mteodor · mteodor · Dec 15, 2020 · Jun 24, 2021 · Jul 2, 2021 · Aug 24, 2021
diff --git a/Makefile b/Makefile
@@ -2,6 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 MF_DOCKER_IMAGE_NAME_PREFIX ?= mainflux
+MF_RELEASE ?= latest
 BUILD_DIR = build
 SERVICES = users things http coap lora influxdb-writer influxdb-reader mongodb-writer \
 	mongodb-reader cassandra-writer cassandra-reader postgres-writer postgres-reader cli \
@@ -23,7 +24,7 @@ define make_docker
 		--build-arg SVC=$(svc) \
 		--build-arg GOARCH=$(GOARCH) \
 		--build-arg GOARM=$(GOARM) \
-		--tag=$(MF_DOCKER_IMAGE_NAME_PREFIX)/$(svc) \
+		--tag=$(MF_DOCKER_IMAGE_NAME_PREFIX)/$(svc):$(MF_RELEASE) \
 		-f docker/Dockerfile .
 endef
 
@@ -33,7 +34,7 @@ define make_docker_dev
 	docker build \
 		--no-cache \
 		--build-arg SVC=$(svc) \
-		--tag=$(MF_DOCKER_IMAGE_NAME_PREFIX)/$(svc) \
+		--tag=$(MF_DOCKER_IMAGE_NAME_PREFIX)/$(svc):$(MF_RELEASE) \
 		-f docker/Dockerfile.dev ./build
 endef
 

diff --git a/cmd/things/main.go b/cmd/things/main.go
@@ -68,6 +68,7 @@ const (
 	defJaegerURL       = ""
 	defAuthURL         = "localhost:8181"
 	defAuthTimeout     = "1s"
+	defOIDC            = "false"
 
 	envLogLevel        = "MF_THINGS_LOG_LEVEL"
 	envDBHost          = "MF_THINGS_DB_HOST"
@@ -97,6 +98,7 @@ const (
 	envJaegerURL       = "MF_JAEGER_URL"
 	envAuthURL         = "MF_AUTH_GRPC_URL"
 	envAuthTimeout     = "MF_AUTH_GRPC_TIMEOUT"
+	envOIDC            = "MF_OIDC"
 )
 
 type config struct {
@@ -120,6 +122,7 @@ type config struct {
 	jaegerURL       string
 	authURL         string
 	authTimeout     time.Duration
+	OIDC            bool
 }
 
 func main() {
@@ -140,12 +143,16 @@ func main() {
 	db := connectToDB(cfg.dbConfig, logger)
 	defer db.Close()
 
-	authTracer, authCloser := initJaeger("auth", cfg.jaegerURL, logger)
-	defer authCloser.Close()
+	var auth mainflux.AuthServiceClient
+	var close func() error
+	if !cfg.OIDC {
+		authTracer, authCloser := initJaeger("auth", cfg.jaegerURL, logger)
+		defer authCloser.Close()
 
-	auth, close := createAuthClient(cfg, authTracer, logger)
-	if close != nil {
-		defer close()
+		auth, close = createAuthClient(cfg, authTracer, logger)
+		if close != nil {
+			defer close()
+		}
 	}
 
 	dbTracer, dbCloser := initJaeger("things_db", cfg.jaegerURL, logger)
@@ -154,7 +161,7 @@ func main() {
 	cacheTracer, cacheCloser := initJaeger("things_cache", cfg.jaegerURL, logger)
 	defer cacheCloser.Close()
 
-	svc := newService(auth, dbTracer, cacheTracer, db, cacheClient, esClient, logger)
+	svc := newService(auth, dbTracer, cacheTracer, db, cacheClient, esClient, cfg.OIDC, logger)
 	errs := make(chan error, 2)
 
 	go startHTTPServer(thhttpapi.MakeHandler(thingsTracer, svc), cfg.httpPort, cfg, logger, errs)
@@ -182,6 +189,11 @@ func loadConfig() config {
 		log.Fatalf("Invalid %s value: %s", envAuthTimeout, err.Error())
 	}
 
+	oidc, err := strconv.ParseBool(mainflux.Env(envOIDC, defOIDC))
+	if err != nil {
+		log.Fatalf("Invalid value passed for %s\n", envClientTLS)
+	}
+
 	dbConfig := postgres.Config{
 		Host:        mainflux.Env(envDBHost, defDBHost),
 		Port:        mainflux.Env(envDBPort, defDBPort),
@@ -215,6 +227,7 @@ func loadConfig() config {
 		jaegerURL:       mainflux.Env(envJaegerURL, defJaegerURL),
 		authURL:         mainflux.Env(envAuthURL, defAuthURL),
 		authTimeout:     authTimeout,
+		OIDC:            oidc,
 	}
 }
 
@@ -295,11 +308,11 @@ func connectToAuth(cfg config, logger logger.Logger) *grpc.ClientConn {
 		logger.Error(fmt.Sprintf("Failed to connect to auth service: %s", err))
 		os.Exit(1)
 	}
-
+	logger.Info(fmt.Sprint("Connected to auth service %s", cfg.authURL))
 	return conn
 }
 
-func newService(auth mainflux.AuthServiceClient, dbTracer opentracing.Tracer, cacheTracer opentracing.Tracer, db *sqlx.DB, cacheClient *redis.Client, esClient *redis.Client, logger logger.Logger) things.Service {
+func newService(auth mainflux.AuthServiceClient, dbTracer opentracing.Tracer, cacheTracer opentracing.Tracer, db *sqlx.DB, cacheClient *redis.Client, esClient *redis.Client, oidc bool, logger logger.Logger) things.Service {
 	database := postgres.NewDatabase(db)
 
 	thingsRepo := postgres.NewThingRepository(database)
@@ -315,7 +328,11 @@ func newService(auth mainflux.AuthServiceClient, dbTracer opentracing.Tracer, ca
 	thingCache = tracing.ThingCacheMiddleware(cacheTracer, thingCache)
 	idProvider := uuid.New()
 
-	svc := things.New(auth, thingsRepo, channelsRepo, chanCache, thingCache, idProvider)
+	if oidc {
+		logger.Info(("Using OIDC authentication"))
+	}
+
+	svc := things.New(auth, thingsRepo, channelsRepo, chanCache, thingCache, oidc, idProvider)
 	svc = rediscache.NewEventStoreMiddleware(svc, esClient)
 	svc = api.LoggingMiddleware(svc, logger)
 	svc = api.MetricsMiddleware(

diff --git a/cmd/twins/main.go b/cmd/twins/main.go
@@ -60,6 +60,7 @@ const (
 	defNatsURL         = "nats://localhost:4222"
 	defAuthURL         = "localhost:8181"
 	defAuthTimeout     = "1s"
+	defOIDC            = "false"
 
 	envLogLevel        = "MF_TWINS_LOG_LEVEL"
 	envHTTPPort        = "MF_TWINS_HTTP_PORT"
@@ -80,6 +81,7 @@ const (
 	envNatsURL         = "MF_NATS_URL"
 	envAuthURL         = "MF_AUTH_GRPC_URL"
 	envAuthTimeout     = "MF_AUTH_GRPC_TIMEOUT"
+	envOIDC            = "MF_OIDC"
 )
 
 type config struct {
@@ -101,6 +103,7 @@ type config struct {
 
 	authURL     string
 	authTimeout time.Duration
+	OIDC        bool
 }
 
 func main() {
@@ -123,9 +126,17 @@ func main() {
 	dbTracer, dbCloser := initJaeger("twins_db", cfg.jaegerURL, logger)
 	defer dbCloser.Close()
 
-	authTracer, authCloser := initJaeger("auth", cfg.jaegerURL, logger)
-	defer authCloser.Close()
-	auth, _ := createAuthClient(cfg, authTracer, logger)
+	var auth mainflux.AuthServiceClient
+	var close func() error
+	if !cfg.OIDC {
+		authTracer, authCloser := initJaeger("auth", cfg.jaegerURL, logger)
+		defer authCloser.Close()
+
+		auth, close = createAuthClient(cfg, authTracer, logger)
+		if close != nil {
+			defer close()
+		}
+	}
 
 	pubSub, err := nats.NewPubSub(cfg.natsURL, queue, logger)
 	if err != nil {
@@ -134,7 +145,7 @@ func main() {
 	}
 	defer pubSub.Close()
 
-	svc := newService(pubSub, cfg.channelID, auth, dbTracer, db, cacheTracer, cacheClient, logger)
+	svc := newService(pubSub, cfg.channelID, auth, dbTracer, db, cacheTracer, cacheClient, cfg.OIDC, logger)
 
 	tracer, closer := initJaeger("twins", cfg.jaegerURL, logger)
 	defer closer.Close()
@@ -168,6 +179,11 @@ func loadConfig() config {
 		Port: mainflux.Env(envDBPort, defDBPort),
 	}
 
+	oidc, err := strconv.ParseBool(mainflux.Env(envOIDC, defOIDC))
+	if err != nil {
+		log.Fatalf("Invalid value passed for %s\n", envOIDC)
+	}
+
 	return config{
 		logLevel:        mainflux.Env(envLogLevel, defLogLevel),
 		httpPort:        mainflux.Env(envHTTPPort, defHTTPPort),
@@ -186,6 +202,7 @@ func loadConfig() config {
 		natsURL:         mainflux.Env(envNatsURL, defNatsURL),
 		authURL:         mainflux.Env(envAuthURL, defAuthURL),
 		authTimeout:     authTimeout,
+		OIDC:            oidc,
 	}
 }
 
@@ -244,6 +261,8 @@ func connectToAuth(cfg config, logger logger.Logger) *grpc.ClientConn {
 		os.Exit(1)
 	}
 
+	logger.Info(fmt.Sprint("Connected to auth service %s", cfg.authURL))
+
 	return conn
 }
 
@@ -261,18 +280,21 @@ func connectToRedis(cacheURL, cachePass, cacheDB string, logger logger.Logger) *
 	})
 }
 
-func newService(ps messaging.PubSub, chanID string, users mainflux.AuthServiceClient, dbTracer opentracing.Tracer, db *mongo.Database, cacheTracer opentracing.Tracer, cacheClient *redis.Client, logger logger.Logger) twins.Service {
+func newService(ps messaging.PubSub, chanID string, users mainflux.AuthServiceClient, dbTracer opentracing.Tracer, db *mongo.Database, cacheTracer opentracing.Tracer, cacheClient *redis.Client, oidc bool, logger logger.Logger) twins.Service {
 	twinRepo := twmongodb.NewTwinRepository(db)
 	twinRepo = tracing.TwinRepositoryMiddleware(dbTracer, twinRepo)
 
 	stateRepo := twmongodb.NewStateRepository(db)
 	stateRepo = tracing.StateRepositoryMiddleware(dbTracer, stateRepo)
+	if oidc {
+		logger.Info(("Using OIDC authentication"))
+	}
 
 	idProvider := uuid.New()
 	twinCache := rediscache.NewTwinCache(cacheClient)
 	twinCache = tracing.TwinCacheMiddleware(cacheTracer, twinCache)
 
-	svc := twins.New(ps, users, twinRepo, twinCache, stateRepo, idProvider, chanID, logger)
+	svc := twins.New(ps, users, twinRepo, twinCache, stateRepo, idProvider, chanID, oidc, logger)
 	svc = api.LoggingMiddleware(svc, logger)
 	svc = api.MetricsMiddleware(
 		svc,

diff --git a/cmd/users/main.go b/cmd/users/main.go
@@ -74,6 +74,8 @@ const (
 	defAuthURL     = "localhost:8181"
 	defAuthTimeout = "1s"
 
+	defOIDC = "false"
+
 	envLogLevel      = "MF_USERS_LOG_LEVEL"
 	envDBHost        = "MF_USERS_DB_HOST"
 	envDBPort        = "MF_USERS_DB_PORT"
@@ -109,6 +111,8 @@ const (
 	envAuthCACerts = "MF_AUTH_CA_CERTS"
 	envAuthURL     = "MF_AUTH_GRPC_URL"
 	envAuthTimeout = "MF_AUTH_GRPC_TIMEOUT"
+
+	envOIDC = "MF_OIDC"
 )
 
 type config struct {
@@ -127,6 +131,7 @@ type config struct {
 	adminEmail    string
 	adminPassword string
 	passRegex     *regexp.Regexp
+	OIDC          bool
 }
 
 func main() {
@@ -179,6 +184,11 @@ func loadConfig() config {
 		log.Fatalf("Invalid value passed for %s\n", envAuthTLS)
 	}
 
+	oidc, err := strconv.ParseBool(mainflux.Env(envOIDC, defOIDC))
+	if err != nil {
+		log.Fatalf("Invalid value passed for %s\n", envAuthTLS)
+	}
+
 	passRegex, err := regexp.Compile(mainflux.Env(envPassRegex, defPassRegex))
 	if err != nil {
 		log.Fatalf("Invalid password validation rules %s\n", envPassRegex)
@@ -222,6 +232,7 @@ func loadConfig() config {
 		authTimeout:   authTimeout,
 		adminEmail:    mainflux.Env(envAdminEmail, defAdminEmail),
 		adminPassword: mainflux.Env(envAdminPassword, defAdminPassword),
+		OIDC:          oidc,
 		passRegex:     passRegex,
 	}
 
@@ -293,10 +304,13 @@ func newService(db *sqlx.DB, tracer opentracing.Tracer, auth mainflux.AuthServic
 	if err != nil {
 		logger.Error(fmt.Sprintf("Failed to configure e-mailing util: %s", err.Error()))
 	}
+	if c.OIDC {
+		logger.Info(("Using OIDC authentication"))
+	}
 
 	idProvider := uuid.New()
 
-	svc := users.New(userRepo, hasher, auth, emailer, idProvider, c.passRegex)
+	svc := users.New(userRepo, hasher, auth, emailer, idProvider, c.OIDC, c.passRegex)
 	svc = api.LoggingMiddleware(svc, logger)
 	svc = api.MetricsMiddleware(
 		svc,

diff --git a/docker/addons/bootstrap/docker-compose.yml b/docker/addons/bootstrap/docker-compose.yml
@@ -52,5 +52,6 @@ services:
       MF_JAEGER_URL: ${MF_JAEGER_URL}
       MF_AUTH_GRPC_URL: ${MF_AUTH_GRPC_URL}
       MF_AUTH_GRPC_TIMMEOUT: ${MF_AUTH_GRPC_TIMEOUT}
+      MF_OIDC: ${MF_OIDC}
     networks:
       - docker_mainflux-base-net
diff --git a/docker/addons/cassandra-reader/docker-compose.yml b/docker/addons/cassandra-reader/docker-compose.yml
@@ -27,6 +27,7 @@ services:
       MF_JAEGER_URL: ${MF_JAEGER_URL}
       MF_THINGS_AUTH_GRPC_URL: ${MF_THINGS_AUTH_GRPC_URL}
       MF_THINGS_AUTH_GRPC_TIMEOUT: ${MF_THINGS_AUTH_GRPC_TIMEOUT}
+      MF_OIDC: ${MF_OIDC}
     ports:
       - ${MF_CASSANDRA_READER_PORT}:${MF_CASSANDRA_READER_PORT}
     networks:

diff --git a/docker/addons/influxdb-reader/docker-compose.yml b/docker/addons/influxdb-reader/docker-compose.yml
@@ -32,6 +32,7 @@ services:
       MF_JAEGER_URL: ${MF_JAEGER_URL}
       MF_THINGS_AUTH_GRPC_URL: ${MF_THINGS_AUTH_GRPC_URL}
       MF_THINGS_AUTH_GRPC_TIMEOUT: ${MF_THINGS_AUTH_GRPC_TIMEOUT}
+      MF_OIDC: ${MF_OIDC}
     ports:
       - ${MF_INFLUX_READER_PORT}:${MF_INFLUX_READER_PORT}
     networks:

diff --git a/docker/addons/mongodb-reader/docker-compose.yml b/docker/addons/mongodb-reader/docker-compose.yml
@@ -29,6 +29,7 @@ services:
       MF_JAEGER_URL: ${MF_JAEGER_URL}
       MF_THINGS_AUTH_GRPC_URL: ${MF_THINGS_AUTH_GRPC_URL}
       MF_THINGS_AUTH_GRPC_TIMEOUT: ${MF_THINGS_AUTH_GRPC_TIMEOUT}
+      MF_OIDC: ${MF_OIDC}
     ports:
       - ${MF_MONGO_READER_PORT}:${MF_MONGO_READER_PORT}
     networks:

diff --git a/docker/addons/postgres-reader/docker-compose.yml b/docker/addons/postgres-reader/docker-compose.yml
@@ -35,6 +35,7 @@ services:
       MF_JAEGER_URL: ${MF_JAEGER_URL}
       MF_THINGS_AUTH_GRPC_URL: ${MF_THINGS_AUTH_GRPC_URL}
       MF_THINGS_AUTH_GRPC_TIMEOUT: ${MF_THINGS_AUTH_GRPC_TIMEOUT}
+      MF_OIDC: ${MF_OIDC}
     ports:
       - ${MF_POSTGRES_READER_PORT}:${MF_POSTGRES_READER_PORT}
     networks:

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -87,6 +87,7 @@ services:
       MF_AUTH_GRPC_PORT: ${MF_AUTH_GRPC_PORT}
       MF_AUTH_SECRET: ${MF_AUTH_SECRET}
       MF_JAEGER_URL: ${MF_JAEGER_URL}
+      MF_OIDC: ${MF_OIDC}
     ports:
       - ${MF_AUTH_HTTP_PORT}:${MF_AUTH_HTTP_PORT}
       - ${MF_AUTH_GRPC_PORT}:${MF_AUTH_GRPC_PORT}
@@ -136,6 +137,7 @@ services:
       MF_AUTH_GRPC_TIMEOUT: ${MF_AUTH_GRPC_TIMEOUT}
       MF_USERS_ADMIN_EMAIL: ${MF_USERS_ADMIN_EMAIL}
       MF_USERS_ADMIN_PASSWORD: ${MF_USERS_ADMIN_PASSWORD}
+      MF_OIDC: ${MF_OIDC}
     ports:
       - ${MF_USERS_HTTP_PORT}:${MF_USERS_HTTP_PORT}
     networks:
@@ -185,6 +187,7 @@ services:
       MF_JAEGER_URL: ${MF_JAEGER_URL}
       MF_AUTH_GRPC_URL: ${MF_AUTH_GRPC_URL}
       MF_AUTH_GRPC_TIMEOUT: ${MF_AUTH_GRPC_TIMEOUT}
+      MF_OIDC: ${MF_OIDC}
     ports:
       - ${MF_THINGS_HTTP_PORT}:${MF_THINGS_HTTP_PORT}
       - ${MF_THINGS_AUTH_HTTP_PORT}:${MF_THINGS_AUTH_HTTP_PORT}

diff --git a/pkg/sdk/go/users_test.go b/pkg/sdk/go/users_test.go
@@ -37,7 +37,7 @@ func newUserService() users.Service {
 	emailer := mocks.NewEmailer()
 	idProvider := uuid.New()
 
-	return users.New(usersRepo, hasher, auth, emailer, idProvider, passRegex)
+	return users.New(usersRepo, hasher, auth, emailer, idProvider, false, passRegex)
 }
 
 func newUserServer(svc users.Service) *httptest.Server {