/
service.go
79 lines (68 loc) · 2.41 KB
/
service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
// Copyright 2018 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
package bakeryutil
import (
"context"
"encoding/json"
"time"
"github.com/go-macaroon-bakery/macaroon-bakery/v3/bakery"
"github.com/go-macaroon-bakery/macaroon-bakery/v3/bakery/checkers"
"github.com/juju/loggo"
"gopkg.in/macaroon.v2"
"github.com/juju/juju/apiserver/authentication"
"github.com/juju/juju/state/bakerystorage"
)
// BakeryThirdPartyLocator is an implementation of
// bakery.BakeryThirdPartyLocator that simply returns
// the embedded public key.
type BakeryThirdPartyLocator struct {
PublicKey bakery.PublicKey
}
// ThirdPartyInfo implements bakery.PublicKeyLocator.
func (b BakeryThirdPartyLocator) ThirdPartyInfo(ctx context.Context, loc string) (bakery.ThirdPartyInfo, error) {
return bakery.ThirdPartyInfo{
PublicKey: b.PublicKey,
Version: bakery.LatestVersion,
}, nil
}
// ExpirableStorageBakery wraps bakery.Bakery,
// adding the ExpireStorageAfter method.
type ExpirableStorageBakery struct {
*bakery.Bakery
Location string
Key *bakery.KeyPair
Store bakerystorage.ExpirableStorage
Locator bakery.ThirdPartyLocator
}
// ExpireStorageAfter implements authentication.ExpirableStorageBakery.
func (s *ExpirableStorageBakery) ExpireStorageAfter(t time.Duration) (authentication.ExpirableStorageBakery, error) {
store := s.Store.ExpireAfter(t)
service := bakery.New(bakery.BakeryParams{
Location: s.Location,
RootKeyStore: store,
Key: s.Key,
Locator: s.Locator,
})
return &ExpirableStorageBakery{service, s.Location, s.Key, store, s.Locator}, nil
}
// NewMacaroon implements MacaroonMinter.NewMacaroon.
func (s *ExpirableStorageBakery) NewMacaroon(ctx context.Context, version bakery.Version, caveats []checkers.Caveat, ops ...bakery.Op) (*bakery.Macaroon, error) {
return s.Oven.NewMacaroon(ctx, version, caveats, ops...)
}
var logger = loggo.GetLogger("juju.apiserver.bakery")
// Auth implements MacaroonChecker.Auth.
func (s *ExpirableStorageBakery) Auth(mss ...macaroon.Slice) *bakery.AuthChecker {
if logger.IsTraceEnabled() {
ctx := context.Background()
for i, ms := range mss {
ops, conditions, err := s.Oven.VerifyMacaroon(ctx, ms)
if err != nil {
mac, _ := json.Marshal(ms)
logger.Tracef("verify macaroon err: %v\nfor\n%s", err, mac)
continue
}
logger.Tracef("macaroon %d: %+v : %v", i, ops, conditions)
}
}
return s.Checker.Auth(mss...)
}