Beispiel #1
0
func main() {
	flag.Parse()
	lis, err := net.Listen("tcp", *serverAddr)
	if err != nil {
		grpclog.Fatalf("failed to listen: %v", err)
	}
	var opts []grpc.ServerOption
	if *tls {
		creds, err := credentials.NewServerTLSFromFile(*certFile, *keyFile)
		if err != nil {
			grpclog.Fatalf("Failed to generate credentials %v", err)
		}
		opts = append(opts, grpc.Creds(creds))
	}
	grpcServer := grpc.NewServer(opts...)
	oidcClient, err := util.GetOIDCClient(*clientID, *clientSecret, *discovery, *redirectURL)
	if err != nil {
		grpclog.Fatalf("unable to get oidc client: %s", err)
	}
	s, err := server.NewRoloServer(oidcClient, *policyFile)
	if err != nil {
		grpclog.Fatalln("unable to create ca from parent:", err)
	}
	pb.RegisterRoloServer(grpcServer, s)
	grpclog.Println("serving at", *serverAddr)
	grpcServer.Serve(lis)
}
Beispiel #2
0
func main() {
	flag.Parse()

	if *idRefreshTokenFile == "" {
		fmt.Println("Must set -refresh-token-file")
		return
	}
	oidcClient, err := util.GetOIDCClient(*clientID, *clientSecret, *discovery, *redirectURL)
	if err != nil {
		fmt.Println(err)
		return
	}
	var tok *oauth2.TokenResponse
	f, err := os.Open(*idRefreshTokenFile)
	defer f.Close()
	if err != nil {
		fmt.Println("error reading refresh token, fetching a new one and writing to", *idRefreshTokenFile)
		oac, jwtChan, err := getJWT(oidcClient, "localhost:5555")
		if err != nil {
			fmt.Println(err)
			return
		}
		if err != nil {
			fmt.Println(err)
			return
		}
		fmt.Println(oac.AuthCodeURL("", "", ""))
		tok = <-jwtChan
		f, err := os.Create(*idRefreshTokenFile)
		defer f.Close()
		if err != nil {
			fmt.Println(err)
			return
		}
		f.Write([]byte(tok.RefreshToken))
	}
	refToken, err := ioutil.ReadAll(f)
	if err != nil {
		fmt.Println(err)
		return
	}
	jwt, err := oidcClient.RefreshToken(string(refToken))
	if err != nil {
		fmt.Println(err)
		return
	}

	c, err := client.NewRoloClient(jwt, false, *rolodAddr, "", "")
	if err != nil {
		fmt.Println(err)
		return
	}
	allowed, err := c.Authorize(*user, *group, *resource, *namespace, *readonly)
	if err != nil {
		fmt.Println(err)
	}
	if !allowed {
		fmt.Println("not authorized")
		os.Exit(1)
	}
	fmt.Println("authorized")
}