in lib/dam/dam.go [197:320]
func New(r *mux.Router, params *Options) *Service {
var roleCat pb.DamRoleCategoriesResponse
if err := srcutil.LoadProto("deploy/metadata/dam_roles.json", &roleCat); err != nil {
glog.Exitf("cannot load role categories file %q: %v", "deploy/metadata/dam_roles.json", err)
}
syncFreq := time.Minute
if params.HydraSyncFreq > 0 {
syncFreq = params.HydraSyncFreq
}
infomationReleasePageTmpl, err := httputils.TemplateFromFiles(informationReleasePageFile)
if err != nil {
glog.Exitf("cannot create template for information release page: %v", err)
}
sh := &ServiceHandler{}
s := &Service{
roleCategories: roleCat.DamRoleCategories,
domainURL: params.Domain,
defaultBroker: params.DefaultBroker,
serviceName: params.ServiceName,
store: params.Store,
warehouse: params.Warehouse,
logger: params.Logger,
Handler: sh,
hidePolicyBasis: params.HidePolicyBasis,
hideRejectDetail: params.HideRejectDetail,
httpClient: params.HTTPClient,
startTime: time.Now().Unix(),
skipInformationReleasePage: params.SkipInformationReleasePage,
infomationReleasePageTmpl: infomationReleasePageTmpl,
consentDashboardURL: params.ConsentDashboardURL,
useHydra: params.UseHydra,
hydraAdminURL: params.HydraAdminURL,
hydraPublicURL: params.HydraPublicURL,
hydraPublicURLProxy: params.HydraPublicProxy,
hydraSyncFreq: syncFreq,
scim: scim.New(params.Store),
tokens: faketokensapi.NewDAMTokens(params.Store, params.ServiceAccountManager),
auditlogs: auditlogsapi.NewAuditLogs(params.SDLC, params.AuditLogProject, params.ServiceName),
signer: params.Signer,
encryption: params.Encryption,
lro: params.LRO,
}
if s.httpClient == nil {
s.httpClient = http.DefaultClient
}
exists, err := configExists(params.Store)
if err != nil {
glog.Exitf("cannot use storage layer: %v", err)
}
if !exists {
if err = ImportConfig(params.Store, params.ServiceName, params.Warehouse, nil, true, true, true); err != nil {
glog.Exitf("cannot import configs to service %q: %v", params.ServiceName, err)
}
}
secrets, err := s.loadSecrets(nil)
if err != nil {
glog.Exitf("cannot load client secrets: %v", err)
}
adapters, err := adapter.CreateAdapters(&adapter.Options{
Store: params.Store,
Warehouse: params.Warehouse,
AWSClient: params.AWSClient,
Signer: params.Signer,
})
if err != nil {
glog.Exitf("cannot load adapters: %v", err)
}
s.adapters = adapters
cfg, err := s.loadConfig(nil, storage.DefaultRealm)
if err != nil {
glog.Exitf("cannot load config: %v", err)
}
if stat := s.CheckIntegrity(cfg, storage.DefaultRealm, nil); stat != nil {
glog.Exitf("config integrity error: %+v", stat.Proto())
}
if err = s.updateWarehouseOptions(cfg.Options, storage.DefaultRealm, nil); err != nil {
glog.Exitf("setting service account config options failed (cannot enforce access management policies): %v", err)
}
if err = s.registerAllProjects(nil); err != nil {
glog.Exitf("registation of one or more service account projects failed (cannot enforce access management policies): %v", err)
}
ctx := context.WithValue(context.Background(), oauth2.HTTPClient, s.httpClient)
if tests := runTests(ctx, cfg, nil, s.ValidateCfgOpts(storage.DefaultRealm, nil)); hasTestError(tests) {
glog.Exitf("run tests error: %v; results: %v; modification: <%v>", tests.Error, tests.TestResults, tests.Modification)
}
for name, cfgTpi := range cfg.TrustedIssuers {
_, err = s.getIssuerTranslator(ctx, cfgTpi.Issuer, cfg, secrets, nil)
if err != nil {
glog.Infof("failed to create translator for issuer %q: %v", name, err)
}
}
s.syncToHydra(cfg.Clients, secrets.ClientSecrets, 30*time.Second, nil)
defaultBrokerURL := ""
if broker, ok := cfg.TrustedIssuers[params.DefaultBroker]; ok {
defaultBrokerURL = broker.Issuer
}
s.tokenProviders = []tokensapi.TokenProvider{
tokensapi.NewGCPTokenManager(cfg.Options.GcpServiceAccountProject, defaultBrokerURL, params.ServiceAccountManager),
}
if s.useHydra {
s.tokenProviders = append(s.tokenProviders, tokensapi.NewHydraTokenManager(s.hydraAdminURL, s.getIssuerString(), s.clients))
}
a := authChecker{s: s}
checker := auth.NewChecker(s.logger, s.getIssuerString(), permissions.New(s.store), a.fetchClientSecrets, a.transformIdentity, false, nil)
s.checker = checker
go s.lro.Run(ctx)
sh.s = s
sh.Handler = r
registerHandlers(r, s)
return s
}