feat: authentication persistent storage GO (#91)

konstellation-io · Nov 8, 2023 · deae892 · deae892
1 parent acba4f1
commit deae892
Show file tree

Hide file tree

Showing 29 changed files with 514 additions and 175 deletions.
diff --git a/demo/cronjob-trigger-py/app.yaml b/demo/cronjob-trigger-py/app.yaml
@@ -15,10 +15,16 @@ nats:
 
 minio:
   endpoint: "localhost:9000"
-  access_key_id: minioadmin
-  access_key_secret: minioadmin
-  use_ssl: false
-  bucket: test-bucket
+  client_user: "minio_user"
+  client_password: "minio_password"
+  ssl: false
+  bucket: "test-bucket"
+
+auth:
+  endpoint: "http://auth.kai.local"
+  client: "kai"
+  client_secret: "kai_pwd"
+  realm: "konstellation"
 
 centralized_configuration:
   global:

diff --git a/demo/cronjob-trigger/app.yaml b/demo/cronjob-trigger/app.yaml
@@ -13,10 +13,16 @@ nats:
 
 minio:
   endpoint: "localhost:9000"
-  access_key_id: minioadmin
-  access_key_secret: minioadmin
-  use_ssl: false
-  bucket: test-bucket
+  client_user: "minio_user"
+  client_password: "minio_password"
+  ssl: false
+  bucket: "test-bucket"
+
+auth:
+  endpoint: "http://auth.kai.local"
+  client: "kai"
+  client_secret: "kai_pwd"
+  realm: "konstellation"
 
 centralized_configuration:
   global:

diff --git a/demo/exit-py/app.yaml b/demo/exit-py/app.yaml
@@ -15,10 +15,16 @@ nats:
 
 minio:
   endpoint: "localhost:9000"
-  access_key_id: minioadmin
-  access_key_secret: minioadmin
-  use_ssl: false
-  bucket: test-bucket
+  client_user: "minio_user"
+  client_password: "minio_password"
+  ssl: false
+  bucket: "test-bucket"
+
+auth:
+  endpoint: "http://auth.kai.local"
+  client: "kai"
+  client_secret: "kai_pwd"
+  realm: "konstellation"
 
 centralized_configuration:
   global:

diff --git a/demo/exit/app.yaml b/demo/exit/app.yaml
@@ -15,10 +15,16 @@ nats:
 
 minio:
   endpoint: "localhost:9000"
-  access_key_id: minioadmin
-  access_key_secret: minioadmin
-  use_ssl: false
-  bucket: test-bucket
+  client_user: "minio_user"
+  client_password: "minio_password"
+  ssl: false
+  bucket: "test-bucket"
+
+auth:
+  endpoint: "http://auth.kai.local"
+  client: "kai"
+  client_secret: "kai_pwd"
+  realm: "konstellation"
 
 centralized_configuration:
   global:

diff --git a/demo/exit/main.go b/demo/exit/main.go
@@ -62,7 +62,7 @@ func defaultHandler(kaiSDK sdk.KaiSDK, response *anypb.Any) error {
 		return err
 	}
 
-	kaiSDK.Logger.Info("Persistent storage value retrieved!", "some-object", string(obj))
+	kaiSDK.Logger.Info("Persistent storage value retrieved!", "some-object", obj.GetAsString())
 
 	err = kaiSDK.Messaging.SendOutput(stringValue)
 	if err != nil {

diff --git a/demo/nats-trigger-py/app.yaml b/demo/nats-trigger-py/app.yaml
@@ -14,10 +14,16 @@ nats:
 
 minio:
   endpoint: "localhost:9000"
-  access_key_id: minioadmin
-  access_key_secret: minioadmin
-  use_ssl: false
-  bucket: test-bucket
+  client_user: "minio_user"
+  client_password: "minio_password"
+  ssl: false
+  bucket: "test-bucket"
+
+auth:
+  endpoint: "http://auth.kai.local"
+  client: "kai"
+  client_secret: "kai_pwd"
+  realm: "konstellation"
 
 centralized_configuration:
   global:

diff --git a/demo/nats-trigger/app.yaml b/demo/nats-trigger/app.yaml
@@ -15,10 +15,16 @@ nats:
 
 minio:
   endpoint: "localhost:9000"
-  access_key_id: minioadmin
-  access_key_secret: minioadmin
-  use_ssl: false
-  bucket: test-bucket
+  client_user: "minio_user"
+  client_password: "minio_password"
+  ssl: false
+  bucket: "test-bucket"
+
+auth:
+  endpoint: "http://auth.kai.local"
+  client: "kai"
+  client_secret: "kai_pwd"
+  realm: "konstellation"
 
 centralized_configuration:
   global:

diff --git a/demo/rest-trigger/app.yaml b/demo/rest-trigger/app.yaml
@@ -15,10 +15,16 @@ nats:
 
 minio:
   endpoint: "localhost:9000"
-  access_key_id: minioadmin
-  access_key_secret: minioadmin
-  use_ssl: false
-  bucket: test-bucket
+  client_user: "minio_user"
+  client_password: "minio_password"
+  ssl: false
+  bucket: "test-bucket"
+
+auth:
+  endpoint: "http://auth.kai.local"
+  client: "kai"
+  client_secret: "kai_pwd"
+  realm: "konstellation"
 
 centralized_configuration:
   global:

diff --git a/demo/task-py/app.yaml b/demo/task-py/app.yaml
@@ -15,10 +15,16 @@ nats:
 
 minio:
   endpoint: "localhost:9000"
-  access_key_id: minioadmin
-  access_key_secret: minioadmin
-  use_ssl: false
-  bucket: test-bucket
+  client_user: "minio_user"
+  client_password: "minio_password"
+  ssl: false
+  bucket: "test-bucket"
+
+auth:
+  endpoint: "http://auth.kai.local"
+  client: "kai"
+  client_secret: "kai_pwd"
+  realm: "konstellation"
 
 centralized_configuration:
   global:

diff --git a/demo/task/app.yaml b/demo/task/app.yaml
@@ -15,10 +15,16 @@ nats:
 
 minio:
   endpoint: "localhost:9000"
-  access_key_id: minioadmin
-  access_key_secret: minioadmin
-  use_ssl: false
-  bucket: test-bucket
+  client_user: "minio_user"
+  client_password: "minio_password"
+  ssl: false
+  bucket: "test-bucket"
+
+auth:
+  endpoint: "http://auth.kai.local"
+  client: "kai"
+  client_secret: "kai_pwd"
+  realm: "konstellation"
 
 centralized_configuration:
   global:

diff --git a/demo/task/main.go b/demo/task/main.go
@@ -63,7 +63,7 @@ func defaultHandler(kaiSDK sdk.KaiSDK, response *anypb.Any) error {
 		Value: fmt.Sprintf("%s, Processed by the task process, "+
 			"uploaded object to persistent storage with ID %s!",
 			stringValue.GetValue(),
-			objVersion,
+			objVersion.VersionID,
 		),
 	}
 

diff --git a/go-sdk/go.mod b/go-sdk/go.mod
@@ -3,6 +3,7 @@ module github.com/konstellation-io/kai-sdk/go-sdk
 go 1.20
 
 require (
+	github.com/Nerzal/gocloak/v13 v13.8.0
 	github.com/go-logr/logr v1.2.4
 	github.com/go-logr/zapr v1.2.4
 	github.com/golang/protobuf v1.5.3
@@ -46,7 +47,9 @@ require (
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/go-resty/resty/v2 v2.7.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.17.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
@@ -64,12 +67,14 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
 	github.com/opencontainers/runc v1.1.5 // indirect
+	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/rs/xid v1.5.0 // indirect
 	github.com/sagikazarmark/locafero v0.3.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/shirou/gopsutil/v3 v3.23.8 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect

diff --git a/go-sdk/go.sum b/go-sdk/go.sum
@@ -47,6 +47,8 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.11.0 h1:7EFNIY4igHEXUdj1zXgAyU3fLc7QfOKHbkldRVTBdiM=
 github.com/Microsoft/hcsshim v0.11.0/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM=
+github.com/Nerzal/gocloak/v13 v13.8.0 h1:7s9cK8X3vy8OIic+pG4POE9vGy02tSHkMhvWXv0P2m8=
+github.com/Nerzal/gocloak/v13 v13.8.0/go.mod h1:rRBtEdh5N0+JlZZEsrfZcB2sRMZWbgSxI2EIv9jpJp4=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
@@ -103,10 +105,14 @@ github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
 github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
+github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -236,6 +242,8 @@ github.com/opencontainers/runc v1.1.5 h1:L44KXEpKmfWDcS02aeGm8QNTFXTo2D+8MYGDIJ/
 github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
+github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
+github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
 github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -258,6 +266,8 @@ github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
+github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
+github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
 github.com/shirou/gopsutil/v3 v3.23.8 h1:xnATPiybo6GgdRoC4YoGnxXZFRc3dqQTGi73oLvvBrE=
 github.com/shirou/gopsutil/v3 v3.23.8/go.mod h1:7hmCaBn+2ZwaZOr6jmPBZDfawwMGuo1id3C6aM8EDqQ=
 github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
@@ -406,6 +416,7 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=

diff --git a/go-sdk/internal/auth/authentication.go b/go-sdk/internal/auth/authentication.go
@@ -0,0 +1,77 @@
+package auth
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/konstellation-io/kai-sdk/go-sdk/internal/common"
+
+	"github.com/Nerzal/gocloak/v13"
+	"github.com/go-logr/logr"
+	"github.com/spf13/viper"
+)
+
+type Auth struct {
+	logger       logr.Logger
+	authEndpoint string
+	clientID     string
+	clientSecret string
+	realm        string
+	username     string
+	password     string
+	jwt          *gocloak.JWT
+}
+
+func New(logger logr.Logger) *Auth {
+	user := viper.GetString(common.ConfigMinioClientUserKey)
+	password := viper.GetString(common.ConfigMinioClientPasswordKey)
+	authEndpoint := viper.GetString(common.ConfigAuthEndpointKey)
+	realm := viper.GetString(common.ConfigAuthRealmKey)
+	clientID := viper.GetString(common.ConfigAuthClientKey)
+	clientSecret := viper.GetString(common.ConfigAuthClientSecretKey)
+
+	return &Auth{
+		logger:       logger,
+		authEndpoint: authEndpoint,
+		clientID:     clientID,
+		clientSecret: clientSecret,
+		realm:        realm,
+		username:     user,
+		password:     password,
+		jwt:          nil,
+	}
+}
+
+func (a *Auth) GetToken() (*gocloak.JWT, error) {
+	client := gocloak.NewClient(a.authEndpoint)
+	ctx := context.Background()
+
+	if a.jwt != nil {
+		token, err := client.RefreshToken(ctx, a.jwt.RefreshToken, a.clientID, a.clientSecret, a.realm)
+
+		if err != nil {
+			a.logger.V(2).Info("Couldn't refresh token")
+		} else {
+			a.jwt = token
+
+			return token, nil
+		}
+	}
+
+	token, err := client.Login(
+		ctx,
+		a.clientID,
+		a.clientSecret,
+		a.realm,
+		a.username,
+		a.password,
+	)
+	if err != nil {
+		a.logger.Info(fmt.Sprintf("Error getting token: %s", err.Error()))
+		return nil, err
+	}
+
+	a.jwt = token
+
+	return a.jwt, nil
+}
diff --git a/go-sdk/internal/common/kai_constants.go b/go-sdk/internal/common/kai_constants.go
@@ -30,8 +30,12 @@ const (
 	ConfigCcWorkflowBucketKey             = "centralized_configuration.workflow.bucket"
 	ConfigCcProcessBucketKey              = "centralized_configuration.process.bucket"
 	ConfigMinioEndpointKey                = "minio.endpoint"
-	ConfigMinioClientUserKey              = "minio.access_key_id"
-	ConfigMinioClientPasswordKey          = "minio.access_key_secret"
-	ConfigMinioUseSslKey                  = "minio.use_ssl"
+	ConfigMinioClientUserKey              = "minio.client_user"
+	ConfigMinioClientPasswordKey          = "minio.client_password" //nolint:gosec // False positive
+	ConfigMinioUseSslKey                  = "minio.ssl"
 	ConfigMinioBucketKey                  = "minio.bucket"
+	ConfigAuthEndpointKey                 = "auth.endpoint"
+	ConfigAuthClientKey                   = "auth.client"
+	ConfigAuthClientSecretKey             = "auth.client_secret" //nolint:gosec // False positive
+	ConfigAuthRealmKey                    = "auth.realm"
 )