dex/cmd/dex-worker/main.go

package main

import (
	"expvar"
	"flag"
	"fmt"
	"net/http"
	"net/url"
	"os"

	"github.com/gorilla/handlers"

	"github.com/coreos/dex/db"
	pflag "github.com/coreos/dex/pkg/flag"
	"github.com/coreos/dex/pkg/log"
	"github.com/coreos/dex/server"

	"github.com/coreos/pkg/flagutil"
)

var version = "DEV"

func init() {
	versionVar := expvar.NewString("dex.version")
	versionVar.Set(version)
}

func main() {
	fs := flag.NewFlagSet("dex-worker", flag.ExitOnError)
	listen := fs.String("listen", "http://0.0.0.0:5556", "")
	issuer := fs.String("issuer", "http://127.0.0.1:5556", "")
	templates := fs.String("html-assets", "./static/html", "directory of html template files")

	emailTemplateDirs := flagutil.StringSliceFlag{"./static/email"}
	fs.Var(&emailTemplateDirs, "email-templates", "comma separated list of directories of email template files")

	emailFrom := fs.String("email-from", "no-reply@coreos.com", "emails sent from dex will come from this address")
	emailConfig := fs.String("email-cfg", "./static/fixtures/emailer.json", "configures emailer.")

	noDB := fs.Bool("no-db", false, "manage entities in-process w/o any encryption, used only for single-node testing")

	// ignored if --no-db is set
	dbURL := fs.String("db-url", "", "DSN-formatted database connection string")

	keySecrets := pflag.NewBase64List(32)
	fs.Var(keySecrets, "key-secrets", "A comma-separated list of base64 encoded 32 byte strings used as symmetric keys used to encrypt/decrypt signing key data in DB. The first key is considered the active key and used for encryption, while the others are used to decrypt.")

	dbMaxIdleConns := fs.Int("db-max-idle-conns", 0, "maximum number of connections in the idle connection pool")
	dbMaxOpenConns := fs.Int("db-max-open-conns", 0, "maximum number of open connections to the database")

	// used only if --no-db is set
	connectors := fs.String("connectors", "./static/fixtures/connectors.json", "JSON file containg set of IDPC configs")
	clients := fs.String("clients", "./static/fixtures/clients.json", "json file containing set of clients")
	users := fs.String("users", "./static/fixtures/users.json", "json file containing set of users")

	logDebug := fs.Bool("log-debug", false, "log debug-level information")
	logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")

	if err := fs.Parse(os.Args[1:]); err != nil {
		fmt.Fprintln(os.Stderr, err.Error())
		os.Exit(1)
	}

	if err := pflag.SetFlagsFromEnv(fs, "DEX_WORKER"); err != nil {
		fmt.Fprintln(os.Stderr, err.Error())
		os.Exit(1)
	}

	if *logDebug {
		log.EnableDebug()
		log.Infof("Debug logging enabled.")
		log.Debugf("Debug logging enabled.")
	}
	if *logTimestamps {
		log.EnableTimestamps()
	}

	lu, err := url.Parse(*listen)
	if err != nil {
		log.Fatalf("Unable to use --listen flag: %v", err)
	}

	if lu.Scheme != "http" {
		log.Fatalf("Unable to listen using scheme %s", lu.Scheme)
	}

	scfg := server.ServerConfig{
		IssuerURL:         *issuer,
		TemplateDir:       *templates,
		EmailTemplateDirs: emailTemplateDirs,
		EmailFromAddress:  *emailFrom,
		EmailerConfigFile: *emailConfig,
	}

	if *noDB {
		log.Warning("Running in-process without external database or key rotation")
		scfg.StateConfig = &server.SingleServerConfig{
			ClientsFile:    *clients,
			ConnectorsFile: *connectors,
			UsersFile:      *users,
		}
	} else {
		if *dbMaxIdleConns == 0 {
			log.Warning("Running with no limit on: database idle connections")
		}
		if *dbMaxOpenConns == 0 {
			log.Warning("Running with no limit on: database open connections")
		}
		dbCfg := db.Config{
			DSN:                *dbURL,
			MaxIdleConnections: *dbMaxIdleConns,
			MaxOpenConnections: *dbMaxOpenConns,
		}
		scfg.StateConfig = &server.MultiServerConfig{
			KeySecrets:     keySecrets.BytesSlice(),
			DatabaseConfig: dbCfg,
		}
	}

	srv, err := scfg.Server()
	if err != nil {
		log.Fatalf("Unable to build Server: %v", err)
	}

	cfgs, err := srv.ConnectorConfigRepo.All()
	if err != nil {
		log.Fatalf("Unable to fetch connector configs from repo: %v", err)
	}

	for _, cfg := range cfgs {
		cfg := cfg
		if err = srv.AddConnector(cfg); err != nil {
			log.Fatalf("Failed registering connector: %v", err)
		}
	}

	h := srv.HTTPHandler()

	h = handlers.LoggingHandler(log.InfoWriter(), h)

	httpsrv := &http.Server{
		Addr:    lu.Host,
		Handler: h,
	}

	log.Infof("Binding to %s...", httpsrv.Addr)
	go func() {
		log.Fatal(httpsrv.ListenAndServe())
	}()

	<-srv.Run()
}
*: move original project to dex 2015-08-18 05:57:27 +05:30			`package main`

			`import (`
			`"expvar"`
			`"flag"`
			`"fmt"`
			`"net/http"`
			`"net/url"`
			`"os"`

			`"github.com/gorilla/handlers"`

			`"github.com/coreos/dex/db"`
			`pflag "github.com/coreos/dex/pkg/flag"`
			`"github.com/coreos/dex/pkg/log"`
			`"github.com/coreos/dex/server"`

			`"github.com/coreos/pkg/flagutil"`
			`)`

			`var version = "DEV"`

			`func init() {`
			`versionVar := expvar.NewString("dex.version")`
			`versionVar.Set(version)`
			`}`

			`func main() {`
			`fs := flag.NewFlagSet("dex-worker", flag.ExitOnError)`
			`listen := fs.String("listen", "http://0.0.0.0:5556", "")`
			`issuer := fs.String("issuer", "http://127.0.0.1:5556", "")`
			`templates := fs.String("html-assets", "./static/html", "directory of html template files")`

			`emailTemplateDirs := flagutil.StringSliceFlag{"./static/email"}`
			`fs.Var(&emailTemplateDirs, "email-templates", "comma separated list of directories of email template files")`

			`emailFrom := fs.String("email-from", "no-reply@coreos.com", "emails sent from dex will come from this address")`
			`emailConfig := fs.String("email-cfg", "./static/fixtures/emailer.json", "configures emailer.")`

			`noDB := fs.Bool("no-db", false, "manage entities in-process w/o any encryption, used only for single-node testing")`

			`// ignored if --no-db is set`
			`dbURL := fs.String("db-url", "", "DSN-formatted database connection string")`
cmd, server: base64 encode multiple secrets Two things here: * key secrets are now base64 encoded strings, so we get the full key space * we can pass >1 of them in so we can rotate them 2015-08-26 05:14:38 +05:30
			`keySecrets := pflag.NewBase64List(32)`
			`fs.Var(keySecrets, "key-secrets", "A comma-separated list of base64 encoded 32 byte strings used as symmetric keys used to encrypt/decrypt signing key data in DB. The first key is considered the active key and used for encryption, while the others are used to decrypt.")`

*: move original project to dex 2015-08-18 05:57:27 +05:30			`dbMaxIdleConns := fs.Int("db-max-idle-conns", 0, "maximum number of connections in the idle connection pool")`
			`dbMaxOpenConns := fs.Int("db-max-open-conns", 0, "maximum number of open connections to the database")`

			`// used only if --no-db is set`
			`connectors := fs.String("connectors", "./static/fixtures/connectors.json", "JSON file containg set of IDPC configs")`
			`clients := fs.String("clients", "./static/fixtures/clients.json", "json file containing set of clients")`
			`users := fs.String("users", "./static/fixtures/users.json", "json file containing set of users")`

			`logDebug := fs.Bool("log-debug", false, "log debug-level information")`
			`logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")`

			`if err := fs.Parse(os.Args[1:]); err != nil {`
			`fmt.Fprintln(os.Stderr, err.Error())`
			`os.Exit(1)`
			`}`

			`if err := pflag.SetFlagsFromEnv(fs, "DEX_WORKER"); err != nil {`
			`fmt.Fprintln(os.Stderr, err.Error())`
			`os.Exit(1)`
			`}`

			`if *logDebug {`
			`log.EnableDebug()`
			`log.Infof("Debug logging enabled.")`
			`log.Debugf("Debug logging enabled.")`
			`}`
			`if *logTimestamps {`
			`log.EnableTimestamps()`
			`}`

			`lu, err := url.Parse(*listen)`
			`if err != nil {`
			`log.Fatalf("Unable to use --listen flag: %v", err)`
			`}`

			`if lu.Scheme != "http" {`
			`log.Fatalf("Unable to listen using scheme %s", lu.Scheme)`
			`}`

			`scfg := server.ServerConfig{`
			`IssuerURL: *issuer,`
			`TemplateDir: *templates,`
			`EmailTemplateDirs: emailTemplateDirs,`
			`EmailFromAddress: *emailFrom,`
			`EmailerConfigFile: *emailConfig,`
			`}`

			`if *noDB {`
			`log.Warning("Running in-process without external database or key rotation")`
			`scfg.StateConfig = &server.SingleServerConfig{`
			`ClientsFile: *clients,`
			`ConnectorsFile: *connectors,`
			`UsersFile: *users,`
			`}`
			`} else {`
			`if *dbMaxIdleConns == 0 {`
			`log.Warning("Running with no limit on: database idle connections")`
			`}`
			`if *dbMaxOpenConns == 0 {`
			`log.Warning("Running with no limit on: database open connections")`
			`}`
			`dbCfg := db.Config{`
			`DSN: *dbURL,`
			`MaxIdleConnections: *dbMaxIdleConns,`
			`MaxOpenConnections: *dbMaxOpenConns,`
			`}`
			`scfg.StateConfig = &server.MultiServerConfig{`
cmd, server: base64 encode multiple secrets Two things here: * key secrets are now base64 encoded strings, so we get the full key space * we can pass >1 of them in so we can rotate them 2015-08-26 05:14:38 +05:30			`KeySecrets: keySecrets.BytesSlice(),`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`DatabaseConfig: dbCfg,`
			`}`
			`}`

			`srv, err := scfg.Server()`
			`if err != nil {`
			`log.Fatalf("Unable to build Server: %v", err)`
			`}`

			`cfgs, err := srv.ConnectorConfigRepo.All()`
			`if err != nil {`
			`log.Fatalf("Unable to fetch connector configs from repo: %v", err)`
			`}`

			`for _, cfg := range cfgs {`
			`cfg := cfg`
			`if err = srv.AddConnector(cfg); err != nil {`
			`log.Fatalf("Failed registering connector: %v", err)`
			`}`
			`}`

			`h := srv.HTTPHandler()`

			`h = handlers.LoggingHandler(log.InfoWriter(), h)`

			`httpsrv := &http.Server{`
			`Addr: lu.Host,`
			`Handler: h,`
			`}`

			`log.Infof("Binding to %s...", httpsrv.Addr)`
			`go func() {`
			`log.Fatal(httpsrv.ListenAndServe())`
			`}()`

			`<-srv.Run()`
			`}`