Skip to content

Commit 8e89414

Browse files
everesioeveresio
committed
ID-Token verifier
1 parent ff0c540 commit 8e89414

File tree

19 files changed

+596
-45
lines changed

19 files changed

+596
-45
lines changed

.gitignore

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
# Build
22
build/
33
/kafka-proxy
4-
testcerts/
4+
/google-id-info
5+
/google-id-provider
56

67
# Intellij
78
.idea/

.travis.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ sudo: false
33
language: go
44

55
go:
6-
- "1.9.x"
6+
- "1.10.x"
77

88
env:
99
global:
@@ -24,6 +24,7 @@ notifications:
2424

2525
script:
2626
- go build .
27+
- go build -o google-id-info cmd/plugin-googleid-info/main.go
2728
- export TAG=`if [[ $TRAVIS_PULL_REQUEST == "false" ]] && [[ $TRAVIS_BRANCH == "master" ]]; then echo "latest"; else echo "${TRAVIS_PULL_REQUEST_BRANCH:-${TRAVIS_BRANCH}}"; fi`
2829
- docker build -t $REPO:$TAG -f Dockerfile .
2930

Dockerfile

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
1-
FROM scratch
1+
FROM alpine:3.7
2+
3+
RUN apk add --no-cache ca-certificates
4+
25
ADD kafka-proxy /kafka-proxy
6+
ADD google-id-info /google-id-info
7+
38
ENTRYPOINT ["/kafka-proxy"]
49
CMD ["--help"]

Dockerfile.build

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM golang:1.9.4
1+
FROM golang:1.10
22

33
ARG target=build
44

Makefile

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,12 +38,15 @@ build: build/$(BINARY)
3838

3939
build/$(BINARY): $(SOURCES)
4040
CGO_ENABLED=0 go build -o build/$(BINARY) $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" .
41+
CGO_ENABLED=0 go build -o build/google-id-info $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" cmd/plugin-googleid-info/main.go
4142

4243
build/linux/$(BINARY): $(SOURCES)
4344
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o build/linux/$(BINARY) $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" .
45+
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o build/linux/google-id-info $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" cmd/plugin-googleid-info/main.go
4446

4547
build/osx/$(BINARY): $(SOURCES)
4648
GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -o build/osx/$(BINARY) $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" .
49+
GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -o build/linux/google-id-info $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" cmd/plugin-googleid-info/main.go
4750

4851
build.docker-build: $(BUILD_DOCKER_BUILD)
4952

@@ -55,6 +58,7 @@ build.docker-build.linux:
5558
echo "containerId: $$buildContainer" ;\
5659
mkdir -p build ;\
5760
docker cp $$buildContainer:/go/src/github.com/grepplabs/kafka-proxy/build/linux/${BINARY} build/${BINARY} ;\
61+
docker cp $$buildContainer:/go/src/github.com/grepplabs/kafka-proxy/build/linux/google-id-info build/google-id-info ;\
5862
docker rm $$buildContainer ;\
5963
docker rmi $$buildContainerName ;\
6064

@@ -66,6 +70,7 @@ build.docker-build.osx:
6670
echo "containerId: $$buildContainer" ;\
6771
mkdir -p build ;\
6872
docker cp $$buildContainer:/go/src/github.com/grepplabs/kafka-proxy/build/osx/${BINARY} build/${BINARY} ;\
73+
docker cp $$buildContainer:/go/src/github.com/grepplabs/kafka-proxy/build/linux/google-id-info build/google-id-info ;\
6974
docker rm $$buildContainer ;\
7075
docker rmi $$buildContainerName ;\
7176

@@ -94,7 +99,10 @@ plugin.auth-ldap:
9499
plugin.google-id-provider:
95100
CGO_ENABLED=0 go build -o build/google-id-provider $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" cmd/plugin-googleid-provider/main.go
96101

97-
all: build plugin.auth-user plugin.auth-ldap plugin.google-id-provider
102+
plugin.google-id-info:
103+
CGO_ENABLED=0 go build -o build/google-id-info $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" cmd/plugin-googleid-info/main.go
104+
105+
all: build plugin.auth-user plugin.auth-ldap plugin.google-id-provider plugin.google-id-info
98106

99107
clean:
100108
@rm -rf build

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,7 @@ spec:
203203
* [X] Pluggable proxy authentication
204204
* [X] Deploying Kafka Proxy as a sidecar container
205205
* [X] Advertised proxy listeners e.g. bootstrap-server-mapping (remotehost:remoteport,localhost:localport,advhost:advport)
206-
* [ ] Pluggable authentication between client kafka-proxy and broker kafka-proxy a.k.a kafka-gateway
206+
* [X] Pluggable authentication between client kafka-proxy and broker kafka-proxy a.k.a kafka-gateway
207207
1. additional handshake - protocol: magic, method, data
208208
2. google-id method
209209
* [ ] Registry for built in plugins (avoid grpc communication)

cmd/kafka-proxy/server.go

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ import (
2121
"errors"
2222
"github.com/grepplabs/kafka-proxy/pkg/apis"
2323
gatewayclient "github.com/grepplabs/kafka-proxy/plugin/gateway-client/shared"
24+
gatewayserver "github.com/grepplabs/kafka-proxy/plugin/gateway-server/shared"
2425
localauth "github.com/grepplabs/kafka-proxy/plugin/local-auth/shared"
2526
"github.com/hashicorp/go-hclog"
2627
"github.com/hashicorp/go-plugin"
@@ -161,7 +162,7 @@ func Run(_ *cobra.Command, _ []string) {
161162
var ok bool
162163
passwordAuthenticator, ok = raw.(apis.PasswordAuthenticator)
163164
if !ok {
164-
logrus.Fatal(errors.New("unsupported plugin type"))
165+
logrus.Fatal(errors.New("unsupported PasswordAuthenticator plugin type"))
165166
}
166167
}
167168

@@ -181,7 +182,27 @@ func Run(_ *cobra.Command, _ []string) {
181182
var ok bool
182183
tokenProvider, ok = raw.(apis.TokenProvider)
183184
if !ok {
184-
logrus.Fatal(errors.New("unsupported plugin type"))
185+
logrus.Fatal(errors.New("unsupported TokenProvider plugin type"))
186+
}
187+
}
188+
189+
var tokenInfo apis.TokenInfo
190+
if c.Auth.Gateway.Server.Enable {
191+
client := NewGatewayServerPluginClient()
192+
defer client.Kill()
193+
194+
rpcClient, err := client.Client()
195+
if err != nil {
196+
logrus.Fatal(err)
197+
}
198+
raw, err := rpcClient.Dispense("tokenInfo")
199+
if err != nil {
200+
logrus.Fatal(err)
201+
}
202+
var ok bool
203+
tokenInfo, ok = raw.(apis.TokenInfo)
204+
if !ok {
205+
logrus.Fatal(errors.New("unsupported TokenInfo plugin type"))
185206
}
186207
}
187208

@@ -198,7 +219,7 @@ func Run(_ *cobra.Command, _ []string) {
198219
if err != nil {
199220
logrus.Fatal(err)
200221
}
201-
proxyClient, err := proxy.NewClient(connset, c, listeners.GetNetAddressMapping, passwordAuthenticator, tokenProvider)
222+
proxyClient, err := proxy.NewClient(connset, c, listeners.GetNetAddressMapping, passwordAuthenticator, tokenProvider, tokenInfo)
202223
if err != nil {
203224
logrus.Fatal(err)
204225
}
@@ -300,7 +321,9 @@ func SetLogger() {
300321
func NewGatewayClientPluginClient() *plugin.Client {
301322
return NewPluginClient(gatewayclient.Handshake, gatewayclient.PluginMap, c.Auth.Gateway.Client.LogLevel, c.Auth.Gateway.Client.Command, c.Auth.Gateway.Client.Parameters)
302323
}
303-
324+
func NewGatewayServerPluginClient() *plugin.Client {
325+
return NewPluginClient(gatewayserver.Handshake, gatewayserver.PluginMap, c.Auth.Gateway.Server.LogLevel, c.Auth.Gateway.Server.Command, c.Auth.Gateway.Server.Parameters)
326+
}
304327
func NewLocalAuthPluginClient() *plugin.Client {
305328
return NewPluginClient(localauth.Handshake, localauth.PluginMap, c.Auth.Local.LogLevel, c.Auth.Local.Command, c.Auth.Local.Parameters)
306329
}

0 commit comments

Comments
 (0)