feat(kuma-cp) Initial token generator with HTTP Server on localhost #326

jakubdyszkiewicz · 2019-10-10T00:47:32Z

Summary

Implementation of initial token generator. I added the server that generates JWT token for dataplanes. It listens on http://127.0.0.1:5679. Private key for JWT token is generated on CP startup.

Tokens are not yet used.

pkg/config/app/kuma-cp/config.go

pkg/config/app/kuma-cp/kuma-cp.defaults.yaml

pkg/config/sds/config.go

pkg/core/secrets/manager/auth_private_key.go

pkg/sds/auth/interfaces.go

pkg/sds/auth/universal/authenticator.go

pkg/sds/auth/universal/generator.go

pkg/sds/server/initial_token_server.go

pkg/sds/server/server.go

yskopets

Should we consider Token Issuer per Mesh (similarly to CA per Mesh) ?

pkg/config/token-server/config.go

pkg/tokens/builtin/issuer/signing_key.go

pkg/tokens/builtin/issuer/issuer.go

pkg/core/bootstrap/bootstrap.go

pkg/sds/auth/universal/auth_test.go

pkg/sds/auth/universal/authenticator.go

jakubdyszkiewicz · 2019-10-14T18:23:48Z

Should we consider Token Issuer per Mesh (similarly to CA per Mesh) ?

Do we really need it though? I feel like this is an improvement that can be added later on.

yskopets · 2019-10-15T11:40:22Z

pkg/tokens/builtin/server/dataplane_token_server.go

+	if rt.Config().Environment != config_core.KubernetesEnvironment {
+	}


What is the purpose of these lines ?

I think I did a mistake when merging/rebasing. Fixed

yskopets · 2019-10-15T11:45:33Z

pkg/tokens/builtin/server/dataplane_token_server.go

+
+func (a *DataplaneTokenServer) Start(stop <-chan struct{}) error {
+	mux := http.NewServeMux()
+	mux.HandleFunc("/token", a.handleIdentityRequest)


I would expect POST /tokens

jakubdyszkiewicz requested a review from yskopets October 10, 2019 00:47

jakubdyszkiewicz added kuma-cp labels Oct 10, 2019

yskopets suggested changes Oct 11, 2019

View reviewed changes

jakubdyszkiewicz requested a review from yskopets October 11, 2019 18:54

yskopets reviewed Oct 14, 2019

View reviewed changes

jakubdyszkiewicz added 5 commits October 14, 2019 11:13

feat(kuma-cp) initial token generator with http server

bf5c75d

feat(kuma-cp) change packages and names

6e4c803

feat(kuma-cp) sign token with rsa

7a2e10b

feat(kuma-cp) review fix

77d5441

feat(kuma-cp) wait for the dataplane server in tests

4c93127

jakubdyszkiewicz force-pushed the feature/initial-token branch from 1e67648 to 4c93127 Compare October 14, 2019 18:22

jakubdyszkiewicz requested a review from yskopets October 14, 2019 18:36

yskopets approved these changes Oct 15, 2019

View reviewed changes

jakubdyszkiewicz added 2 commits October 15, 2019 09:30

feat(kuma-cp) review

ea856c9

feat(kuma-cp) flaky test

4b19bec

jakubdyszkiewicz merged commit e5e4657 into master Oct 16, 2019

jakubdyszkiewicz deleted the feature/initial-token branch February 28, 2020 08:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(kuma-cp) Initial token generator with HTTP Server on localhost #326

feat(kuma-cp) Initial token generator with HTTP Server on localhost #326

jakubdyszkiewicz commented Oct 10, 2019

yskopets left a comment

jakubdyszkiewicz commented Oct 14, 2019

yskopets Oct 15, 2019

jakubdyszkiewicz Oct 16, 2019

yskopets Oct 15, 2019

jakubdyszkiewicz Oct 16, 2019

		if rt.Config().Environment != config_core.KubernetesEnvironment {
		}

feat(kuma-cp) Initial token generator with HTTP Server on localhost #326

feat(kuma-cp) Initial token generator with HTTP Server on localhost #326

Conversation

jakubdyszkiewicz commented Oct 10, 2019

Summary

yskopets left a comment

Choose a reason for hiding this comment

jakubdyszkiewicz commented Oct 14, 2019

yskopets Oct 15, 2019

Choose a reason for hiding this comment

jakubdyszkiewicz Oct 16, 2019

Choose a reason for hiding this comment

yskopets Oct 15, 2019

Choose a reason for hiding this comment

jakubdyszkiewicz Oct 16, 2019

Choose a reason for hiding this comment