[Harness] Adding JWT/PAT/SAT Support, Harness Clients, Inline User/Se…

…rviceAccount Creation, harness Build flag, ... (#22) This change adds the initial stepping stones for harness integration: - Authentication: JWT/PAT/SAT support - Authorization: ACL integration (acl currently denies requests as gitness hasn't been integrated yet) - Remote Clients for Token, User, ServiceAccount, ACL - User Integration: Syncs harness users during authentication if unknown - SA integration: syncs harness service accounts during authentication if unknown - Initial harness API: THIS WILL BE CHANGED IN THE FUTURE! - single harness subpackage (all marked with harness build flag) - harness & standalone wire + make build commands
harness · Sep 30, 2022 · 4668e94 · 4668e94
1 parent 5baf42d
commit 4668e94
Show file tree

Hide file tree

Showing 67 changed files with 905 additions and 772 deletions.
diff --git a/.harness.env b/.harness.env
@@ -0,0 +1,18 @@
+GITNESS_TRACE=true
+HARNESS_JWT_IDENTITY="gitness"
+HARNESS_JWT_SECRET="IC04LYMBf1lDP5oeY4hupxd4HJhLmN6azUku3xEbeE3SUx5G3ZYzhbiwVtK4i7AmqyU9OZkwB4v8E9qM"
+HARNESS_JWT_VALIDINMIN=1440
+HARNESS_JWT_BEARER_IDENTITY="Bearer"
+HARNESS_JWT_BEARER_SECRET="dOkdsVqdRPPRJG31XU0qY4MPqmBBMk0PTAGIKM6O7TGqhjyxScIdJe80mwh5Yb5zF3KxYBHw6B3Lfzlq"
+HARNESS_JWT_IDENTITY_SERVICE_IDENTITY="IdentityService"
+HARNESS_JWT_IDENTITY_SERVICE_SECRET="HVSKUYqD4e5Rxu12hFDdCJKGM64sxgEynvdDhaOHaTHhwwn0K4Ttr0uoOxSsEVYNrUU"
+HARNESS_JWT_MANAGER_IDENTITY="Manager"
+HARNESS_JWT_MANAGER_SECRET="dOkdsVqdRPPRJG31XU0qY4MPqmBBMk0PTAGIKM6O7TGqhjyxScIdJe80mwh5Yb5zF3KxYBHw6B3Lfzlq"
+HARNESS_JWT_NGMANAGER_IDENTITY="NextGenManager"
+HARNESS_JWT_NGMANAGER_SECRET="IC04LYMBf1lDP5oeY4hupxd4HJhLmN6azUku3xEbeE3SUx5G3ZYzhbiwVtK4i7AmqyU9OZkwB4v8E9qM"
+HARNESS_CLIENTS_ACL_SECURE=false
+HARNESS_CLIENTS_ACL_BASEURL="https://localhost:9006/api"
+HARNESS_CLIENTS_MANAGER_SECURE=false
+HARNESS_CLIENTS_MANAGER_BASEURL="https://localhost:3457/api"
+HARNESS_CLIENTS_NGMANAGER_SECURE=false
+HARNESS_CLIENTS_NGMANAGER_BASEURL="https://localhost:7457"
diff --git a/.local.env b/.local.env
@@ -0,0 +1 @@
+GITNESS_TRACE=true
diff --git a/Makefile b/Makefile
@@ -35,13 +35,19 @@ tools: $(tools) ## Install tools required for the build
 mocks: $(mocks)
  @echo "Generating Test Mocks"
 
-generate: $(mocks) cli/server/wire_gen.go mocks/mock_client.go
+wire: cli/server/harness.wire_gen.go cli/server/standalone.wire_gen.go
+
+generate: $(mocks) wire mocks/mock_client.go
  @echo "Generating Code"
 
 build: generate ## Build the gitness service binary
  @echo "Building Gitness Server"
  go build -ldflags="-X github.com/harness/gitness/version.GitCommit=${GIT_COMMIT} -X github.com/harness/gitness/version.Version.Major=${GITNESS_VERSION}" -o ./gitness .
 
+harness-build: generate ## Build the gitness service binary for harness embedded mode
+ @echo "Building Gitness Server for Harness"
+ go build -tags=harness -ldflags="-X github.com/harness/gitness/version.GitCommit=${GIT_COMMIT} -X github.com/harness/gitness/version.Version.Major=${GITNESS_VERSION}" -o ./gitness .
+
 test: generate ## Run the go tests
  @echo "Running tests"
  go test -v -coverprofile=coverage.out ./internal/...
@@ -114,9 +120,19 @@ lint: tools generate # lint the golang code
 # Some code generation can be slow, so we only run it if
 # the source file has changed.
 ###########################################
-cli/server/wire_gen.go: cli/server/wire.go ## Update the wire dependency injection if wire.go has changed.
- @echo "Updating wire_gen.go"
- go generate ./cli/server/wire_gen.go
+cli/server/harness.wire_gen.go: cli/server/harness.wire.go ## Update the wire dependency injection if harness.wire.go has changed.
+ @echo "Updating harness.wire_gen.go"
+ @go run github.com/google/wire/cmd/wire gen -tags=harness -output_file_prefix="harness." github.com/harness/gitness/cli/server
+ @perl -ni -e 'print unless /go:generate/' cli/server/harness.wire_gen.go
+ @perl -i -pe's/\+build !wireinject/\+build !wireinject,harness/g' cli/server/harness.wire_gen.go
+ @perl -i -pe's/go:build !wireinject/go:build !wireinject && harness/g' cli/server/harness.wire_gen.go
+
+cli/server/standalone.wire_gen.go: cli/server/standalone.wire.go ## Update the wire dependency injection if standalone.wire.go has changed.
+ @echo "Updating standalone.wire_gen.go"
+ @go run github.com/google/wire/cmd/wire gen -tags= -output_file_prefix="standalone." github.com/harness/gitness/cli/server
+ @perl -ni -e 'print unless /go:generate/' cli/server/standalone.wire_gen.go
+ @perl -i -pe's/\+build !wireinject/\+build !wireinject,!harness/g' cli/server/standalone.wire_gen.go
+ @perl -i -pe's/go:build !wireinject/go:build !wireinject && !harness/g' cli/server/standalone.wire_gen.go
 
 mocks/mock_client.go: internal/store/store.go client/client.go
  go generate mocks/mock.go

diff --git a/cli/operations/account/register.go b/cli/operations/account/register.go
@@ -19,11 +19,11 @@ type registerCommand struct {
 }
 
 func (c *registerCommand) run(*kingpin.ParseContext) error {
- username, password := util.Credentials()
+ username, name, email, password := util.Registration()
  httpClient := client.New(c.server)
  ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
  defer cancel()
- ts, err := httpClient.Register(ctx, username, password)
+ ts, err := httpClient.Register(ctx, username, name, email, password)
  if err != nil {
  return err
  }

diff --git a/cli/operations/user/user.go b/cli/operations/user/user.go
@@ -18,6 +18,8 @@ import (
 )
 
 const userTmpl = `
+uid: {{ .UID }}
+name: {{ .Name }}
 email: {{ .Email }}
 admin: {{ .Admin }}
 `

diff --git a/cli/server/config.go b/cli/server/config.go
@@ -5,30 +5,14 @@
 package server
 
 import (
- "os"
-
  "github.com/harness/gitness/types"
 
  "github.com/kelseyhightower/envconfig"
 )
 
-// legacy environment variables. the key is the legacy
-// variable name, and the value is the new variable name.
-var legacy = map[string]string{
- // none defined
-}
-
 // load returns the system configuration from the
 // host environment.
 func load() (*types.Config, error) {
- // loop through legacy environment variable and, if set
- // rewrite to the new variable name.
- for k, v := range legacy {
- if s, ok := os.LookupEnv(k); ok {
- os.Setenv(v, s)
- }
- }
-
  config := new(types.Config)
  // read the configuration from the environment and
  // populate the configuration structure.

diff --git a/cli/server/harness.wire.go b/cli/server/harness.wire.go
@@ -0,0 +1,41 @@
+// Copyright 2021 Harness Inc. All rights reserved.
+// Use of this source code is governed by the Polyform Free Trial License
+// that can be found in the LICENSE.md file for this repository.
+
+//go:build wireinject && harness
+// +build wireinject,harness
+
+package server
+
+import (
+ "github.com/harness/gitness/harness"
+ "github.com/harness/gitness/harness/auth/authn"
+ "github.com/harness/gitness/harness/auth/authz"
+ "github.com/harness/gitness/harness/client"
+ "github.com/harness/gitness/harness/router/translator"
+ "github.com/harness/gitness/internal/cron"
+ "github.com/harness/gitness/internal/router"
+ "github.com/harness/gitness/internal/server"
+ "github.com/harness/gitness/internal/store/database"
+ "github.com/harness/gitness/internal/store/memory"
+ "github.com/harness/gitness/types"
+
+ "github.com/google/wire"
+)
+
+func initSystem(config *types.Config) (*system, error) {
+ wire.Build(
+ newSystem,
+ database.WireSet,
+ memory.WireSet,
+ router.WireSet,
+ server.WireSet,
+ cron.WireSet,
+ harness.LoadConfig,
+ authn.WireSet,
+ authz.WireSet,
+ client.WireSet,
+ translator.WireSet,
+ )
+ return &system{}, nil
+}
diff --git a/cli/server/harness.wire_gen.go b/cli/server/harness.wire_gen.go
diff --git a/cli/server/wire.go → cli/server/standalone.wire.go b/cli/server/wire.go → cli/server/standalone.wire.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by the Polyform Free Trial License
 // that can be found in the LICENSE.md file for this repository.
 
-//go:build wireinject
-// +build wireinject
+//go:build wireinject && !harness
+// +build wireinject,!harness
 
 package server
 
@@ -14,6 +14,7 @@ import (
  "github.com/harness/gitness/internal/auth/authz"
  "github.com/harness/gitness/internal/cron"
  "github.com/harness/gitness/internal/router"
+ "github.com/harness/gitness/internal/router/translator"
  "github.com/harness/gitness/internal/server"
  "github.com/harness/gitness/internal/store/database"
  "github.com/harness/gitness/internal/store/memory"
@@ -24,14 +25,15 @@ import (
 
 func initSystem(ctx context.Context, config *types.Config) (*system, error) {
  wire.Build(
+ newSystem,
  database.WireSet,
  memory.WireSet,
  router.WireSet,
  server.WireSet,
  cron.WireSet,
- newSystem,
  authn.WireSet,
  authz.WireSet,
+ translator.WireSet,
  )
  return &system{}, nil
 }
diff --git a/cli/server/wire_gen.go → cli/server/standalone.wire_gen.go b/cli/server/wire_gen.go → cli/server/standalone.wire_gen.go
diff --git a/cli/util/util.go b/cli/util/util.go
@@ -101,6 +101,11 @@ func Config() (string, error) {
  )
 }
 
+// Registration returns the username, name, email and password from stdin.
+func Registration() (string, string, string, string) {
+ return Username(), Name(), Email(), Password()
+}
+
 // Credentials returns the username and password from stdin.
 func Credentials() (string, string) {
  return Username(), Password()
@@ -116,6 +121,26 @@ func Username() string {
  return strings.TrimSpace(username)
 }
 
+// Name returns the name from stdin.
+func Name() string {
+ reader := bufio.NewReader(os.Stdin)
+
+ fmt.Print("Enter Name: ")
+ name, _ := reader.ReadString('\n')
+
+ return strings.TrimSpace(name)
+}
+
+// Email returns the email from stdin.
+func Email() string {
+ reader := bufio.NewReader(os.Stdin)
+
+ fmt.Print("Enter Email: ")
+ email, _ := reader.ReadString('\n')
+
+ return strings.TrimSpace(email)
+}
+
 // Password returns the password from stdin.
 func Password() string {
  fmt.Print("Enter Password: ")

diff --git a/client/client.go b/client/client.go
@@ -69,9 +69,12 @@ func (c *HTTPClient) Login(ctx context.Context, username, password string) (*typ
 }
 
 // Register registers a new user and returns a JWT token.
-func (c *HTTPClient) Register(ctx context.Context, username, password string) (*types.TokenResponse, error) {
+func (c *HTTPClient) Register(ctx context.Context,
+ username, name, email, password string) (*types.TokenResponse, error) {
  form := &url.Values{}
  form.Add("username", username)
+ form.Add("name", name)
+ form.Add("email", email)
  form.Add("password", password)
  out := new(types.TokenResponse)
  uri := fmt.Sprintf("%s/api/v1/register", c.base)

diff --git a/client/interface.go b/client/interface.go
@@ -16,7 +16,7 @@ type Client interface {
  Login(ctx context.Context, username, password string) (*types.TokenResponse, error)
 
  // Register registers a new user and returns a JWT token.
- Register(ctx context.Context, username, password string) (*types.TokenResponse, error)
+ Register(ctx context.Context, username, name, email, password string) (*types.TokenResponse, error)
 
  // Self returns the currently authenticated user.
  Self(ctx context.Context) (*types.User, error)