Skip to content

Commit

Permalink
Move to latest events/permissions (#68)
Browse files Browse the repository at this point in the history 
# Summary

- [x] bump go to `1.21`
- [x] uplift to latest events and permissions 
- [x] Remove manual pubsubhooks in favor of upstream `x`, now that it
has annotation to tag an ent field as an `additionalSubject` in the
event message
- [x] add tracing to chart

---------

Signed-off-by: Matt Siwiec <[email protected]>
  • Loading branch information
@rizzza
rizzza authored Feb 1, 2024
1 parent fa3525e commit 55b9aa0
Show file tree
Hide file tree
Showing 46 changed files with 672 additions and 1,228 deletions.
6 changes: 4 additions & 2 deletions .devcontainer/.env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@ COCKROACH_URL="postgresql://root@crdb:26257/ipam_dev?sslmode=disable"
# ipam config
ATLAS_DB_URI="postgresql://root@crdb:26257/atlas_migrations?sslmode=disable"
IPAMAPI_CRDB_URI="postgresql://root@crdb:26257/ipam_dev?sslmode=disable"
IPAMAPI_EVENTS_PUBLISHER_NATS_CREDSFILE="/workspaces/ipam-api/.devcontainer/nsc/nkeys/creds/LOCAL/IPAM/USER.creds"
IPAMAPI_EVENTS_PUBLISHER_PREFIX="com.example"
IPAMAPI_EVENTS_NATS_CREDSFILE="/workspaces/ipam-api/.devcontainer/nsc/nkeys/creds/LOCAL/IPAM/USER.creds"
IPAMAPI_EVENTS_NATS_PUBLISHPREFIX=com.infratographer
IPAMAPI_PERMISSIONS_IGNORENORESPONDERS=true

# IPAMAPI_TRACING_ENABLED="true"
# IPAMAPI_TRACING_PROVIDER="passthrough"

Expand Down
4 changes: 3 additions & 1 deletion .devcontainer/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
ARG GO_VERSION=1.21

# Used to install CRDB into the devcontainer
FROM cockroachdb/cockroach:latest-v22.2 as CRDB

FROM mcr.microsoft.com/vscode/devcontainers/go:0-1.20-bullseye
FROM mcr.microsoft.com/vscode/devcontainers/go:1-${GO_VERSION}-bullseye

# Set up crdb
RUN mkdir /usr/local/lib/cockroach
Expand Down
1 change: 1 addition & 0 deletions .devcontainer/devcontainer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
"editor.defaultFormatter": "golang.go"
},
"go.buildTags": "testtools",
"go.formatTool": "goimports",
"go.lintTool": "golangci-lint",
"gopls": {
"formatting.gofumpt": true,
Expand Down
2 changes: 1 addition & 1 deletion .devcontainer/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ services:
context: .
dockerfile: Dockerfile
args:
VARIANT: 1.20-bullseye
VARIANT: 1.21-bullseye
NODE_VERSION: "none"
# Overrides default command so things don't shut down after the process ends.
command: sleep infinity
Expand Down
8 changes: 4 additions & 4 deletions chart/ipam-api/Chart.lock
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.6.0
version: 2.13.4
- name: reloader
repository: https://stakater.github.io/stakater-charts
version: 1.0.32
digest: sha256:698c6c812d8f6a1538349c9368c6caeaac412af707d431453c74600f1aba5761
generated: "2023-07-29T00:57:46.327102562Z"
version: 1.0.54
digest: sha256:2bfa09e93ff7ea83fb0aad3ddedbd4afcc2c578a3d2a4b7ab2feb4980c981338
generated: "2023-12-20T18:32:04.737779584Z"
4 changes: 2 additions & 2 deletions chart/ipam-api/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
tags:
- bitnami-common
version: 2.6.0
version: 2.13.4
- name: reloader
condition: reloader.enabled
version: "1.0.32"
version: "1.0.54"
repository: "https://stakater.github.io/stakater-charts"
Binary file removed chart/ipam-api/charts/common-2.1.1.tgz
View file
Binary file not shown.
Binary file removed chart/ipam-api/charts/reloader-v0.0.124.tgz
View file
Binary file not shown.
22 changes: 20 additions & 2 deletions chart/ipam-api/templates/api-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,33 @@ metadata:
labels:
{{- include "common.labels.standard" . | nindent 4 }}
data:
IPAMAPI_EVENTS_PUBLISHER_PREFIX: "{{ .Values.api.events.topicPrefix }}"
IPAMAPI_EVENTS_PUBLISHER_URL: "{{ .Values.api.events.connectionURL }}"
IPAMAPI_EVENTS_NATS_URL: "{{ .Values.api.events.nats.url }}"
IPAMAPI_EVENTS_NATS_PUBLISHPREFIX: "{{ .Values.api.events.nats.publishPrefix }}"
IPAMAPI_EVENTS_NATS_QUEUEGROUP: "{{ .Values.api.events.nats.queueGroup }}"
IPAMAPI_EVENTS_NATS_SOURCE: "{{ .Values.api.events.nats.source }}"
IPAMAPI_EVENTS_NATS_CONNECTTIMEOUT: "{{ .Values.api.events.nats.connectTimeout }}"
IPAMAPI_EVENTS_NATS_SHUTDOWNTIMEOUT: "{{ .Values.api.events.nats.shutdownTimeout }}"
{{- if .Values.api.events.nats.credsSecretName }}
IPAMAPI_EVENTS_NATS_CREDSFILE: "{{ .Values.api.events.nats.credsFile }}"
{{- end }}
IPAMAPI_OIDC_ENABLED: "{{ .Values.api.oidc.enabled }}"
IPAMAPI_OIDC_AUDIENCE: "{{ .Values.api.oidc.audience }}"
IPAMAPI_OIDC_ISSUER: "{{ .Values.api.oidc.issuer }}"
IPAMAPI_OIDC_JWKS_REMOTE_TIMEOUT: "{{ .Values.api.oidc.jwksRemoteTimeout }}"
IPAMAPI_PERMISSIONS_IGNORENORESPONDERS: "{{ .Values.api.permissions.ignoreNoResponders }}"
IPAMAPI_PERMISSIONS_URL: "{{ .Values.api.permissions.url }}"
IPAMAPI_SERVER_LISTEN: ":{{ .Values.api.listenPort }}"
IPAMAPI_SERVER_SHUTDOWN_GRACE_PERIOD: "{{ .Values.api.shutdownGracePeriod }}"
{{- if .Values.api.tracing.enabled }}
IPAMAPI_TRACING_ENABLED: "{{ .Values.api.tracing.enabled }}"
IPAMAPI_TRACING_PROVIDER: "{{ .Values.api.tracing.provider }}"
IPAMAPI_TRACING_ENVIRONMENT: "{{ .Values.api.tracing.environment }}"
{{- if eq .Values.api.tracing.provider "otlpgrpc" }}
IPAMAPI_TRACING_OTLP_ENDPOINT: "{{ .Values.api.tracing.otlp.endpoint }}"
IPAMAPI_TRACING_OTLP_INSECURE: "{{ .Values.api.tracing.otlp.insecure }}"
IPAMAPI_TRACING_OTLP_CERTIFICATE: "{{ .Values.api.tracing.otlp.certificate }}"
{{- end }}
{{- end }}
{{- with .Values.api.trustedProxies }}
IPAMAPI_SERVER_TRUSTED_PROXIES: "{{ join " " . }}"
{{- end }}
9 changes: 6 additions & 3 deletions chart/ipam-api/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,9 @@ spec:
{{- end }}
{{- end }}
envFrom:
{{- if .Values.api.extraEnvFrom }}
{{- toYaml .Values.api.extraEnvFrom | nindent 12 }}
{{- end }}
- secretRef:
name: {{ .Values.api.db.uriSecret }}
- configMapRef:
Expand All @@ -92,7 +95,7 @@ spec:
path: /readyz
port: http
volumeMounts:
{{- if .Values.api.events.auth.secretName }}
{{- if .Values.api.events.nats.credsSecretName }}
- name: events-creds
mountPath: /nats
{{- end }}
Expand All @@ -116,10 +119,10 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.api.events.auth.secretName }}
{{- if .Values.api.events.nats.credsSecretName }}
- name: events-creds
secret:
secretName: "{{ .Values.api.events.auth.secretName }}"
secretName: "{{ .Values.api.events.nats.credsSecretName }}"
{{- end }}
{{- if .Values.api.db.certSecret }}
- name: dbcerts
Expand Down
41 changes: 35 additions & 6 deletions chart/ipam-api/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
image:
repository: ghcr.io/infratographer/ipam-api
pullPolicy: IfNotPresent
tag: "v0.0.13"
tag: "main-latest"

imagePullSecrets: []
nameOverride: ""
Expand Down Expand Up @@ -34,16 +34,31 @@ api:
listenPort: 7608
extraLabels: {}
extraAnnotations: {}
extraEnvFrom: {}
extraEnvVars: {}
resources: {}
podSecurityContext: {}
securityContext: {}
events:
connectionURL: "my-events-cluster.example.com:4222"
auth:
secretName: "events-creds"
credsPath: "/nats/creds"
topicPrefix: "com.infratographer"
nats:
# url is the event server connection url
url: "nats://my-events-cluster.example.com:4222"
# publishPrefix is the subscribe event prefix
publishPrefix: "com.infratographer"
# queueGroup defines the events queue group
queueGroup: ""
# source defines the source of the events (defaults to application name)
source: ""
# connectTimeout is event connection timeout
connectTimeout: "10s"
# shutdownTimeout is the shutdown grace period
shutdownTimeout: "5s"
# tokenSecretName is the secret to load the auth token
tokenSecretName: ""
# credsSecretName is the secret to load the creds auth file from
credsSecretName: ""
# credsFile is the location to read the creds file from
credsFile: "/nats/creds"
db:
uriSecret: ipam-api-db-uri
certSecret: ipam-api-db-ca
Expand All @@ -58,12 +73,26 @@ api:

permissions:
url: ""
# ignoreNoResponders whether or not to ignore errors when no AuthRelationship request-reply responders are available
ignoreNoResponders: false

shutdownGracePeriod: 5s
trustedProxies: []
# - "1.2.3.4"
# - "1.2.3.4/32"
# - "1.2.3.0/24"
tracing:
# enabled is true if OpenTelemetry tracing should be enabled for permissions-api
enabled: false
# environment is the OpenTelemetry tracing environment to use
environment: ""
# provider is the OpenTelemetry tracing provider to use
provider: stdout
otlp:
# endpoint is the OpenTelemetry Protocol (OTLP) collector endpoint to send traces to
endpoint: ""
# insecure is true if TLS should not be required when sending traces
insecure: false

reloader:
enabled: false
19 changes: 12 additions & 7 deletions cmd/serve.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ import (

"go.infratographer.com/ipam-api/internal/config"
ent "go.infratographer.com/ipam-api/internal/ent/generated"
"go.infratographer.com/ipam-api/internal/ent/generated/pubsubhooks"
"go.infratographer.com/ipam-api/internal/ent/generated/eventhooks"
"go.infratographer.com/ipam-api/internal/graphapi"
)

Expand Down Expand Up @@ -65,7 +65,7 @@ func init() {
serveCmd.Flags().BoolVar(&enablePlayground, "playground", false, "enable the graph playground")
serveCmd.Flags().StringVar(&pidFileName, "pid-file", "", "path to the pid file")

events.MustViperFlagsForPublisher(viper.GetViper(), serveCmd.Flags(), appName)
events.MustViperFlags(viper.GetViper(), serveCmd.Flags(), appName)
permissions.MustViperFlags(viper.GetViper(), serveCmd.Flags())
}

Expand All @@ -79,11 +79,15 @@ func serve(ctx context.Context) error {
logger = loggingx.InitLogger(appName, config.AppConfig.Logging)
}

pub, err := events.NewPublisher(config.AppConfig.Events.Publisher)
events, err := events.NewConnection(config.AppConfig.Events, events.WithLogger(logger))
if err != nil {
logger.Fatalw("failed to create publisher", "error", err)
logger.Fatalw("failed to create events connection", "error", err)
}

defer func() {
_ = events.Shutdown(ctx)
}()

err = otelx.InitTracer(config.AppConfig.Tracing, appName, logger)
if err != nil {
logger.Fatalw("failed to initialize tracer", "error", err)
Expand All @@ -98,7 +102,7 @@ func serve(ctx context.Context) error {

entDB := entsql.OpenDB(dialect.Postgres, db)

cOpts := []ent.Option{ent.Driver(entDB), ent.EventsPublisher(pub)}
cOpts := []ent.Option{ent.Driver(entDB), ent.EventsPublisher(events)}

if config.AppConfig.Logging.Debug {
cOpts = append(cOpts,
Expand All @@ -110,7 +114,7 @@ func serve(ctx context.Context) error {
client := ent.NewClient(cOpts...)
defer client.Close()

pubsubhooks.PubsubHooks(client)
eventhooks.EventHooks(client)

// Run the automatic migration tool to create all schema resources.
if err := client.Schema.Create(ctx); err != nil {
Expand All @@ -130,14 +134,15 @@ func serve(ctx context.Context) error {
middleware = append(middleware, auth.Middleware())
}

srv, err := echox.NewServer(logger.Desugar(), config.AppConfig.Server, versionx.BuildDetails())
srv, err := echox.NewServer(logger.Desugar(), config.AppConfig.Server, versionx.BuildDetails(), echox.WithLoggingSkipper(echox.SkipDefaultEndpoints))
if err != nil {
logger.Error("failed to create server", zap.Error(err))
}

perms, err := permissions.New(config.AppConfig.Permissions,
permissions.WithLogger(logger),
permissions.WithDefaultChecker(permissions.DefaultAllowChecker),
permissions.WithEventsPublisher(events),
)
if err != nil {
logger.Fatal("failed to initialize permissions", zap.Error(err))
Expand Down
Loading

0 comments on commit 55b9aa0

Please sign in to comment.