Initialize Trtl Database

containers/docker-compose.yaml

@@ -34,6 +34,8 @@ services:
         GIT_REVISION: ${GIT_REVISION}
     image: rotationalio/tenant
     init: true
+    depends_on:
+      - trtl
     ports:
       - 8080:8080
     environment:
@@ -43,6 +45,8 @@ services:
       - TENANT_LOG_LEVEL=info
       - TENANT_CONSOLE_LOG=true
       - TENANT_ALLOW_ORIGINS=http://localhost:3000
+      - TENANT_DATABASE_URL=trtl://trtl:4436
+      - TENANT_DATABASE_INSECURE=true
       - TENANT_SENDGRID_API_KEY
       - TENANT_SENDGRID_FROM_EMAIL=ensign@rotational.io
       - TENANT_SENDGRID_ADMIN_EMAIL=admins@rotational.io
@@ -103,6 +107,27 @@ services:
     ports:
       - 3000:80
 
+  trtl:
+    image: trisa/trtl:latest
+    ports:
+      - 4436:4436
+      - 7777:7777
+    volumes:
+      - ./tenant/db:/data
+    environment:
+      - TRTL_BIND_ADDR=:4436
+      - TRTL_METRICS_ADDR=:7777
+      - TRTL_LOG_LEVEL=info
+      - TRTL_CONSOLE_LOG=true
+      - TRTL_DATABASE_URL=leveldb:////data
+      - TRTL_REINDEX_ON_BOOT=true
+      - TRTL_REPLICA_ENABLED=false
+      - TRTL_REPLICA_PID=8
+      - TRTL_REPLICA_REGION=docker
+      - TRTL_REPLICA_NAME=docker-8
+      - TRTL_INSECURE=true
+      - TRTL_BACKUP_ENABLED=false
+
   prometheus:
     image: prom/prometheus:latest
     ports:

containers/tenant/.gitignore

@@ -0,0 +1 @@
+db/

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/gin-contrib/cors v1.4.0
 	github.com/gin-gonic/gin v1.8.1
 	github.com/golang-jwt/jwt/v4 v4.4.2
-	github.com/google/go-querystring v1.0.0
+	github.com/google/go-querystring v1.1.0
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/joho/godotenv v1.4.0
@@ -20,6 +20,7 @@ require (
 	github.com/rs/zerolog v1.28.0
 	github.com/sendgrid/sendgrid-go v3.12.0+incompatible
 	github.com/stretchr/testify v1.8.0
+	github.com/trisacrypto/directory v1.5.3
 	github.com/urfave/cli/v2 v2.16.3
 	golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be
 	golang.org/x/text v0.3.7

go.sum

@@ -141,11 +141,12 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
-github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -270,8 +271,8 @@ github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
 github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/rs/zerolog v1.28.0 h1:MirSo27VyNi7RJYP3078AA1+Cyzd2GB66qy3aUHvsWY=
 github.com/rs/zerolog v1.28.0/go.mod h1:NILgTygv/Uej1ra5XxGf82ZFSLk58MFGAUS2o6usyD0=
@@ -295,6 +296,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/trisacrypto/directory v1.5.3 h1:Sw+vwMYmiKYtjsFD7umdye9TNbOsDi/JUwvq009EbqA=
+github.com/trisacrypto/directory v1.5.3/go.mod h1:vXeXnL/Rw9QBIz7D+qY1XyE8otJe994twBXRkckkf1o=
 github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
 github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
 github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=

pkg/tenant/config/config.go

@@ -3,6 +3,7 @@ package config
 import (
 	"errors"
 	"fmt"
+	"net/url"
 
 	"github.com/gin-gonic/gin"
 	"github.com/kelseyhightower/envconfig"
@@ -23,11 +24,21 @@ type Config struct {
 	LogLevel     logger.LevelDecoder `split_words:"true" default:"info"`                  // $TENANT_LOG_LEVEL
 	ConsoleLog   bool                `split_words:"true" default:"false"`                 // $TENANT_CONSOLE_LOG
 	AllowOrigins []string            `split_words:"true" default:"http://localhost:3000"` // $TENANT_ALLOW_ORIGINS
+	Database     DatabaseConfig      `split_words:"true"`
 	SendGrid     SendGridConfig      `split_words:"false"`
 	Sentry       sentry.Config
 	processed    bool // set when the config is properly procesesed from the environment
 }
 
+// Configures the connection to trtl for replicated data storage.
+type DatabaseConfig struct {
+	URL      string `default:"trtl://localhost:4436"`
+	Insecure bool   `default:"true"`
+	CertPath string `split_words:"true"`
+	PoolPath string `split_words:"true"`
+	Testing  bool   `default:"false"`
+}
+
 // Configures the email and marketing contact APIs for use with the Tenant server.
 type SendGridConfig struct {
 	APIKey       string `split_words:"true" required:"false"`
@@ -79,6 +90,10 @@ func (c Config) Validate() (err error) {
 		return fmt.Errorf("invalid configuration: %q is not a valid gin mode", c.Mode)
 	}
 
+	if err = c.Database.Validate(); err != nil {
+		return err
+	}
+
 	if err = c.SendGrid.Validate(); err != nil {
 		return err
 	}
@@ -102,6 +117,39 @@ func (c Config) AllowAllOrigins() bool {
 	return false
 }
 
+// If not insecure, the cert and pool paths are required.
+func (c DatabaseConfig) Validate() (err error) {
+	// If in testing mode, configuration is valid
+	if c.Testing {
+		return nil
+	}
+
+	// Ensure that the URL connects to trtl
+	var u *url.URL
+	if u, err = url.Parse(c.URL); err != nil {
+		return errors.New("invalid configuration: could not parse database url")
+	}
+
+	if u.Scheme != "trtl" {
+		return errors.New("invalid configuration: tenant can only connect to trtl databases")
+	}
+
+	if !c.Insecure {
+		if c.CertPath == "" || c.PoolPath == "" {
+			return errors.New("invalid configuration: connecting to trtl via mTLS requires certs and a pool")
+		}
+	}
+	return nil
+}
+
+func (c DatabaseConfig) Endpoint() (_ string, err error) {
+	var u *url.URL
+	if u, err = url.Parse(c.URL); err != nil {
+		return "", err
+	}
+	return u.Host, nil
+}
+
 // The from and admin emails are required if the SendGrid API is enabled.
 func (c SendGridConfig) Validate() error {
 	if c.Enabled() {

pkg/tenant/config/config_test.go

@@ -20,6 +20,10 @@ var testEnv = map[string]string{
 	"TENANT_LOG_LEVEL":                "error",
 	"TENANT_CONSOLE_LOG":              "true",
 	"TENANT_ALLOW_ORIGINS":            "http://localhost:8888,http://localhost:8080",
+	"TENANT_DATABASE_URL":             "trtl://localhost:4436",
+	"TENANT_DATABASE_INSECURE":        "true",
+	"TENANT_DATABASE_CERT_PATH":       "path/to/certs.pem",
+	"TENANT_DATABASE_POOL_PATH":       "path/to/pool.pem",
 	"TENANT_SENDGRID_API_KEY":         "SG.testing.123-331-test",
 	"TENANT_SENDGRID_FROM_EMAIL":      "test@example.com",
 	"TENANT_SENDGRID_ADMIN_EMAIL":     "admin@example.com",
@@ -60,6 +64,10 @@ func TestConfig(t *testing.T) {
 	require.Equal(t, zerolog.ErrorLevel, conf.GetLogLevel())
 	require.True(t, conf.ConsoleLog)
 	require.Len(t, conf.AllowOrigins, 2)
+	require.Equal(t, testEnv["TENANT_DATABASE_URL"], conf.Database.URL)
+	require.True(t, conf.Database.Insecure)
+	require.Equal(t, testEnv["TENANT_DATABASE_CERT_PATH"], conf.Database.CertPath)
+	require.Equal(t, testEnv["TENANT_DATABASE_POOL_PATH"], conf.Database.PoolPath)
 	require.Equal(t, testEnv["TENANT_SENDGRID_API_KEY"], conf.SendGrid.APIKey)
 	require.Equal(t, testEnv["TENANT_SENDGRID_FROM_EMAIL"], conf.SendGrid.FromEmail)
 	require.Equal(t, testEnv["TENANT_SENDGRID_ADMIN_EMAIL"], conf.SendGrid.AdminEmail)
@@ -105,6 +113,10 @@ func TestIsZero(t *testing.T) {
 		BindAddr:    "127.0.0.1:0",
 		LogLevel:    logger.LevelDecoder(zerolog.TraceLevel),
 		Mode:        "invalid",
+		Database: config.DatabaseConfig{
+			URL:      "trtl://localhost:4437",
+			Insecure: true,
+		},
 	}
 
 	require.True(t, config.Config{}.IsZero(), "a non-empty config that isn't marked will be zero valued")
@@ -136,6 +148,10 @@ func TestAllowAllOrigins(t *testing.T) {
 	require.True(t, conf.AllowAllOrigins(), "expected allow all origins to be true when * is set")
 }
 
+func TestDatabase(t *testing.T) {
+	// TODO: test DatabaseConfig validation
+}
+
 func TestSendGrid(t *testing.T) {
 	conf := &config.SendGridConfig{}
 	require.False(t, conf.Enabled(), "sendgrid should be disabled when there is no API key")