Merge pull request #4 from wisdom-oss/dev

Enhance OpenID Connect Plugin

.github/workflows/docker.yaml

@@ -45,13 +45,20 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=tag
+            type=ref,event=pr
+            type=semver,pattern={{raw}}
+            type=raw,value={{sha}}
+            type=ref,event=branch            
 
       - name: Build and push Docker image
         id: build-and-push
         uses: docker/build-push-action@v5
         with:
           context: .
-          push: ${{ github.event_name != 'pull_request'}}
+          push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha

Dockerfile

@@ -2,24 +2,23 @@ FROM golang:alpine AS plugin-build
 COPY plugins /tmp/plugins
 WORKDIR /tmp/plugins
 RUN mkdir /plugins
-RUN for d in */ ; do echo "Bulding plugin in $d"; cd $d; go mod download -x -json; go build -o /plugins/ -x . ; echo "Built plugin in $d"; cd ../; done
+RUN for d in */ ; do echo "Bulding plugin in $d"; cd $d; go mod download -x -json; go build -x -v -o /plugins/ -x . ; echo "Built plugin in $d"; cd ../; done
 RUN ls /plugins
 
 FROM kong:alpine
 USER root
-COPY --from=plugin-build /plugins /usr/local/kong/
-USER kong
+COPY --from=plugin-build /plugins /usr/local/bin/
+RUN chown kong:kong /usr/local/bin/oidc
 ENV KONG_PLUGINSERVER_NAMES=oidc
-ENV KONG_PLUGINSERVER_OIDC_QUERY_CMD="/usr/local/kong/oidc -dump"
-ENV KONG_PROXY_LISTEN="0.0.0.0:8000 http2 reuseport backlog=16384"
-ENV KONG_ADMIN_LISTEN="0.0.0.0:8001 http2 reuseport backlog=16384"
-ENV KONG_PLUGINS=oidc,bundled
+ENV KONG_PLUGINSERVER_OIDC_START_CMD="/usr/local/bin/oidc"
+ENV KONG_PLUGINSERVER_OIDC_SOCKET="/usr/local/kong/oidc.socket"
+ENV KONG_PLUGINSERVER_OIDC_QUERY_CMD="/usr/local/bin/oidc -dump"
+ENV KONG_PROXY_LISTEN="0.0.0.0:8000 reuseport backlog=16384"
+ENV KONG_ADMIN_LISTEN="0.0.0.0:8001 reuseport backlog=16384"
+ENV KONG_GUI_LISTEN="0.0.0.0:8002"
+ENV KONG_PLUGINS=bundled,oidc
 ENV KONG_PROXY_ACCESS_LOG=/dev/stdout
 ENV KONG_ADMIN_ACCESS_LOG=/dev/stdout
 ENV KONG_PROXY_ERROR_LOG=/dev/stderr
 ENV KONG_ADMIN_ERROR_LOG=/dev/stderr
-ENTRYPOINT ["/docker-entrypoint.sh"]
-EXPOSE 8000 8001
-STOPSIGNAL SIGQUIT
-HEALTHCHECK --interval=10s --timeout=10s --retries=10 CMD kong health
-CMD ["kong", "docker-start"]
+LABEL org.opencontainers.image.source="https://github.com/wisdom-oss/api-gateway"

README.md

@@ -1,23 +1,28 @@
-<h1 align="center">API Gateway</h1>
-<h3 align="center">api-gateway</h3>
 <div align="center">
-<p>
-🛡️ A <a href="">Kong API Gateway</a> extended with functionality for the WISdoM
-platform
-</p>
+<img height="150px" src="https://raw.githubusercontent.com/wisdom-oss/brand/main/svg/standalone_color.svg">
+<h1>API Gateway</h1>
+<h3>api-gateway</h3>
+<p>🛡️ Extended Kong API Gateway for the WISdoM Platform</p>
+<img alt="GitHub Actions Workflow Status" src="https://img.shields.io/github/actions/workflow/status/wisdom-oss/api-gateway/docker.yaml?style=for-the-badge&label=Docker%20Build">
+<a href="https://github.com/wisdom-oss/api-gateway/pkgs/container/api-gateway">
+<img alt="Static Badge" src="https://img.shields.io/badge/ghcr.io-wisdom--oss%2Fapi--gateway-2496ED?style=for-the-badge&logo=docker&logoColor=white&labelColor=555555">
+</a>
 </div>
 
-# About
-The [WISdoM project](https://github.com/wisdom-oss) utilizes the Kong API
-Gateway to route requests to their services. Since some needed functionality of
-the gateway is locked behind paid plugins, this repository contains some custom
-plugins which implement the following features:
+> [!NOTE]
+> This API Gateway is based on the Open Source Edition of the [Kong API Gateway](https://konghq.com/products/kong-gateway).
+> Therefore, features available in the free (closed-source) and enterprise (also
+> closed-source) edition are not available with this image.
 
-- [x] OpenID Connect Authentication/Authorization with JWT Validation
+The API Gateway is the central part of the WISdoM Plaform and manages the access
+to the microservices implemented for the platform.
+Furhtermore, it is extended by a plugin using the 
+[`go-pdk`](https://github.com/Kong/go-pdk) to validate JWTs which are used in a
+standard deployment to authenticate and secure requests.
+> &mdash; [Read more](plugins/oidc/README.md)
 
-The plugins are implemented in Golang using IPC for communicating with the
-API Gateway.
-
-## How to use
-Since the API gateway in included in every deployment of the WISdoM platform,
-there are no extra steps you need to take.
+The API Gateway is autommatically configured using the 
+[gateway-service-watcher](https://github.com/wisdom-oss/gateway-service-watcher)
+which acts as a watchdog to check the deployed containers on the host for their
+association to the WISdoM platform.
+> &mdash; [Read more](https://github.com/wisdom-oss/gateway-service-watcher)

plugins/oidc/.gitignore

@@ -0,0 +1,2 @@
+.idea
+*.exe

plugins/oidc/README.md

@@ -20,5 +20,7 @@ These responses can optionally be cached using a redis database to further
 minimize the number of network requests executed for each intercepted request.
 
 ## Configuration
-The configuration is done automatically during the startup of the api gateway
-using the environment variables passed to the api gateway
+The configuration is done by the 
+[watchdog](https://github.com/wisdom-oss/watchdog) on a service-by-service
+basis.
+Please refer to the documentation of the watchdog for further information.