From 5cd9ca506aca33e9e816883e9944f27532772151 Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Wed, 25 Mar 2020 07:58:58 +0100 Subject: [PATCH] add basic config and change i18n pkg --- cmd/zitadel/authz.yaml | 295 ++++++++++++++++++++++++++++++++++ cmd/zitadel/main.go | 38 +++-- cmd/zitadel/startup.yaml | 44 +++++ go.mod | 3 +- internal/admin/config.go | 4 + internal/api/grpc/config.go | 34 ++++ internal/api/html/i18n.go | 7 +- internal/auth/config.go | 4 + internal/config/config.go | 4 +- internal/config/flag.go | 14 ++ internal/login/config.go | 4 + internal/management/config.go | 3 + pkg/admin/admin.go | 7 +- pkg/admin/api/config.go | 7 + pkg/auth/api/config.go | 7 + pkg/auth/auth.go | 7 +- pkg/console/console.go | 16 ++ pkg/login/api/config.go | 4 + pkg/login/login.go | 18 +++ pkg/management/api/config.go | 7 + pkg/management/management.go | 7 +- 21 files changed, 515 insertions(+), 19 deletions(-) create mode 100644 cmd/zitadel/authz.yaml create mode 100644 cmd/zitadel/startup.yaml create mode 100644 internal/admin/config.go create mode 100644 internal/api/grpc/config.go create mode 100644 internal/auth/config.go create mode 100644 internal/config/flag.go create mode 100644 internal/login/config.go create mode 100644 internal/management/config.go create mode 100644 pkg/admin/api/config.go create mode 100644 pkg/auth/api/config.go create mode 100644 pkg/console/console.go create mode 100644 pkg/login/api/config.go create mode 100644 pkg/login/login.go create mode 100644 pkg/management/api/config.go diff --git a/cmd/zitadel/authz.yaml b/cmd/zitadel/authz.yaml new file mode 100644 index 0000000000..ac5b8ebd72 --- /dev/null +++ b/cmd/zitadel/authz.yaml @@ -0,0 +1,295 @@ +AuthZ: + RolePermissionMappings: + - Role: 'IAM_OWNER' + Permissions: + - "org.read" + - "org.write" + - "org.member.read" + - "org.member.write" + - "org.member.delete" + - "user.read" + - "user.write" + - "user.delete" + - "user.grant.read" + - "user.grant.write" + - "policy.read" + - "policy.write" + - "policy.delete" + - "project.read" + - "project.write" + - "project.member.read" + - "project.member.write" + - "project.member.delete" + - "project.role.read" + - "project.role.write" + - "project.role.delete" + - "project.app.read" + - "project.app.write" + - "project.grant.read" + - "project.grant.write" + - "project.grant.member.read" + - "project.grant.member.write" + - "project.grant.member.delete" + - Role: 'ORG_OWNER' + Permissions: + - "org.read" + - "org.write" + - "org.member.read" + - "org.member.write" + - "org.member.delete" + - "user.read" + - "user.write" + - "user.delete" + - "user.grant.read" + - "user.grant.write" + - "policy.read" + - "policy.write" + - "policy.delete" + - "project.read" + - "project.write" + - "project.member.read" + - "project.member.write" + - "project.member.delete" + - "project.role.read" + - "project.role.write" + - "project.role.delete" + - "project.app.read" + - "project.app.write" + - "project.grant.read" + - "project.grant.write" + - "project.grant.member.read" + - "project.grant.member.write" + - "project.grant.member.delete" + - Role: 'ORG_EDITOR' + Permissions: + - "org.read" + - "org.write" + - Role: 'ORG_VIEWER' + Permissions: + - "org.read" + - Role: 'ORG_MEMBER_EDITOR' + Permissions: + - "org.read" + - "org.member.read" + - "org.member.write" + - "org.member.delete" + - Role: 'ORG_MEMBER_VIEWER' + Permissions: + - "org.read" + - "org.member.read" + - Role: 'ORG_PROJECT_CREATOR' + Permissions: + - "project.read:self" + - "project.write" + - Role: 'ORG_PROJECT_EDITOR' + Permissions: + - "project.read" + - "project.write" + - "project.member.read" + - "project.member.write" + - "project.member.delete" + - "project.role.read" + - "project.role.write" + - "project.role.delete" + - "project.app.read" + - "project.app.write" + - "project.grant.read" + - "project.grant.write" + - "project.grant.member.read" + - "project.grant.member.write" + - "project.grant.member.delete" + - Role: 'ORG_PROJECT_VIEWER' + Permissions: + - "project.read" + - "project.member.read" + - "project.role.read" + - "project.app.read" + - "project.grant.read" + - "project.grant.member.read" + - Role: 'ORG_PROJECT_MEMBER_EDITOR' + Permissions: + - "project.read" + - "project.member.read" + - "project.member.write" + - "project.grant.member.delete" + - Role: 'ORG_PROJECT_MEMBER_VIEWER' + Permissions: + - "project.read" + - "project.member.read" + - Role: 'ORG_PROJECT_ROLE_EDITOR' + Permissions: + - "project.read" + - "project.role.read" + - "project.role.write" + - "project.role.delete" + - Role: 'ORG_PROJECT_ROLE_VIEWER' + Permissions: + - "project.read" + - "project.role.read" + - Role: 'ORG_PROJECT_APP_EDITOR' + Permissions: + - "project.read" + - "project.app.read" + - "project.app.write" + - Role: 'ORG_PROJECT_APP_VIEWER' + Permissions: + - "project.read" + - "project.app.read" + - Role: 'ORG_PROJECT_GRANT_EDITOR' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.write" + - "project.grant.member.read" + - "project.grant.member.write" + - "project.grant.member.delete" + - Role: 'ORG_PROJECT_GRANT_VIEWER' + Permissions: + - "project.read" + - "project.grant.read" + - Role: 'ORG_PROJECT_GRANT_MEMBER_EDITOR' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.member.read" + - "project.grant.member.write" + - "project.grant.member.delete" + - Role: 'ORG_PROJECT_GRANT_MEMBER_VIEWER' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.member.read" + - Role: 'ORG_USER_EDITOR' + Permissions: + - "user.read" + - "user.write" + - "user.delete" + - Role: 'ORG_USER_VIEWER' + Permissions: + - "user.read" + - Role: 'ORG_USER_GRANT_EDITOR' + Permissions: + - "user.read" + - "user.grant.read" + - "user.grant.write" + - "project.read" + - Role: 'ORG_USER_GRANT_VIEWER' + Permissions: + - "user.read" + - "user.grant.read" + - Role: 'ORG_POLICY_EDITOR' + Permissions: + - "policy.read" + - "policy.write" + - "policy.delete" + - Role: 'ORG_POLICY_VIEWER' + Permissions: + - "policy.read" + - Role: 'PROJECT_OWNER' + Permissions: + - "project.read" + - "project.write" + - "project.member.read" + - "project.member.write" + - "project.member.delete" + - "project.role.read" + - "project.role.write" + - "project.role.delete" + - "project.app.read" + - "project.app.write" + - "project.grant.read" + - "project.grant.write" + - "project.grant.member.read" + - "project.grant.member.write" + - "project.grant.member.delete" + - "project.user.grant.read" + - "project.user.grant.write" + - "project.user.grant.delete" + - Role: 'PROJECT_MEMBER_EDITOR' + Permissions: + - "project.read" + - "project.member.read" + - "project.member.write" + - "project.member.delete" + - Role: 'PROJECT_MEMBER_VIEWER' + Permissions: + - "project.read" + - "project.member.read" + - Role: 'PROJECT_ROLE_EDITOR' + Permissions: + - "project.read" + - "project.role.read" + - "project.role.write" + - "project.role.delete" + - Role: 'PROJECT_APP_EDITOR' + Permissions: + - "project.read" + - "project.app.read" + - "project.app.write" + - Role: 'PROJECT_APP_VIEWER' + Permissions: + - "project.read" + - "project.app.read" + - Role: 'PROJECT_GRANT_EDITOR' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.write" + - Role: 'PROJECT_GRANT_VIEWER' + Permissions: + - "project.read" + - "project.grant.read" + - Role: 'PROJECT_GRANT_MEMBER_EDITOR' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.member.read" + - "project.grant.member.write" + - "project.grant.member.delete" + - Role: 'PROJECT_GRANT_MEMBER_VIEWER' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.member.read" + - Role: 'PROJECT_USER_GRANT_EDITOR' + Permissions: + - "project.read" + - "project.user.grant.read" + - "project.user.grant.write" + - "project.user.grant.delete" + - Role: 'PROJECT_USER_GRANT_VIEWER' + Permissions: + - "project.read" + - "project.user.grant.read" + - Role: 'PROJECT_GRANT_OWNER' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.write" + - "project.grant.member.read" + - "project.grant.member.write" + - "project.grant.member.delete" + - Role: 'PROJECT_GRANT_MEMBER_EDITOR' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.member.read" + - "project.grant.member.write" + - "project.grant.member.delete" + - Role: 'PROJECT_GRANT_MEMBER_VIEWER' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.member.read" + - Role: 'PROJECT_GRANT_USER_GRANT_EDITOR' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.user.grant.read" + - "project.grant.user.grant.write" + - "project.grant.user.grant.delete" + - Role: 'PROJECT_GRANT_USER_GRANT_VIEWER' + Permissions: + - "project.read" + - "project.grant.read" + - "project.grant.user.grant.read" diff --git a/cmd/zitadel/main.go b/cmd/zitadel/main.go index f44be202ab..4c3137b9c6 100644 --- a/cmd/zitadel/main.go +++ b/cmd/zitadel/main.go @@ -6,45 +6,63 @@ import ( "github.com/caos/logging" + authz "github.com/caos/zitadel/internal/api/auth" "github.com/caos/zitadel/internal/config" "github.com/caos/zitadel/pkg/admin" "github.com/caos/zitadel/pkg/auth" - "github.com/caos/zitadel/pkg/eventstore" + "github.com/caos/zitadel/pkg/console" + "github.com/caos/zitadel/pkg/login" "github.com/caos/zitadel/pkg/management" ) type Config struct { - Eventstore eventstore.Config - Management management.Config - Auth auth.Config - Admin admin.Config + Mgmt *management.Config + Auth *auth.Config + Login *login.Config + Admin *admin.Config + Console *console.Config + + //Log + //Tracing tracing.TracingConfig + AuthZ *authz.Config } func main() { - configPath := flag.String("config-file", "/zitadel/config/startup.yaml", "path to the config file") + var configPaths config.ArrayFlags + flag.Var(&configPaths, "config-files", "path to the config files") managementEnabled := flag.Bool("management", true, "enable management api") authEnabled := flag.Bool("auth", true, "enable auth api") + loginEnabled := flag.Bool("login", true, "enable login ui") adminEnabled := flag.Bool("admin", true, "enable admin api") + consoleEnabled := flag.Bool("console", true, "enable console ui") flag.Parse() conf := new(Config) - err := config.Read(conf, *configPath) + err := config.Read(conf, configPaths...) logging.Log("MAIN-FaF2r").OnError(err).Fatal("cannot read config") ctx := context.Background() if *managementEnabled { - err = management.Start(ctx, conf.Management) + err = management.Start(ctx, conf.Mgmt, conf.AuthZ) logging.Log("MAIN-39Nv5").OnError(err).Fatal("error starting management api") } if *authEnabled { - err = auth.Start(ctx, conf.Auth) + err = auth.Start(ctx, conf.Auth, conf.AuthZ) logging.Log("MAIN-x0nD2").OnError(err).Fatal("error starting auth api") } + if *loginEnabled { + err = login.Start(ctx, conf.Login) + logging.Log("MAIN-53RF2").OnError(err).Fatal("error starting login ui") + } if *adminEnabled { - err = admin.Start(ctx, conf.Admin) + err = admin.Start(ctx, conf.Admin, conf.AuthZ) logging.Log("MAIN-0na71").OnError(err).Fatal("error starting admin api") } + if *consoleEnabled { + err = console.Start(ctx, conf.Console) + logging.Log("MAIN-3Dfuc").OnError(err).Fatal("error starting console ui") + } <-ctx.Done() logging.Log("MAIN-s8d2h").Info("stopping zitadel") } diff --git a/cmd/zitadel/startup.yaml b/cmd/zitadel/startup.yaml new file mode 100644 index 0000000000..265ad49080 --- /dev/null +++ b/cmd/zitadel/startup.yaml @@ -0,0 +1,44 @@ +Tracing: + Type: google + Config: + ProjectID: $TRACING_PROJECT_ID + MetricPrefix: ZITADEL-V1 + Fraction: 1 + +Log: + Level: debug + Formatter: text + +Mgmt: + API: + GRPC: + ServerPort: 60020 + GatewayPort: 60021 + SearchLimit: 100 + CustomHeaders: + - x-caos- + +Auth: + API: + GRPC: + ServerPort: 60050 + GatewayPort: 60051 + SearchLimit: 100 + CustomHeaders: + - x-caos- + +Login: + + +Admin: + API: + GRPC: + ServerPort: 60090 + GatewayPort: 60091 + SearchLimit: 100 + CustomHeaders: + - x-caos- + +Console: + Port: '9090' + StaticDir: '/app/console/dist' diff --git a/go.mod b/go.mod index 34c29cbd49..731d99ee77 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/Masterminds/sprig v2.22.0+incompatible github.com/aws/aws-sdk-go v1.29.16 // indirect github.com/caos/logging v0.0.0-20191210002624-b3260f690a6a + github.com/ghodss/yaml v1.0.0 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b github.com/golang/mock v1.4.3 github.com/golang/protobuf v1.3.5 @@ -34,5 +35,5 @@ require ( google.golang.org/api v0.20.0 // indirect google.golang.org/genproto v0.0.0-20200319113533-08878b785e9c // indirect google.golang.org/grpc v1.28.0 - gopkg.in/yaml.v2 v2.2.8 + gopkg.in/yaml.v2 v2.2.8 // indirect ) diff --git a/internal/admin/config.go b/internal/admin/config.go new file mode 100644 index 0000000000..ddfb6fba44 --- /dev/null +++ b/internal/admin/config.go @@ -0,0 +1,4 @@ +package admin + +type Config struct { +} diff --git a/internal/api/grpc/config.go b/internal/api/grpc/config.go new file mode 100644 index 0000000000..4895fda7e1 --- /dev/null +++ b/internal/api/grpc/config.go @@ -0,0 +1,34 @@ +package grpc + +type Config struct { + ServerPort string + GatewayPort string + SearchLimit int + CustomHeaders []string +} + +func (c *Config) ToServerConfig() *ServerConfig { + return &ServerConfig{ + Port: c.ServerPort, + SearchLimit: c.SearchLimit, + } +} + +func (c *Config) ToGatewayConfig() *GatewayConfig { + return &GatewayConfig{ + Port: c.GatewayPort, + GRPCEndpoint: c.ServerPort, + CustomHeaders: c.CustomHeaders, + } +} + +type ServerConfig struct { + Port string + SearchLimit int +} + +type GatewayConfig struct { + Port string + GRPCEndpoint string + CustomHeaders []string +} diff --git a/internal/api/html/i18n.go b/internal/api/html/i18n.go index dd5d272668..17f1cb4e14 100644 --- a/internal/api/html/i18n.go +++ b/internal/api/html/i18n.go @@ -8,9 +8,9 @@ import ( "github.com/BurntSushi/toml" "github.com/caos/logging" + "github.com/ghodss/yaml" "github.com/nicksnyder/go-i18n/v2/i18n" "golang.org/x/text/language" - "gopkg.in/yaml.v2" "github.com/caos/zitadel/internal/api" http_util "github.com/caos/zitadel/internal/api/http" @@ -43,8 +43,9 @@ func NewTranslator(config TranslatorConfig) (*Translator, error) { func newBundle(i18nDir string, defaultLanguage language.Tag) (*i18n.Bundle, error) { bundle := i18n.NewBundle(defaultLanguage) - bundle.RegisterUnmarshalFunc("yaml", yaml.Unmarshal) - bundle.RegisterUnmarshalFunc("yml", yaml.Unmarshal) + yamlUnmarshal := func(data []byte, v interface{}) error { return yaml.Unmarshal(data, v) } + bundle.RegisterUnmarshalFunc("yaml", yamlUnmarshal) + bundle.RegisterUnmarshalFunc("yml", yamlUnmarshal) bundle.RegisterUnmarshalFunc("json", json.Unmarshal) bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal) files, err := ioutil.ReadDir(i18nDir) diff --git a/internal/auth/config.go b/internal/auth/config.go new file mode 100644 index 0000000000..bac255b177 --- /dev/null +++ b/internal/auth/config.go @@ -0,0 +1,4 @@ +package auth + +type Config struct { +} diff --git a/internal/config/config.go b/internal/config/config.go index 5740cd5f1d..7a385c5927 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -7,7 +7,7 @@ import ( "path/filepath" "github.com/BurntSushi/toml" - "gopkg.in/yaml.v2" + "github.com/ghodss/yaml" "github.com/caos/zitadel/internal/errors" ) @@ -21,7 +21,7 @@ type ReaderFunc func(data []byte, o interface{}) error var ( JSONReader = json.Unmarshal TOMLReader = toml.Unmarshal - YAMLReader = yaml.Unmarshal + YAMLReader = func(data []byte, o interface{}) error { return yaml.Unmarshal(data, o) } ) // Read deserializes each config file to the target obj diff --git a/internal/config/flag.go b/internal/config/flag.go new file mode 100644 index 0000000000..bb99d0a52c --- /dev/null +++ b/internal/config/flag.go @@ -0,0 +1,14 @@ +package config + +import "strings" + +type ArrayFlags []string + +func (i *ArrayFlags) String() string { + return strings.Join(*i, ";") +} + +func (i *ArrayFlags) Set(value string) error { + *i = append(*i, value) + return nil +} diff --git a/internal/login/config.go b/internal/login/config.go new file mode 100644 index 0000000000..7912985764 --- /dev/null +++ b/internal/login/config.go @@ -0,0 +1,4 @@ +package login + +type Config struct { +} diff --git a/internal/management/config.go b/internal/management/config.go new file mode 100644 index 0000000000..9b95a5228b --- /dev/null +++ b/internal/management/config.go @@ -0,0 +1,3 @@ +package management + +type Config struct{} diff --git a/pkg/admin/admin.go b/pkg/admin/admin.go index 681fd53646..968bb7fa75 100644 --- a/pkg/admin/admin.go +++ b/pkg/admin/admin.go @@ -3,12 +3,17 @@ package admin import ( "context" + app "github.com/caos/zitadel/internal/admin" + "github.com/caos/zitadel/internal/api/auth" "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/pkg/admin/api" ) type Config struct { + App *app.Config + API *api.Config } -func Start(ctx context.Context, config Config) error { +func Start(ctx context.Context, config *Config, authZ *auth.Config) error { return errors.ThrowUnimplemented(nil, "ADMIN-n8vw5", "not implemented yet") //TODO: implement } diff --git a/pkg/admin/api/config.go b/pkg/admin/api/config.go new file mode 100644 index 0000000000..b63086cc83 --- /dev/null +++ b/pkg/admin/api/config.go @@ -0,0 +1,7 @@ +package api + +import "github.com/caos/zitadel/internal/api/grpc" + +type Config struct { + GRPC *grpc.Config +} diff --git a/pkg/auth/api/config.go b/pkg/auth/api/config.go new file mode 100644 index 0000000000..b63086cc83 --- /dev/null +++ b/pkg/auth/api/config.go @@ -0,0 +1,7 @@ +package api + +import "github.com/caos/zitadel/internal/api/grpc" + +type Config struct { + GRPC *grpc.Config +} diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 0ac10202a3..21f3229f67 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -3,12 +3,17 @@ package auth import ( "context" + "github.com/caos/zitadel/internal/api/auth" + app "github.com/caos/zitadel/internal/auth" "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/pkg/auth/api" ) type Config struct { + App *app.Config + API *api.Config } -func Start(ctx context.Context, config Config) error { +func Start(ctx context.Context, config *Config, authZ *auth.Config) error { return errors.ThrowUnimplemented(nil, "AUTH-l7Hdx", "not implemented yet") //TODO: implement } diff --git a/pkg/console/console.go b/pkg/console/console.go new file mode 100644 index 0000000000..8a17d33c2f --- /dev/null +++ b/pkg/console/console.go @@ -0,0 +1,16 @@ +package console + +import ( + "context" + + "github.com/caos/zitadel/internal/errors" +) + +type Config struct { + Port string + StaticDir string +} + +func Start(ctx context.Context, config *Config) error { + return errors.ThrowUnimplemented(nil, "CONSO-4cT5D", "not implemented yet") //TODO: implement +} diff --git a/pkg/login/api/config.go b/pkg/login/api/config.go new file mode 100644 index 0000000000..feed11d83a --- /dev/null +++ b/pkg/login/api/config.go @@ -0,0 +1,4 @@ +package api + +type Config struct { +} diff --git a/pkg/login/login.go b/pkg/login/login.go new file mode 100644 index 0000000000..8a593092a3 --- /dev/null +++ b/pkg/login/login.go @@ -0,0 +1,18 @@ +package login + +import ( + "context" + + "github.com/caos/zitadel/internal/errors" + app "github.com/caos/zitadel/internal/login" + "github.com/caos/zitadel/pkg/login/api" +) + +type Config struct { + App *app.Config + API *api.Config +} + +func Start(ctx context.Context, config *Config) error { + return errors.ThrowUnimplemented(nil, "LOGIN-3fwvD", "not implemented yet") //TODO: implement +} diff --git a/pkg/management/api/config.go b/pkg/management/api/config.go new file mode 100644 index 0000000000..b63086cc83 --- /dev/null +++ b/pkg/management/api/config.go @@ -0,0 +1,7 @@ +package api + +import "github.com/caos/zitadel/internal/api/grpc" + +type Config struct { + GRPC *grpc.Config +} diff --git a/pkg/management/management.go b/pkg/management/management.go index 23bf517569..2ba24ff227 100644 --- a/pkg/management/management.go +++ b/pkg/management/management.go @@ -3,12 +3,17 @@ package management import ( "context" + "github.com/caos/zitadel/internal/api/auth" "github.com/caos/zitadel/internal/errors" + app "github.com/caos/zitadel/internal/management" + "github.com/caos/zitadel/pkg/management/api" ) type Config struct { + App *app.Config + API *api.Config } -func Start(ctx context.Context, config Config) error { +func Start(ctx context.Context, config *Config, authZ *auth.Config) error { return errors.ThrowUnimplemented(nil, "MANAG-h3k3x", "not implemented yet") //TODO: implement }