dex/storage/etcd/config.go

package etcd

import (
	"time"

	"go.etcd.io/etcd/clientv3"
	"go.etcd.io/etcd/clientv3/namespace"
	"go.etcd.io/etcd/pkg/transport"

	"github.com/dexidp/dex/pkg/log"
	"github.com/dexidp/dex/storage"
)

var defaultDialTimeout = 2 * time.Second

// SSL represents SSL options for etcd databases.
type SSL struct {
	ServerName string `json:"serverName" yaml:"serverName"`
	CAFile     string `json:"caFile" yaml:"caFile"`
	KeyFile    string `json:"keyFile" yaml:"keyFile"`
	CertFile   string `json:"certFile" yaml:"certFile"`
}

// Etcd options for connecting to etcd databases.
// If you are using a shared etcd cluster for storage, it might be useful to
// configure an etcd namespace either via Namespace field or using `etcd grpc-proxy
// --namespace=<prefix>`
type Etcd struct {
	Endpoints []string `json:"endpoints" yaml:"endpoints"`
	Namespace string   `json:"namespace" yaml:"namespace"`
	Username  string   `json:"username" yaml:"username"`
	Password  string   `json:"password" yaml:"password"`
	SSL       SSL      `json:"ssl" yaml:"ssl"`
}

// Open creates a new storage implementation backed by Etcd
func (p *Etcd) Open(logger log.Logger) (storage.Storage, error) {
	return p.open(logger)
}

func (p *Etcd) open(logger log.Logger) (*conn, error) {
	cfg := clientv3.Config{
		Endpoints:   p.Endpoints,
		DialTimeout: defaultDialTimeout,
		Username:    p.Username,
		Password:    p.Password,
	}

	var cfgtls *transport.TLSInfo
	tlsinfo := transport.TLSInfo{}
	if p.SSL.CertFile != "" {
		tlsinfo.CertFile = p.SSL.CertFile
		cfgtls = &tlsinfo
	}

	if p.SSL.KeyFile != "" {
		tlsinfo.KeyFile = p.SSL.KeyFile
		cfgtls = &tlsinfo
	}

	if p.SSL.CAFile != "" {
		tlsinfo.TrustedCAFile = p.SSL.CAFile
		cfgtls = &tlsinfo
	}

	if p.SSL.ServerName != "" {
		tlsinfo.ServerName = p.SSL.ServerName
		cfgtls = &tlsinfo
	}

	if cfgtls != nil {
		clientTLS, err := cfgtls.ClientConfig()
		if err != nil {
			return nil, err
		}
		cfg.TLS = clientTLS
	}

	db, err := clientv3.New(cfg)
	if err != nil {
		return nil, err
	}
	if len(p.Namespace) > 0 {
		db.KV = namespace.NewKV(db.KV, p.Namespace)
	}
	c := &conn{
		db:     db,
		logger: logger,
	}
	return c, nil
}
storage: add etcd storage This patch adds etcd storage implementation. This should be useful in environments where - we dont want to depends on a separate, hard to maintain SQL cluster - we dont want to incur the overhead of talking to kubernetes apiservers - kubernetes is not available yet, or if kubernetes depends on dex to perform authentication and the operator would like to remove any circular dependency if possible. 2017-10-03 19:03:58 +05:30			`package etcd`

			`import (`
			`"time"`

Update etcd 2020-01-30 22:20:22 +05:30			`"go.etcd.io/etcd/clientv3"`
			`"go.etcd.io/etcd/clientv3/namespace"`
			`"go.etcd.io/etcd/pkg/transport"`
*: github.com/coreos/dex -> github.com/dexidp/dex Signed-off-by: Stephan Renatus <srenatus@chef.io> 2018-09-03 12:14:44 +05:30
Add logger interface and stop relying on Logrus directly 2019-02-22 17:49:23 +05:30			`"github.com/dexidp/dex/pkg/log"`
*: github.com/coreos/dex -> github.com/dexidp/dex Signed-off-by: Stephan Renatus <srenatus@chef.io> 2018-09-03 12:14:44 +05:30			`"github.com/dexidp/dex/storage"`
storage: add etcd storage This patch adds etcd storage implementation. This should be useful in environments where - we dont want to depends on a separate, hard to maintain SQL cluster - we dont want to incur the overhead of talking to kubernetes apiservers - kubernetes is not available yet, or if kubernetes depends on dex to perform authentication and the operator would like to remove any circular dependency if possible. 2017-10-03 19:03:58 +05:30			`)`

Run fixer Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> 2020-11-04 01:20:09 +05:30			`var defaultDialTimeout = 2 * time.Second`
storage: add etcd storage This patch adds etcd storage implementation. This should be useful in environments where - we dont want to depends on a separate, hard to maintain SQL cluster - we dont want to incur the overhead of talking to kubernetes apiservers - kubernetes is not available yet, or if kubernetes depends on dex to perform authentication and the operator would like to remove any circular dependency if possible. 2017-10-03 19:03:58 +05:30
			`// SSL represents SSL options for etcd databases.`
			`type SSL struct {`
storage/etcd: document struct tag in code This explicitly adds struct tags for etcd storage instead of implicitly depends on yaml/json config serialization. 2017-11-06 20:16:18 +05:30			ServerName string `json:"serverName" yaml:"serverName"`
			CAFile string `json:"caFile" yaml:"caFile"`
			KeyFile string `json:"keyFile" yaml:"keyFile"`
			CertFile string `json:"certFile" yaml:"certFile"`
storage: add etcd storage This patch adds etcd storage implementation. This should be useful in environments where - we dont want to depends on a separate, hard to maintain SQL cluster - we dont want to incur the overhead of talking to kubernetes apiservers - kubernetes is not available yet, or if kubernetes depends on dex to perform authentication and the operator would like to remove any circular dependency if possible. 2017-10-03 19:03:58 +05:30			`}`

			`// Etcd options for connecting to etcd databases.`
			`// If you are using a shared etcd cluster for storage, it might be useful to`
			// configure an etcd namespace either via Namespace field or using `etcd grpc-proxy
			// --namespace=<prefix>`
			`type Etcd struct {`
storage/etcd: document struct tag in code This explicitly adds struct tags for etcd storage instead of implicitly depends on yaml/json config serialization. 2017-11-06 20:16:18 +05:30			Endpoints []string `json:"endpoints" yaml:"endpoints"`
			Namespace string `json:"namespace" yaml:"namespace"`
			Username string `json:"username" yaml:"username"`
			Password string `json:"password" yaml:"password"`
			SSL SSL `json:"ssl" yaml:"ssl"`
storage: add etcd storage This patch adds etcd storage implementation. This should be useful in environments where - we dont want to depends on a separate, hard to maintain SQL cluster - we dont want to incur the overhead of talking to kubernetes apiservers - kubernetes is not available yet, or if kubernetes depends on dex to perform authentication and the operator would like to remove any circular dependency if possible. 2017-10-03 19:03:58 +05:30			`}`

			`// Open creates a new storage implementation backed by Etcd`
Add logger interface and stop relying on Logrus directly 2019-02-22 17:49:23 +05:30			`func (p *Etcd) Open(logger log.Logger) (storage.Storage, error) {`
storage: add etcd storage This patch adds etcd storage implementation. This should be useful in environments where - we dont want to depends on a separate, hard to maintain SQL cluster - we dont want to incur the overhead of talking to kubernetes apiservers - kubernetes is not available yet, or if kubernetes depends on dex to perform authentication and the operator would like to remove any circular dependency if possible. 2017-10-03 19:03:58 +05:30			`return p.open(logger)`
			`}`

Add logger interface and stop relying on Logrus directly 2019-02-22 17:49:23 +05:30			`func (p Etcd) open(logger log.Logger) (conn, error) {`
storage: add etcd storage This patch adds etcd storage implementation. This should be useful in environments where - we dont want to depends on a separate, hard to maintain SQL cluster - we dont want to incur the overhead of talking to kubernetes apiservers - kubernetes is not available yet, or if kubernetes depends on dex to perform authentication and the operator would like to remove any circular dependency if possible. 2017-10-03 19:03:58 +05:30			`cfg := clientv3.Config{`
			`Endpoints: p.Endpoints,`
fix timeout bug for etcd3 client connect 2018-08-03 02:37:23 +05:30			`DialTimeout: defaultDialTimeout,`
storage: add etcd storage This patch adds etcd storage implementation. This should be useful in environments where - we dont want to depends on a separate, hard to maintain SQL cluster - we dont want to incur the overhead of talking to kubernetes apiservers - kubernetes is not available yet, or if kubernetes depends on dex to perform authentication and the operator would like to remove any circular dependency if possible. 2017-10-03 19:03:58 +05:30			`Username: p.Username,`
			`Password: p.Password,`
			`}`

			`var cfgtls *transport.TLSInfo`
			`tlsinfo := transport.TLSInfo{}`
			`if p.SSL.CertFile != "" {`
			`tlsinfo.CertFile = p.SSL.CertFile`
			`cfgtls = &tlsinfo`
			`}`

			`if p.SSL.KeyFile != "" {`
			`tlsinfo.KeyFile = p.SSL.KeyFile`
			`cfgtls = &tlsinfo`
			`}`

			`if p.SSL.CAFile != "" {`
Update etcd 2020-01-30 22:20:22 +05:30			`tlsinfo.TrustedCAFile = p.SSL.CAFile`
storage: add etcd storage This patch adds etcd storage implementation. This should be useful in environments where - we dont want to depends on a separate, hard to maintain SQL cluster - we dont want to incur the overhead of talking to kubernetes apiservers - kubernetes is not available yet, or if kubernetes depends on dex to perform authentication and the operator would like to remove any circular dependency if possible. 2017-10-03 19:03:58 +05:30			`cfgtls = &tlsinfo`
			`}`

			`if p.SSL.ServerName != "" {`
			`tlsinfo.ServerName = p.SSL.ServerName`
			`cfgtls = &tlsinfo`
			`}`

			`if cfgtls != nil {`
			`clientTLS, err := cfgtls.ClientConfig()`
			`if err != nil {`
			`return nil, err`
			`}`
			`cfg.TLS = clientTLS`
			`}`

			`db, err := clientv3.New(cfg)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if len(p.Namespace) > 0 {`
			`db.KV = namespace.NewKV(db.KV, p.Namespace)`
			`}`
			`c := &conn{`
			`db: db,`
			`logger: logger,`
			`}`
			`return c, nil`
			`}`