-
Notifications
You must be signed in to change notification settings - Fork 53
/
server.go
124 lines (105 loc) · 3.12 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package noauth
import (
"context"
"crypto/rand"
"crypto/rsa"
"embed"
"fmt"
"net"
"net/http"
"github.com/lestrrat-go/jwx/jwk"
"github.com/ory/fosite"
managementv1 "github.com/rancher/opni/pkg/apis/management/v1"
"github.com/rancher/opni/pkg/auth/openid"
"github.com/rancher/opni/pkg/util"
"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
"go.uber.org/zap"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"
)
type ServerConfig struct {
Issuer string `json:"issuer,omitempty"`
ClientID string `json:"clientID,omitempty"`
ClientSecret string `json:"clientSecret,omitempty"`
GrafanaHostname string `json:"grafanaHostname,omitempty"`
RedirectURI string `json:"redirectURI,omitempty"`
ManagementAPIEndpoint string `json:"managementAPIEndpoint,omitempty"`
Port int `json:"port,omitempty"`
Debug bool `json:"debug,omitempty"`
OpenID openid.OpenidConfig `json:"openid,omitempty"`
Logger *zap.SugaredLogger `json:"-"`
}
type Server struct {
ServerConfig
mgmtApiClient managementv1.ManagementClient
noauthProvider fosite.OAuth2Provider
key jwk.Key
}
func NewServer(conf *ServerConfig) *Server {
privKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
panic(err)
}
key, err := jwk.New(privKey)
if err != nil {
panic(err)
}
if err := jwk.AssignKeyID(key); err != nil {
panic(err)
}
provider := newOAuthProvider(conf, privKey)
return &Server{
ServerConfig: *conf,
noauthProvider: provider,
key: key,
}
}
type templateData struct {
Users []string
}
//go:embed web
var webFS embed.FS
func (s *Server) ListenAndServe(ctx context.Context) error {
lg := s.Logger
listener, err := net.Listen("tcp4", fmt.Sprintf("0.0.0.0:%d", s.Port))
if err != nil {
return err
}
lg.With(
"address", listener.Addr(),
).Info("noauth server starting")
mux := http.NewServeMux()
if err := s.connectToManagementAPI(ctx); err != nil {
return err
}
s.configureOAuthServer(mux)
s.configureWebServer(ctx, mux)
return util.ServeHandler(ctx, mux, listener)
}
func (s *Server) connectToManagementAPI(ctx context.Context) error {
lg := s.Logger
lg.With(
"address", s.ManagementAPIEndpoint,
).Info("connecting to management api")
cc, err := grpc.DialContext(ctx, s.ManagementAPIEndpoint,
grpc.WithTransportCredentials(insecure.NewCredentials()),
grpc.WithChainStreamInterceptor(otelgrpc.StreamClientInterceptor()),
grpc.WithChainUnaryInterceptor(otelgrpc.UnaryClientInterceptor()),
grpc.WithBlock(),
)
if err != nil {
return err
}
lg.Info("connected to management api")
s.mgmtApiClient = managementv1.NewManagementClient(cc)
return nil
}
func (s *Server) configureWebServer(_ context.Context, mux *http.ServeMux) {
mux.Handle("/web/", http.FileServer(http.FS(webFS)))
}
func (in *ServerConfig) DeepCopyInto(out *ServerConfig) {
util.DeepCopyInto(out, in)
}
func (in *ServerConfig) DeepCopy() *ServerConfig {
return util.DeepCopy(in)
}