func createSystemUserInMemory() { permission := &rbac.Permission{"system-all", "*", "*", "*"} permissionSlice := make([]*rbac.Permission, 0) permissionSlice = append(permissionSlice, permission) role := &rbac.Role{"system-admin", permissionSlice, "system-admin"} roleSlice := make([]*rbac.Role, 0) roleSlice = append(roleSlice, role) resource := &rbac.Resource{"system-all", "*", "*"} resourceSlice := make([]*rbac.Resource, 0) resourceSlice = append(resourceSlice, resource) metaDataMap := make(map[string]string) // Use time as password and have it encrypted so no one other than system could use user := rbac.CreateUser("system", time.Now().String(), roleSlice, resourceSlice, "system-admin", metaDataMap, nil, false) // Set the duration to 100 years duration := time.Duration(time.Hour * 24 * 365 * 100) token, err := generateToken(user, duration) if err != nil { log.Critical(err) return } rbac.SetCache(token, user, duration) SystemAdminToken = token }
func generateToken(user *rbac.User, duration time.Duration) (string, error) { // Create the token token := jwt.New(jwt.SigningMethodHS512) // Set some claims token.Claims["username"] = user.Name token.Claims["expired"] = time.Now().Add(duration).Format(time.RFC3339) // Sign signedToken, err := token.SignedString([]byte(signingKey)) if err != nil { log.Error(err) return "", err } rbac.SetCache(signedToken, user, cacheTTL) // Sign and get the complete encoded token as a string return signedToken, nil }
func getCache(token string) (*rbac.User, error) { // Get from cache first user := rbac.GetCache(token) if user == nil { // Not exist. Ask the authorization server. cloudoneProtocol, ok := configuration.LocalConfiguration.GetString("cloudoneProtocol") if ok == false { log.Error("Unable to get configuration cloudoneProtocol") return nil, errors.New("Unable to get configuration cloudoneProtocol") } cloudoneHost, ok := configuration.LocalConfiguration.GetString("cloudoneHost") if ok == false { log.Error("Unable to get configuration cloudoneHost") return nil, errors.New("Unable to get configuration cloudoneHost") } cloudonePort, ok := configuration.LocalConfiguration.GetInt("cloudonePort") if ok == false { log.Error("Unable to get configuration cloudonePort") return nil, errors.New("Unable to get configuration cloudonePort") } url := cloudoneProtocol + "://" + cloudoneHost + ":" + strconv.Itoa(cloudonePort) + "/api/v1/authorizations/tokens/" + token + "/components/" + componentName user := &rbac.User{} _, err := restclient.RequestGetWithStructure(url, &user, nil) if err != nil { log.Debug(err) return nil, err } else { // Set Cache rbac.SetCache(token, user, cacheTTL) log.Info("Cache user %s", user.Name) return user, nil } } else { return user, nil } }