sdk: Remove sdk dependencies to keto/hydra

This patch replaces code-generated SDKs with raw http.Client calls which reduces dependencies and makes future changes to the keto/hydra SDK easier to adopt to. Signed-off-by: aeneasr <aeneas@ory.sh>
ory · Apr 12, 2019 · 3a41351 · 3a41351
1 parent cbccbe2
commit 3a41351
Show file tree

Hide file tree

Showing 14 changed files with 245 additions and 1,243 deletions.
diff --git a/Makefile b/Makefile
@@ -4,13 +4,11 @@ SHELL=/bin/bash -o pipefail
 format:
 		goreturns -w -local github.com/ory $$(listx .)
 
-.PHONY: gen-mocks
-gen-mocks:
-		mockgen -package proxy -destination proxy/keto_warden_sdk_mock.go -source ./proxy/authorizer_keto_warden.go KetoWardenSDK
-		mockgen -package proxy -destination proxy/authenticator_oauth2_introspection_mock.go -source ./proxy/authenticator_oauth2_introspection.go authenticatorOAuth2IntrospectionHelper
+.PHONY: mocks
+mocks:
 
 .PHONY: gen
-		gen: gen-mocks sdk
+		gen: mocks sdk
 
 .PHONY: sdk
 sdk:

diff --git a/cmd/helper_server.go b/cmd/helper_server.go
@@ -21,40 +21,48 @@
 package cmd
 
 import (
+	"context"
 	"crypto/tls"
 	"encoding/base64"
 	"fmt"
+	"net/http"
 	"net/url"
 	"strings"
 	"time"
 
+	"golang.org/x/oauth2/clientcredentials"
+
+	"github.com/ory/x/urlx"
+
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
 
 	"github.com/ory/fosite"
 	"github.com/ory/go-convenience/stringsx"
-	"github.com/ory/hydra/sdk/go/hydra"
-	"github.com/ory/keto/sdk/go/keto"
 	"github.com/ory/oathkeeper/proxy"
 	"github.com/ory/oathkeeper/rsakey"
 	"github.com/ory/oathkeeper/rule"
 )
 
-func getHydraSDK() hydra.SDK {
-	sdk, err := hydra.NewSDK(&hydra.Configuration{
-		ClientID:     viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_ID"),
-		ClientSecret: viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_SECRET"),
-		AdminURL:     viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL"),
-		PublicURL:    viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_PUBLIC_URL"),
-		Scopes:       strings.Split(viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_SCOPES"), ","),
-	})
-
-	if err != nil {
-		logger.WithError(err).Fatalln("Unable to connect to Hydra SDK")
-		return nil
+func getHydraSDK() (*http.Client, *url.URL) {
+	var (
+		id     = viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_ID")
+		secret = viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_SECRET")
+		admin  = viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL")
+		public = viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_PUBLIC_URL")
+		scope  = stringsx.Splitx(viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_SCOPES"), ",")
+	)
+	u := urlx.ParseOrFatal(logger, admin)
+	if len(id)+len(secret)+len(scope) > 0 {
+		return (&clientcredentials.Config{
+			ClientID:     id,
+			ClientSecret: secret,
+			TokenURL:     urlx.AppendPaths(urlx.ParseOrFatal(logger, public), "/oauth2/token").String(),
+			Scopes:       scope,
+		}).Client(context.Background()), u
 	}
-	return sdk
+	return &http.Client{Timeout: time.Second * 5}, u
 }
 
 func refreshRules(m rule.Refresher, duration time.Duration) {
@@ -124,11 +132,8 @@ func keyManagerFactory(l logrus.FieldLogger) (keyManager rsakey.Manager, err err
 		//case "rs256":
 		//	keyManager = &rsakey.LocalRS256Manager{KeyStrength: 4096}
 	case "ory-hydra":
-		sdk := getHydraSDK()
-		keyManager = &rsakey.HydraManager{
-			SDK: sdk,
-			Set: viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_JWK_SET_ID"),
-		}
+		c, u := getHydraSDK()
+		keyManager = rsakey.NewHydraManager(viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_JWK_SET_ID"), c, u)
 	default:
 		return nil, errors.Errorf("Unknown ID Token singing algorithm %s", a)
 	}
@@ -247,16 +252,12 @@ func handlerFactories(keyManager rsakey.Manager) ([]proxy.Authenticator, []proxy
 	}
 
 	if u := viper.GetString("AUTHORIZER_KETO_URL"); len(u) > 0 {
-		if _, err := url.ParseRequestURI(u); err != nil {
-			logger.WithError(err).Fatalf("Value \"%s\" from environment variable \"AUTHORIZER_KETO_URL\" is not a valid URL.", u)
-		}
-		ketoSdk, err := keto.NewCodeGenSDK(&keto.Configuration{
-			EndpointURL: u,
-		})
+		uu, err := url.ParseRequestURI(u)
 		if err != nil {
-			logger.WithError(err).Fatal("Unable to initialize the ORY Keto SDK.")
+			logger.WithError(err).Fatalf("Value \"%s\" from environment variable \"AUTHORIZER_KETO_URL\" is not a valid URL.", u)
 		}
-		authorizers = append(authorizers, proxy.NewAuthorizerKetoWarden(ketoSdk))
+
+		authorizers = append(authorizers, proxy.NewAuthorizerKetoWarden(uu))
 	} else {
 		logger.Warn("Authorizer \"ory-keto\" is not configured and thus disabled.")
 	}

diff --git a/cmd/serve_proxy.go b/cmd/serve_proxy.go
@@ -27,13 +27,14 @@ import (
 	"net/http/httputil"
 	"net/url"
 
+	"github.com/ory/x/urlx"
+
 	negronilogrus "github.com/meatballhat/negroni-logrus"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/urfave/negroni"
 
 	"github.com/ory/graceful"
-	"github.com/ory/keto/sdk/go/keto"
 	"github.com/ory/oathkeeper/proxy"
 	"github.com/ory/oathkeeper/rule"
 	"github.com/ory/x/corsx"
@@ -205,13 +206,7 @@ OTHER CONTROLS
 		}
 
 		if u := viper.GetString("AUTHORIZER_KETO_URL"); len(u) > 0 {
-			ketoSdk, err := keto.NewCodeGenSDK(&keto.Configuration{
-				EndpointURL: viper.GetString("AUTHORIZER_KETO_URL"),
-			})
-			if err != nil {
-				logger.WithError(err).Fatal("Unable to initialize the ORY Keto SDK")
-			}
-			authorizers = append(authorizers, proxy.NewAuthorizerKetoWarden(ketoSdk))
+			authorizers = append(authorizers, proxy.NewAuthorizerKetoWarden(urlx.ParseOrFatal(logger, u)))
 		}
 
 		authenticators, authorizers, credentialIssuers := handlerFactories(keyManager)

diff --git a/go.mod b/go.mod
@@ -25,7 +25,6 @@ require (
 	github.com/golang/protobuf v1.3.1 // indirect
 	github.com/gorilla/handlers v1.4.0 // indirect
 	github.com/gorilla/mux v1.7.1 // indirect
-	github.com/gorilla/sessions v1.1.3 // indirect
 	github.com/hashicorp/golang-lru v0.5.1 // indirect
 	github.com/jessevdk/go-flags v1.4.0 // indirect
 	github.com/jmoiron/sqlx v1.2.0
@@ -39,17 +38,16 @@ require (
 	github.com/mitchellh/gox v1.0.0
 	github.com/onsi/ginkgo v1.8.0 // indirect
 	github.com/onsi/gomega v1.5.0 // indirect
+	github.com/opencontainers/runc v1.0.0-rc5 // indirect
 	github.com/opentracing/opentracing-go v1.1.0 // indirect
 	github.com/ory/dockertest v3.3.4+incompatible
-	github.com/ory/fosite v0.29.1
+	github.com/ory/fosite v0.29.2
 	github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90
 	github.com/ory/go-convenience v0.1.0
 	github.com/ory/graceful v0.1.1
 	github.com/ory/herodot v0.6.0
-	github.com/ory/hydra v0.0.0-20181208123928-e4bc6c269c6f
-	github.com/ory/keto v0.0.0-20181213093025-a8d7f9f546ae
 	github.com/ory/ladon v1.0.1
-	github.com/ory/x v0.0.40
+	github.com/ory/x v0.0.46
 	github.com/pborman/uuid v1.2.0
 	github.com/pelletier/go-toml v1.3.0 // indirect
 	github.com/pkg/errors v0.8.1
@@ -64,6 +62,7 @@ require (
 	github.com/tcnksm/go-gitconfig v0.1.2 // indirect
 	github.com/tcnksm/go-latest v0.0.0-20170313132115-e3007ae9052e // indirect
 	github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce
+	github.com/toqueteos/webbrowser v1.1.0 // indirect
 	github.com/urfave/negroni v1.0.0
 	go.opencensus.io v0.20.0 // indirect
 	golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5 // indirect
@@ -74,7 +73,6 @@ require (
 	google.golang.org/appengine v1.5.0 // indirect
 	google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107 // indirect
 	google.golang.org/grpc v1.19.1 // indirect
-	gopkg.in/resty.v1 v1.10.3 // indirect
 	gopkg.in/square/go-jose.v2 v2.3.0
 )