blob: 051b19e8c0ab1bb8ee14f0c5c2188347863091d1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
# ✨ SparkleLab
**Sparkle your colleagues with praise.**
A low-stakes experiment with high-value learnings.
## What's SparkleLab?
SparkleLab is a lightweight service designed to explore modern access control models within GitLab, while doing something fun: helping GitLab team members show appreciation for each other.
We're using this as a **safe space for architectural experimentation**. By integrating with real systems and encouraging real usage, we can validate assumptions, uncover edge cases, and collect meaningful data - all while spreading positivity.
## Why SparkleLab?
The Authorization team is researching ways to evolve GitLab's authorization stack. We need a real, functioning service that:
- Integrates with GitLab
- Encourages real-world usage and feedback
- Lets us model and experiment with **RBAC**, **ABAC**, and **ReBAC**
## Key Use Cases
- **Machine-to-Machine** Integrates with Slack via a [slash command](https://api.slack.com/interactivity/slash-commands) to explore how external services can interact with GitLab-managed services.
- **User-to-User** Authenticates GitLab team members via our OIDC Identity Provider. We'll simulate different access control scenarios (RBAC, ABAC, ReBAC) by adding artificial constraints on who can send praise - even though in reality, *everyone can contribute*.
## Learn More
- [Authorization Design Doc](https://gitlab.com/gitlab-org/architecture/auth-architecture/design-doc)
- [Deployment Project](https://gitlab.com/gitlab-com/gl-infra/platform/runway/deployments/sparkle)
- [GitLab Handbook: Say Thanks](https://handbook.gitlab.com/handbook/communication/#say-thanks)
- [Runway Documentation](https://docs.runway.gitlab.com/runtimes/cloud-run/onboarding/)
## Environments
### Staging
- https://sparkle.staging.runway.gitlab.net
- [Logs](https://console.cloud.google.com/logs/query;query=resource.labels.service_name%3D%22sparkle%22?project=gitlab-runway-staging)
- [1Password](https://start.1password.com/open/i?a=LKATQYUATRBRDHRRABEBH4RJ5Y&v=6gq44ckmq23vqk5poqunurdgay&i=3ypbipaxzcuab4hzw6rrcyo4ju&h=gitlab.1password.com)
### Production
- https://sparkle.runway.gitlab.net
- [Logs](https://console.cloud.google.com/logs/query;query=resource.labels.service_name%3D%22sparkle%22?project=gitlab-runway-production)
- [1Password](https://start.1password.com/open/i?a=LKATQYUATRBRDHRRABEBH4RJ5Y&v=6gq44ckmq23vqk5poqunurdgay&i=ifh2s6wj6is6ww2qwwinlvcmdy&h=gitlab.1password.com)
## Getting Started
### Prerequisites
- [mise](https://mise.jdx.dev/)
- [make](https://www.gnu.org/software/make/)
- [docker](https://docs.docker.com/get-started/get-docker/)
- [go mod for private GitLab projects](https://docs.gitlab.com/user/project/use_project_as_go_package/#authenticate-go-requests-to-private-projects)
1. Install tools:
```bash
$ make setup
```
2. Run the tests:
```bash
$ make test
```
4. Copy the `.env` file
```bash
$ cp .env .env.local
```
5. Edit the settings in the `.env.local` file:
```bash
$ vim .env.local
```
Follow these instructions to [create a user-owned application](https://docs.gitlab.com/integration/oauth_provider/#create-a-user-owned-application) and set the `OAUTH_CLIENT_ID` and `OAUTH_CLIENT_SECRET`.
6. Start the service
```bash
$ make run
```
7. Open a browser and navigate to: http://localhost:10000
See the [DEVELOPMENT](./share/man/development.md) guide for additional instructions.
|
