func createSystemUserInMemory() {
permission := &rbac.Permission{"system-all", "*", "*", "*"}
permissionSlice := make([]*rbac.Permission, 0)
permissionSlice = append(permissionSlice, permission)
role := &rbac.Role{"system-admin", permissionSlice, "system-admin"}
roleSlice := make([]*rbac.Role, 0)
roleSlice = append(roleSlice, role)
resource := &rbac.Resource{"system-all", "*", "*"}
resourceSlice := make([]*rbac.Resource, 0)
resourceSlice = append(resourceSlice, resource)
metaDataMap := make(map[string]string)
// Use time as password and have it encrypted so no one other than system could use
user := rbac.CreateUser("system", time.Now().String(), roleSlice, resourceSlice, "system-admin", metaDataMap, nil, false)
// Set the duration to 100 years
duration := time.Duration(time.Hour * 24 * 365 * 100)
token, err := generateToken(user, duration)
if err != nil {
log.Critical(err)
return
}
rbac.SetCache(token, user, duration)
SystemAdminToken = token
}
func generateToken(user *rbac.User, duration time.Duration) (string, error) {
// Create the token
token := jwt.New(jwt.SigningMethodHS512)
// Set some claims
token.Claims["username"] = user.Name
token.Claims["expired"] = time.Now().Add(duration).Format(time.RFC3339)
// Sign
signedToken, err := token.SignedString([]byte(signingKey))
if err != nil {
log.Error(err)
return "", err
}
rbac.SetCache(signedToken, user, cacheTTL)
// Sign and get the complete encoded token as a string
return signedToken, nil
}
func getCache(token string) (*rbac.User, error) {
// Get from cache first
user := rbac.GetCache(token)
if user == nil {
// Not exist. Ask the authorization server.
cloudoneProtocol, ok := configuration.LocalConfiguration.GetString("cloudoneProtocol")
if ok == false {
log.Error("Unable to get configuration cloudoneProtocol")
return nil, errors.New("Unable to get configuration cloudoneProtocol")
}
cloudoneHost, ok := configuration.LocalConfiguration.GetString("cloudoneHost")
if ok == false {
log.Error("Unable to get configuration cloudoneHost")
return nil, errors.New("Unable to get configuration cloudoneHost")
}
cloudonePort, ok := configuration.LocalConfiguration.GetInt("cloudonePort")
if ok == false {
log.Error("Unable to get configuration cloudonePort")
return nil, errors.New("Unable to get configuration cloudonePort")
}
url := cloudoneProtocol + "://" + cloudoneHost + ":" + strconv.Itoa(cloudonePort) +
"/api/v1/authorizations/tokens/" + token + "/components/" + componentName
user := &rbac.User{}
_, err := restclient.RequestGetWithStructure(url, &user, nil)
if err != nil {
log.Debug(err)
return nil, err
} else {
// Set Cache
rbac.SetCache(token, user, cacheTTL)
log.Info("Cache user %s", user.Name)
return user, nil
}
} else {
return user, nil
}
}
