blob: 3625c9f4c3d00ce6dbf9cfc6de566e620cadc794 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
AUTHZD_BIN := bin/authzd
GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
PROJECT_NAME := $(shell basename $(shell pwd))
IMAGE_TAG := $(PROJECT_NAME):$(GIT_BRANCH)
.PHONY: build check test run clean fmt lint doc vendor
.PHONY: build-image run-image
.PHONY: health-check list-services
.PHONY: staging-entities production-entities
setup:
mise install
mise exec go -- go install github.com/xlgmokha/minit@latest
mise exec rust -- rustup component add clippy rustfmt rust-analyzer
mise exec rust -- cargo install --locked cedar-policy-cli
$(AUTHZD_BIN): $(shell find src -name "*.rs" 2>/dev/null) Cargo.toml
@cargo build --bin authzd --offline
@cp target/debug/authzd bin/authzd
# Cargo targets
build: $(AUTHZD_BIN)
check:
@cargo check
test:
@cargo test
run: build
@minit
clean:
@rm -f $(AUTHZD_BIN)
@cargo clean
fmt:
@cargo fmt
@for policy in etc/authzd/*.cedar; do cedar format --policies $$policy --write; done
lint:
@cargo clippy
@for policy in etc/authzd/*.cedar; do cedar check-parse --policies $$policy; done
@for policy in etc/authzd/*.cedar; do cedar format --policies $$policy --check; done
@./bin/envoy --mode validate -c ./etc/envoy/envoy.yaml || echo "Envoy not available, skipping validation"
doc:
@cargo doc --open
vendor:
@cargo vendor
# Docker targets
build-image:
@docker build --tag $(IMAGE_TAG) .
run-image: build-image
@docker run --rm -p 20000:20000 --init -it $(IMAGE_TAG)
# HTTP and gRPC testing targets
health-check:
@grpcurl -plaintext localhost:20000 grpc.health.v1.Health/Check
list-services:
@grpcurl -plaintext localhost:20000 list
# entities targets
check-gitlab-token:
@if [ -z "$$GITLAB_TOKEN" ]; then \
echo "Error: GITLAB_TOKEN environment variable is required"; \
echo "Set it with: export GITLAB_TOKEN=your_token"; \
exit 1; \
fi
staging-entities: $(AUTHZD_BIN) check-gitlab-token
@$(AUTHZD_BIN) generate --host https://staging.gitlab.com --project authorization/sparkle/team --output etc/authzd/staging.gitlab.com/authorization/sparkle/team/entities.json
production-entities: $(AUTHZD_BIN) check-gitlab-token
@$(AUTHZD_BIN) generate --project gitlab-org/gitlab --output etc/authzd/gitlab.com/gitlab-org/gitlab/entities.json
@$(AUTHZD_BIN) generate --project gitlab-org/software-supply-chain-security/authorization/authzd --output etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd/entities.json
@$(AUTHZD_BIN) generate --project gitlab-org/software-supply-chain-security/authorization/sparkled --output etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/entities.json
# spice targets
run-spicedb-setup:
@zed --endpoint ":20000" --token "secret" --insecure schema write etc/authzd/spice.schema
@zed --endpoint ":20000" --token "secret" --insecure schema read
@zed --endpoint ":20000" --token "secret" --insecure relationship create project:1 maintainer user:mokhax
@zed --endpoint ":20000" --token "secret" --insecure relationship create project:1 developer user:tanuki
run-spicedb-permission-check:
@zed --endpoint ":20000" --token "secret" --insecure permission check project:1 read user:mokhax
@zed --endpoint ":20000" --token "secret" --insecure permission check project:1 write user:mokhax
@zed --endpoint ":20000" --token "secret" --insecure permission check project:1 read user:tanuki
@zed --endpoint ":20000" --token "secret" --insecure permission check project:1 write user:tanuki
|
