b/cmd/helper_server.go @@ -246,9 +246,9 @@ func handlerFactories(keyManager rsakey.Manager) ([]proxy.Authenticator, []proxy logger.Warn("Authenticator \"jwt\" is not configured and thus disabled.") } - if u := viper.GetString("AUTHORIZER_KETO_WARDEN_KETO_URL"); len(u) > 0 { + if u := viper.GetString("AUTHORIZER_KETO_URL"); len(u) > 0 { if _, err := url.ParseRequestURI(u); err != nil { - logger.WithError(err).Fatalf("Value \"%s\" from environment variable \"AUTHORIZER_KETO_WARDEN_KETO_URL\" is not a valid URL.", u) + logger.WithError(err).Fatalf("Value \"%s\" from environment variable \"AUTHORIZER_KETO_URL\" is not a valid URL.", u) } ketoSdk, err := keto.NewCodeGenSDK(&keto.Configuration{ EndpointURL: u, diff --git a/cmd/serve_proxy.go b/cmd/serve_proxy.go index 45b9911422..a0bf166747 100644 --- a/cmd/serve_proxy.go +++ b/cmd/serve_proxy.go @@ -143,10 +143,10 @@ AUTHORIZERS ============== - ORY Keto Warden Authorizer: - - AUTHORIZER_KETO_WARDEN_KETO_URL: The URL of ORY Keto's URL. If the value is empty, then the ORY Keto Warden Authorizer + - AUTHORIZER_KETO_URL: The URL of ORY Keto's URL. If the value is empty, then the ORY Keto Warden Authorizer will be disabled. -------------------------------------------------------------- - Example: AUTHORIZER_KETO_WARDEN_KETO_URL=http://keto-url/ + Example: AUTHORIZER_KETO_URL=http://keto-url/ -------------------------------------------------------------- @@ -202,9 +202,9 @@ OTHER CONTROLS proxy.NewAuthorizerDeny(), } - if u := viper.GetString("AUTHORIZER_KETO_WARDEN_KETO_URL"); len(u) > 0 { + if u := viper.GetString("AUTHORIZER_KETO_URL"); len(u) > 0 { ketoSdk, err := keto.NewCodeGenSDK(&keto.Configuration{ - EndpointURL: viper.GetString("AUTHORIZER_KETO_WARDEN_KETO_URL"), + EndpointURL: viper.GetString("AUTHORIZER_KETO_URL"), }) if err != nil { logger.WithError(err).Fatal("Unable to initialize the ORY Keto SDK") diff --git a/proxy/authorizer_keto_warden.go b/proxy/authorizer_keto_warden.go index d89ff31e0a..06f78fc348 100644 --- a/proxy/authorizer_keto_warden.go +++ b/proxy/authorizer_keto_warden.go @@ -61,7 +61,7 @@ func NewAuthorizerKetoWarden(k KetoWardenSDK) *AuthorizerKetoWarden { } func (a *AuthorizerKetoWarden) GetID() string { - return "keto_warden" + return "keto_engine_acp_ory" } type authorizerKetoWardenContext func(r *http.Request) map[string]interface{} @@ -124,10 +124,10 @@ func (a *AuthorizerKetoWarden) Authorize(r *http.Request, session *Authenticatio return errors.Errorf("Expected status code %d but got %d", http.StatusOK, response.StatusCode) } if defaultSession == nil { - return errors.WithStack(helper.ErrUnauthorized) + return errors.WithStack(helper.ErrForbidden) } if !defaultSession.Allowed { - return errors.WithStack(helper.ErrUnauthorized) + return errors.WithStack(helper.ErrForbidden) } return nil