Merge branch 'basics' into proto-files

This commit is contained in:
Fabiennne 2020-03-25 08:22:44 +01:00
commit 209764de79
21 changed files with 515 additions and 19 deletions

295
cmd/zitadel/authz.yaml Normal file
View File

@ -0,0 +1,295 @@
AuthZ:
RolePermissionMappings:
- Role: 'IAM_OWNER'
Permissions:
- "org.read"
- "org.write"
- "org.member.read"
- "org.member.write"
- "org.member.delete"
- "user.read"
- "user.write"
- "user.delete"
- "user.grant.read"
- "user.grant.write"
- "policy.read"
- "policy.write"
- "policy.delete"
- "project.read"
- "project.write"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- "project.app.read"
- "project.app.write"
- "project.grant.read"
- "project.grant.write"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'ORG_OWNER'
Permissions:
- "org.read"
- "org.write"
- "org.member.read"
- "org.member.write"
- "org.member.delete"
- "user.read"
- "user.write"
- "user.delete"
- "user.grant.read"
- "user.grant.write"
- "policy.read"
- "policy.write"
- "policy.delete"
- "project.read"
- "project.write"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- "project.app.read"
- "project.app.write"
- "project.grant.read"
- "project.grant.write"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'ORG_EDITOR'
Permissions:
- "org.read"
- "org.write"
- Role: 'ORG_VIEWER'
Permissions:
- "org.read"
- Role: 'ORG_MEMBER_EDITOR'
Permissions:
- "org.read"
- "org.member.read"
- "org.member.write"
- "org.member.delete"
- Role: 'ORG_MEMBER_VIEWER'
Permissions:
- "org.read"
- "org.member.read"
- Role: 'ORG_PROJECT_CREATOR'
Permissions:
- "project.read:self"
- "project.write"
- Role: 'ORG_PROJECT_EDITOR'
Permissions:
- "project.read"
- "project.write"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- "project.app.read"
- "project.app.write"
- "project.grant.read"
- "project.grant.write"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'ORG_PROJECT_VIEWER'
Permissions:
- "project.read"
- "project.member.read"
- "project.role.read"
- "project.app.read"
- "project.grant.read"
- "project.grant.member.read"
- Role: 'ORG_PROJECT_MEMBER_EDITOR'
Permissions:
- "project.read"
- "project.member.read"
- "project.member.write"
- "project.grant.member.delete"
- Role: 'ORG_PROJECT_MEMBER_VIEWER'
Permissions:
- "project.read"
- "project.member.read"
- Role: 'ORG_PROJECT_ROLE_EDITOR'
Permissions:
- "project.read"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- Role: 'ORG_PROJECT_ROLE_VIEWER'
Permissions:
- "project.read"
- "project.role.read"
- Role: 'ORG_PROJECT_APP_EDITOR'
Permissions:
- "project.read"
- "project.app.read"
- "project.app.write"
- Role: 'ORG_PROJECT_APP_VIEWER'
Permissions:
- "project.read"
- "project.app.read"
- Role: 'ORG_PROJECT_GRANT_EDITOR'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.write"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'ORG_PROJECT_GRANT_VIEWER'
Permissions:
- "project.read"
- "project.grant.read"
- Role: 'ORG_PROJECT_GRANT_MEMBER_EDITOR'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'ORG_PROJECT_GRANT_MEMBER_VIEWER'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.member.read"
- Role: 'ORG_USER_EDITOR'
Permissions:
- "user.read"
- "user.write"
- "user.delete"
- Role: 'ORG_USER_VIEWER'
Permissions:
- "user.read"
- Role: 'ORG_USER_GRANT_EDITOR'
Permissions:
- "user.read"
- "user.grant.read"
- "user.grant.write"
- "project.read"
- Role: 'ORG_USER_GRANT_VIEWER'
Permissions:
- "user.read"
- "user.grant.read"
- Role: 'ORG_POLICY_EDITOR'
Permissions:
- "policy.read"
- "policy.write"
- "policy.delete"
- Role: 'ORG_POLICY_VIEWER'
Permissions:
- "policy.read"
- Role: 'PROJECT_OWNER'
Permissions:
- "project.read"
- "project.write"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- "project.app.read"
- "project.app.write"
- "project.grant.read"
- "project.grant.write"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- "project.user.grant.read"
- "project.user.grant.write"
- "project.user.grant.delete"
- Role: 'PROJECT_MEMBER_EDITOR'
Permissions:
- "project.read"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- Role: 'PROJECT_MEMBER_VIEWER'
Permissions:
- "project.read"
- "project.member.read"
- Role: 'PROJECT_ROLE_EDITOR'
Permissions:
- "project.read"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- Role: 'PROJECT_APP_EDITOR'
Permissions:
- "project.read"
- "project.app.read"
- "project.app.write"
- Role: 'PROJECT_APP_VIEWER'
Permissions:
- "project.read"
- "project.app.read"
- Role: 'PROJECT_GRANT_EDITOR'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.write"
- Role: 'PROJECT_GRANT_VIEWER'
Permissions:
- "project.read"
- "project.grant.read"
- Role: 'PROJECT_GRANT_MEMBER_EDITOR'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'PROJECT_GRANT_MEMBER_VIEWER'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.member.read"
- Role: 'PROJECT_USER_GRANT_EDITOR'
Permissions:
- "project.read"
- "project.user.grant.read"
- "project.user.grant.write"
- "project.user.grant.delete"
- Role: 'PROJECT_USER_GRANT_VIEWER'
Permissions:
- "project.read"
- "project.user.grant.read"
- Role: 'PROJECT_GRANT_OWNER'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.write"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'PROJECT_GRANT_MEMBER_EDITOR'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'PROJECT_GRANT_MEMBER_VIEWER'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.member.read"
- Role: 'PROJECT_GRANT_USER_GRANT_EDITOR'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.user.grant.read"
- "project.grant.user.grant.write"
- "project.grant.user.grant.delete"
- Role: 'PROJECT_GRANT_USER_GRANT_VIEWER'
Permissions:
- "project.read"
- "project.grant.read"
- "project.grant.user.grant.read"

View File

@ -6,45 +6,63 @@ import (
"github.com/caos/logging"
authz "github.com/caos/zitadel/internal/api/auth"
"github.com/caos/zitadel/internal/config"
"github.com/caos/zitadel/pkg/admin"
"github.com/caos/zitadel/pkg/auth"
"github.com/caos/zitadel/pkg/eventstore"
"github.com/caos/zitadel/pkg/console"
"github.com/caos/zitadel/pkg/login"
"github.com/caos/zitadel/pkg/management"
)
type Config struct {
Eventstore eventstore.Config
Management management.Config
Auth auth.Config
Admin admin.Config
Mgmt *management.Config
Auth *auth.Config
Login *login.Config
Admin *admin.Config
Console *console.Config
//Log
//Tracing tracing.TracingConfig
AuthZ *authz.Config
}
func main() {
configPath := flag.String("config-file", "/zitadel/config/startup.yaml", "path to the config file")
var configPaths config.ArrayFlags
flag.Var(&configPaths, "config-files", "path to the config files")
managementEnabled := flag.Bool("management", true, "enable management api")
authEnabled := flag.Bool("auth", true, "enable auth api")
loginEnabled := flag.Bool("login", true, "enable login ui")
adminEnabled := flag.Bool("admin", true, "enable admin api")
consoleEnabled := flag.Bool("console", true, "enable console ui")
flag.Parse()
conf := new(Config)
err := config.Read(conf, *configPath)
err := config.Read(conf, configPaths...)
logging.Log("MAIN-FaF2r").OnError(err).Fatal("cannot read config")
ctx := context.Background()
if *managementEnabled {
err = management.Start(ctx, conf.Management)
err = management.Start(ctx, conf.Mgmt, conf.AuthZ)
logging.Log("MAIN-39Nv5").OnError(err).Fatal("error starting management api")
}
if *authEnabled {
err = auth.Start(ctx, conf.Auth)
err = auth.Start(ctx, conf.Auth, conf.AuthZ)
logging.Log("MAIN-x0nD2").OnError(err).Fatal("error starting auth api")
}
if *loginEnabled {
err = login.Start(ctx, conf.Login)
logging.Log("MAIN-53RF2").OnError(err).Fatal("error starting login ui")
}
if *adminEnabled {
err = admin.Start(ctx, conf.Admin)
err = admin.Start(ctx, conf.Admin, conf.AuthZ)
logging.Log("MAIN-0na71").OnError(err).Fatal("error starting admin api")
}
if *consoleEnabled {
err = console.Start(ctx, conf.Console)
logging.Log("MAIN-3Dfuc").OnError(err).Fatal("error starting console ui")
}
<-ctx.Done()
logging.Log("MAIN-s8d2h").Info("stopping zitadel")
}

44
cmd/zitadel/startup.yaml Normal file
View File

@ -0,0 +1,44 @@
Tracing:
Type: google
Config:
ProjectID: $TRACING_PROJECT_ID
MetricPrefix: ZITADEL-V1
Fraction: 1
Log:
Level: debug
Formatter: text
Mgmt:
API:
GRPC:
ServerPort: 60020
GatewayPort: 60021
SearchLimit: 100
CustomHeaders:
- x-caos-
Auth:
API:
GRPC:
ServerPort: 60050
GatewayPort: 60051
SearchLimit: 100
CustomHeaders:
- x-caos-
Login:
Admin:
API:
GRPC:
ServerPort: 60090
GatewayPort: 60091
SearchLimit: 100
CustomHeaders:
- x-caos-
Console:
Port: '9090'
StaticDir: '/app/console/dist'

3
go.mod
View File

@ -11,6 +11,7 @@ require (
github.com/Masterminds/sprig v2.22.0+incompatible
github.com/aws/aws-sdk-go v1.29.16 // indirect
github.com/caos/logging v0.0.0-20191210002624-b3260f690a6a
github.com/ghodss/yaml v1.0.0
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
github.com/golang/mock v1.4.3
github.com/golang/protobuf v1.3.5
@ -34,5 +35,5 @@ require (
google.golang.org/api v0.20.0 // indirect
google.golang.org/genproto v0.0.0-20200319113533-08878b785e9c // indirect
google.golang.org/grpc v1.28.0
gopkg.in/yaml.v2 v2.2.8
gopkg.in/yaml.v2 v2.2.8 // indirect
)

4
internal/admin/config.go Normal file
View File

@ -0,0 +1,4 @@
package admin
type Config struct {
}

View File

@ -0,0 +1,34 @@
package grpc
type Config struct {
ServerPort string
GatewayPort string
SearchLimit int
CustomHeaders []string
}
func (c *Config) ToServerConfig() *ServerConfig {
return &ServerConfig{
Port: c.ServerPort,
SearchLimit: c.SearchLimit,
}
}
func (c *Config) ToGatewayConfig() *GatewayConfig {
return &GatewayConfig{
Port: c.GatewayPort,
GRPCEndpoint: c.ServerPort,
CustomHeaders: c.CustomHeaders,
}
}
type ServerConfig struct {
Port string
SearchLimit int
}
type GatewayConfig struct {
Port string
GRPCEndpoint string
CustomHeaders []string
}

View File

@ -8,9 +8,9 @@ import (
"github.com/BurntSushi/toml"
"github.com/caos/logging"
"github.com/ghodss/yaml"
"github.com/nicksnyder/go-i18n/v2/i18n"
"golang.org/x/text/language"
"gopkg.in/yaml.v2"
"github.com/caos/zitadel/internal/api"
http_util "github.com/caos/zitadel/internal/api/http"
@ -43,8 +43,9 @@ func NewTranslator(config TranslatorConfig) (*Translator, error) {
func newBundle(i18nDir string, defaultLanguage language.Tag) (*i18n.Bundle, error) {
bundle := i18n.NewBundle(defaultLanguage)
bundle.RegisterUnmarshalFunc("yaml", yaml.Unmarshal)
bundle.RegisterUnmarshalFunc("yml", yaml.Unmarshal)
yamlUnmarshal := func(data []byte, v interface{}) error { return yaml.Unmarshal(data, v) }
bundle.RegisterUnmarshalFunc("yaml", yamlUnmarshal)
bundle.RegisterUnmarshalFunc("yml", yamlUnmarshal)
bundle.RegisterUnmarshalFunc("json", json.Unmarshal)
bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal)
files, err := ioutil.ReadDir(i18nDir)

4
internal/auth/config.go Normal file
View File

@ -0,0 +1,4 @@
package auth
type Config struct {
}

View File

@ -7,7 +7,7 @@ import (
"path/filepath"
"github.com/BurntSushi/toml"
"gopkg.in/yaml.v2"
"github.com/ghodss/yaml"
"github.com/caos/zitadel/internal/errors"
)
@ -21,7 +21,7 @@ type ReaderFunc func(data []byte, o interface{}) error
var (
JSONReader = json.Unmarshal
TOMLReader = toml.Unmarshal
YAMLReader = yaml.Unmarshal
YAMLReader = func(data []byte, o interface{}) error { return yaml.Unmarshal(data, o) }
)
// Read deserializes each config file to the target obj

14
internal/config/flag.go Normal file
View File

@ -0,0 +1,14 @@
package config
import "strings"
type ArrayFlags []string
func (i *ArrayFlags) String() string {
return strings.Join(*i, ";")
}
func (i *ArrayFlags) Set(value string) error {
*i = append(*i, value)
return nil
}

4
internal/login/config.go Normal file
View File

@ -0,0 +1,4 @@
package login
type Config struct {
}

View File

@ -0,0 +1,3 @@
package management
type Config struct{}

View File

@ -3,12 +3,17 @@ package admin
import (
"context"
app "github.com/caos/zitadel/internal/admin"
"github.com/caos/zitadel/internal/api/auth"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/pkg/admin/api"
)
type Config struct {
App *app.Config
API *api.Config
}
func Start(ctx context.Context, config Config) error {
func Start(ctx context.Context, config *Config, authZ *auth.Config) error {
return errors.ThrowUnimplemented(nil, "ADMIN-n8vw5", "not implemented yet") //TODO: implement
}

7
pkg/admin/api/config.go Normal file
View File

@ -0,0 +1,7 @@
package api
import "github.com/caos/zitadel/internal/api/grpc"
type Config struct {
GRPC *grpc.Config
}

7
pkg/auth/api/config.go Normal file
View File

@ -0,0 +1,7 @@
package api
import "github.com/caos/zitadel/internal/api/grpc"
type Config struct {
GRPC *grpc.Config
}

View File

@ -3,12 +3,17 @@ package auth
import (
"context"
"github.com/caos/zitadel/internal/api/auth"
app "github.com/caos/zitadel/internal/auth"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/pkg/auth/api"
)
type Config struct {
App *app.Config
API *api.Config
}
func Start(ctx context.Context, config Config) error {
func Start(ctx context.Context, config *Config, authZ *auth.Config) error {
return errors.ThrowUnimplemented(nil, "AUTH-l7Hdx", "not implemented yet") //TODO: implement
}

16
pkg/console/console.go Normal file
View File

@ -0,0 +1,16 @@
package console
import (
"context"
"github.com/caos/zitadel/internal/errors"
)
type Config struct {
Port string
StaticDir string
}
func Start(ctx context.Context, config *Config) error {
return errors.ThrowUnimplemented(nil, "CONSO-4cT5D", "not implemented yet") //TODO: implement
}

4
pkg/login/api/config.go Normal file
View File

@ -0,0 +1,4 @@
package api
type Config struct {
}

18
pkg/login/login.go Normal file
View File

@ -0,0 +1,18 @@
package login
import (
"context"
"github.com/caos/zitadel/internal/errors"
app "github.com/caos/zitadel/internal/login"
"github.com/caos/zitadel/pkg/login/api"
)
type Config struct {
App *app.Config
API *api.Config
}
func Start(ctx context.Context, config *Config) error {
return errors.ThrowUnimplemented(nil, "LOGIN-3fwvD", "not implemented yet") //TODO: implement
}

View File

@ -0,0 +1,7 @@
package api
import "github.com/caos/zitadel/internal/api/grpc"
type Config struct {
GRPC *grpc.Config
}

View File

@ -3,12 +3,17 @@ package management
import (
"context"
"github.com/caos/zitadel/internal/api/auth"
"github.com/caos/zitadel/internal/errors"
app "github.com/caos/zitadel/internal/management"
"github.com/caos/zitadel/pkg/management/api"
)
type Config struct {
App *app.Config
API *api.Config
}
func Start(ctx context.Context, config Config) error {
func Start(ctx context.Context, config *Config, authZ *auth.Config) error {
return errors.ThrowUnimplemented(nil, "MANAG-h3k3x", "not implemented yet") //TODO: implement
}