diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-14 16:29:33 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-14 16:29:33 -0600 |
| commit | 0432cfbbb07f234dd2cd294cfe7dfa065b113182 (patch) | |
| tree | cab9f759b7d656dab92eab48694e5924c54b9644 /Makefile | |
| parent | 5a74d3988d8a029f1c879da709db623611aa545a (diff) | |
| parent | e0b38f6ca22b28a0c4fe4192d642fceb48030737 (diff) | |
Merge branch 'the-spice-must-flow' into 'main'
Add SpiceDB Integration with Service-based Routing
See merge request gitlab-org/software-supply-chain-security/authorization/authzd!9
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -42,6 +42,7 @@ lint: @cargo clippy @for policy in etc/authzd/*.cedar; do cedar check-parse --policies $$policy; done @for policy in etc/authzd/*.cedar; do cedar format --policies $$policy --check; done + @./bin/envoy --mode validate -c ./etc/envoy/envoy.yaml || echo "Envoy not available, skipping validation" doc: @cargo doc --open @@ -78,3 +79,16 @@ production-entities: $(AUTHZD_BIN) check-gitlab-token @$(AUTHZD_BIN) generate --project gitlab-org/gitlab --output etc/authzd/gitlab.com/gitlab-org/gitlab/entities.json @$(AUTHZD_BIN) generate --project gitlab-org/software-supply-chain-security/authorization/authzd --output etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd/entities.json @$(AUTHZD_BIN) generate --project gitlab-org/software-supply-chain-security/authorization/sparkled --output etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/entities.json + +# spice targets +run-spicedb-setup: + @zed --endpoint ":50051" --token "secret" --insecure schema write etc/authzd/spice.schema + @zed --endpoint ":50051" --token "secret" --insecure schema read + @zed --endpoint ":50051" --token "secret" --insecure relationship create project:1 maintainer user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure relationship create project:1 developer user:tanuki + +run-spicedb-permission-check: + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 read user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 write user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 read user:tanuki + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 write user:tanuki |