diff options
| -rw-r--r-- | Dockerfile | 24 | ||||
| -rw-r--r-- | Makefile | 25 | ||||
| -rw-r--r-- | README.md | 4 |
3 files changed, 12 insertions, 41 deletions
@@ -10,26 +10,18 @@ RUN strip /app/target/x86_64-unknown-linux-musl/release/authzd # Build stage for getting Envoy binary FROM envoyproxy/envoy:v1.34-latest AS envoy-binary -# Build stage for goreman (Procfile supervisor) -FROM golang:1.23-alpine AS goreman-builder -RUN go install github.com/mattn/goreman@latest +# Build stage for Procfile supervisor +FROM golang:1.23-alpine AS forego-builder +RUN go install github.com/ddollar/forego@latest # Final stage FROM gcr.io/distroless/base-debian12:nonroot EXPOSE 9901 10000 50051 WORKDIR / - -# Copy binaries -COPY --from=authzd-builder /app/target/x86_64-unknown-linux-musl/release/authzd /bin/authzd -COPY --from=envoy-binary /usr/local/bin/envoy /bin/envoy -COPY --from=goreman-builder /go/bin/goreman /bin/goreman - -# Copy configurations +COPY --from=authzd-builder /app/Procfile /Procfile COPY --from=authzd-builder /app/etc/authzd /etc/authzd COPY --from=authzd-builder /app/etc/envoy /etc/envoy - -# Copy Procfile and goreman config -COPY --from=authzd-builder /app/Procfile /Procfile - -ENTRYPOINT ["/bin/goreman"] -CMD ["start"] +COPY --from=authzd-builder /app/target/x86_64-unknown-linux-musl/release/authzd /bin/authzd +COPY --from=envoy-binary /usr/local/bin/envoy /bin/envoy +COPY --from=forego-builder /go/bin/forego /bin/forego +ENTRYPOINT ["/bin/forego", "start"] @@ -7,7 +7,7 @@ IMAGE_TAG := $(PROJECT_NAME):$(GIT_BRANCH) setup: mise install - mise exec go -- go install github.com/mattn/goreman@latest + mise exec go -- go install github.com/ddollar/forego@latest mise exec rustup -- rustup component add clippy rustfmt # Cargo targets @@ -22,7 +22,7 @@ test: run: build @cp target/debug/authzd bin/authzd - @goreman -set-ports=false -rpc-server=false -f ./Procfile -exit-on-error=true start + @forego start -f Procfile clean: @cargo clean @@ -43,9 +43,6 @@ vendor: build-image: @docker build --tag $(IMAGE_TAG) . -build-image-clean: - @docker build --tag $(IMAGE_TAG) . - run-image: build-image @docker run --rm -p 10000:10000 -p 9901:9901 --init -it $(IMAGE_TAG) @@ -53,23 +50,5 @@ run-image: build-image health-check: @curl -s http://localhost:10000/health || echo "Service not running" -envoy-admin: - @curl -s http://localhost:9901/stats/prometheus | head -20 - list-services: @grpcurl -plaintext localhost:50051 list - -test-image: build-image - @echo "Starting container..." - @docker run -d --name authzd-test -p 10000:10000 -p 9901:9901 $(IMAGE_TAG) - @echo "Waiting for services to start..." - @sleep 5 - @echo "Testing Envoy admin endpoint..." - @curl -s http://localhost:9901/stats/prometheus | grep -q "envoy_" && echo "✓ Envoy admin is accessible" || echo "✗ Envoy admin failed" - @echo "Testing health endpoint..." - @curl -s -o /dev/null -w "%{http_code}" http://localhost:10000/health | grep -q "200" && echo "✓ Health check passed" || echo "✗ Health check failed" - @echo "Testing authorization flow..." - @curl -s -H "Authorization: Bearer valid-token" http://localhost:10000/ -w "\n%{http_code}" | grep -q "200" && echo "✓ Auth with valid token passed" || echo "✗ Auth with valid token failed" - @curl -s http://localhost:10000/ -w "\n%{http_code}" | grep -q "401" && echo "✓ Auth without token correctly rejected" || echo "✗ Auth without token failed" - @echo "Cleaning up..." - @docker stop authzd-test && docker rm authzd-test @@ -51,13 +51,13 @@ It integrates with an identity provider (IdP) and uses message queues to stay in 1. Install tools: ```sh - $ mise install + $ make setup ``` 1. Start servers: ```sh - $ cargo run + $ make run ``` ## Environments |