From 6de05858b9d32d8dbdd5364ba30a2d5280f5e63d Mon Sep 17 00:00:00 2001 From: Martin Besozzi Date: Sat, 29 Jun 2024 18:28:24 -0300 Subject: [PATCH] feat: Added Docker image release --- .github/workflows/release.yml | 15 +++++++++++++++ Dockerfile | 13 +++++++++++++ apisix/plugins/authz-openfga.lua | 8 ++++---- 3 files changed, 32 insertions(+), 4 deletions(-) create mode 100644 Dockerfile diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c6750f8..bb504a0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,9 @@ on: tags: - 'v[0-9]+.[0-9]+.[0-9]+' +env: + CONTAINER_IMAGE: ghcr.io/embesozzi/${{github.event.repository.name}} + jobs: build-upload-release: runs-on: ubuntu-latest @@ -13,11 +16,23 @@ jobs: contents: write steps: - uses: actions/checkout@v2 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Get version from tag id: version run: echo ::set-output name=number::$(echo $GITHUB_REF | cut -d / -f 3 | cut -d / -f 3 | sed -e 's/^v//') + - name: docker build & push + run: | + docker build --build-arg API_GATEWAY_VERSION=3.7.0-debian --build-arg PLUGIN_OPENFGA_VERSION=${{ steps.version.outputs.number }} -t ${{env.CONTAINER_IMAGE}} . + docker build . -t ${{env.CONTAINER_IMAGE}}:${{ steps.version.outputs.number }} -t ${{env.CONTAINER_IMAGE}}:latest + docker push ${{env.CONTAINER_IMAGE}}:${{ steps.version.outputs.number }} + docker push ${{env.CONTAINER_IMAGE}}:latest + - name: Create changelog text id: changelog uses: loopwerk/tag-changelog@v1 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b488de6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,13 @@ +ARG API_GATEWAY_VERSION=3.7.0-debian +ARG PLUGIN_OPENFGA_VERSION=1.0.0 +FROM apache/apisix:${API_GATEWAY_VERSION} + +LABEL maintainer="embesozzi@gmail.com" +LABEL version=${PLUGIN_OPENFGA_VERSION} +LABEL org.opencontainers.image.authors="embesozzi@gmail.com" +LABEL org.opencontainers.image.version=${PLUGIN_OPENFGA_VERSION} +LABEL org.opencontainers.image.revision=${PLUGIN_OPENFGA_VERSION}-${API_GATEWAY_VERSION} +LABEL org.opencontainers.image.title="API Gateway integrated with OpenFGA" +LABEL org.opencontainers.image.description="integrated with OpenFGA for FGA" + +COPY apisix/plugins/authz-openfga.lua /usr/local/apisix/apisix/plugins/authz-openfga.lua \ No newline at end of file diff --git a/apisix/plugins/authz-openfga.lua b/apisix/plugins/authz-openfga.lua index ec4d736..82b5797 100644 --- a/apisix/plugins/authz-openfga.lua +++ b/apisix/plugins/authz-openfga.lua @@ -94,7 +94,7 @@ local function authz_model_cache_set(type, key, value, exp) if err then log.error("authz_model_cache_set error=", err) else - log.error("authz_model_cache_set success=", success) + log.debug("authz_model_cache_set success=", success) end else log.error("dict not found=", type) @@ -181,7 +181,7 @@ local function authorization_model_get(conf) end local authz_model = json_authz_models.authorization_models[1] - core.log.error("first authz model id: ", authz_model.id) + core.log.debug("first authz model id: ", authz_model.id) authorization_model_json = { store_id = store.id, authorization_model_id = authz_model.id @@ -269,11 +269,11 @@ function _M.access(conf, ctx) end if not data.allowed then - log.error("user " .. user_jwt_claim_value .. " not authorized") + log.info("user " .. user_jwt_claim_value .. " not authorized") return 403, {message = "not authorized"} end - core.log.debug("user " .. user_jwt_claim_value .. " is allowed") + core.log.info("user " .. user_jwt_claim_value .. " is allowed") end return _M \ No newline at end of file