Merge pull request #235 from bobbyrullo/new_go_oidc

Godeps: update github.com/coreos/go-oidc
This commit is contained in:
Eric Chiang 2015-12-21 12:01:10 -08:00
commit 5192cac342
6 changed files with 64 additions and 35 deletions

10
Godeps/Godeps.json generated
View file

@ -21,23 +21,23 @@
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/http", "ImportPath": "github.com/coreos/go-oidc/http",
"Rev": "48e2a9be3918af3299c4b390399346447eefea22" "Rev": "145916abb78708694762ff359ab1e34c47c7947f"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/jose", "ImportPath": "github.com/coreos/go-oidc/jose",
"Rev": "48e2a9be3918af3299c4b390399346447eefea22" "Rev": "145916abb78708694762ff359ab1e34c47c7947f"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/key", "ImportPath": "github.com/coreos/go-oidc/key",
"Rev": "48e2a9be3918af3299c4b390399346447eefea22" "Rev": "145916abb78708694762ff359ab1e34c47c7947f"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/oauth2", "ImportPath": "github.com/coreos/go-oidc/oauth2",
"Rev": "48e2a9be3918af3299c4b390399346447eefea22" "Rev": "145916abb78708694762ff359ab1e34c47c7947f"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/oidc", "ImportPath": "github.com/coreos/go-oidc/oidc",
"Rev": "48e2a9be3918af3299c4b390399346447eefea22" "Rev": "145916abb78708694762ff359ab1e34c47c7947f"
}, },
{ {
"ImportPath": "github.com/coreos/pkg/capnslog", "ImportPath": "github.com/coreos/pkg/capnslog",

View file

@ -135,7 +135,7 @@ func (s *PrivateKeySet) Active() *PrivateKey {
type GeneratePrivateKeyFunc func() (*PrivateKey, error) type GeneratePrivateKeyFunc func() (*PrivateKey, error)
func GeneratePrivateKey() (*PrivateKey, error) { func GeneratePrivateKey() (*PrivateKey, error) {
pk, err := rsa.GenerateKey(rand.Reader, 1024) pk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -1,6 +1,9 @@
package key package key
import "errors" import (
"errors"
"sync"
)
var ErrorNoKeys = errors.New("no keys found") var ErrorNoKeys = errors.New("no keys found")
@ -22,6 +25,7 @@ func NewPrivateKeySetRepo() PrivateKeySetRepo {
} }
type memPrivateKeySetRepo struct { type memPrivateKeySetRepo struct {
mu sync.RWMutex
pks PrivateKeySet pks PrivateKeySet
} }
@ -33,11 +37,17 @@ func (r *memPrivateKeySetRepo) Set(ks KeySet) error {
return errors.New("nil KeySet") return errors.New("nil KeySet")
} }
r.mu.Lock()
defer r.mu.Unlock()
r.pks = *pks r.pks = *pks
return nil return nil
} }
func (r *memPrivateKeySetRepo) Get() (KeySet, error) { func (r *memPrivateKeySetRepo) Get() (KeySet, error) {
r.mu.RLock()
defer r.mu.RUnlock()
if r.pks.keys == nil { if r.pks.keys == nil {
return nil, ErrorNoKeys return nil, ErrorNoKeys
} }

View file

@ -29,7 +29,7 @@ func (s *KeySetSyncer) Run() chan struct{} {
var failing bool var failing bool
var next time.Duration var next time.Duration
for { for {
exp, err := sync(s.readable, s.writable, s.clock) exp, err := syncKeySet(s.readable, s.writable, s.clock)
if err != nil || exp == 0 { if err != nil || exp == 0 {
if !failing { if !failing {
failing = true failing = true
@ -62,12 +62,12 @@ func (s *KeySetSyncer) Run() chan struct{} {
} }
func Sync(r ReadableKeySetRepo, w WritableKeySetRepo) (time.Duration, error) { func Sync(r ReadableKeySetRepo, w WritableKeySetRepo) (time.Duration, error) {
return sync(r, w, clockwork.NewRealClock()) return syncKeySet(r, w, clockwork.NewRealClock())
} }
// sync copies the keyset from r to the KeySet at w and returns the duration in which the KeySet will expire. // syncKeySet copies the keyset from r to the KeySet at w and returns the duration in which the KeySet will expire.
// If keyset has already expired, returns a zero duration. // If keyset has already expired, returns a zero duration.
func sync(r ReadableKeySetRepo, w WritableKeySetRepo, clock clockwork.Clock) (exp time.Duration, err error) { func syncKeySet(r ReadableKeySetRepo, w WritableKeySetRepo, clock clockwork.Clock) (exp time.Duration, err error) {
var ks KeySet var ks KeySet
ks, err = r.Get() ks, err = r.Get()
if err != nil { if err != nil {

View file

@ -101,34 +101,12 @@ type Client struct {
redirectURL string redirectURL string
scope []string scope []string
keySet key.PublicKeySet keySet key.PublicKeySet
providerSyncer *ProviderConfigSyncer
keySetSyncMutex sync.RWMutex keySetSyncMutex sync.RWMutex
lastKeySetSync time.Time lastKeySetSync time.Time
} }
type providerConfigRepo struct {
mu sync.RWMutex
config ProviderConfig // do not access directly, use Get()
}
func newProviderConfigRepo(pc ProviderConfig) *providerConfigRepo {
return &providerConfigRepo{sync.RWMutex{}, pc}
}
// returns an error to implement ProviderConfigSetter
func (r *providerConfigRepo) Set(cfg ProviderConfig) error {
r.mu.Lock()
defer r.mu.Unlock()
r.config = cfg
return nil
}
func (r *providerConfigRepo) Get() ProviderConfig {
r.mu.RLock()
defer r.mu.RUnlock()
return r.config
}
func (c *Client) Healthy() error { func (c *Client) Healthy() error {
now := time.Now().UTC() now := time.Now().UTC()
@ -178,9 +156,13 @@ func chooseAuthMethod(cfg ProviderConfig) (string, error) {
return "", errors.New("no supported auth methods") return "", errors.New("no supported auth methods")
} }
// SyncProviderConfig starts the provider config syncer
func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{} { func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{} {
r := NewHTTPProviderConfigGetter(c.httpClient, discoveryURL) r := NewHTTPProviderConfigGetter(c.httpClient, discoveryURL)
return NewProviderConfigSyncer(r, c.providerConfig).Run() s := NewProviderConfigSyncer(r, c.providerConfig)
stop := s.Run()
s.WaitUntilInitialSync()
return stop
} }
func (c *Client) maybeSyncKeys() error { func (c *Client) maybeSyncKeys() error {
@ -340,3 +322,26 @@ func (c *Client) keysFuncAll() func() []key.PublicKey {
return c.keySet.Keys() return c.keySet.Keys()
} }
} }
type providerConfigRepo struct {
mu sync.RWMutex
config ProviderConfig // do not access directly, use Get()
}
func newProviderConfigRepo(pc ProviderConfig) *providerConfigRepo {
return &providerConfigRepo{sync.RWMutex{}, pc}
}
// returns an error to implement ProviderConfigSetter
func (r *providerConfigRepo) Set(cfg ProviderConfig) error {
r.mu.Lock()
defer r.mu.Unlock()
r.config = cfg
return nil
}
func (r *providerConfigRepo) Get() ProviderConfig {
r.mu.RLock()
defer r.mu.RUnlock()
return r.config
}

View file

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"net/http" "net/http"
"sync"
"time" "time"
"github.com/coreos/pkg/capnslog" "github.com/coreos/pkg/capnslog"
@ -75,6 +76,9 @@ type ProviderConfigSyncer struct {
from ProviderConfigGetter from ProviderConfigGetter
to ProviderConfigSetter to ProviderConfigSetter
clock clockwork.Clock clock clockwork.Clock
initialSyncDone bool
initialSyncWait sync.WaitGroup
} }
func NewProviderConfigSyncer(from ProviderConfigGetter, to ProviderConfigSetter) *ProviderConfigSyncer { func NewProviderConfigSyncer(from ProviderConfigGetter, to ProviderConfigSetter) *ProviderConfigSyncer {
@ -91,6 +95,7 @@ func (s *ProviderConfigSyncer) Run() chan struct{} {
var next pcsStepper var next pcsStepper
next = &pcsStepNext{aft: time.Duration(0)} next = &pcsStepNext{aft: time.Duration(0)}
s.initialSyncWait.Add(1)
go func() { go func() {
for { for {
select { select {
@ -105,6 +110,10 @@ func (s *ProviderConfigSyncer) Run() chan struct{} {
return stop return stop
} }
func (s *ProviderConfigSyncer) WaitUntilInitialSync() {
s.initialSyncWait.Wait()
}
func (s *ProviderConfigSyncer) sync() (time.Duration, error) { func (s *ProviderConfigSyncer) sync() (time.Duration, error) {
cfg, err := s.from.Get() cfg, err := s.from.Get()
if err != nil { if err != nil {
@ -115,6 +124,11 @@ func (s *ProviderConfigSyncer) sync() (time.Duration, error) {
return 0, fmt.Errorf("error setting provider config: %v", err) return 0, fmt.Errorf("error setting provider config: %v", err)
} }
if !s.initialSyncDone {
s.initialSyncWait.Done()
s.initialSyncDone = true
}
log.Infof("Updating provider config: config=%#v", cfg) log.Infof("Updating provider config: config=%#v", cfg)
return nextSyncAfter(cfg.ExpiresAt, s.clock), nil return nextSyncAfter(cfg.ExpiresAt, s.clock), nil