Merge pull request #55 from joe0BAB/feat/api-client

feat: bundle secret management API client

Author: ColinMcNeil

.gitignore

@@ -23,3 +23,4 @@
 /docs/.hugo_build.lock
 /functions/memory/memory.json
 /log/
+.idea

src/extension/Dockerfile

@@ -10,7 +10,8 @@ RUN --mount=type=cache,target=/usr/src/app/.npm \
 COPY ui /ui
 RUN npm run build
 
-FROM alpine
+FROM scratch
+ARG TARGETARCH
 LABEL org.opencontainers.image.title="Labs: AI Tools for Devs" \
     org.opencontainers.image.description="MCP Tool Catalog" \
     org.opencontainers.image.vendor="Docker Inc" \
@@ -26,6 +27,9 @@ LABEL org.opencontainers.image.title="Labs: AI Tools for Devs" \
 COPY docker-compose.yaml .
 COPY metadata.json .
 COPY docker.svg /docker.svg
+COPY host-binary/dist/windows-${TARGETARCH}/host-binary.exe /windows/host-binary.exe
+COPY host-binary/dist/darwin-${TARGETARCH}/host-binary /darwin/host-binary
+COPY host-binary/dist/linux-${TARGETARCH}/host-binary /linux/host-binary
 COPY --from=client-builder /ui/build ui
 
 CMD sleep 600

src/extension/Makefile

@@ -6,8 +6,15 @@ BUILDER=buildx-multi-arch
 INFO_COLOR = \033[0;36m
 NO_COLOR   = \033[m
 
-build-extension: ## Build service image to be deployed as a desktop extension
-	docker build --tag=$(IMAGE):$(TAG) .
+.PHONY: host-binary/bin
+bin:
+	cd host-binary && $(MAKE) bin
+
+cross:
+	cd host-binary && $(MAKE) cross
+
+build-extension: cross ## Build service image to be deployed as a desktop extension
+	docker build --platform=linux/amd64,linux/arm64,darwin/amd64,darwin/arm64,windows/amd64,windows/arm64 --tag=$(IMAGE):$(TAG) .
 
 install-extension: build-extension ## Install the extension
 	docker extension install $(IMAGE):$(TAG)
@@ -18,7 +25,7 @@ update-extension: build-extension ## Update the extension
 prepare-buildx: ## Create buildx builder for multi-arch build, if not exists
 	docker buildx inspect $(BUILDER) || docker buildx create --name=$(BUILDER) --driver=docker-container --driver-opt=network=host
 
-push-extension: prepare-buildx ## Build & Upload extension image to hub. Do not push if tag already exists: make push-extension tag=0.1
+push-extension: prepare-buildx cross ## Build & Upload extension image to hub. Do not push if tag already exists: make push-extension tag=0.1
 	docker pull $(IMAGE):$(TAG) && echo "Failure: Tag already exists" || docker buildx build --push --builder=$(BUILDER) --platform=linux/amd64,linux/arm64 --build-arg TAG=$(TAG) --tag=$(IMAGE):$(TAG) .
 
 help: ## Show this help

src/extension/host-binary/.gitignore

@@ -0,0 +1,2 @@
+bin
+dist

src/extension/host-binary/Makefile

@@ -0,0 +1,77 @@
+EXTENSION:=
+OPENAPI_GENERATOR_VERSION ?= v6.0.1
+DD_API_NAME=secrets
+DD_API_PKGNAME=api
+BINARY?=host-binary
+
+
+STATIC_FLAGS=CGO_ENABLED=0
+LDFLAGS="-s -w"
+GO_BUILD=$(STATIC_FLAGS) go build -trimpath -ldflags=$(LDFLAGS)
+
+INFO_COLOR = \033[0;36m
+NO_COLOR   = \033[m
+
+.PHONY: bin
+bin:  ## Build the binary for the current platform
+	@echo "$(INFO_COLOR)Building...$(NO_COLOR)"
+	$(GO_BUILD) -o bin/$(BINARY)$(EXTENSION) ./cmd
+
+lint:
+	golangci-lint run
+
+format:
+	go fmt ./...
+
+
+cross: ## Cross compile the server
+	GOOS=linux  GOARCH=amd64 $(GO_BUILD) -o dist/linux-amd64/$(BINARY) ./cmd
+	GOOS=linux  GOARCH=arm64 $(GO_BUILD) -o dist/linux-arm64/$(BINARY) ./cmd
+	GOOS=darwin  GOARCH=amd64 $(GO_BUILD) -o dist/darwin-amd64/$(BINARY) ./cmd
+	GOOS=darwin  GOARCH=arm64 $(GO_BUILD) -o dist/darwin-arm64/$(BINARY) ./cmd
+	GOOS=windows GOARCH=amd64 $(GO_BUILD) -o dist/windows-amd64/$(BINARY).exe ./cmd
+	GOOS=windows GOARCH=arm64 $(GO_BUILD) -o dist/windows-arm64/$(BINARY).exe ./cmd
+
+package: ## package the server binaries
+	tar -C dist/linux-amd64 -czf dist/$(BINARY)-linux-amd64.tar.gz $(BINARY)
+	tar -C dist/linux-arm64 -czf dist/$(BINARY)-linux-arm64.tar.gz $(BINARY)
+	tar -C dist/darwin-amd64 -czf dist/$(BINARY)-darwin-amd64.tar.gz $(BINARY)
+	tar -C dist/darwin-arm64 -czf dist/$(BINARY)-darwin-arm64.tar.gz $(BINARY)
+	tar -C dist/windows-amd64 -czf dist/$(BINARY)-windows-amd64.tar.gz $(BINARY).exe
+	tar -C dist/windows-arm64 -czf dist/$(BINARY)-windows-arm64.tar.gz $(BINARY).exe
+
+help: ## Show this help
+	@echo Please specify a build target. The choices are:
+	@grep -E '^[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "$(INFO_COLOR)%-30s$(NO_COLOR) %s\n", $$1, $$2}'
+
+
+
+pre-gen-clients:
+	rm -rf ./pkg/generated/go/client/$(DD_API_NAME)
+
+gen-go-client:
+	docker run --rm -w /local -e JAVA_OPTS='-Dlog.level=error' -v ${PWD}:/local openapitools/openapi-generator-cli:${OPENAPI_GENERATOR_VERSION} \
+		generate -g go -i ./api/schemas/$(DD_API_NAME).yaml \
+		-o ./pkg/generated/go/client/$(DD_API_NAME) \
+		--http-user-agent "Docker Desktop API" \
+		--additional-properties=packageName=$(DD_API_PKGNAME) \
+		--additional-properties=enumClassPrefix=true \
+		--additional-properties=generateInterfaces=true \
+		--additional-properties=isGoSubmodule=false
+
+gen-secrets-api-html:
+	docker run --rm -w /local -e JAVA_OPTS='-Dlog.level=error' -v ${PWD}:/local openapitools/openapi-generator-cli:${OPENAPI_GENERATOR_VERSION} \
+		generate -g html2 -i ./api/schemas/$(DD_API_NAME).yaml \
+		-o ./pkg/generated/go/client/$(DD_API_NAME)/html
+
+post-gen-go-client:
+	rm -rf \
+		./pkg/generated/go/client/$(DD_API_NAME)/.gitignore \
+		./pkg/generated/go/client/$(DD_API_NAME)/.openapi-generator-ignore \
+		./pkg/generated/go/client/$(DD_API_NAME)/.travis.yml \
+		./pkg/generated/go/client/$(DD_API_NAME)/go.* \
+		./pkg/generated/go/client/$(DD_API_NAME)/git_push.sh
+
+generate: DD_API_NAME=secrets
+generate: DD_API_PKGNAME=secretsapi
+generate: pre-gen-clients gen-go-client gen-ts-client gen-secrets-api-html post-gen-go-client

src/extension/host-binary/api/.redocly/config.yaml

@@ -0,0 +1,65 @@
+plugins:
+  - plugins/customRules.js
+rules:
+  info-license-url:
+    severity: error
+  no-ambiguous-paths:
+    severity: error
+  no-invalid-media-type-examples:
+    severity: error
+  no-server-example.com:
+    severity: error
+  no-unused-components:
+    severity: error
+  operation-2xx-response:
+    severity: error
+  operation-operationId:
+    severity: error
+  no-enum-type-mismatch:
+    severity: error
+  no-example-value-and-externalValue:
+    severity: error
+  no-identical-paths:
+    severity: error
+  no-path-trailing-slash:
+    severity: error
+  no-server-trailing-slash:
+    severity: error
+  no-server-variables-empty-enum:
+    severity: error
+  no-undefined-server-variable:
+    severity: error
+  no-unresolved-refs:
+    severity: error
+  operation-operationId-unique:
+    severity: error
+  operation-operationId-url-safe:
+    severity: error
+  operation-parameters-unique:
+    severity: error
+  operation-summary:
+    severity: error
+  path-declaration-must-exist:
+    severity: error
+  path-not-include-query:
+    severity: error
+  path-parameters-defined:
+    severity: error
+  spec-components-invalid-map-name:
+    severity: error
+  spec:
+    severity: error
+  pinata/noAnonymousEnum:
+    severity: error
+
+  # Disable rules
+  operation-4xx-response:
+    severity: off
+  tag-description:
+    severity: off
+  no-empty-servers:
+    severity: off
+  info-license:
+    severity: off
+  security-defined:
+    severity: off

src/extension/host-binary/api/schemas/secrets.yaml

@@ -0,0 +1,189 @@
+openapi: 3.0.3
+info:
+  version: 0.0.0
+  title: Docker Desktop secrets API
+  description: This Docker Desktop API manages user secrets to be injected in containers.
+  x-redocly-package-name: secrets
+tags:
+  - name: secrets
+paths:
+  /secrets:
+    post:
+      summary: sets a secret value
+      tags: [ secrets ]
+      operationId: setJfsSecret
+      requestBody:
+        description: the secret to be set
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Secret'
+      responses:
+        '200':
+          description: success
+        '500':
+          description: unexpected error
+    get:
+      summary: lists all secrets
+      tags: [ secrets ]
+      operationId: listJfsSecrets
+      responses:
+        '200':
+          description: success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/StoredSecret'
+        '500':
+          description: unexpected error
+  /secrets/{secret}:
+    get:
+      summary: checks if a secret exists
+      tags: [ secrets ]
+      operationId: getJfsSecret
+      parameters:
+        - name: secret
+          required: true
+          in: path
+          schema:
+            type: string
+      responses:
+        '200':
+          description: success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/StoredSecret'
+        '404':
+          description: secret not found
+    delete:
+      summary: deletes a secret
+      tags: [ secrets ]
+      operationId: deleteJfsSecret
+      parameters:
+        - name: secret
+          required: true
+          in: path
+          schema:
+            type: string
+      responses:
+        '200':
+          description: success
+        '500':
+          description: unexpected error
+  /policies:
+    post:
+      summary: sets the policy
+      tags: [ secrets ]
+      operationId: setJfsPolicy
+      requestBody:
+        description: the policy to be set
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Policy'
+      responses:
+        '200':
+          description: success
+        '500':
+          description: unexpected error
+    get:
+      summary: lists all policies
+      tags: [ secrets ]
+      operationId: listJfsPolicies
+      responses:
+        '200':
+          description: success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Policy'
+        '500':
+          description: unexpected error
+  /policies/{policy}:
+    get:
+      summary: retrieves a policy
+      tags: [ secrets ]
+      operationId: getJfsPolicy
+      parameters:
+        - name: policy
+          required: true
+          in: path
+          schema:
+            type: string
+      responses:
+        '200':
+          description: success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Policy'
+        '404':
+          description: policy not found
+    delete:
+      summary: deletes a policy
+      tags: [ secrets ]
+      operationId: deleteJfsPolicy
+      parameters:
+        - name: policy
+          required: true
+          in: path
+          schema:
+            type: string
+      responses:
+        '200':
+          description: success
+        '500':
+          description: unexpected error
+components:
+  schemas:
+    Secret:
+      type: object
+      properties:
+        name:
+          type: string
+          description: the name of the secret
+        value:
+          type: string
+          description: the value of the secret
+        policies:
+          type: array
+          items:
+            type: string
+          description: the list of policy names associated with the secret
+      required:
+        - name
+        - value
+    StoredSecret:
+      type: object
+      properties:
+        name:
+          type: string
+          description: the name of the secret
+        policies:
+          type: array
+          items:
+            type: string
+          description: the list of policy names associated with the secret
+      required:
+        - name
+        - policies
+    Policy:
+      type: object
+      properties:
+        name:
+          type: string
+          description: the name of the policy
+        images:
+          type: array
+          items:
+            type: string
+          description: the list of images allowed by the policy
+      required:
+        - name