func main() { flag.Parse() lis, err := net.Listen("tcp", *serverAddr) if err != nil { grpclog.Fatalf("failed to listen: %v", err) } var opts []grpc.ServerOption if *tls { creds, err := credentials.NewServerTLSFromFile(*certFile, *keyFile) if err != nil { grpclog.Fatalf("Failed to generate credentials %v", err) } opts = append(opts, grpc.Creds(creds)) } grpcServer := grpc.NewServer(opts...) oidcClient, err := util.GetOIDCClient(*clientID, *clientSecret, *discovery, *redirectURL) if err != nil { grpclog.Fatalf("unable to get oidc client: %s", err) } s, err := server.NewRoloServer(oidcClient, *policyFile) if err != nil { grpclog.Fatalln("unable to create ca from parent:", err) } pb.RegisterRoloServer(grpcServer, s) grpclog.Println("serving at", *serverAddr) grpcServer.Serve(lis) }
func main() { flag.Parse() if *idRefreshTokenFile == "" { fmt.Println("Must set -refresh-token-file") return } oidcClient, err := util.GetOIDCClient(*clientID, *clientSecret, *discovery, *redirectURL) if err != nil { fmt.Println(err) return } var tok *oauth2.TokenResponse f, err := os.Open(*idRefreshTokenFile) defer f.Close() if err != nil { fmt.Println("error reading refresh token, fetching a new one and writing to", *idRefreshTokenFile) oac, jwtChan, err := getJWT(oidcClient, "localhost:5555") if err != nil { fmt.Println(err) return } if err != nil { fmt.Println(err) return } fmt.Println(oac.AuthCodeURL("", "", "")) tok = <-jwtChan f, err := os.Create(*idRefreshTokenFile) defer f.Close() if err != nil { fmt.Println(err) return } f.Write([]byte(tok.RefreshToken)) } refToken, err := ioutil.ReadAll(f) if err != nil { fmt.Println(err) return } jwt, err := oidcClient.RefreshToken(string(refToken)) if err != nil { fmt.Println(err) return } c, err := client.NewRoloClient(jwt, false, *rolodAddr, "", "") if err != nil { fmt.Println(err) return } allowed, err := c.Authorize(*user, *group, *resource, *namespace, *readonly) if err != nil { fmt.Println(err) } if !allowed { fmt.Println("not authorized") os.Exit(1) } fmt.Println("authorized") }