Esempio n. 1
0
func createSystemUserInMemory() {
	permission := &rbac.Permission{"system-all", "*", "*", "*"}
	permissionSlice := make([]*rbac.Permission, 0)
	permissionSlice = append(permissionSlice, permission)
	role := &rbac.Role{"system-admin", permissionSlice, "system-admin"}
	roleSlice := make([]*rbac.Role, 0)
	roleSlice = append(roleSlice, role)
	resource := &rbac.Resource{"system-all", "*", "*"}
	resourceSlice := make([]*rbac.Resource, 0)
	resourceSlice = append(resourceSlice, resource)
	metaDataMap := make(map[string]string)
	// Use time as password and have it encrypted so no one other than system could use
	user := rbac.CreateUser("system", time.Now().String(), roleSlice, resourceSlice, "system-admin", metaDataMap, nil, false)

	// Set the duration to 100 years
	duration := time.Duration(time.Hour * 24 * 365 * 100)

	token, err := generateToken(user, duration)
	if err != nil {
		log.Critical(err)
		return
	}

	rbac.SetCache(token, user, duration)
	SystemAdminToken = token
}
Esempio n. 2
0
func generateToken(user *rbac.User, duration time.Duration) (string, error) {
	// Create the token
	token := jwt.New(jwt.SigningMethodHS512)
	// Set some claims
	token.Claims["username"] = user.Name
	token.Claims["expired"] = time.Now().Add(duration).Format(time.RFC3339)
	// Sign
	signedToken, err := token.SignedString([]byte(signingKey))
	if err != nil {
		log.Error(err)
		return "", err
	}

	rbac.SetCache(signedToken, user, cacheTTL)

	// Sign and get the complete encoded token as a string
	return signedToken, nil
}
func getCache(token string) (*rbac.User, error) {
	// Get from cache first
	user := rbac.GetCache(token)
	if user == nil {
		// Not exist. Ask the authorization server.
		cloudoneProtocol, ok := configuration.LocalConfiguration.GetString("cloudoneProtocol")
		if ok == false {
			log.Error("Unable to get configuration cloudoneProtocol")
			return nil, errors.New("Unable to get configuration cloudoneProtocol")
		}

		cloudoneHost, ok := configuration.LocalConfiguration.GetString("cloudoneHost")
		if ok == false {
			log.Error("Unable to get configuration cloudoneHost")
			return nil, errors.New("Unable to get configuration cloudoneHost")
		}

		cloudonePort, ok := configuration.LocalConfiguration.GetInt("cloudonePort")
		if ok == false {
			log.Error("Unable to get configuration cloudonePort")
			return nil, errors.New("Unable to get configuration cloudonePort")
		}

		url := cloudoneProtocol + "://" + cloudoneHost + ":" + strconv.Itoa(cloudonePort) +
			"/api/v1/authorizations/tokens/" + token + "/components/" + componentName
		user := &rbac.User{}
		_, err := restclient.RequestGetWithStructure(url, &user, nil)
		if err != nil {
			log.Debug(err)
			return nil, err
		} else {
			// Set Cache
			rbac.SetCache(token, user, cacheTTL)
			log.Info("Cache user %s", user.Name)

			return user, nil
		}
	} else {
		return user, nil
	}
}