New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature/redis provider] add redis auth provider #99
base: master
Are you sure you want to change the base?
Conversation
SlZeroth
commented
Aug 30, 2021
- created provider.go file and i insert that file to all of logic about redisAuthProvider.
- now createKeyProvider func is include in ServiceSet
- fix config.yaml file to chose auth type
I have a question about implementing the redis Provider. In the existing test code, put StaticProvider in "service.InitializeServer". However, in my code, createKeyProvider is initialized using wire DI. I'm curious what opinions you have on this and how you would like it to be changed. |
pkg/service/wire.go
Outdated
@@ -9,14 +9,14 @@ import ( | |||
"github.com/livekit/livekit-server/pkg/routing" | |||
) | |||
|
|||
func InitializeServer(conf *config.Config, currentNode routing.LocalNode) (*LivekitServer, error) { | |||
func InitializeServer(conf *config.Config, currentNode routing.LocalNode, isTest bool) (*LivekitServer, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is changed InitializeServer func
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we just removed the StaticProvider code to simplify things. sorry, this ended up being a significant change. could you merge and see if issues remain?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no problem. I think remove StaticProvider version is better than before.
Deleting the StaticProvider and the CreateKeyProvider are included in the wire, so it's easier to work with.
do you know about it ?
in my local mage testall commend is work |
cmd/server/main.go
Outdated
@@ -190,7 +190,9 @@ func startServer(c *cli.Context) error { | |||
return err | |||
} | |||
|
|||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably not worth changing this file just for spacing? :)
pkg/config/config.go
Outdated
@@ -30,6 +30,7 @@ type Config struct { | |||
KeyFile string `yaml:"key_file"` | |||
Keys map[string]string `yaml:"keys"` | |||
LogLevel string `yaml:"log_level"` | |||
AuthType string `yaml:"auth_type"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AuthType string `yaml:"auth_type"` | |
KeyProvider string `yaml:"key_provider"` |
can you also run go fmt / goimports on files in this commit?
pkg/service/provider.go
Outdated
} | ||
|
||
func (p *RedisBasedKeyProvider) GetSecret(key string) string { | ||
fmt.Print("GetSecret CALLED", "\n") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's get rid of prints from the code
config-sample.yaml
Outdated
@@ -60,6 +60,9 @@ keys: | |||
key1: secret1 | |||
key2: secret2 | |||
|
|||
auth_type: redis |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
auth_type: redis | |
# # auth details could be stored in Redis. when enabled, .... | |
# key_provider: redis |
once we decide the redis structure, let's include notes on how they keys should be stored in redis.
pkg/service/provider.go
Outdated
|
||
func (p *RedisBasedKeyProvider) GetSecret(key string) string { | ||
fmt.Print("GetSecret CALLED", "\n") | ||
secret, _ := p.client.Get(context.Background(), key).Result() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could suggest storing api key/secret in a hash key. it's very hard to remove an API key without a hash of some sort. it's possible to use a hash with a name of "livekit-keys", and storing api key as key of the hash, and secret in the value.. i.e. HGET livekit-keys APIxxxxx
pkg/service/provider.go
Outdated
} | ||
|
||
func (p *RedisBasedKeyProvider) NumKeys() int { | ||
return 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should return HLEN(...)
pkg/service/utils.go
Outdated
@@ -157,3 +163,34 @@ func permissionFromGrant(claim *auth.VideoGrant) *livekit.ParticipantPermission | |||
} | |||
return p | |||
} | |||
|
|||
func createKeyProvider(client *redis.Client, conf *config.Config) (auth.KeyProvider, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this seems to be completely duplicated from CreateKeyProvider
.
pkg/service/wire.go
Outdated
@@ -9,6 +9,7 @@ import ( | |||
"github.com/livekit/livekit-server/pkg/routing" | |||
) | |||
|
|||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
similarly, this file didn't need to be changed.
could you remove .DS_Store as well? 🙏 |
} else { | ||
return nil, errors.New("conf.auth_type value is not current") | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New line here.
@@ -25,4 +26,4 @@ func InitializeRouter(conf *config.Config, currentNode routing.LocalNode) (routi | |||
) | |||
|
|||
return nil, nil | |||
} | |||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we have a newline here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for your review :)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I had dropped the ball on this. This is a good time for us to re-evaluate how we are storing keys in the config. Just proposed something that is more extensible, and I'm happy to collaborate on this to finish it up too.
pkg/config/config.go
Outdated
@@ -30,6 +30,7 @@ type Config struct { | |||
KeyFile string `yaml:"key_file"` | |||
Keys map[string]string `yaml:"keys"` | |||
LogLevel string `yaml:"log_level"` | |||
KeyProvider string `yaml:"key_provider"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thinking that it'd be more extensible to make this into a struct. It'll make it more flexible in the future to customize the behavior. for example:
type KeyProviderConfig struct {
// env (default), config, file, redis
Kind string `yaml:"kind"`
// used with config and env. we could migrate the top level keys to here.
Keys map[string]string
// used with file provider
Path string
// key to use as the hash to load keys
RedisKey string `yaml:"redis_key"`
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Path string
what is that property mean?
because config is only one file and config file include KeyProvider information so I think Path property doesn't need .
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Path
can be used for the file provider.. where it could read from a separate keyfile. This is supported today, while probably not a commonly used path.
Sorry i will start this task from now on |
The requirements for the KeyProvider structure were applied. I'd appreciate it if you let me know what needs to be fixed or added. |
Any update on this PR? |
|