From b3533cda59efcceb9fc1f8da390aac93d6ef5ec8 Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Sat, 22 Apr 2023 20:24:14 -0700 Subject: [PATCH] Fix service check common auth --- service/events/nats.go | 3 +-- service/kvstore/kvstore.go | 24 ++++++++++++++++-------- service/objstore/objstore.go | 7 +++---- service/pubsub/pubsub.go | 3 +-- 4 files changed, 21 insertions(+), 16 deletions(-) diff --git a/service/events/nats.go b/service/events/nats.go index 92401941..3f53c77c 100644 --- a/service/events/nats.go +++ b/service/events/nats.go @@ -25,7 +25,6 @@ type ( NatsService struct { lc *lifecycle.Lifecycle[natsClient] clientname string - auth natsauth addr string config governor.SecretReader log *klog.LevelLogger @@ -145,7 +144,7 @@ func (s *NatsService) handleGetClient(ctx context.Context, m *lifecycle.Manager[ if secret.Password == "" { return client, kerrors.WithKind(nil, governor.ErrInvalidConfig, "Empty auth") } - if secret == s.auth { + if secret == client.auth { return client, nil } } diff --git a/service/kvstore/kvstore.go b/service/kvstore/kvstore.go index 0d8f34f5..dd2d2818 100644 --- a/service/kvstore/kvstore.go +++ b/service/kvstore/kvstore.go @@ -73,7 +73,7 @@ type ( kvstoreClient struct { client *redis.Client - auth secretAuth + auth redisauth } Service struct { @@ -232,12 +232,14 @@ func (s *Service) handlePing(ctx context.Context, m *lifecycle.Manager[kvstoreCl if s.hbfailed < s.hbmaxfail { s.log.WarnErr(ctx, kerrors.WithMsg(err, "Failed to ping kvstore"), klog.AString("addr", s.addr), + klog.AString("username", client.auth.Username), klog.AString("dbname", strconv.Itoa(s.dbname)), ) return } s.log.Err(ctx, kerrors.WithMsg(err, "Failed max pings to kvstore"), klog.AString("addr", s.addr), + klog.AString("username", client.auth.Username), klog.AString("dbname", strconv.Itoa(s.dbname)), ) @@ -251,35 +253,38 @@ func (s *Service) handlePing(ctx context.Context, m *lifecycle.Manager[kvstoreCl } type ( - secretAuth struct { + redisauth struct { + Username string `mapstructure:"username"` Password string `mapstructure:"password"` } ) func (s *Service) handleGetClient(ctx context.Context, m *lifecycle.Manager[kvstoreClient]) (*kvstoreClient, error) { - var secret secretAuth + var auth redisauth { client := m.Load(ctx) - if err := s.config.GetSecret(ctx, "auth", 0, &secret); err != nil { + if err := s.config.GetSecret(ctx, "auth", 0, &auth); err != nil { return client, kerrors.WithMsg(err, "Invalid secret") } - if secret.Password == "" { + if auth.Username == "" { return client, kerrors.WithKind(nil, governor.ErrInvalidConfig, "Empty auth") } - if client != nil && secret == client.auth { + if client != nil && auth == client.auth { return client, nil } } kvClient := redis.NewClient(&redis.Options{ Addr: s.addr, - Password: secret.Password, + Username: auth.Username, + Password: auth.Password, DB: s.dbname, }) if _, err := kvClient.Ping(ctx).Result(); err != nil { if err := kvClient.Close(); err != nil { s.log.Err(ctx, kerrors.WithKind(err, ErrConn, "Failed to close db after failed initial ping"), klog.AString("addr", s.addr), + klog.AString("username", auth.Username), klog.AString("dbname", strconv.Itoa(s.dbname)), ) } @@ -291,12 +296,13 @@ func (s *Service) handleGetClient(ctx context.Context, m *lifecycle.Manager[kvst s.log.Info(ctx, "Established connection to kvstore", klog.AString("addr", s.addr), + klog.AString("username", auth.Username), klog.AString("dbname", strconv.Itoa(s.dbname)), ) client := &kvstoreClient{ client: kvClient, - auth: secret, + auth: auth, } m.Store(client) @@ -308,11 +314,13 @@ func (s *Service) closeClient(ctx context.Context, client *kvstoreClient) { if err := client.client.Close(); err != nil { s.log.Err(ctx, kerrors.WithMsg(err, "Failed to close kvstore connection"), klog.AString("addr", s.addr), + klog.AString("username", client.auth.Username), klog.AString("dbname", strconv.Itoa(s.dbname)), ) } else { s.log.Info(ctx, "Closed kvstore connection", klog.AString("addr", s.addr), + klog.AString("username", client.auth.Username), klog.AString("dbname", strconv.Itoa(s.dbname)), ) } diff --git a/service/objstore/objstore.go b/service/objstore/objstore.go index 7cc069e6..5ff4f812 100644 --- a/service/objstore/objstore.go +++ b/service/objstore/objstore.go @@ -35,7 +35,6 @@ type ( Service struct { lc *lifecycle.Lifecycle[objstoreClient] clientname string - auth minioauth addr string sslmode bool location string @@ -188,13 +187,13 @@ func (s *Service) handlePing(ctx context.Context, m *lifecycle.Manager[objstoreC if s.hbfailed < s.hbmaxfail { s.log.WarnErr(ctx, kerrors.WithMsg(err, "Failed to ping objstore"), klog.AString("addr", s.addr), - klog.AString("username", s.auth.Username), + klog.AString("username", client.auth.Username), ) return } s.log.Err(ctx, kerrors.WithMsg(err, "Failed max pings to objstore"), klog.AString("addr", s.addr), - klog.AString("username", s.auth.Username), + klog.AString("username", client.auth.Username), ) s.hbfailed = 0 // first invalidate cached secret in order to ensure that construct client @@ -243,7 +242,7 @@ func (s *Service) handleGetClient(ctx context.Context, m *lifecycle.Manager[objs s.log.Info(ctx, "Established connection to objstore", klog.AString("addr", s.addr), - klog.AString("username", s.auth.Username), + klog.AString("username", auth.Username), ) client := &objstoreClient{ diff --git a/service/pubsub/pubsub.go b/service/pubsub/pubsub.go index 8ed5845e..7dba3a90 100644 --- a/service/pubsub/pubsub.go +++ b/service/pubsub/pubsub.go @@ -43,7 +43,6 @@ type ( Service struct { lc *lifecycle.Lifecycle[pubsubClient] clientname string - auth natsauth addr string config governor.SecretReader log *klog.LevelLogger @@ -197,7 +196,7 @@ func (s *Service) handleGetClient(ctx context.Context, m *lifecycle.Manager[pubs if secret.Password == "" { return client, kerrors.WithKind(nil, governor.ErrInvalidConfig, "Empty auth") } - if secret == s.auth { + if secret == client.auth { return client, nil } }