blob: 28fc0dfe323820bf8c459ab4b12ec9a46f35702a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
AUTHZD_BIN := bin/authzd
GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
PROJECT_NAME := $(shell basename $(shell pwd))
IMAGE_TAG := $(PROJECT_NAME):$(GIT_BRANCH)
# SpiceDB configuration
SPICEDB_ENDPOINT ?= localhost:20000
SPICEDB_TOKEN ?= secret
# Set ZED command with appropriate flags
ifeq ($(findstring :443,$(SPICEDB_ENDPOINT)),:443)
ZED_CMD = zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)"
else
ZED_CMD = zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure
endif
.PHONY: build check test run clean fmt lint doc vendor
.PHONY: build-image run-image
.PHONY: health-check list-services
.PHONY: staging-entities production-entities
setup:
mise install
mise exec go -- go install github.com/xlgmokha/minit@latest
mise exec rust -- rustup component add clippy rustfmt rust-analyzer
$(AUTHZD_BIN): $(shell find src -name "*.rs" 2>/dev/null) Cargo.toml
@cargo build --bin authzd --offline
@cp target/debug/authzd bin/authzd
# Cargo targets
build: $(AUTHZD_BIN)
check:
@cargo check
test:
@cargo test
run: build
@minit
clean:
@rm -f $(AUTHZD_BIN)
@cargo clean
fmt-rust:
@cargo fmt
fmt: fmt-rust
lint-rust:
@cargo clippy
lint-envoy:
@./bin/envoy --mode validate -c ./etc/envoy/envoy.yaml || echo "Envoy not available, skipping validation"
lint: lint-rust lint-envoy
doc:
@cargo doc --open
vendor:
@buf generate
@cargo vendor
# Docker targets
build-image:
@docker build --tag $(IMAGE_TAG) .
run-image: build-image
@docker run --rm -p 20000:20000 --init -it $(IMAGE_TAG)
# HTTP and gRPC testing targets
health-check:
@grpcurl -plaintext localhost:20000 grpc.health.v1.Health/Check
list-services:
@grpcurl -plaintext localhost:20000 list
# entities targets
check-gitlab-token:
@if [ -z "$$GITLAB_TOKEN" ]; then \
echo "Error: GITLAB_TOKEN environment variable is required"; \
echo "Set it with: export GITLAB_TOKEN=your_token"; \
exit 1; \
fi
staging-entities: $(AUTHZD_BIN) check-gitlab-token
@$(AUTHZD_BIN) generate --host https://staging.gitlab.com --project authorization/sparkle/team --output etc/authzd/staging.gitlab.com/authorization/sparkle/team/entities.json
production-entities: $(AUTHZD_BIN) check-gitlab-token
@$(AUTHZD_BIN) generate --project gitlab-org/gitlab --output etc/authzd/gitlab.com/gitlab-org/gitlab/entities.json
@$(AUTHZD_BIN) generate --project gitlab-org/software-supply-chain-security/authorization/authzd --output etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd/entities.json
@$(AUTHZD_BIN) generate --project gitlab-org/software-supply-chain-security/authorization/sparkled --output etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/entities.json
# spice targets
# Usage: make run-spicedb-setup SPICEDB_ENDPOINT=localhost:20000
# make run-spicedb-setup SPICEDB_ENDPOINT=authzd.staging.runway.gitlab.net:443
# make run-spicedb-setup SPICEDB_ENDPOINT=authzd.runway.gitlab.net:443
run-spicedb-setup:
@$(ZED_CMD) schema write etc/authzd/spice.schema
@$(ZED_CMD) schema read
@$(ZED_CMD) relationship create project:1 maintainer user:mokhax
@$(ZED_CMD) relationship create project:1 developer user:tanuki
run-spicedb-permission-check:
@$(ZED_CMD) permission check project:1 read user:mokhax
@$(ZED_CMD) permission check project:1 write user:mokhax
@$(ZED_CMD) permission check project:1 read user:tanuki
@$(ZED_CMD) permission check project:1 write user:tanuki
|
