Skip to content

Commit b41f93f

Browse files
committed
feat: Add key-related APIs in security-proxy-auth
Resolves #5038. Add key-related APIs in security-proxy-auth to enable support for external JWT verification. Signed-off-by: Lindsey Cheng <beckysocute@gmail.com>
1 parent 0ef5369 commit b41f93f

File tree

27 files changed

+1283
-53
lines changed

27 files changed

+1283
-53
lines changed

cmd/core-common-config-bootstrapper/res/configuration.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,12 @@ all-services:
7373
DefaultPubRetryAttempts: "2"
7474
Subject: "edgex/#" # Required for NATS JetStream only for stream auto-provisioning
7575

76+
Clients:
77+
security-proxy-auth:
78+
Protocol: http
79+
Host: localhost
80+
Port: 59842
81+
7682
app-services:
7783
Writable:
7884
StoreAndForward:
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
--
2+
-- Copyright (C) 2024 IOTech Ltd
3+
--
4+
-- SPDX-License-Identifier: Apache-2.0
5+
6+
-- schema for proxy-auth related tables
7+
CREATE SCHEMA IF NOT EXISTS security_proxy_auth;
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
--
2+
-- Copyright (C) 2024 IOTech Ltd
3+
--
4+
-- SPDX-License-Identifier: Apache-2.0
5+
6+
-- security_proxy_auth.key_store is used to store the key file
7+
CREATE TABLE IF NOT EXISTS security_proxy_auth.key_store (
8+
id UUID PRIMARY KEY,
9+
name TEXT NOT NULL UNIQUE,
10+
content TEXT NOT NULL,
11+
created timestamp NOT NULL DEFAULT (now() AT TIME ZONE 'utc'),
12+
modified timestamp NOT NULL DEFAULT (now() AT TIME ZONE 'utc')
13+
);

cmd/security-secretstore-setup/res/configuration.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,9 @@ Databases:
6464
scheduler:
6565
Service: support-scheduler
6666
Username: support_scheduler
67+
securityproxyauth:
68+
Service: security-proxy-auth
69+
Username: security_proxy_auth
6770
SecureMessageBus:
6871
Type: none
6972
KuiperConfigPath: /tmp/kuiper/edgex.yaml

go.mod

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,3 +133,7 @@ require (
133133
gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
134134
nhooyr.io/websocket v1.8.17 // indirect
135135
)
136+
137+
replace github.com/edgexfoundry/go-mod-core-contracts/v4 => github.com/lindseysimple/go-mod-core-contracts/v4 v4.0.0-20241224070246-4567c6a29d20
138+
139+
replace github.com/edgexfoundry/go-mod-bootstrap/v4 => github.com/lindseysimple/go-mod-bootstrap/v4 v4.0.0-20241226015317-1da7d091abea

go.sum

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,12 +68,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
6868
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
6969
github.com/eclipse/paho.mqtt.golang v1.5.0 h1:EH+bUVJNgttidWFkLLVKaQPGmkTUfQQqjOsyvMGvD6o=
7070
github.com/eclipse/paho.mqtt.golang v1.5.0/go.mod h1:du/2qNQVqJf/Sqs4MEL77kR8QTqANF7XU7Fk0aOTAgk=
71-
github.com/edgexfoundry/go-mod-bootstrap/v4 v4.0.0-dev.14 h1:C2D1RppHFKME7q/nVJVPHlzLYs12UTkJBz/q/4ZxBTA=
72-
github.com/edgexfoundry/go-mod-bootstrap/v4 v4.0.0-dev.14/go.mod h1:g0H805nWxtzJplM6nFnbTJi1TgXRD730NO9xxhC6xXk=
7371
github.com/edgexfoundry/go-mod-configuration/v4 v4.0.0-dev.10 h1:DMv5LZDxcqUeb1dREMd/vK+reXmZYlpafgtm8XhYdHQ=
7472
github.com/edgexfoundry/go-mod-configuration/v4 v4.0.0-dev.10/go.mod h1:ltUpMcOpJSzmabBtZox5qg1AK2wEikvZJyIBXtJ7mUQ=
75-
github.com/edgexfoundry/go-mod-core-contracts/v4 v4.0.0-dev.15 h1:4FbSL5rsNXVonrYz4K5v1oCNmi64LvcEx8xCgr6mXOo=
76-
github.com/edgexfoundry/go-mod-core-contracts/v4 v4.0.0-dev.15/go.mod h1:M5JXcRrmnIVNAmqeDNVXd0PSOGdq96fgrEmzivx02c8=
7773
github.com/edgexfoundry/go-mod-messaging/v4 v4.0.0-dev.10 h1:xvDQDIJtmj/ZCmKzbAzg3h1F2ZdWz1MPoJSNfYZANGc=
7874
github.com/edgexfoundry/go-mod-messaging/v4 v4.0.0-dev.10/go.mod h1:ibaiw7r3RgLYDuuFfWT1kh//bjP+onDOOQsnSsdD4E8=
7975
github.com/edgexfoundry/go-mod-registry/v4 v4.0.0-dev.2 h1:iHu8JPpmrEOrIZdv0iYW69FlMmkyal/FpbXtC3pHt2c=
@@ -305,6 +301,10 @@ github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0
305301
github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU=
306302
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
307303
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
304+
github.com/lindseysimple/go-mod-bootstrap/v4 v4.0.0-20241226015317-1da7d091abea h1:wv2pZ9XNYvy+npNoWml3k92A80/aTJoksp2Qq0IsvVA=
305+
github.com/lindseysimple/go-mod-bootstrap/v4 v4.0.0-20241226015317-1da7d091abea/go.mod h1:a7rlrr4QTgjNZZGgnikVFGTDIYda1nuyEBQYPJAFD2Q=
306+
github.com/lindseysimple/go-mod-core-contracts/v4 v4.0.0-20241224070246-4567c6a29d20 h1:9AM7b578tXzt7SmvAfNUgyNPZj4PhbbnmsJRGTYmluU=
307+
github.com/lindseysimple/go-mod-core-contracts/v4 v4.0.0-20241224070246-4567c6a29d20/go.mod h1:M5JXcRrmnIVNAmqeDNVXd0PSOGdq96fgrEmzivx02c8=
308308
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
309309
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
310310
github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=

internal/core/command/router.go

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
//
2-
// Copyright (C) 2021-2023 IOTech Ltd
2+
// Copyright (C) 2021-2024 IOTech Ltd
33
// Copyright (C) 2023 Intel Corporation
44
//
55
// SPDX-License-Identifier: Apache-2.0
@@ -9,7 +9,6 @@ package command
99
import (
1010
"github.com/edgexfoundry/edgex-go"
1111
commandController "github.com/edgexfoundry/edgex-go/internal/core/command/controller/http"
12-
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/container"
1312
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/controller"
1413
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/handlers"
1514
"github.com/edgexfoundry/go-mod-bootstrap/v4/di"
@@ -19,9 +18,7 @@ import (
1918
)
2019

2120
func LoadRestRoutes(r *echo.Echo, dic *di.Container, serviceName string) {
22-
lc := container.LoggingClientFrom(dic.Get)
23-
secretProvider := container.SecretProviderExtFrom(dic.Get)
24-
authenticationHook := handlers.AutoConfigAuthenticationFunc(secretProvider, lc)
21+
authenticationHook := handlers.AutoConfigAuthenticationFunc(dic)
2522

2623
// Common
2724
_ = controller.NewCommonController(dic, r, serviceName, edgex.Version)

internal/core/data/router.go

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
//
2-
// Copyright (C) 2021-2023 IOTech Ltd
2+
// Copyright (C) 2021-2024 IOTech Ltd
33
// Copyright (C) 2023 Intel Corporation
44
//
55
// SPDX-License-Identifier: Apache-2.0
@@ -8,7 +8,6 @@ package data
88

99
import (
1010
"github.com/edgexfoundry/edgex-go"
11-
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/container"
1211
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/controller"
1312
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/handlers"
1413
"github.com/edgexfoundry/go-mod-bootstrap/v4/di"
@@ -20,9 +19,7 @@ import (
2019
)
2120

2221
func LoadRestRoutes(r *echo.Echo, dic *di.Container, serviceName string) {
23-
lc := container.LoggingClientFrom(dic.Get)
24-
secretProvider := container.SecretProviderExtFrom(dic.Get)
25-
authenticationHook := handlers.AutoConfigAuthenticationFunc(secretProvider, lc)
22+
authenticationHook := handlers.AutoConfigAuthenticationFunc(dic)
2623

2724
// Common
2825
_ = controller.NewCommonController(dic, r, serviceName, edgex.Version)

internal/core/keeper/router.go

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@ package keeper
77

88
import (
99
"github.com/edgexfoundry/edgex-go"
10-
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/container"
1110
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/controller"
1211
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/handlers"
1312
"github.com/edgexfoundry/go-mod-bootstrap/v4/di"
@@ -19,9 +18,7 @@ import (
1918
)
2019

2120
func LoadRestRoutes(r *echo.Echo, dic *di.Container, serviceName string) {
22-
lc := container.LoggingClientFrom(dic.Get)
23-
secretProvider := container.SecretProviderExtFrom(dic.Get)
24-
authenticationHook := handlers.AutoConfigAuthenticationFunc(secretProvider, lc)
21+
authenticationHook := handlers.AutoConfigAuthenticationFunc(dic)
2522

2623
// Common
2724
_ = controller.NewCommonController(dic, r, serviceName, edgex.Version)

internal/core/metadata/router.go

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ package metadata
88

99
import (
1010
"github.com/edgexfoundry/edgex-go"
11-
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/container"
1211
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/controller"
1312
"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/handlers"
1413
"github.com/edgexfoundry/go-mod-bootstrap/v4/di"
@@ -21,9 +20,7 @@ import (
2120
)
2221

2322
func LoadRestRoutes(r *echo.Echo, dic *di.Container, serviceName string) {
24-
lc := container.LoggingClientFrom(dic.Get)
25-
secretProvider := container.SecretProviderExtFrom(dic.Get)
26-
authenticationHook := handlers.AutoConfigAuthenticationFunc(secretProvider, lc)
23+
authenticationHook := handlers.AutoConfigAuthenticationFunc(dic)
2724

2825
// Common
2926
_ = controller.NewCommonController(dic, r, serviceName, edgex.Version)

0 commit comments

Comments
 (0)