blob: c51d7ce0f7604be3c5299bb642c9211cc37e7864 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
AUTHZD_BIN := bin/authzd
GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
PROJECT_NAME := $(shell basename $(shell pwd))
IMAGE_TAG := $(PROJECT_NAME):$(GIT_BRANCH)
# SpiceDB configuration
SPICEDB_ENDPOINT ?= localhost:20000
SPICEDB_TOKEN ?= secret
# Set ZED command with appropriate flags
ifeq ($(findstring :443,$(SPICEDB_ENDPOINT)),:443)
ZED_CMD = zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)"
else
ZED_CMD = zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure
endif
.PHONY: build test run clean tidy
.PHONY: build-image run-image
setup:
mise install
mise exec go -- go install github.com/xlgmokha/minit@latest
$(AUTHZD_BIN): $(shell find . -name "*.go" 2>/dev/null) go.sum
@go build -o $(AUTHZD_BIN) ./cmd/authzd/main.go
build: $(AUTHZD_BIN)
test:
@go test ./...
lint:
@zed validate etc/authzd/*.schema
run: build
@minit
clean:
@rm -f $(AUTHZD_BIN)
tidy:
@go get -u ./...
@go mod tidy
@go mod vendor
@go tool yamlfmt -exclude vendor .
# Docker targets
build-image:
@docker build --tag $(IMAGE_TAG) .
run-image: build-image
@docker run --rm -p 20000:20000 --init -it $(IMAGE_TAG)
# spice targets
# Usage: make run-spicedb-setup SPICEDB_ENDPOINT=localhost:20000
# make run-spicedb-setup SPICEDB_ENDPOINT=authzd.staging.runway.gitlab.net:443
# make run-spicedb-setup SPICEDB_ENDPOINT=authzd.runway.gitlab.net:443
run-spicedb-setup:
@$(ZED_CMD) schema write etc/authzd/spice.schema
@$(ZED_CMD) schema read
@$(ZED_CMD) relationship create project:1 maintainer user:mokhax
@$(ZED_CMD) relationship create project:1 developer user:tanuki
run-spicedb-sparkle-relationships:
@$(ZED_CMD) relationship touch resource:/ reader user:*
@$(ZED_CMD) relationship touch resource:/callback reader user:*
@$(ZED_CMD) relationship touch resource:/dashboard reader user:root
@$(ZED_CMD) relationship touch resource:/dashboard/nav reader user:*
@$(ZED_CMD) relationship touch resource:/signout reader user:root
@$(ZED_CMD) relationship touch resource:/sparkles reader user:*
@$(ZED_CMD) relationship touch resource:/sparkles writer user:root
run-spicedb-permission-check:
@$(ZED_CMD) permission check project:1 read user:mokhax
@$(ZED_CMD) permission check project:1 write user:mokhax
@$(ZED_CMD) permission check project:1 read user:tanuki
@$(ZED_CMD) permission check project:1 write user:tanuki
@$(ZED_CMD) permission check resource:/ read user:public
run-spicedb-relationships-list:
@$(ZED_CMD) relationship read group
@$(ZED_CMD) relationship read project
@$(ZED_CMD) relationship read user
|
