blob: 35886d640f8b04e802a6af5f44b59a992fe26f3c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
AUTHZD_BIN := bin/authzd
GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
PROJECT_NAME := $(shell basename $(shell pwd))
IMAGE_TAG := $(PROJECT_NAME):$(GIT_BRANCH)
.PHONY: build check test run clean fmt lint doc vendor
.PHONY: build-image run-image
.PHONY: health-check list-services
.PHONY: staging-entities production-entities
setup:
mise install
mise exec go -- go install github.com/xlgmokha/minit@latest
mise exec rust -- rustup component add clippy rustfmt rust-analyzer
mise exec rust -- cargo install --locked cedar-policy-cli
$(AUTHZD_BIN): $(shell find src -name "*.rs" 2>/dev/null) Cargo.toml
@cargo build --bin authzd --offline
@cp target/debug/authzd bin/authzd
# Cargo targets
build: $(AUTHZD_BIN)
check:
@cargo check
test:
@cargo test
run: build
@minit
clean:
@rm -f $(AUTHZD_BIN)
@cargo clean
fmt:
@cargo fmt
@for policy in etc/authzd/*.cedar; do cedar format --policies $$policy --write; done
lint:
@cargo clippy
@for policy in etc/authzd/*.cedar; do cedar check-parse --policies $$policy; done
@for policy in etc/authzd/*.cedar; do cedar format --policies $$policy --check; done
doc:
@cargo doc --open
vendor:
@cargo vendor
# Docker targets
build-image:
@docker build --tag $(IMAGE_TAG) .
run-image: build-image
@docker run --rm -p 20000:20000 --init -it $(IMAGE_TAG)
# HTTP and gRPC testing targets
health-check:
@grpcurl -plaintext localhost:20000 grpc.health.v1.Health/Check
list-services:
@grpcurl -plaintext localhost:20000 list
# entities targets
check-gitlab-token:
@if [ -z "$$GITLAB_TOKEN" ]; then \
echo "Error: GITLAB_TOKEN environment variable is required"; \
echo "Set it with: export GITLAB_TOKEN=your_token"; \
exit 1; \
fi
staging-entities: $(AUTHZD_BIN) check-gitlab-token
@$(AUTHZD_BIN) generate --host https://staging.gitlab.com --project authorization/sparkle/team --output etc/authzd/staging.gitlab.com/authorization/sparkle/team/entities.json
production-entities: $(AUTHZD_BIN) check-gitlab-token
@$(AUTHZD_BIN) generate --project gitlab-org/gitlab --output etc/authzd/gitlab.com/gitlab-org/gitlab/entities.json
@$(AUTHZD_BIN) generate --project gitlab-org/software-supply-chain-security/authorization/authzd --output etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd/entities.json
@$(AUTHZD_BIN) generate --project gitlab-org/software-supply-chain-security/authorization/sparkled --output etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/entities.json
# spice target
run-spicedb:
@spicedb serve --grpc-preshared-key "secret"
run-spice-schema-load:
@zed --endpoint ":50051" --token "secret" --insecure schema write etc/authzd/spice.schema
run-spice-schema-read:
@zed --endpoint ":50051" --token "secret" --insecure schema read
|
