feat(authz): add opa bundle support (#3194)

* feat: use opa high level sdk for bundle retrieval Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: config * chore: s3 config Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: support aws endpoint Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * feat: get s3/minio working Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: fix tests Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: refactor Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: rename custom to bundle Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: rename types Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: go work sum * chore: work sync Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: fix tests Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: fix github authn test Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: proto gen Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: bundle engine tests Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: fix linter Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: add ITs Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: try to debug IT Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: add authz s3 test to matrix Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: fix middleware order Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: just rm the it for now Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: rm testdata Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: ui eslint fix Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: set AWS_REGION for user if not set Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: mod tidy Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: mod tidy Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: work sync Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: update schemas; simplify engine decision Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> --------- Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com>
flipt-io · Jun 20, 2024 · 97ae973 · 97ae973
1 parent 416a899
commit 97ae973
Show file tree

Hide file tree

Showing 47 changed files with 2,276 additions and 1,504 deletions.
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
@@ -60,8 +60,8 @@ jobs:
             "fs/azblob",
             "fs/gcs",
             "import/export",
-            "authn/sqlite",
-            "authz/sqlite",
+            "authn",
+            "authz",
           ]
     steps:
       - uses: actions/checkout@v4

diff --git a/.gitignore b/.gitignore
@@ -55,4 +55,6 @@ devenv.local.nix
 .pre-commit-config.yaml
 
 build/mage_output_file.go
+
 *.rego
+!**/**/testdata/*.rego
diff --git a/_tools/go.mod b/_tools/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/Antonboom/errname v0.1.7 // indirect
 	github.com/Antonboom/nilnil v0.1.1 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect
 	github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
@@ -117,7 +117,7 @@ require (
 	github.com/kisielk/errcheck v1.6.3 // indirect
 	github.com/kisielk/gotool v1.0.0 // indirect
 	github.com/kkHAIKE/contextcheck v1.1.3 // indirect
-	github.com/klauspost/compress v1.17.8 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/kulti/thelper v0.6.3 // indirect
 	github.com/kunwardeep/paralleltest v1.0.6 // indirect
@@ -159,8 +159,8 @@ require (
 	github.com/polyfloyd/go-errorlint v1.1.0 // indirect
 	github.com/prometheus/client_golang v1.19.1 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.53.0 // indirect
-	github.com/prometheus/procfs v0.15.0 // indirect
+	github.com/prometheus/common v0.54.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/quasilyte/go-ruleguard v0.3.19 // indirect
 	github.com/quasilyte/gogrep v0.5.0 // indirect
 	github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95 // indirect
@@ -209,7 +209,7 @@ require (
 	github.com/yagipy/maintidx v1.0.0 // indirect
 	github.com/yeya24/promlinter v0.2.0 // indirect
 	gitlab.com/bosi/decorder v0.2.3 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect
 	go.opentelemetry.io/otel v1.27.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 // indirect
 	go.opentelemetry.io/otel/metric v1.27.0 // indirect

diff --git a/_tools/go.sum b/_tools/go.sum
diff --git a/build/go.mod b/build/go.mod
@@ -8,13 +8,11 @@ require (
 	cloud.google.com/go/storage v1.41.0
 	code.gitea.io/sdk/gitea v0.18.0
 	dagger.io/dagger v0.11.8
-	github.com/99designs/gqlgen v0.17.49
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2
-	github.com/Khan/genqlient v0.7.0
 	github.com/aws/aws-sdk-go-v2 v1.27.2
 	github.com/aws/aws-sdk-go-v2/config v1.27.17
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.54.4
-	github.com/containerd/containerd v1.7.17
+	github.com/containerd/containerd v1.7.18
 	github.com/docker/docker v26.1.3+incompatible
 	github.com/go-git/go-billy/v5 v5.5.0
 	github.com/go-git/go-git/v5 v5.12.0
@@ -26,16 +24,9 @@ require (
 	github.com/hashicorp/cap v0.6.0
 	github.com/stretchr/testify v1.9.0
 	github.com/tsenart/vegeta v12.7.0+incompatible
-	github.com/vektah/gqlparser/v2 v2.5.16
 	go.flipt.io/flipt/rpc/flipt v1.44.0
 	go.flipt.io/flipt/sdk/go v0.11.0
 	go.flipt.io/stew v0.0.0-20240109140408-33ad11ecef1c
-	go.opentelemetry.io/otel v1.27.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0
-	go.opentelemetry.io/otel/sdk v1.27.0
-	go.opentelemetry.io/otel/trace v1.27.0
-	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8
 	golang.org/x/mod v0.18.0
 	golang.org/x/sync v0.7.0
 	google.golang.org/grpc v1.64.0
@@ -51,13 +42,15 @@ require (
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	cloud.google.com/go/iam v1.1.8 // indirect
 	dario.cat/mergo v1.0.0 // indirect
+	github.com/99designs/gqlgen v0.17.49 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/BurntSushi/toml v1.3.2 // indirect
+	github.com/Khan/genqlient v0.7.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/Microsoft/hcsshim v0.11.5 // indirect
+	github.com/Microsoft/hcsshim v0.12.4 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/adrg/xdg v0.4.0 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
@@ -79,6 +72,7 @@ require (
 	github.com/bmizerany/perks v0.0.0-20230307044200-03f9df79da1e // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/containerd/errdefs v0.1.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/coreos/go-oidc/v3 v3.10.0 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
@@ -137,21 +131,28 @@ require (
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/streadway/quantile v0.0.0-20220407130108-4246515d968d // indirect
+	github.com/vektah/gqlparser/v2 v2.5.16 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	go.flipt.io/flipt/errors v1.19.3 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect
+	go.opentelemetry.io/otel v1.27.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.0.0-20240518090000-14441aefdf88 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.3.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 // indirect
 	go.opentelemetry.io/otel/log v0.3.0 // indirect
 	go.opentelemetry.io/otel/metric v1.27.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.27.0 // indirect
 	go.opentelemetry.io/otel/sdk/log v0.3.0 // indirect
+	go.opentelemetry.io/otel/trace v1.27.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
 	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/oauth2 v0.20.0 // indirect
 	golang.org/x/sys v0.21.0 // indirect