sso_proxy: update to use `go-micro` for configuration management by Jusshersmith · Pull Request #279 · buzzfeed/sso
Problem
sso_auth was migrated to use go-micro in #212 to manage variable configuration. sso_proxy is still using the original outdated methods and should be updated to also use go-micro
Solution
Update sso_proxy to use go-micro. No feature changes are intended to be part of this change, apart from the behaviour of the following two variables:
SKIP_AUTH_PREFLIGHTandPASS_ACCESS_TOKENare now upstream specific and should be specified as part of upstream configs, not global/environment variables.
In general, the patterns used in this pull request are the same ones used in #212
Review notes
Some notes to support reviewing:
-
The bulk of changes here consist of creating the new configuration structure, and altering functions and methods to reference that new structure.
-
Numerous functions have been moved out of
oauthproxy.goand intooptions.go:SetCookieStoreSetRequestSignerSetUpstreamConfigSetProxyHandlerSetValidatorsSetProvider
-
A new function,
SetUpstreamConfigs, largely consists of some logic that was in theoptions.Validatemethod.
The below table shows all old variables, and their new equivalent version.
| old | new |
|---|---|
| session configs | |
| COOKIE_NAME | SESSION_COOKIE_NAME |
| COOKIE_SECRET | SESSION_COOKIE_SECRET |
| COOKIE_EXPIRE | SESSION_COOKIE_EXPIRE |
| COOKIE_DOMAIN | SESSION_COOKIE_DOMAIN |
| COOKIE_HTTP_ONLY | SESSION_COOKIE_HTTPONLY |
| COOKIE_SECURE | SESSION_COOKIE_SECURE |
| SESSION_LIFETIME_TTL | SESSION_TTL_LIFETIME |
| SESSION_VALID_TTL | SESSION_TTL_VALID |
| GRACE_PERIOD_TTL | SESSION_TTL_GRACEPERIOD |
| --- | |
| upstream configs | |
| DEFAULT_ALLOWED_EMAIL_DOMAINS | UPSTREAM_DEFAULT_EMAIL_DOMAINS |
| DEFAULT_ALLOWED_EMAIL_ADDRESSES | UPSTREAM_DEFAULT_EMAIL_ADDRESSES |
| DEFAULT_ALLOWED_GROUPS | UPSTREAM_DEFAULT_GROUPS |
| DEFAULT_UPSTREAM_TIMEOUT | UPSTREAM_DEFAULT_TIMEOUT |
| DEFAULT_UPSTREAM_TCP_RESET_DEADLINE | UPSTREAM_DEFAULT_RESETDEADLINE |
| UPSTREAM_CONFIGS | UPSTREAM_CONFIGFILE |
| CLUSTER | UPSTREAM_CLUSTER |
| SCHEME | UPSTREAM_SCHEME |
| PROVIDER | UPSTREAM_DEFAULT_PROVIDER |
| SKIP_AUTH_PREFLIGHT | now configured in upstream configs |
| PASS_ACCESS_TOKEN | now configured in upstream configs |
| --- | |
| server configs | |
| PORT | SERVER_PORT |
| SHUTDOWN_TIMEOUT | SERVER_TIMEOUT_SHUTDOWN |
| TCP_READ_TIMEOUT | SERVER_TIMEOUT_READ |
| TCP_WRITE_TIMEOUT | SERVER_TIMEOUT_WRITE |
| --- | |
| metrics configs | |
| STATSD_PORT | METRICS_STATSD_PORT |
| STATSD_HOST | METRICS_STATSD_HOST |
| --- | |
| logging configs | |
| REQUEST_LOGGING | LOGGING_ENABLE |
| --- | |
| client configs | |
| CLIENT_ID | CLIENT_ID |
| CLIENT_SECRET | CLIENT_SECRET |
| --- | |
| request signature configs | |
| REQUEST_SIGNATURE_KEY | REQUESTSIGNER_KEY |
| --- | |
| provider configs | |
| PROVIDER | PROVIDER_TYPE |
| PROVIDER_URL | PROVIDER_URL_EXTERNAL |
| PROVIDER_URL_INTERNAL | PROVIDER_URL_INTERNAL |
| SCOPE | PROVIDER_SCOPE |