mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-04-30 17:38:11 +00:00
Contre
956d2f55c3
* feat(access-control): Add support for Kubernetes Label
* feat(access-control): Defaults to Docker
* feat(access-control): Remove kubeconfig fallback
* feat(watcher): Watcher for kubernetes service
* feat(watcher): Merge with main + remove nightly fix redirect
* fix(go): Go mod + Go sum after sync with main
* fix(config): Ser default value for LabelProvider to Docker
* feat(go): go mod tidy
* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22
* feat(k8s_service): (Watcher) -> Wait 5s before breaking to outer loop again
* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22
* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22
* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22
* feat(k8s_service): Remove
var _ = unstructured.Unstructured{} + comments + msg edits
* feat(bootstrap): Remove dockerService from bootstrap svc
* feat(auth_svc): Remove dockerService from authservice
* feat(test): Add tests for kubernetes_services
* feat(test): Remove docker serivce form proxy/user test
* fix(refactor): Remove update logic from watcher and resync
* fix(refactor): Split watchGVR to make it more readable
* fix(refactor): Remove discovery + drop K 1.22 completely
* fix(refactor): Move interface to acess_controls_service
* feat: Autodetect labelprovider if TINYAUTH_LABELPROVIDER not set
* fix(test): Match testing scheme to the controllers
* fix: service bootstrap import after merge
* fix: service bootstrap import after merge
131 lines
3.7 KiB
Go
131 lines
3.7 KiB
Go
package bootstrap
|
|
|
|
import (
|
|
"os"
|
|
|
|
"github.com/tinyauthapp/tinyauth/internal/repository"
|
|
"github.com/tinyauthapp/tinyauth/internal/service"
|
|
"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
|
|
)
|
|
|
|
type Services struct {
|
|
accessControlService *service.AccessControlsService
|
|
authService *service.AuthService
|
|
dockerService *service.DockerService
|
|
kubernetesService *service.KubernetesService
|
|
ldapService *service.LdapService
|
|
oauthBrokerService *service.OAuthBrokerService
|
|
oidcService *service.OIDCService
|
|
}
|
|
|
|
func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, error) {
|
|
services := Services{}
|
|
|
|
ldapService := service.NewLdapService(service.LdapServiceConfig{
|
|
Address: app.config.Ldap.Address,
|
|
BindDN: app.config.Ldap.BindDN,
|
|
BindPassword: app.config.Ldap.BindPassword,
|
|
BaseDN: app.config.Ldap.BaseDN,
|
|
Insecure: app.config.Ldap.Insecure,
|
|
SearchFilter: app.config.Ldap.SearchFilter,
|
|
AuthCert: app.config.Ldap.AuthCert,
|
|
AuthKey: app.config.Ldap.AuthKey,
|
|
})
|
|
|
|
err := ldapService.Init()
|
|
|
|
if err != nil {
|
|
tlog.App.Warn().Err(err).Msg("Failed to setup LDAP service, starting without it")
|
|
ldapService.Unconfigure()
|
|
}
|
|
|
|
services.ldapService = ldapService
|
|
|
|
var labelProvider service.LabelProvider
|
|
var dockerService *service.DockerService
|
|
var kubernetesService *service.KubernetesService
|
|
|
|
useKubernetes := app.config.LabelProvider == "kubernetes" ||
|
|
(app.config.LabelProvider == "auto" && os.Getenv("KUBERNETES_SERVICE_HOST") != "")
|
|
|
|
if useKubernetes {
|
|
tlog.App.Debug().Msg("Using Kubernetes label provider")
|
|
kubernetesService = service.NewKubernetesService()
|
|
err = kubernetesService.Init()
|
|
if err != nil {
|
|
return Services{}, err
|
|
}
|
|
services.kubernetesService = kubernetesService
|
|
labelProvider = kubernetesService
|
|
} else {
|
|
tlog.App.Debug().Msg("Using Docker label provider")
|
|
dockerService = service.NewDockerService()
|
|
err = dockerService.Init()
|
|
if err != nil {
|
|
return Services{}, err
|
|
}
|
|
services.dockerService = dockerService
|
|
labelProvider = dockerService
|
|
}
|
|
|
|
accessControlsService := service.NewAccessControlsService(labelProvider, app.config.Apps)
|
|
|
|
err = accessControlsService.Init()
|
|
|
|
if err != nil {
|
|
return Services{}, err
|
|
}
|
|
|
|
services.accessControlService = accessControlsService
|
|
|
|
oauthBrokerService := service.NewOAuthBrokerService(app.context.oauthProviders)
|
|
|
|
err = oauthBrokerService.Init()
|
|
|
|
if err != nil {
|
|
return Services{}, err
|
|
}
|
|
|
|
services.oauthBrokerService = oauthBrokerService
|
|
|
|
authService := service.NewAuthService(service.AuthServiceConfig{
|
|
Users: app.context.users,
|
|
OauthWhitelist: app.config.OAuth.Whitelist,
|
|
SessionExpiry: app.config.Auth.SessionExpiry,
|
|
SessionMaxLifetime: app.config.Auth.SessionMaxLifetime,
|
|
SecureCookie: app.config.Auth.SecureCookie,
|
|
CookieDomain: app.context.cookieDomain,
|
|
LoginTimeout: app.config.Auth.LoginTimeout,
|
|
LoginMaxRetries: app.config.Auth.LoginMaxRetries,
|
|
SessionCookieName: app.context.sessionCookieName,
|
|
IP: app.config.Auth.IP,
|
|
LDAPGroupsCacheTTL: app.config.Ldap.GroupCacheTTL,
|
|
}, services.ldapService, queries, services.oauthBrokerService)
|
|
|
|
err = authService.Init()
|
|
|
|
if err != nil {
|
|
return Services{}, err
|
|
}
|
|
|
|
services.authService = authService
|
|
|
|
oidcService := service.NewOIDCService(service.OIDCServiceConfig{
|
|
Clients: app.config.OIDC.Clients,
|
|
PrivateKeyPath: app.config.OIDC.PrivateKeyPath,
|
|
PublicKeyPath: app.config.OIDC.PublicKeyPath,
|
|
Issuer: app.config.AppURL,
|
|
SessionExpiry: app.config.Auth.SessionExpiry,
|
|
}, queries)
|
|
|
|
err = oidcService.Init()
|
|
|
|
if err != nil {
|
|
return Services{}, err
|
|
}
|
|
|
|
services.oidcService = oidcService
|
|
|
|
return services, nil
|
|
}
|