You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by ti...@apache.org on 2021/08/02 12:39:25 UTC
[servicecomb-service-center] branch master updated: add sign
request for kie-client (#1119)
This is an automated email from the ASF dual-hosted git repository.
tianxiaoliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git
The following commit(s) were added to refs/heads/master by this push:
new d537c64 add sign request for kie-client (#1119)
d537c64 is described below
commit d537c640245d8a2e9b7197cd9b737ce3b74cfdce
Author: Sphairis <56...@users.noreply.github.com>
AuthorDate: Mon Aug 2 20:39:18 2021 +0800
add sign request for kie-client (#1119)
* add sign request
* change go mod
* fix error
* set header
* set header
* set header
* change the context management mode
* fix error
Co-authored-by: SphaIris <aaalixiaopei123>
---
go.mod | 2 +-
go.sum | 2 +
server/plugin/auth/buildin/buildin.go | 8 +++-
server/resource/v1/gov_resource.go | 12 +++---
server/service/gov/config_distributor.go | 38 +++++++++---------
server/service/gov/config_distributor_test.go | 17 ++++----
server/service/gov/kie/kie_distributor.go | 58 ++++++++++++++-------------
server/service/gov/mock/mock.go | 13 +++---
server/service/rbac/context.go | 18 +++++++--
server/service/rbac/token/context.go | 22 ++++++++++
10 files changed, 120 insertions(+), 70 deletions(-)
diff --git a/go.mod b/go.mod
index e9c5032..761e864 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
github.com/go-chassis/foundation v0.3.1-0.20210513015331-b54416b66bcd
github.com/go-chassis/go-archaius v1.5.1
github.com/go-chassis/go-chassis/v2 v2.2.1-0.20210630123055-6b4c31c5ad02
- github.com/go-chassis/kie-client v0.1.0
+ github.com/go-chassis/kie-client v0.1.1-0.20210731071824-96f1f1e47e71
github.com/golang/protobuf v1.4.3
github.com/gorilla/websocket v1.4.3-0.20210424162022-e8629af678b7
github.com/hashicorp/serf v0.8.3
diff --git a/go.sum b/go.sum
index d426eef..5ba8ac0 100644
--- a/go.sum
+++ b/go.sum
@@ -253,6 +253,8 @@ github.com/go-chassis/go-restful-swagger20 v1.0.3/go.mod h1:eW62fYuzlNFDvIacB6AV
github.com/go-chassis/kie-client v0.0.0-20201210060018-938c7680a9ab/go.mod h1:UTdbtyN5ge/v9DmQzdVRxQP7z51Q4z6hyl+W6ZpUHFM=
github.com/go-chassis/kie-client v0.1.0 h1:7iY0jVDVn6anT2Gh8CriViRqvyQOy9tUBUflVEkFZE4=
github.com/go-chassis/kie-client v0.1.0/go.mod h1:UTdbtyN5ge/v9DmQzdVRxQP7z51Q4z6hyl+W6ZpUHFM=
+github.com/go-chassis/kie-client v0.1.1-0.20210731071824-96f1f1e47e71 h1:3ZRlumK36aVzLzHVp9Y7RsEYK0qMwX/enD7xU6ntj78=
+github.com/go-chassis/kie-client v0.1.1-0.20210731071824-96f1f1e47e71/go.mod h1:UTdbtyN5ge/v9DmQzdVRxQP7z51Q4z6hyl+W6ZpUHFM=
github.com/go-chassis/openlog v1.1.2 h1:LgGfwwOhpU8c6URV6ADpaRBPVY7Ph1C28jCQ6zzQawQ=
github.com/go-chassis/openlog v1.1.2/go.mod h1:+eYCADVxWyJkwsFMUBrMxyQlNqW+UUsCxvR2LrYZUaA=
github.com/go-chassis/sc-client v0.6.1-0.20210615014358-a45e9090c751 h1:hpWN/MZBMsnJqXdMkW7v0wsC+4rYulPsBFMrHCmZMQc=
diff --git a/server/plugin/auth/buildin/buildin.go b/server/plugin/auth/buildin/buildin.go
index 4cf21da..6161d0c 100644
--- a/server/plugin/auth/buildin/buildin.go
+++ b/server/plugin/auth/buildin/buildin.go
@@ -31,6 +31,7 @@ import (
authHandler "github.com/apache/servicecomb-service-center/server/handler/auth"
"github.com/apache/servicecomb-service-center/server/plugin/auth"
rbacsvc "github.com/apache/servicecomb-service-center/server/service/rbac"
+ "github.com/apache/servicecomb-service-center/server/service/rbac/token"
rbacmodel "github.com/go-chassis/cari/rbac"
"github.com/go-chassis/go-chassis/v2/security/authr"
"github.com/go-chassis/go-chassis/v2/server/restful"
@@ -150,7 +151,12 @@ func (ba *TokenAuthenticator) VerifyToken(req *http.Request) (interface{}, error
}
to := s[1]
- return authr.Authenticate(req.Context(), to)
+ claims, err := authr.Authenticate(req.Context(), to)
+ if err != nil {
+ return nil, err
+ }
+ token.WithRequest(req, to)
+ return claims, nil
}
//this method decouple business code and perm checks
diff --git a/server/resource/v1/gov_resource.go b/server/resource/v1/gov_resource.go
index 4c26c48..7caca8d 100644
--- a/server/resource/v1/gov_resource.go
+++ b/server/resource/v1/gov_resource.go
@@ -69,7 +69,7 @@ func (t *Governance) Create(w http.ResponseWriter, r *http.Request) {
rest.WriteError(w, discovery.ErrInvalidParams, err.Error())
return
}
- id, err := gov.Create(kind, project, p)
+ id, err := gov.Create(r.Context(), kind, project, p)
if err != nil {
if _, ok := err.(*kie.ErrIllegalItem); ok {
log.Error("", err)
@@ -108,7 +108,7 @@ func (t *Governance) Put(w http.ResponseWriter, r *http.Request) {
return
}
log.Info(fmt.Sprintf("update %v", &p))
- err = gov.Update(kind, id, project, p)
+ err = gov.Update(r.Context(), kind, id, project, p)
if err != nil {
if _, ok := err.(*kie.ErrIllegalItem); ok {
log.Error("", err)
@@ -131,9 +131,9 @@ func (t *Governance) ListOrDisPlay(w http.ResponseWriter, r *http.Request) {
var body []byte
var err error
if kind == DisplayKey {
- body, err = gov.Display(project, app, environment)
+ body, err = gov.Display(r.Context(), project, app, environment)
} else {
- body, err = gov.List(kind, project, app, environment)
+ body, err = gov.List(r.Context(), kind, project, app, environment)
}
if err != nil {
processError(w, err, "list gov err")
@@ -148,7 +148,7 @@ func (t *Governance) Get(w http.ResponseWriter, r *http.Request) {
kind := query.Get(KindKey)
id := query.Get(IDKey)
project := query.Get(ProjectKey)
- body, err := gov.Get(kind, id, project)
+ body, err := gov.Get(r.Context(), kind, id, project)
if err != nil {
processError(w, err, "get gov err")
return
@@ -162,7 +162,7 @@ func (t *Governance) Delete(w http.ResponseWriter, r *http.Request) {
kind := query.Get(KindKey)
id := query.Get(IDKey)
project := query.Get(ProjectKey)
- err := gov.Delete(kind, id, project)
+ err := gov.Delete(r.Context(), kind, id, project)
if err != nil {
processError(w, err, "delete gov err")
return
diff --git a/server/service/gov/config_distributor.go b/server/service/gov/config_distributor.go
index d8b7063..08a2502 100644
--- a/server/service/gov/config_distributor.go
+++ b/server/service/gov/config_distributor.go
@@ -18,6 +18,8 @@
package gov
import (
+ "context"
+
model "github.com/apache/servicecomb-service-center/pkg/gov"
"github.com/apache/servicecomb-service-center/pkg/log"
"github.com/apache/servicecomb-service-center/server/config"
@@ -39,12 +41,12 @@ var distributorPlugins = map[string]NewDistributors{}
//or service mesh system like istio, linkerd.
//ConfigDistributor will convert standard servicecomb gov config to concrete spec, that data plane can recognize.
type ConfigDistributor interface {
- Create(kind, project string, policy *model.Policy) ([]byte, error)
- Update(kind, id, project string, p *model.Policy) error
- Delete(kind, id, project string) error
- Display(project, app, env string) ([]byte, error)
- List(kind, project, app, env string) ([]byte, error)
- Get(kind, id, project string) ([]byte, error)
+ Create(ctx context.Context, kind, project string, policy *model.Policy) ([]byte, error)
+ Update(ctx context.Context, kind, id, project string, p *model.Policy) error
+ Delete(ctx context.Context, kind, id, project string) error
+ Display(ctx context.Context, project, app, env string) ([]byte, error)
+ List(ctx context.Context, kind, project, app, env string) ([]byte, error)
+ Get(ctx context.Context, kind, id, project string) ([]byte, error)
Type() string
Name() string
}
@@ -74,44 +76,44 @@ func Init() error {
return nil
}
-func Create(kind, project string, spec *model.Policy) ([]byte, error) {
+func Create(ctx context.Context, kind, project string, spec *model.Policy) ([]byte, error) {
for _, cd := range distributors {
- return cd.Create(kind, project, spec)
+ return cd.Create(ctx, kind, project, spec)
}
return nil, nil
}
-func List(kind, project, app, env string) ([]byte, error) {
+func List(ctx context.Context, kind, project, app, env string) ([]byte, error) {
for _, cd := range distributors {
- return cd.List(kind, project, app, env)
+ return cd.List(ctx, kind, project, app, env)
}
return nil, nil
}
-func Display(project, app, env string) ([]byte, error) {
+func Display(ctx context.Context, project, app, env string) ([]byte, error) {
for _, cd := range distributors {
- return cd.Display(project, app, env)
+ return cd.Display(ctx, project, app, env)
}
return nil, nil
}
-func Get(kind, id, project string) ([]byte, error) {
+func Get(ctx context.Context, kind, id, project string) ([]byte, error) {
for _, cd := range distributors {
- return cd.Get(kind, id, project)
+ return cd.Get(ctx, kind, id, project)
}
return nil, nil
}
-func Delete(kind, id, project string) error {
+func Delete(ctx context.Context, kind, id, project string) error {
for _, cd := range distributors {
- return cd.Delete(kind, id, project)
+ return cd.Delete(ctx, kind, id, project)
}
return nil
}
-func Update(kind, id, project string, p *model.Policy) error {
+func Update(ctx context.Context, kind, id, project string, p *model.Policy) error {
for _, cd := range distributors {
- return cd.Update(kind, id, project, p)
+ return cd.Update(ctx, kind, id, project, p)
}
return nil
}
diff --git a/server/service/gov/config_distributor_test.go b/server/service/gov/config_distributor_test.go
index f783a02..e8d5f30 100644
--- a/server/service/gov/config_distributor_test.go
+++ b/server/service/gov/config_distributor_test.go
@@ -18,6 +18,7 @@
package gov_test
import (
+ "context"
"encoding/json"
"testing"
@@ -53,7 +54,7 @@ func init() {
}
func TestCreate(t *testing.T) {
- res, err := svc.Create(MockKind, Project, &gov.Policy{
+ res, err := svc.Create(context.TODO(), MockKind, Project, &gov.Policy{
GovernancePolicy: &gov.GovernancePolicy{
Name: "Traffic2adminAPI",
Selector: &gov.Selector{
@@ -69,7 +70,7 @@ func TestCreate(t *testing.T) {
}
func TestUpdate(t *testing.T) {
- err := svc.Update(MockKind, id, Project, &gov.Policy{
+ err := svc.Update(context.TODO(), MockKind, id, Project, &gov.Policy{
GovernancePolicy: &gov.GovernancePolicy{
Name: "Traffic2adminAPI",
Selector: &gov.Selector{
@@ -83,7 +84,7 @@ func TestUpdate(t *testing.T) {
}
func TestDisplay(t *testing.T) {
- res, err := svc.Create(MatchGroup, Project, &gov.Policy{
+ res, err := svc.Create(context.TODO(), MatchGroup, Project, &gov.Policy{
GovernancePolicy: &gov.GovernancePolicy{
Name: "Traffic2adminAPI",
Selector: &gov.Selector{
@@ -95,7 +96,7 @@ func TestDisplay(t *testing.T) {
id = string(res)
assert.NoError(t, err)
policies := &[]*gov.DisplayData{}
- res, err = svc.Display(Project, MockApp, MockEnv)
+ res, err = svc.Display(context.TODO(), Project, MockApp, MockEnv)
assert.NoError(t, err)
err = json.Unmarshal(res, policies)
assert.NoError(t, err)
@@ -104,7 +105,7 @@ func TestDisplay(t *testing.T) {
func TestList(t *testing.T) {
policies := &[]*gov.Policy{}
- res, err := svc.List(MockKind, Project, MockApp, MockEnv)
+ res, err := svc.List(context.TODO(), MockKind, Project, MockApp, MockEnv)
assert.NoError(t, err)
err = json.Unmarshal(res, policies)
assert.NoError(t, err)
@@ -113,7 +114,7 @@ func TestList(t *testing.T) {
func TestGet(t *testing.T) {
policy := &gov.Policy{}
- res, err := svc.Get(MockKind, id, Project)
+ res, err := svc.Get(context.TODO(), MockKind, id, Project)
assert.NoError(t, err)
err = json.Unmarshal(res, policy)
assert.NoError(t, err)
@@ -121,8 +122,8 @@ func TestGet(t *testing.T) {
}
func TestDelete(t *testing.T) {
- err := svc.Delete(MockKind, id, Project)
+ err := svc.Delete(context.TODO(), MockKind, id, Project)
assert.NoError(t, err)
- res, _ := svc.Get(MockKind, id, Project)
+ res, _ := svc.Get(context.TODO(), MockKind, id, Project)
assert.Nil(t, res)
}
diff --git a/server/service/gov/kie/kie_distributor.go b/server/service/gov/kie/kie_distributor.go
index d501e29..88e5a43 100644
--- a/server/service/gov/kie/kie_distributor.go
+++ b/server/service/gov/kie/kie_distributor.go
@@ -28,12 +28,13 @@ import (
"strings"
"time"
- "github.com/apache/servicecomb-service-center/pkg/log"
-
"github.com/apache/servicecomb-service-center/pkg/gov"
+ "github.com/apache/servicecomb-service-center/pkg/log"
"github.com/apache/servicecomb-service-center/server/config"
svc "github.com/apache/servicecomb-service-center/server/service/gov"
+ rbacsvc "github.com/apache/servicecomb-service-center/server/service/rbac"
"github.com/ghodss/yaml"
+ "github.com/go-chassis/foundation/httpclient"
"github.com/go-chassis/kie-client"
)
@@ -61,9 +62,9 @@ var PolicyNames = []string{"retry", "rateLimiting", "circuitBreaker", "bulkhead"
var rule = Validator{}
-func (d *Distributor) Create(kind, project string, p *gov.Policy) ([]byte, error) {
+func (d *Distributor) Create(ctx context.Context, kind, project string, p *gov.Policy) ([]byte, error) {
if kind == KindMatchGroup {
- err := d.generateID(project, p)
+ err := d.generateID(ctx, project, p)
if err != nil {
return nil, err
}
@@ -87,7 +88,7 @@ func (d *Distributor) Create(kind, project string, p *gov.Policy) ([]byte, error
ValueType: TypeText,
Labels: map[string]string{KeyApp: p.Selector.App, KeyEnvironment: p.Selector.Environment},
}
- res, err := d.client.Create(context.TODO(), kv, kie.WithProject(project))
+ res, err := d.client.Create(ctx, kv, kie.WithProject(project))
if err != nil {
log.Error("kie create failed", err)
return nil, err
@@ -95,7 +96,7 @@ func (d *Distributor) Create(kind, project string, p *gov.Policy) ([]byte, error
return []byte(res.ID), nil
}
-func (d *Distributor) Update(kind, id, project string, p *gov.Policy) error {
+func (d *Distributor) Update(ctx context.Context, kind, id, project string, p *gov.Policy) error {
err := rule.Validate(kind, p.Spec)
if err != nil {
return err
@@ -112,7 +113,7 @@ func (d *Distributor) Update(kind, id, project string, p *gov.Policy) error {
Value: string(yamlByte),
Status: p.Status,
}
- _, err = d.client.Put(context.TODO(), kv, kie.WithProject(project))
+ _, err = d.client.Put(ctx, kv, kie.WithProject(project))
if err != nil {
log.Error("kie update failed", err)
return err
@@ -120,13 +121,13 @@ func (d *Distributor) Update(kind, id, project string, p *gov.Policy) error {
return nil
}
-func (d *Distributor) Delete(kind, id, project string) error {
+func (d *Distributor) Delete(ctx context.Context, kind, id, project string) error {
if kind == KindMatchGroup {
// should remove all policies of this group
- return d.DeleteMatchGroup(id, project)
+ return d.DeleteMatchGroup(ctx, id, project)
}
- err := d.client.Delete(context.TODO(), id, kie.WithProject(project))
+ err := d.client.Delete(ctx, id, kie.WithProject(project))
if err != nil {
log.Error("kie delete failed", err)
return err
@@ -134,8 +135,8 @@ func (d *Distributor) Delete(kind, id, project string) error {
return nil
}
-func (d *Distributor) DeleteMatchGroup(id string, project string) error {
- policy, err := d.getPolicy(KindMatchGroup, id, project)
+func (d *Distributor) DeleteMatchGroup(ctx context.Context, id string, project string) error {
+ policy, err := d.getPolicy(ctx, KindMatchGroup, id, project)
if err != nil {
log.Error("kie get failed", err)
return err
@@ -150,7 +151,7 @@ func (d *Distributor) DeleteMatchGroup(id string, project string) error {
kie.WithRevision(0),
kie.WithGetProject(project),
}
- idList, _, err := d.client.List(context.TODO(), ops...)
+ idList, _, err := d.client.List(ctx, ops...)
if err != nil {
log.Error("kie list failed", err)
return err
@@ -163,7 +164,7 @@ func (d *Distributor) DeleteMatchGroup(id string, project string) error {
return nil
}
- err = d.client.Delete(context.TODO(), ids[:len(ids)-1], kie.WithProject(project))
+ err = d.client.Delete(ctx, ids[:len(ids)-1], kie.WithProject(project))
if err != nil {
log.Error("kie list failed", err)
return err
@@ -171,14 +172,14 @@ func (d *Distributor) DeleteMatchGroup(id string, project string) error {
return nil
}
-func (d *Distributor) Display(project, app, env string) ([]byte, error) {
- list, _, err := d.listDataByKind(KindMatchGroup, project, app, env)
+func (d *Distributor) Display(ctx context.Context, project, app, env string) ([]byte, error) {
+ list, _, err := d.listDataByKind(ctx, KindMatchGroup, project, app, env)
if err != nil {
return nil, err
}
policyMap := make(map[string]*gov.Policy)
for _, kind := range PolicyNames {
- policies, _, err := d.listDataByKind(kind, project, app, env)
+ policies, _, err := d.listDataByKind(ctx, kind, project, app, env)
if err != nil {
continue
}
@@ -226,8 +227,8 @@ func setAliasIfEmpty(spec map[string]interface{}, name string) {
}
}
-func (d *Distributor) List(kind, project, app, env string) ([]byte, error) {
- list, _, err := d.listDataByKind(kind, project, app, env)
+func (d *Distributor) List(ctx context.Context, kind, project, app, env string) ([]byte, error) {
+ list, _, err := d.listDataByKind(ctx, kind, project, app, env)
if err != nil {
return nil, err
}
@@ -244,8 +245,8 @@ func (d *Distributor) List(kind, project, app, env string) ([]byte, error) {
return b, nil
}
-func (d *Distributor) Get(kind, id, project string) ([]byte, error) {
- policy, err := d.getPolicy(kind, id, project)
+func (d *Distributor) Get(ctx context.Context, kind, id, project string) ([]byte, error) {
+ policy, err := d.getPolicy(ctx, kind, id, project)
if err != nil {
return nil, err
}
@@ -253,8 +254,8 @@ func (d *Distributor) Get(kind, id, project string) ([]byte, error) {
return b, nil
}
-func (d *Distributor) getPolicy(kind string, id string, project string) (*gov.Policy, error) {
- kv, err := d.client.Get(context.TODO(), id, kie.WithGetProject(project))
+func (d *Distributor) getPolicy(ctx context.Context, kind string, id string, project string) (*gov.Policy, error) {
+ kv, err := d.client.Get(ctx, id, kie.WithGetProject(project))
if err != nil {
return nil, err
}
@@ -276,6 +277,9 @@ func initClient(endpoint string) *kie.Client {
client, err := kie.NewClient(
kie.Config{Endpoint: endpoint,
DefaultLabels: map[string]string{},
+ HTTPOptions: &httpclient.Options{
+ SignRequest: rbacsvc.SignRequest,
+ },
})
if err != nil {
log.Fatal("init kie client failed, err: %s", err)
@@ -309,7 +313,7 @@ func toSnake(name string) string {
return buffer.String()
}
-func (d *Distributor) listDataByKind(kind, project, app, env string) (*kie.KVResponse, int, error) {
+func (d *Distributor) listDataByKind(ctx context.Context, kind, project, app, env string) (*kie.KVResponse, int, error) {
ops := []kie.GetOption{
kie.WithKey("beginWith(" + toGovKeyPrefix(kind) + ")"),
kie.WithRevision(0),
@@ -325,15 +329,15 @@ func (d *Distributor) listDataByKind(kind, project, app, env string) (*kie.KVRes
if len(labels) > 0 {
ops = append(ops, kie.WithLabels(labels))
}
- return d.client.List(context.TODO(), ops...)
+ return d.client.List(ctx, ops...)
}
-func (d *Distributor) generateID(project string, p *gov.Policy) error {
+func (d *Distributor) generateID(ctx context.Context, project string, p *gov.Policy) error {
if p.Name != "" {
return nil
}
kind := KindMatchGroup
- list, _, err := d.listDataByKind(kind, project, p.Selector.App, p.Selector.Environment)
+ list, _, err := d.listDataByKind(ctx, kind, project, p.Selector.App, p.Selector.Environment)
if err != nil {
return err
}
diff --git a/server/service/gov/mock/mock.go b/server/service/gov/mock/mock.go
index c98349a..1414087 100644
--- a/server/service/gov/mock/mock.go
+++ b/server/service/gov/mock/mock.go
@@ -18,6 +18,7 @@
package mock
import (
+ "context"
"encoding/json"
"fmt"
"log"
@@ -38,7 +39,7 @@ const MatchGroup = "match-group"
var PolicyNames = []string{"retry", "rateLimiting", "circuitBreaker", "bulkhead"}
-func (d *Distributor) Create(kind, project string, p *gov.Policy) ([]byte, error) {
+func (d *Distributor) Create(ctx context.Context, kind, project string, p *gov.Policy) ([]byte, error) {
p.ID = uuid.NewV4().String()
p.Kind = kind
log.Println(fmt.Sprintf("create %v", &p))
@@ -46,7 +47,7 @@ func (d *Distributor) Create(kind, project string, p *gov.Policy) ([]byte, error
return []byte(p.ID), nil
}
-func (d *Distributor) Update(kind, id, project string, p *gov.Policy) error {
+func (d *Distributor) Update(ctx context.Context, kind, id, project string, p *gov.Policy) error {
if d.lbPolicies[id] == nil {
return fmt.Errorf("id not exsit")
}
@@ -57,12 +58,12 @@ func (d *Distributor) Update(kind, id, project string, p *gov.Policy) error {
return nil
}
-func (d *Distributor) Delete(kind, id, project string) error {
+func (d *Distributor) Delete(ctx context.Context, kind, id, project string) error {
delete(d.lbPolicies, id)
return nil
}
-func (d *Distributor) Display(project, app, env string) ([]byte, error) {
+func (d *Distributor) Display(ctx context.Context, project, app, env string) ([]byte, error) {
list := make([]*gov.Policy, 0)
for _, g := range d.lbPolicies {
if checkPolicy(g, MatchGroup, app, env) {
@@ -91,7 +92,7 @@ func (d *Distributor) Display(project, app, env string) ([]byte, error) {
b, _ := json.MarshalIndent(r, "", " ")
return b, nil
}
-func (d *Distributor) List(kind, project, app, env string) ([]byte, error) {
+func (d *Distributor) List(ctx context.Context, kind, project, app, env string) ([]byte, error) {
r := make([]*gov.Policy, 0, len(d.lbPolicies))
for _, g := range d.lbPolicies {
if checkPolicy(g, kind, app, env) {
@@ -106,7 +107,7 @@ func checkPolicy(g *gov.Policy, kind, app, env string) bool {
return g.Kind == kind && g.Selector != nil && g.Selector.App == app && g.Selector.Environment == env
}
-func (d *Distributor) Get(kind, id, project string) ([]byte, error) {
+func (d *Distributor) Get(ctx context.Context, kind, id, project string) ([]byte, error) {
r := d.lbPolicies[id]
if r == nil {
return nil, nil
diff --git a/server/service/rbac/context.go b/server/service/rbac/context.go
index 500fc25..1d2e8bf 100644
--- a/server/service/rbac/context.go
+++ b/server/service/rbac/context.go
@@ -20,13 +20,16 @@ package rbac
import (
"context"
"errors"
-
- rbacmodel "github.com/go-chassis/cari/rbac"
+ "net/http"
"github.com/apache/servicecomb-service-center/pkg/util"
+ "github.com/apache/servicecomb-service-center/server/service/rbac/token"
+ rbacmodel "github.com/go-chassis/cari/rbac"
)
-const CtxRequestClaims util.CtxKey = "_request_claims"
+const (
+ CtxRequestClaims util.CtxKey = "_request_claims"
+)
func UserFromContext(ctx context.Context) string {
m, ok := ctx.Value(CtxRequestClaims).(map[string]interface{})
@@ -47,3 +50,12 @@ func AccountFromContext(ctx context.Context) (*rbacmodel.Account, error) {
}
return rbacmodel.GetAccount(m)
}
+
+func SignRequest(req *http.Request) error {
+ auth := token.FromContext(req.Context())
+ if auth == "" {
+ return errors.New("request unauthorized")
+ }
+ req.Header.Set("Authorization", auth)
+ return nil
+}
diff --git a/server/service/rbac/token/context.go b/server/service/rbac/token/context.go
new file mode 100644
index 0000000..decabe4
--- /dev/null
+++ b/server/service/rbac/token/context.go
@@ -0,0 +1,22 @@
+package token
+
+import (
+ "context"
+ "net/http"
+
+ "github.com/apache/servicecomb-service-center/pkg/util"
+)
+
+const CtxRequestToken util.CtxKey = "_request_token"
+
+func WithRequest(req *http.Request, token string) *http.Request {
+ return util.SetRequestContext(req, CtxRequestToken, token)
+}
+
+func FromContext(ctx context.Context) string {
+ token, ok := ctx.Value(CtxRequestToken).(string)
+ if !ok {
+ return ""
+ }
+ return token
+}