Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sync with main repo #1

Merged
merged 30 commits into from
May 4, 2019
Merged
Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
ab5240e
Support "scope" claim as a string in jwt authenticator (#137)
stszap Nov 15, 2018
07eb99b
rule: Ignore query parameters when matching url in rules. (#139)
stszap Dec 3, 2018
751dfa3
docs: Align changelog, upgrade with new versions (#143)
aeneasr Dec 7, 2018
c836cb0
docs: Fix proxy help command description (#142)
aeneasr Dec 7, 2018
84131d2
docs: Update documentation links (#144)
aeneasr Dec 8, 2018
bcd4836
proxy: Upgrade keto authorizer to 0.2.0 (#145)
aeneasr Dec 13, 2018
3e2a8de
vendor: Update keto to latest
aeneasr Dec 13, 2018
a00ce64
ci: Fix circle misconfiguration
aeneasr Dec 13, 2018
893385b
ci: Fix docker release task
aeneasr Dec 13, 2018
62415a1
ci: Fix docker push arguments in publish task
aeneasr Dec 13, 2018
2d9899a
docs: Incorporates changes from version v0.14.2+oryOS.10
Dec 13, 2018
9d653f5
docs: Update README building-from-source part with the gomodule way (…
pink-lucifer Jan 22, 2019
f423666
docs: Update patrons
aeneasr Feb 18, 2019
8441bd5
proxy: improve debugability of JWT authenticator (#156)
aeneasr Mar 6, 2019
43e500d
ci: Resolve CI build issue (#160)
aeneasr Apr 1, 2019
6fb7151
rule: Ensure rule matcher is locked before updating (#159)
jtescher Apr 3, 2019
eebc2f4
proxy: Use scp,scope,scopes in jwt authenticator (#162)
aeneasr Apr 5, 2019
f9fdefb
vendor: Upgrade dependencies (#163)
aeneasr Apr 5, 2019
4fc579c
judge: Set request headers for credential issuers (#169)
aeneasr Apr 6, 2019
38c52a3
sdk: Move to go-swagger SDK code generation (#170)
aeneasr Apr 6, 2019
7c33ca8
make: Remove vendored dependencies after sdk generation
aeneasr Apr 8, 2019
b56c047
ci: Adopt new release pipeline (#171)
aeneasr Apr 8, 2019
529e05e
ci: Add license.txt to gitignore
aeneasr Apr 8, 2019
ec40cc4
docker: Update Dockerfile build instructions
aeneasr Apr 8, 2019
44649b6
docs: Incorporates changes from version v0.0.0-testrelease.3
Apr 8, 2019
cbccbe2
Update CHANGELOG.md
aeneasr Apr 8, 2019
b538e3c
sdk: Remove sdk dependencies to keto/hydra (#173)
aeneasr Apr 12, 2019
e2edbf8
docker: Remove full tag from build pipeline (#179)
aeneasr Apr 29, 2019
fc261f0
vendor: Add go.sum (#180)
aeneasr Apr 29, 2019
5c34958
docs: Incorporates changes from version v0.15.1
Apr 29, 2019
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
sdk: Remove sdk dependencies to keto/hydra (ory#173)
This patch replaces code-generated SDKs with raw http.Client calls which reduces dependencies and makes future changes to the keto/hydra SDK easier to adopt to.

Signed-off-by: aeneasr <aeneas@ory.sh>
  • Loading branch information
aeneasr authored Apr 12, 2019
commit b538e3c8fdd52be1e61ed88502fce1de7737d4a9
8 changes: 3 additions & 5 deletions Makefile
Original file line number Diff line number Diff line change
@@ -4,13 +4,11 @@ SHELL=/bin/bash -o pipefail
format:
goreturns -w -local github.com/ory $$(listx .)

.PHONY: gen-mocks
gen-mocks:
mockgen -package proxy -destination proxy/keto_warden_sdk_mock.go -source ./proxy/authorizer_keto_warden.go KetoWardenSDK
mockgen -package proxy -destination proxy/authenticator_oauth2_introspection_mock.go -source ./proxy/authenticator_oauth2_introspection.go authenticatorOAuth2IntrospectionHelper
.PHONY: mocks
mocks:

.PHONY: gen
gen: gen-mocks sdk
gen: mocks sdk

.PHONY: sdk
sdk:
57 changes: 29 additions & 28 deletions cmd/helper_server.go
Original file line number Diff line number Diff line change
@@ -21,40 +21,48 @@
package cmd

import (
"context"
"crypto/tls"
"encoding/base64"
"fmt"
"net/http"
"net/url"
"strings"
"time"

"golang.org/x/oauth2/clientcredentials"

"github.com/ory/x/urlx"

"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/spf13/viper"

"github.com/ory/fosite"
"github.com/ory/go-convenience/stringsx"
"github.com/ory/hydra/sdk/go/hydra"
"github.com/ory/keto/sdk/go/keto"
"github.com/ory/oathkeeper/proxy"
"github.com/ory/oathkeeper/rsakey"
"github.com/ory/oathkeeper/rule"
)

func getHydraSDK() hydra.SDK {
sdk, err := hydra.NewSDK(&hydra.Configuration{
ClientID: viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_ID"),
ClientSecret: viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_SECRET"),
AdminURL: viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL"),
PublicURL: viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_PUBLIC_URL"),
Scopes: strings.Split(viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_SCOPES"), ","),
})

if err != nil {
logger.WithError(err).Fatalln("Unable to connect to Hydra SDK")
return nil
func getHydraSDK() (*http.Client, *url.URL) {
var (
id = viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_ID")
secret = viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_SECRET")
admin = viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL")
public = viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_PUBLIC_URL")
scope = stringsx.Splitx(viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_SCOPES"), ",")
)
u := urlx.ParseOrFatal(logger, admin)
if len(id)+len(secret)+len(scope) > 0 {
return (&clientcredentials.Config{
ClientID: id,
ClientSecret: secret,
TokenURL: urlx.AppendPaths(urlx.ParseOrFatal(logger, public), "/oauth2/token").String(),
Scopes: scope,
}).Client(context.Background()), u
}
return sdk
return &http.Client{Timeout: time.Second * 5}, u
}

func refreshRules(m rule.Refresher, duration time.Duration) {
@@ -124,11 +132,8 @@ func keyManagerFactory(l logrus.FieldLogger) (keyManager rsakey.Manager, err err
//case "rs256":
// keyManager = &rsakey.LocalRS256Manager{KeyStrength: 4096}
case "ory-hydra":
sdk := getHydraSDK()
keyManager = &rsakey.HydraManager{
SDK: sdk,
Set: viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_JWK_SET_ID"),
}
c, u := getHydraSDK()
keyManager = rsakey.NewHydraManager(viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_JWK_SET_ID"), c, u)
default:
return nil, errors.Errorf("Unknown ID Token singing algorithm %s", a)
}
@@ -247,16 +252,12 @@ func handlerFactories(keyManager rsakey.Manager) ([]proxy.Authenticator, []proxy
}

if u := viper.GetString("AUTHORIZER_KETO_URL"); len(u) > 0 {
if _, err := url.ParseRequestURI(u); err != nil {
logger.WithError(err).Fatalf("Value \"%s\" from environment variable \"AUTHORIZER_KETO_URL\" is not a valid URL.", u)
}
ketoSdk, err := keto.NewCodeGenSDK(&keto.Configuration{
EndpointURL: u,
})
uu, err := url.ParseRequestURI(u)
if err != nil {
logger.WithError(err).Fatal("Unable to initialize the ORY Keto SDK.")
logger.WithError(err).Fatalf("Value \"%s\" from environment variable \"AUTHORIZER_KETO_URL\" is not a valid URL.", u)
}
authorizers = append(authorizers, proxy.NewAuthorizerKetoWarden(ketoSdk))

authorizers = append(authorizers, proxy.NewAuthorizerKetoWarden(uu))
} else {
logger.Warn("Authorizer \"ory-keto\" is not configured and thus disabled.")
}
11 changes: 3 additions & 8 deletions cmd/serve_proxy.go
Original file line number Diff line number Diff line change
@@ -27,13 +27,14 @@ import (
"net/http/httputil"
"net/url"

"github.com/ory/x/urlx"

negronilogrus "github.com/meatballhat/negroni-logrus"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"github.com/urfave/negroni"

"github.com/ory/graceful"
"github.com/ory/keto/sdk/go/keto"
"github.com/ory/oathkeeper/proxy"
"github.com/ory/oathkeeper/rule"
"github.com/ory/x/corsx"
@@ -205,13 +206,7 @@ OTHER CONTROLS
}

if u := viper.GetString("AUTHORIZER_KETO_URL"); len(u) > 0 {
ketoSdk, err := keto.NewCodeGenSDK(&keto.Configuration{
EndpointURL: viper.GetString("AUTHORIZER_KETO_URL"),
})
if err != nil {
logger.WithError(err).Fatal("Unable to initialize the ORY Keto SDK")
}
authorizers = append(authorizers, proxy.NewAuthorizerKetoWarden(ketoSdk))
authorizers = append(authorizers, proxy.NewAuthorizerKetoWarden(urlx.ParseOrFatal(logger, u)))
}

authenticators, authorizers, credentialIssuers := handlerFactories(keyManager)
10 changes: 4 additions & 6 deletions go.mod
Original file line number Diff line number Diff line change
@@ -25,7 +25,6 @@ require (
github.com/golang/protobuf v1.3.1 // indirect
github.com/gorilla/handlers v1.4.0 // indirect
github.com/gorilla/mux v1.7.1 // indirect
github.com/gorilla/sessions v1.1.3 // indirect
github.com/hashicorp/golang-lru v0.5.1 // indirect
github.com/jessevdk/go-flags v1.4.0 // indirect
github.com/jmoiron/sqlx v1.2.0
@@ -39,17 +38,16 @@ require (
github.com/mitchellh/gox v1.0.0
github.com/onsi/ginkgo v1.8.0 // indirect
github.com/onsi/gomega v1.5.0 // indirect
github.com/opencontainers/runc v1.0.0-rc5 // indirect
github.com/opentracing/opentracing-go v1.1.0 // indirect
github.com/ory/dockertest v3.3.4+incompatible
github.com/ory/fosite v0.29.1
github.com/ory/fosite v0.29.2
github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90
github.com/ory/go-convenience v0.1.0
github.com/ory/graceful v0.1.1
github.com/ory/herodot v0.6.0
github.com/ory/hydra v0.0.0-20181208123928-e4bc6c269c6f
github.com/ory/keto v0.0.0-20181213093025-a8d7f9f546ae
github.com/ory/ladon v1.0.1
github.com/ory/x v0.0.40
github.com/ory/x v0.0.46
github.com/pborman/uuid v1.2.0
github.com/pelletier/go-toml v1.3.0 // indirect
github.com/pkg/errors v0.8.1
@@ -64,6 +62,7 @@ require (
github.com/tcnksm/go-gitconfig v0.1.2 // indirect
github.com/tcnksm/go-latest v0.0.0-20170313132115-e3007ae9052e // indirect
github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce
github.com/toqueteos/webbrowser v1.1.0 // indirect
github.com/urfave/negroni v1.0.0
go.opencensus.io v0.20.0 // indirect
golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5 // indirect
@@ -74,7 +73,6 @@ require (
google.golang.org/appengine v1.5.0 // indirect
google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107 // indirect
google.golang.org/grpc v1.19.1 // indirect
gopkg.in/resty.v1 v1.10.3 // indirect
gopkg.in/square/go-jose.v2 v2.3.0
)

Loading