Add console experience for topaz

aserto-dev · Sep 25, 2023 · f0f761f · f0f761f
1 parent 4f9ac98
commit f0f761f
Show file tree

Hide file tree

Showing 15 changed files with 213 additions and 39 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -46,8 +46,7 @@ jobs:
       -
         name: Build
         run: |
-          go build -o ./bin/topaz ./cmd/topaz/
-          go build -o ./bin/topazd ./cmd/topazd/
+          go run mage.go deps build
       -
         name: Lint
         uses: golangci/golangci-lint-action@v3

diff --git a/.gitignore b/.gitignore
@@ -42,6 +42,9 @@
 ./pkg/testing/assets/bundle.tar.gz
 ./pkg/testing/assets/*ds.db
 
+# console static files that get copied at build
+/pkg/app/console/*
+
 # allow test assets
 !pkg/testing/assets/*.db
 !pkg/testing/assets/config*.yaml

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -8,6 +8,7 @@ env:
 before:
   # https://goreleaser.com/customization/hooks/
   hooks:
+      - ./pre-build.sh
 
 builds:
   # https://goreleaser.com/customization/build/

diff --git a/Dockerfile b/Dockerfile
@@ -1,39 +1,16 @@
-ARG GO_VERSION
-FROM golang:$GO_VERSION-alpine AS build-dev
-RUN apk add --no-cache bash build-base git tree curl protobuf openssh
-WORKDIR /src
-
-ENV GOBIN=/bin
-ENV ROOT_DIR=/src
-
-# generate & build
-ARG VERSION
-ARG COMMIT
-
-COPY . .
-RUN --mount=type=cache,target=/go/pkg/mod \
-    	--mount=type=cache,target=/root/.cache/go-build \
-    	--mount=type=ssh \
-    	go run mage.go deps build
-
 FROM alpine
-ARG VERSION
-ARG COMMIT
-
-LABEL org.opencontainers.image.version=$VERSION
-LABEL org.opencontainers.image.source=https://github.com/aserto-dev/topaz
-LABEL org.opencontainers.image.title="Topaz"
-LABEL org.opencontainers.image.revision=$COMMIT
-LABEL org.opencontainers.image.url=https://aserto.com
 
 RUN apk add --no-cache bash tzdata
-WORKDIR /app
-COPY --from=build-dev /src/dist/topazd_linux_amd64_v1/topazd /app/
 
 EXPOSE 8282
 EXPOSE 8383
 EXPOSE 8484
 EXPOSE 8585
 EXPOSE 9292
+EXPOSE 8080
+
+WORKDIR /app
+
+COPY dist/topazd_linux_amd64_v1/topazd /app/
 
 ENTRYPOINT ["./topazd"]
diff --git a/Dockerfile.goreleaser b/Dockerfile.goreleaser
@@ -7,6 +7,7 @@ EXPOSE 8383
 EXPOSE 8484
 EXPOSE 8585
 EXPOSE 9292
+EXPOSE 8080
 
 WORKDIR /app
 

diff --git a/go.mod b/go.mod
@@ -2,7 +2,7 @@ module github.com/aserto-dev/topaz
 
 go 1.19
 
-replace github.com/aserto-dev/go-edge-ds => ../go-edge-ds
+// replace github.com/aserto-dev/go-edge-ds => ../go-edge-ds
 
 require (
 	github.com/alecthomas/kong v0.8.0
@@ -15,15 +15,15 @@ require (
 	github.com/aserto-dev/go-authorizer v0.20.2
 	github.com/aserto-dev/go-directory v0.21.8-0.20230913224642-68ab4803494f
 	github.com/aserto-dev/go-directory-cli v0.20.14-0.20230913232053-927068a67595
-	github.com/aserto-dev/go-edge-ds v0.21.10-0.20230817220143-d98c270b7069
+	github.com/aserto-dev/go-edge-ds v0.21.10-0.20230918210437-130da75a4874
 	github.com/aserto-dev/go-grpc v0.8.57
 	github.com/aserto-dev/header v0.0.5
 	github.com/aserto-dev/logger v0.0.4
 	github.com/aserto-dev/openapi-authorizer v0.8.81
 	github.com/aserto-dev/openapi-directory v0.21.6-0.20230802231916-c64b7b8884fd
 	github.com/aserto-dev/runtime v0.54.2
 	github.com/aserto-dev/self-decision-logger v0.0.4
-	github.com/aserto-dev/service-host v0.0.3
+	github.com/aserto-dev/service-host v0.0.5
 	github.com/fatih/color v1.15.0
 	github.com/fullstorydev/grpcurl v1.8.7
 	github.com/google/uuid v1.3.1

diff --git a/go.sum b/go.sum
@@ -97,8 +97,8 @@ github.com/aserto-dev/runtime v0.54.2 h1:9M9J38rf+gUeBH3PngRMSHn3W8oTvy6qga8169Y
 github.com/aserto-dev/runtime v0.54.2/go.mod h1:KYF4DZo5lIWMvRg4QQioypxdi2mDwZF7DmPggAK+2Dg=
 github.com/aserto-dev/self-decision-logger v0.0.4 h1:Thlz9QTlJm0X+uC3YLUTSyvX+VgF2wVIk9Wh8+rkE/c=
 github.com/aserto-dev/self-decision-logger v0.0.4/go.mod h1:YJVf6HiAf5UeykhFxHe0dE+ODC8fUEF+PWteSDyJKw4=
-github.com/aserto-dev/service-host v0.0.3 h1:C0TKtrkA0/QlhNzHdjQDOKwmTPNBnUPqQiIXuYvceeU=
-github.com/aserto-dev/service-host v0.0.3/go.mod h1:xkPJgw1WjoML0uth5A2Leu4zwl+OoUTySQ4MraLK5RQ=
+github.com/aserto-dev/service-host v0.0.5 h1:yvcUnfByaHMHDXgO0FmFsSGbGBBfhODN3hKHoVa+LwY=
+github.com/aserto-dev/service-host v0.0.5/go.mod h1:KnjlBCcPN3fBZ3qTHu3rubxoPKJQpHrOrP6OEMgHIuE=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=

diff --git a/magefiles/magefile.go b/magefiles/magefile.go
@@ -19,7 +19,7 @@ import (
 const containerImage string = "topaz"
 
 func init() {
-	os.Setenv("GO_VERSION", "1.19")
+	os.Setenv("GO_VERSION", "1.20")
 	os.Setenv("DOCKER_BUILDKIT", "1")
 }
 
@@ -51,6 +51,10 @@ func Test() error {
 
 // DockerImage builds the docker image for the project.
 func DockerImage() error {
+	err := BuildAll()
+	if err != nil {
+		return err
+	}
 	version, err := common.Version()
 	if err != nil {
 		return errors.Wrap(err, "failed to calculate version")

diff --git a/pkg/app/authorizer.go b/pkg/app/authorizer.go
@@ -3,6 +3,7 @@ package app
 import (
 	"context"
 	"fmt"
+	"net/http"
 	"time"
 
 	"github.com/aserto-dev/go-aserto/client"
@@ -11,9 +12,11 @@ import (
 	"github.com/aserto-dev/topaz/decision_log/logger/file"
 	"github.com/aserto-dev/topaz/decision_log/logger/nop"
 	"github.com/aserto-dev/topaz/pkg/app/middlewares"
+	"github.com/aserto-dev/topaz/pkg/app/ui"
+	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+
 	"github.com/aserto-dev/topaz/pkg/cc/config"
 
-	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 	"google.golang.org/grpc"
@@ -93,6 +96,10 @@ func (e *Authorizer) ConfigServices() error {
 		e.Services["topaz"] = topaz
 	}
 
+	if _, ok := e.Configuration.Services[consoleService]; ok {
+		e.Services["console"] = NewConsole()
+	}
+
 	if err := e.validateConfig(); err != nil {
 		return err
 	}
@@ -142,6 +149,14 @@ func (e *Authorizer) ConfigServices() error {
 		if err != nil {
 			return err
 		}
+
+		if contains(serviceConfig.registeredServices, "console") {
+			server.Gateway.Mux.Handle("/ui/", ui.UIHandler(http.FS(console)))
+			server.Gateway.Mux.Handle("/public/", ui.UIHandler(http.FS(console)))
+			server.Gateway.Mux.HandleFunc("/api/v1/config", ui.ConfigHandler(e.Configuration))
+			server.Gateway.Mux.HandleFunc("/api/v1/authorizers", ui.AuthorizersHandler(e.Configuration))
+		}
+
 		err = e.Manager.AddGRPCServer(server)
 		if err != nil {
 			return err
@@ -241,8 +256,10 @@ func (e *Authorizer) validateConfig() error {
 	}
 
 	for key := range e.Configuration.Services {
-		if !(contains(e.Services["edge"].AvailableServices(), key) || key == authorizerService) {
-			return errors.Errorf("unknown service type %s", key)
+		if _, ok := e.Services["edge"]; ok {
+			if !(contains(e.Services["edge"].AvailableServices(), key) || key == authorizerService || key == consoleService) {
+				return errors.Errorf("unknown service type %s", key)
+			}
 		}
 	}
 	return nil

diff --git a/pkg/app/console.go b/pkg/app/console.go
@@ -0,0 +1,35 @@
+package app
+
+import (
+	"context"
+	"embed"
+
+	builder "github.com/aserto-dev/service-host"
+	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"google.golang.org/grpc"
+)
+
+//nolint:all
+//go:embed console
+var console embed.FS
+
+type ConsoleService struct{}
+
+func NewConsole() ServiceTypes {
+	return &ConsoleService{}
+}
+
+func (e *ConsoleService) AvailableServices() []string {
+	return []string{"console"}
+}
+
+func (e *ConsoleService) GetGRPCRegistrations(services ...string) builder.GRPCRegistrations {
+	return func(server *grpc.Server) {
+	}
+}
+
+func (e *ConsoleService) GetGatewayRegistration(services ...string) builder.HandlerRegistrations {
+	return func(ctx context.Context, mux *runtime.ServeMux, grpcEndpoint string, opts []grpc.DialOption) error {
+		return nil
+	}
+}
diff --git a/pkg/app/topaz.go b/pkg/app/topaz.go
@@ -32,6 +32,7 @@ type Topaz struct {
 
 const (
 	authorizerService = "authorizer"
+	consoleService    = "console"
 )
 
 func NewTopaz(cfg *builder.API, commonConfig *config.Common, authorizerOpts []grpc.ServerOption, logger *zerolog.Logger) (ServiceTypes, error) {

diff --git a/pkg/app/ui/handler.go b/pkg/app/ui/handler.go
@@ -0,0 +1,106 @@
+package ui
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/aserto-dev/topaz/pkg/cc/config"
+)
+
+type fsWithDefinition struct {
+	consoleFS http.FileSystem
+}
+
+func (f *fsWithDefinition) Open(name string) (http.File, error) {
+	if strings.HasPrefix(name, "/ui/") {
+		return f.consoleFS.Open("console/build/index.html")
+	}
+
+	name = strings.TrimPrefix(name, "/public")
+	return f.consoleFS.Open(fmt.Sprintf("console/build%s", name))
+}
+
+func UIHandler(consoleFS http.FileSystem) http.Handler {
+	return http.FileServer(&fsWithDefinition{consoleFS: consoleFS})
+}
+
+func ConfigHandler(confServices *config.Config) func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type consoleCfg struct {
+			AsertoDirectoryUrl   string `json:"asertoDirectoryUrl"`
+			AuthorizerServiceUrl string `json:"authorizerServiceUrl"`
+			AuthorizerApiKey     string `json:"authorizerApiKey"`
+			DirectoryApiKey      string `json:"directoryApiKey"`
+			DirectoryTenantId    string `json:"directoryTenantId"`
+		}
+
+		var apiKey string
+		for key := range confServices.Auth.APIKeys {
+			apiKey = key
+			break
+		}
+
+		cfg := &consoleCfg{}
+		if serviceConfig, ok := confServices.Services["authorizer"]; ok {
+			cfg.AuthorizerServiceUrl = fmt.Sprintf("https://%s", serviceConfig.Gateway.ListenAddress)
+			cfg.AuthorizerApiKey = apiKey
+		}
+
+		if serviceConfig, ok := confServices.Services["reader"]; ok {
+			cfg.AsertoDirectoryUrl = fmt.Sprintf("https://%s", serviceConfig.Gateway.ListenAddress)
+		} else {
+			host := strings.Split(confServices.DirectoryResolver.Address, ":")[0]
+			cfg.AsertoDirectoryUrl = fmt.Sprintf("https://%s", host)
+			if confServices.DirectoryResolver.TenantID != "" {
+				cfg.DirectoryTenantId = confServices.DirectoryResolver.TenantID
+			}
+		}
+
+		if confServices.DirectoryResolver.APIKey != "" {
+			cfg.DirectoryApiKey = confServices.DirectoryResolver.APIKey
+		}
+
+		buf, _ := json.Marshal(cfg)
+		writeFile(buf, w, r)
+	}
+}
+
+func AuthorizersHandler(confServices *config.Config) func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		type AuthorizerInstance struct {
+			Name   string `json:"name"`
+			URL    string `json:"url"`
+			APIKey string `json:"apiKey"`
+		}
+		type authorizersResult struct {
+			Results []AuthorizerInstance `json:"results"`
+		}
+
+		var apiKey string
+		for key := range confServices.Auth.APIKeys {
+			apiKey = key
+			break
+		}
+
+		var cfg *authorizersResult
+		if serviceConfig, ok := confServices.Services["authorizer"]; ok {
+			cfg = &authorizersResult{
+				Results: []AuthorizerInstance{{URL: fmt.Sprintf("https://%s", serviceConfig.Gateway.ListenAddress), Name: "authorizer", APIKey: apiKey}},
+			}
+		} else {
+			cfg = &authorizersResult{}
+		}
+
+		buf, _ := json.Marshal(cfg)
+		writeFile(buf, w, r)
+	}
+}
+
+func writeFile(buf []byte, w http.ResponseWriter, _ *http.Request) {
+	w.Header().Add("Content-Type", "application/json")
+	w.Header().Add("Content-Length", strconv.FormatInt(int64(len(buf)), 10))
+	_, _ = w.Write(buf)
+}
diff --git a/pkg/cli/cmd/start.go b/pkg/cli/cmd/start.go
@@ -73,6 +73,7 @@ var (
 		"-p", "8383:8383",
 		"-p", "8484:8484",
 		"-p", "9292:9292",
+		"-p", "8080:8080",
 		"-v", "$TOPAZ_CERTS_DIR/certs:/certs:rw",
 		"-v", "$TOPAZ_CFG_DIR/cfg:/config:ro",
 		"-v", "$TOPAZ_EDS_DIR/db:/db:rw",