# ✨ SparkleLab **Sparkle your colleagues with praise.** A low-stakes experiment with high-value learnings. ## What's SparkleLab? SparkleLab is a lightweight service designed to explore modern access control models within GitLab, while doing something fun: helping GitLab team members show appreciation for each other. We're using this as a **safe space for architectural experimentation**. By integrating with real systems and encouraging real usage, we can validate assumptions, uncover edge cases, and collect meaningful data - all while spreading positivity. ## Why SparkleLab? The Authorization team is researching ways to evolve GitLab's authorization stack. We need a real, functioning service that: - Integrates with GitLab - Encourages real-world usage and feedback - Lets us model and experiment with **RBAC**, **ABAC**, and **ReBAC** ## Key Use Cases - **Machine-to-Machine** Integrates with Slack via a [slash command](https://api.slack.com/interactivity/slash-commands) to explore how external services can interact with GitLab-managed services. - **User-to-User** Authenticates GitLab team members via our OIDC Identity Provider. We'll simulate different access control scenarios (RBAC, ABAC, ReBAC) by adding artificial constraints on who can send praise - even though in reality, *everyone can contribute*. ## Learn More - [Authorization Design Doc](https://gitlab.com/gitlab-org/architecture/auth-architecture/design-doc) - [Deployment Project](https://gitlab.com/gitlab-com/gl-infra/platform/runway/deployments/sparkle) - [GitLab Handbook: Say Thanks](https://handbook.gitlab.com/handbook/communication/#say-thanks) - [Runway Documentation](https://docs.runway.gitlab.com/runtimes/cloud-run/onboarding/) ## Environments ### Staging - https://sparkle.staging.runway.gitlab.net - [Logs](https://console.cloud.google.com/logs/query;query=resource.labels.service_name%3D%22sparkle%22?project=gitlab-runway-staging) - [1Password](https://start.1password.com/open/i?a=LKATQYUATRBRDHRRABEBH4RJ5Y&v=6gq44ckmq23vqk5poqunurdgay&i=3ypbipaxzcuab4hzw6rrcyo4ju&h=gitlab.1password.com) ### Production - https://sparkle.runway.gitlab.net - [Logs](https://console.cloud.google.com/logs/query;query=resource.labels.service_name%3D%22sparkle%22?project=gitlab-runway-production) - [1Password](https://start.1password.com/open/i?a=LKATQYUATRBRDHRRABEBH4RJ5Y&v=6gq44ckmq23vqk5poqunurdgay&i=ifh2s6wj6is6ww2qwwinlvcmdy&h=gitlab.1password.com) ## Getting Started ### Prerequisites - [mise](https://mise.jdx.dev/) - [make](https://www.gnu.org/software/make/) - [docker](https://docs.docker.com/get-started/get-docker/) - [go mod for private GitLab projects](https://docs.gitlab.com/user/project/use_project_as_go_package/#authenticate-go-requests-to-private-projects) 1. Install tools: ```bash $ make setup ``` 2. Run the tests: ```bash $ make test ``` 4. Copy the `.env` file ```bash $ cp .env .env.local ``` 5. Edit the settings in the `.env.local` file: ```bash $ vim .env.local ``` Follow these instructions to [create a user-owned application](https://docs.gitlab.com/integration/oauth_provider/#create-a-user-owned-application) and set the `OAUTH_CLIENT_ID` and `OAUTH_CLIENT_SECRET`. 6. Start the service ```bash $ make run ``` 7. Open a browser and navigate to: http://localhost:10000 See the [DEVELOPMENT](./share/man/development.md) guide for additional instructions.