diff --git a/Makefile b/Makefile index c890e806f..788bd0380 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,7 @@ MONGO_INITDB_ROOT_USERNAME?=mongodb MONGO_INITDB_ROOT_PASSWORD?=password STRIPE_SECRET_KEY?="" AUTH_JWTSIGNING_PRIVATE_KEY?="" +PERMIT_API_KEY?="" DD_ENV=$(SHUTTLE_ENV) ifeq ($(SHUTTLE_ENV),production) @@ -127,7 +128,8 @@ DOCKER_COMPOSE_ENV=\ COMPOSE_PROFILES=$(COMPOSE_PROFILES)\ DOCKER_SOCK=$(DOCKER_SOCK)\ SHUTTLE_ENV=$(SHUTTLE_ENV)\ - SHUTTLE_SERVICE_VERSION=$(SHUTTLE_SERVICE_VERSION) + SHUTTLE_SERVICE_VERSION=$(SHUTTLE_SERVICE_VERSION)\ + PERMIT_API_KEY=$(PERMIT_API_KEY) .PHONY: clean deep-clean images the-shuttle-images shuttle-% postgres otel deploy test docker-compose.rendered.yml up down diff --git a/auth/src/args.rs b/auth/src/args.rs index fea1391d5..a10a5b4f6 100644 --- a/auth/src/args.rs +++ b/auth/src/args.rs @@ -39,16 +39,13 @@ pub struct StartArgs { /// Address to reach the permit.io API at #[arg(long, default_value = "https://api.eu-central-1.permit.io")] pub permit_api_uri: Uri, - /// Address to reach the permit.io PDP at #[arg(long, default_value = "http://permit-pdp:7000")] pub permit_pdp_uri: Uri, - /// Permit environment to use #[arg(long, default_value = "local")] - pub permit_environment: String, - - /// Permit environment to use + pub permit_env: String, + /// Permit API key #[arg(long, default_value = "permit_")] pub permit_api_key: String, } diff --git a/auth/src/lib.rs b/auth/src/lib.rs index 906643227..082f49c1a 100644 --- a/auth/src/lib.rs +++ b/auth/src/lib.rs @@ -27,7 +27,7 @@ pub async fn start(pool: PgPool, args: StartArgs) -> io::Result<()> { args.permit_api_uri, args.permit_pdp_uri, "default".to_string(), - args.permit_environment, + args.permit_env, &args.permit_api_key, )) .with_jwt_signing_private_key(args.jwt_signing_private_key) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 32463b870..631bc4230 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -68,6 +68,8 @@ services: - "--stripe-secret-key=${STRIPE_SECRET_KEY}" # used only for local development - "--jwt-signing-private-key=LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1DNENBUUF3QlFZREsyVndCQ0lFSUR5V0ZFYzhKYm05NnA0ZGNLTEwvQWNvVUVsbUF0MVVKSTU4WTc4d1FpWk4KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" + - "--permit-api=https://api.eu-central-1.permit.io" + - "--permit-api-key=${PERMIT_API_KEY}" otel-collector: ports: - 4317:4317 @@ -116,3 +118,6 @@ services: - 8004:8000 # the shared postgres already uses 5432 - 5434:5432 + permit-pdp: + environment: + - PDP_DEBUG=True diff --git a/docker-compose.yml b/docker-compose.yml index b3a88f783..0f30f5370 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,6 +21,8 @@ networks: services: auth: image: "${CONTAINER_REGISTRY}/auth:${AUTH_TAG}" + depends_on: + - permit-pdp ports: - 8008:8000 deploy: @@ -52,6 +54,10 @@ services: - "--address=0.0.0.0:8000" - "--stripe-secret-key=${STRIPE_SECRET_KEY}" - "--jwt-signing-private-key=${AUTH_JWTSIGNING_PRIVATE_KEY}" + - "--permit-api-uri=https://api.eu-central-1.permit.io" + - "--permit-pdp-uri=http://permit-pdp:7000" + - "--permit-env=${SHUTTLE_ENV}" + - "--permit-api-key=${PERMIT_API_KEY}" healthcheck: test: curl -f -s http://localhost:8000 interval: 1m @@ -66,6 +72,7 @@ services: depends_on: - provisioner - auth + - permit-pdp ports: - 7999:7999 - 8000:8000 @@ -116,6 +123,10 @@ services: - "--proxy-fqdn=${APPS_FQDN}" - "--use-tls=${USE_TLS}" - "--admin-key=${GATEWAY_ADMIN_KEY}" + - "--permit-api-uri=https://api.eu-central-1.permit.io" + - "--permit-pdp-uri=http://permit-pdp:7000" + - "--permit-env=${SHUTTLE_ENV}" + - "--permit-api-key=${PERMIT_API_KEY}" healthcheck: test: curl -f -s http://localhost:8001 interval: 1m @@ -265,3 +276,17 @@ services: placement: constraints: - node.hostname==controller + permit-pdp: + image: docker.io/permitio/pdp-v2:0.2.37 + restart: always + environment: + - PDP_CONTROL_PLANE=${PERMIT_API} + - PDP_API_KEY=${PERMIT_API_KEY} + ports: + - 7000:7000 + networks: + user-net: + deploy: + placement: + constraints: + - node.hostname==controller diff --git a/gateway/src/args.rs b/gateway/src/args.rs index 51f2adf22..188598045 100644 --- a/gateway/src/args.rs +++ b/gateway/src/args.rs @@ -77,6 +77,7 @@ pub struct ContextArgs { /// Api key for the user that has rights to start deploys #[arg(long, default_value = "gateway4deployes")] pub deploys_api_key: String, + /// Maximum number of containers to start on this node before blocking cch projects #[arg(long, default_value = "900")] pub cch_container_limit: u32, @@ -87,6 +88,19 @@ pub struct ContextArgs { #[arg(long, default_value = "990")] pub hard_container_limit: u32, + /// Address to reach the permit.io API at + #[arg(long, default_value = "https://api.eu-central-1.permit.io")] + pub permit_api_uri: Uri, + /// Address to reach the permit.io PDP at + #[arg(long, default_value = "http://permit-pdp:7000")] + pub permit_pdp_uri: Uri, + /// Permit environment to use + #[arg(long, default_value = "local")] + pub permit_env: String, + /// Permit API key + #[arg(long, default_value = "permit_")] + pub permit_api_key: String, + /// Allow tests to set some extra /etc/hosts pub extra_hosts: Vec, } diff --git a/gateway/src/lib.rs b/gateway/src/lib.rs index 8f39aad1a..eb5e471f6 100644 --- a/gateway/src/lib.rs +++ b/gateway/src/lib.rs @@ -570,6 +570,10 @@ pub mod tests { cch_container_limit: 1, soft_container_limit: 2, hard_container_limit: 3, + permit_api_uri: Default::default(), // TODO: will need mock? + permit_pdp_uri: Default::default(), // TODO: will need mock? + permit_env: Default::default(), // TODO: will need mock? + permit_api_key: Default::default(), // TODO: will need mock? // Allow access to the auth on the host extra_hosts: vec!["host.docker.internal:host-gateway".to_string()],