diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 14:44:57 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-15 14:44:57 -0600 |
| commit | f94f79608393d4ab127db63cc41668445ef6b243 (patch) | |
| tree | f832ece5cf39319c72c1f6d6f97267df443b831c | |
| parent | ee07be9069ef51c1bece7faf315efbe312ddddd8 (diff) | |
chore: do not use --insecure option on TLS endpoints
| -rw-r--r-- | Makefile | 29 |
1 files changed, 19 insertions, 10 deletions
@@ -3,6 +3,17 @@ GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') PROJECT_NAME := $(shell basename $(shell pwd)) IMAGE_TAG := $(PROJECT_NAME):$(GIT_BRANCH) +# SpiceDB configuration +SPICEDB_ENDPOINT ?= localhost:20000 +SPICEDB_TOKEN ?= secret + +# Set ZED command with appropriate flags +ifeq ($(findstring :443,$(SPICEDB_ENDPOINT)),:443) +ZED_CMD = zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" +else +ZED_CMD = zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure +endif + .PHONY: build check test run clean fmt lint doc vendor .PHONY: build-image run-image .PHONY: health-check list-services @@ -84,17 +95,15 @@ production-entities: $(AUTHZD_BIN) check-gitlab-token # Usage: make run-spicedb-setup SPICEDB_ENDPOINT=localhost:20000 # make run-spicedb-setup SPICEDB_ENDPOINT=authzd.staging.runway.gitlab.net:443 # make run-spicedb-setup SPICEDB_ENDPOINT=authzd.runway.gitlab.net:443 -SPICEDB_ENDPOINT ?= localhost:20000 -SPICEDB_TOKEN ?= secret run-spicedb-setup: - @zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure schema write etc/authzd/spice.schema - @zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure schema read - @zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure relationship create project:1 maintainer user:mokhax - @zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure relationship create project:1 developer user:tanuki + @$(ZED_CMD) schema write etc/authzd/spice.schema + @$(ZED_CMD) schema read + @$(ZED_CMD) relationship create project:1 maintainer user:mokhax + @$(ZED_CMD) relationship create project:1 developer user:tanuki run-spicedb-permission-check: - @zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure permission check project:1 read user:mokhax - @zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure permission check project:1 write user:mokhax - @zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure permission check project:1 read user:tanuki - @zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure permission check project:1 write user:tanuki + @$(ZED_CMD) permission check project:1 read user:mokhax + @$(ZED_CMD) permission check project:1 write user:mokhax + @$(ZED_CMD) permission check project:1 read user:tanuki + @$(ZED_CMD) permission check project:1 write user:tanuki |