including /readyz and changes on oidc client

ydataai · Dec 3, 2021 · eb1488d · eb1488d
1 parent ce42c9a
commit eb1488d
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 17 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -41,6 +41,9 @@ func main() {
 
 	oidcClient := clients.NewOIDCClient(logger, oidcConfiguration)
 
+	// Start OIDC Provider Setup
+	go oidcClient.Setup()
+
 	oidcService := services.NewOIDCService(logger, oidcClient)
 	sessionService := services.NewSessionService(logger, sessionConfiguration)
 

diff --git a/internal/clients/oidc.go b/internal/clients/oidc.go
@@ -2,6 +2,7 @@ package clients
 
 import (
 	"context"
+	"time"
 
 	"github.com/coreos/go-oidc"
 	"github.com/ydataai/go-core/pkg/common/logging"
@@ -13,35 +14,53 @@ type OIDCClient struct {
 	configuration OIDCConfiguration
 	OAuth2Config  *oauth2.Config
 	Verifier      *oidc.IDTokenVerifier
+	provider      *oidc.Provider
+	ReadyzFunc    func() bool
 	logger        logging.Logger
 }
 
 // NewOIDCClient defines a new values for the server
 func NewOIDCClient(logger logging.Logger, config OIDCConfiguration) *OIDCClient {
+	return &OIDCClient{
+		configuration: config,
+		ReadyzFunc:    func() bool { return false },
+		logger:        logger,
+	}
+}
+
+// Setup initializes setup for OIDC Provider
+func (oc *OIDCClient) Setup() {
 	ctx := context.Background()
 
-	provider, err := oidc.NewProvider(ctx, config.OIDProviderURL)
-	if err != nil {
-		logger.Fatalf("OIDC provider setup failed. Error: %v", err)
-	}
+	// make sure it is available
+	oc.isAvailable(ctx)
 
 	// Configure an OpenID Connect aware OAuth2 client.
-	oauth2Config := &oauth2.Config{
-		ClientID:     config.ClientID,
-		ClientSecret: config.ClientSecret,
-		Endpoint:     provider.Endpoint(), // Discovery returns the OAuth2 endpoints.
-		RedirectURL:  config.OIDCRedirectURL,
-		Scopes:       config.OIDCScopes,
+	oc.OAuth2Config = &oauth2.Config{
+		ClientID:     oc.configuration.ClientID,
+		ClientSecret: oc.configuration.ClientSecret,
+		Endpoint:     oc.provider.Endpoint(), // Discovery returns the OAuth2 endpoints.
+		RedirectURL:  oc.configuration.OIDCRedirectURL,
+		Scopes:       oc.configuration.OIDCScopes,
 	}
 	oidcConfig := &oidc.Config{
-		ClientID: config.ClientID,
+		ClientID: oc.configuration.ClientID,
 	}
-	verifier := provider.Verifier(oidcConfig)
 
-	return &OIDCClient{
-		configuration: config,
-		OAuth2Config:  oauth2Config,
-		Verifier:      verifier,
-		logger:        logger,
+	oc.Verifier = oc.provider.Verifier(oidcConfig)
+}
+
+func (oc *OIDCClient) isAvailable(ctx context.Context) {
+	var err error
+
+	for {
+		oc.provider, err = oidc.NewProvider(ctx, oc.configuration.OIDProviderURL)
+		if err == nil {
+			break
+		}
+		oc.logger.Errorf("OIDC provider setup failed, retrying in 10 seconds: %v", err)
+		time.Sleep(10 * time.Second)
 	}
+
+	oc.ReadyzFunc = func() bool { return true }
 }
diff --git a/internal/controllers/rest_controller.go b/internal/controllers/rest_controller.go
@@ -38,12 +38,19 @@ func NewRESTController(
 // Boot initialize creating some routes
 func (rc RESTController) Boot(s *server.Server) {
 	s.AddHealthz()
+	s.AddReadyz(rc.oidcService.GetReadyzFunc)
 	s.Router.GET(rc.configuration.AuthServiceURL, gin.WrapF(rc.RedirectToOIDCProvider))
 	s.Router.GET(rc.configuration.OIDCCallbackURL, gin.WrapF(rc.OIDCProviderCallback))
 }
 
 // RedirectToOIDCProvider is the handler responsible for redirecting to the OIDC Provider
 func (rc RESTController) RedirectToOIDCProvider(w http.ResponseWriter, r *http.Request) {
+	if !rc.oidcService.GetReadyzFunc() {
+		rc.logger.Error("OIDC provider is not ready yet or setup failed")
+		http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable)
+		return
+	}
+
 	rc.sessionService.CreateCookie(w, r)
 
 	rc.logger.Info("Redirecting to OIDC Provider...")
@@ -55,6 +62,12 @@ func (rc RESTController) RedirectToOIDCProvider(w http.ResponseWriter, r *http.R
 
 // OIDCProviderCallback returns with authentication code
 func (rc RESTController) OIDCProviderCallback(w http.ResponseWriter, r *http.Request) {
+	if !rc.oidcService.GetReadyzFunc() {
+		rc.logger.Error("OIDC provider is not ready yet or setup failed")
+		http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable)
+		return
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), rc.configuration.HTTPRequestTimeout)
 	defer cancel()
 

diff --git a/internal/services/oidc.go b/internal/services/oidc.go
@@ -91,3 +91,8 @@ func (osvc *OIDCService) validateIDToken(ctx context.Context, oauth2Token *oauth
 func (osvc *OIDCService) CreateOIDCProviderURL(state, nonce string) string {
 	return osvc.client.OAuth2Config.AuthCodeURL(state, oidc.Nonce(nonce))
 }
+
+// GetReadyzFunc make sure if oidc provider is ready
+func (osvc OIDCService) GetReadyzFunc() bool {
+	return osvc.client.ReadyzFunc()
+}