Skip to content
Snippets Groups Projects
Commit a339809d authored by Lyuben Penkovski's avatar Lyuben Penkovski
Browse files

Merge branch '1-jwt-auth-middleware' into 'main'

Use JWT auth middleware with configuration option

Closes #1

See merge request gaia-x/data-infrastructure-federation-services/tsa/task!2
parents f99ad128 f511e1f5
Branches
Tags v1.1.0
No related merge requests found
Pipeline #55306 passed
Showing
with 80 additions and 21 deletions
......@@ -16,24 +16,39 @@ include:
- template: 'Workflows/Branch-Pipelines.gitlab-ci.yml'
lint:
image: golangci/golangci-lint:v1.44.2
image: golangci/golangci-lint:v1.50.1
stage: test
tags:
- amd64-docker
script:
- golangci-lint --version
- golangci-lint run
before_script:
- ln -s /builds /go/src/gitlab.com
- cd /go/src/gitlab.com/${CI_PROJECT_PATH}
script:
- go version
- golangci-lint --version
- golangci-lint run
unit tests:
image: golang:1.17.7
image: golang:1.19.3
extends: .gotest
stage: test
tags:
- amd64-docker
before_script: []
coverage: '/total:\s+\(statements\)\s+(\d+.\d+\%)/'
govulncheck:
image: golang:1.19.3
stage: test
tags:
- amd64-docker
before_script:
- ln -s /builds /go/src/gitlab.com
- cd /go/src/gitlab.com/${CI_PROJECT_PATH}
script:
- go version
- go install golang.org/x/vuln/cmd/govulncheck@latest
- govulncheck ./...
amd64:
extends: .docker-build
......
......@@ -12,7 +12,6 @@ linters:
enable:
- megacheck
- govet
- deadcode
- errcheck
- goconst
- gocyclo
......@@ -22,10 +21,9 @@ linters:
- ineffassign
- nakedret
- staticcheck
- structcheck
- unconvert
- varcheck
- vet
- vetshadow
- misspell
- staticcheck
- unused
......@@ -21,6 +21,7 @@ import (
"golang.org/x/oauth2/clientcredentials"
"golang.org/x/sync/errgroup"
"gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/auth"
"gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/graceful"
goahealth "gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/task/gen/health"
goahealthsrv "gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/task/gen/http/health/server"
......@@ -74,6 +75,8 @@ func main() {
// create storage
storage := storage.New(db)
httpClient := httpClient()
// create an HTTP Client which uses an authentication token
// Create an HTTP Client which uses an authentication token.
// The token will auto-refresh as necessary.
......@@ -95,7 +98,7 @@ func main() {
cfg.Executor.Workers,
cfg.Executor.PollInterval,
cfg.Executor.MaxTaskRetries,
httpClient(),
httpClient,
logger,
)
......@@ -106,7 +109,7 @@ func main() {
cache,
cfg.ListExecutor.Workers,
cfg.ListExecutor.PollInterval,
httpClient(),
httpClient,
logger,
)
......@@ -166,6 +169,16 @@ func main() {
openapiServer = goaopenapisrv.New(openapiEndpoints, mux, dec, enc, nil, errFormatter, nil, nil)
}
// Apply Authentication middleware if enabled.
if cfg.Auth.Enabled {
m, err := auth.NewMiddleware(cfg.Auth.JwkURL, cfg.Auth.RefreshInterval, httpClient)
if err != nil {
log.Fatalf("failed to create authentication middleware: %v", err)
}
taskServer.Use(m.Handler())
taskListServer.Use(m.Handler())
}
// Configure the mux.
goatasksrv.Mount(mux, taskServer)
goatasklistsrv.Mount(mux, taskListServer)
......@@ -231,14 +244,14 @@ func httpClient() *http.Client {
Transport: &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
Timeout: 10 * time.Second,
}).DialContext,
MaxIdleConns: 100,
MaxIdleConnsPerHost: 100,
TLSHandshakeTimeout: 10 * time.Second,
IdleConnTimeout: 60 * time.Second,
},
Timeout: 30 * time.Second,
Timeout: 20 * time.Second,
}
}
......@@ -256,7 +269,7 @@ func exposeMetrics(addr string, logger *zap.Logger) {
promMux := http.NewServeMux()
promMux.Handle("/metrics", promhttp.Handler())
logger.Info(fmt.Sprintf("exposing prometheus metrics at %s/metrics", addr))
if err := http.ListenAndServe(addr, promMux); err != nil {
if err := http.ListenAndServe(addr, promMux); err != nil { //nolint:gosec
logger.Error("error exposing prometheus metrics", zap.Error(err))
}
}
FROM golang:1.19-alpine3.15 as builder
FROM golang:1.19.3-alpine3.15 as builder
RUN apk add git
......
FROM golang:1.19
FROM golang:1.19.3
ENV GO111MODULE=on
......
......@@ -8,7 +8,7 @@ require (
github.com/kelseyhightower/envconfig v1.4.0
github.com/prometheus/client_golang v1.13.0
github.com/stretchr/testify v1.8.0
gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib v0.0.0-20220913103832-19b72aa5e623
gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib v1.1.1
go.mongodb.org/mongo-driver v1.8.4
go.uber.org/zap v1.21.0
goa.design/goa/v3 v3.8.5
......@@ -20,9 +20,11 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
github.com/dimfeld/httppath v0.0.0-20170720192232-ee938bf73598 // indirect
github.com/dimfeld/httptreemux/v5 v5.4.0 // indirect
github.com/go-stack/stack v1.8.0 // indirect
github.com/goccy/go-json v0.9.11 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/golang/snappy v0.0.1 // indirect
github.com/gopherjs/gopherjs v0.0.0-20220221023154-0b2280d3ff96 // indirect
......@@ -31,6 +33,12 @@ require (
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/jtolds/gls v4.20.0+incompatible // indirect
github.com/klauspost/compress v1.13.6 // indirect
github.com/lestrrat-go/blackmagic v1.0.1 // indirect
github.com/lestrrat-go/httpcc v1.0.1 // indirect
github.com/lestrrat-go/httprc v1.0.4 // indirect
github.com/lestrrat-go/iter v1.0.2 // indirect
github.com/lestrrat-go/jwx/v2 v2.0.6 // indirect
github.com/lestrrat-go/option v1.0.0 // indirect
github.com/manveru/faker v0.0.0-20171103152722-9fbc68a78c4d // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
......@@ -47,7 +55,7 @@ require (
github.com/zach-klippenstein/goregen v0.0.0-20160303162051-795b5e3961ea // indirect
go.uber.org/atomic v1.7.0 // indirect
go.uber.org/multierr v1.6.0 // indirect
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f // indirect
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b // indirect
golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704 // indirect
......
......@@ -58,6 +58,9 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 h1:HbphB4TFFXpv7MNrT52FGrrgVXF1owhMVTHFZIlnvd4=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0/go.mod h1:DZGJHZMqrU4JJqFAWUS2UO1+lbSKsdiOoYi9Zzey7Fc=
github.com/dimfeld/httppath v0.0.0-20170720192232-ee938bf73598 h1:MGKhKyiYrvMDZsmLR/+RGffQSXwEkXgfLSA08qDn9AI=
github.com/dimfeld/httppath v0.0.0-20170720192232-ee938bf73598/go.mod h1:0FpDmbrt36utu8jEmeU05dPC9AB5tsLYVVi+ZHfyuwI=
github.com/dimfeld/httptreemux/v5 v5.4.0 h1:IiHYEjh+A7pYbhWyjmGnj5HZK6gpOOvyBXCJ+BE8/Gs=
......@@ -79,6 +82,8 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG
github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk=
github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
......@@ -175,6 +180,18 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8=
github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
github.com/lestrrat-go/jwx/v2 v2.0.6 h1:RlyYNLV892Ed7+FTfj1ROoF6x7WxL965PGTHso/60G0=
github.com/lestrrat-go/jwx/v2 v2.0.6/go.mod h1:aVrGuwEr3cp2Prw6TtQvr8sQxe+84gruID5C9TxT64Q=
github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
github.com/manveru/faker v0.0.0-20171103152722-9fbc68a78c4d h1:Zj+PHjnhRYWBK6RqCDBcAhLXoi3TzC27Zad/Vn+gnVQ=
github.com/manveru/faker v0.0.0-20171103152722-9fbc68a78c4d/go.mod h1:WZy8Q5coAB1zhY9AOBJP0O6J4BuDfbupUDavKY+I3+s=
github.com/manveru/gobdd v0.0.0-20131210092515-f1a17fdd710b h1:3E44bLeN8uKYdfQqVQycPnaVviZdBLbizFhU49mtbe4=
......@@ -255,8 +272,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/zach-klippenstein/goregen v0.0.0-20160303162051-795b5e3961ea h1:CyhwejzVGvZ3Q2PSbQ4NRRYn+ZWv5eS1vlaEusT+bAI=
github.com/zach-klippenstein/goregen v0.0.0-20160303162051-795b5e3961ea/go.mod h1:eNr558nEUjP8acGw8FFjTeWvSgU1stO7FAO6eknhHe4=
gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib v0.0.0-20220913103832-19b72aa5e623 h1:VuWLKBdO5bTGimppwkk6v+cJZ6onc2J16hBXHf048GU=
gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib v0.0.0-20220913103832-19b72aa5e623/go.mod h1:5BPRkziGjdCI9xVfJBGY+7Ea51gtiEEs7+rbYeC8lnY=
gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib v1.1.1 h1:VdHDHXko2Z+YplWDliA1M0tcyCMDLp2qPPYx0C8fviI=
gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib v1.1.1/go.mod h1:0y0nhsIVlNFwyIopCi4FLZZuJK+aTP80p4KFRS4MlHA=
go.mongodb.org/mongo-driver v1.8.4 h1:NruvZPPL0PBcRJKmbswoWSrmHeUvzdxA3GCPfD/NEOA=
go.mongodb.org/mongo-driver v1.8.4/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
......@@ -281,8 +298,8 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f h1:OeJjE6G4dgCY4PIXvIRQbE8+RX+uXZyGhUy/ksMGJoc=
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
......@@ -346,6 +363,7 @@ golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b h1:3ogNYyK4oIQdIKzTu68hQrr4iuVxF3AxKl9Aj/eDrw0=
......
......@@ -4,6 +4,7 @@ import "time"
type Config struct {
HTTP httpConfig
Auth authConfig
Mongo mongoConfig
Policy policyConfig
Executor executorConfig
......@@ -23,6 +24,12 @@ type httpConfig struct {
WriteTimeout time.Duration `envconfig:"HTTP_WRITE_TIMEOUT" default:"10s"`
}
type authConfig struct {
Enabled bool `envconfig:"AUTH_ENABLED" default:"true"`
JwkURL string `envconfig:"AUTH_JWK_URL"`
RefreshInterval time.Duration `envconfig:"AUTH_REFRESH_INTERVAL" default:"1h"`
}
type mongoConfig struct {
Addr string `envconfig:"MONGO_ADDR" required:"true"`
User string `envconfig:"MONGO_USER" required:"true"`
......
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment