[Embedded] Harness Router, Inline Space Creation, Bootstrap, Harness/…

…Admin User Setup (#28)

Adds the basic for harness embedded mode:
- Harness dedicated router with custom APIHandler
- Inline Space Creation
- Client for Account/Org/Project
- Bootstrap (Allows for automated creation of admin user and gitness service (used for all platform required ops))
- Inline harness service principal creation
- Ignore flag for ACL.

.harness.env

@@ -1,18 +1,28 @@
+# Gitness values
 GITNESS_TRACE=true
+GITNESS_ADMIN_NAME=Administrator
+GITNESS_ADMIN_EMAIL=[email protected]
+GITNESS_ADMIN_PASSWORD=changeit
+
+# Harness specifc values
 HARNESS_JWT_IDENTITY="gitness"
 HARNESS_JWT_SECRET="IC04LYMBf1lDP5oeY4hupxd4HJhLmN6azUku3xEbeE3SUx5G3ZYzhbiwVtK4i7AmqyU9OZkwB4v8E9qM"
 HARNESS_JWT_VALIDINMIN=1440
-HARNESS_JWT_BEARER_IDENTITY="Bearer"
 HARNESS_JWT_BEARER_SECRET="dOkdsVqdRPPRJG31XU0qY4MPqmBBMk0PTAGIKM6O7TGqhjyxScIdJe80mwh5Yb5zF3KxYBHw6B3Lfzlq"
-HARNESS_JWT_IDENTITY_SERVICE_IDENTITY="IdentityService"
-HARNESS_JWT_IDENTITY_SERVICE_SECRET="HVSKUYqD4e5Rxu12hFDdCJKGM64sxgEynvdDhaOHaTHhwwn0K4Ttr0uoOxSsEVYNrUU"
-HARNESS_JWT_MANAGER_IDENTITY="Manager"
-HARNESS_JWT_MANAGER_SECRET="dOkdsVqdRPPRJG31XU0qY4MPqmBBMk0PTAGIKM6O7TGqhjyxScIdJe80mwh5Yb5zF3KxYBHw6B3Lfzlq"
-HARNESS_JWT_NGMANAGER_IDENTITY="NextGenManager"
-HARNESS_JWT_NGMANAGER_SECRET="IC04LYMBf1lDP5oeY4hupxd4HJhLmN6azUku3xEbeE3SUx5G3ZYzhbiwVtK4i7AmqyU9OZkwB4v8E9qM"
-HARNESS_CLIENTS_ACL_SECURE=false
-HARNESS_CLIENTS_ACL_BASEURL="http:https://localhost:9006/api"
-HARNESS_CLIENTS_MANAGER_SECURE=false
-HARNESS_CLIENTS_MANAGER_BASEURL="http:https://localhost:3457/api"
-HARNESS_CLIENTS_NGMANAGER_SECURE=false
-HARNESS_CLIENTS_NGMANAGER_BASEURL="http:https://localhost:7457"
+
+HARNESS_SERVICES_IDENTITY_JWT_IDENTITY="IdentityService"
+HARNESS_SERVICES_IDENTITY_JWT_SECRET="HVSKUYqD4e5Rxu12hFDdCJKGM64sxgEynvdDhaOHaTHhwwn0K4Ttr0uoOxSsEVYNrUU"
+
+HARNESS_SERVICES_ACL_IGNORE=true
+HARNESS_SERVICES_ACL_CLIENT_SECURE=false
+HARNESS_SERVICES_ACL_CLIENT_BASEURL="http:https://localhost:9006/api"
+
+HARNESS_SERVICES_MANAGER_CLIENT_SECURE=false
+HARNESS_SERVICES_MANAGER_CLIENT_BASEURL="http:https://localhost:3457/api"
+HARNESS_SERVICES_MANAGER_JWT_IDENTITY="Manager"
+HARNESS_SERVICES_MANAGER_JWT_SECRET="dOkdsVqdRPPRJG31XU0qY4MPqmBBMk0PTAGIKM6O7TGqhjyxScIdJe80mwh5Yb5zF3KxYBHw6B3Lfzlq"
+
+HARNESS_SERVICES_NGMANAGER_CLIENT_SECURE=false
+HARNESS_SERVICES_NGMANAGER_CLIENT_BASEURL="http:https://localhost:7457"
+HARNESS_SERVICES_NGMANAGER_JWT_IDENTITY="NextGenManager"
+HARNESS_SERVICES_NGMANAGER_JWT_SECRET="IC04LYMBf1lDP5oeY4hupxd4HJhLmN6azUku3xEbeE3SUx5G3ZYzhbiwVtK4i7AmqyU9OZkwB4v8E9qM"

.local.env

@@ -1 +1,5 @@
-GITNESS_TRACE=true
+GITNESS_TRACE=true
+GITNESS_ADMIN_UID=admin
+GITNESS_ADMIN_NAME=Administrator
+GITNESS_ADMIN_EMAIL=[email protected]
+GITNESS_ADMIN_PASSWORD=changeit

cli/server/harness.wire.go

@@ -10,37 +10,39 @@ package server
 import (
  "context"
 
- "github.com/harness/gitness/harness"
  "github.com/harness/gitness/harness/auth/authn"
  "github.com/harness/gitness/harness/auth/authz"
+ "github.com/harness/gitness/harness/bootstrap"
  "github.com/harness/gitness/harness/client"
+ "github.com/harness/gitness/harness/router"
+ "github.com/harness/gitness/harness/types"
  "github.com/harness/gitness/internal/api/controller/repo"
- "github.com/harness/gitness/internal/api/controller/serviceaccount"
+ "github.com/harness/gitness/internal/api/controller/service"
  "github.com/harness/gitness/internal/api/controller/space"
  "github.com/harness/gitness/internal/api/controller/user"
  "github.com/harness/gitness/internal/cron"
- "github.com/harness/gitness/internal/router"
  "github.com/harness/gitness/internal/server"
  "github.com/harness/gitness/internal/store/database"
  "github.com/harness/gitness/internal/store/memory"
- "github.com/harness/gitness/types"
+ gitnessTypes "github.com/harness/gitness/types"
 
  "github.com/google/wire"
 )
 
-func initSystem(ctx context.Context, config *types.Config) (*system, error) {
+func initSystem(ctx context.Context, config *gitnessTypes.Config) (*system, error) {
  wire.Build(
  newSystem,
+ bootstrap.WireSet,
  database.WireSet,
  memory.WireSet,
- router.WireSet,
  server.WireSet,
  cron.WireSet,
  repo.WireSet,
- serviceaccount.WireSet,
  space.WireSet,
  user.WireSet,
- harness.LoadConfig,
+ service.WireSet,
+ types.LoadConfig,
+ router.WireSet,
  authn.WireSet,
  authz.WireSet,
  client.WireSet,

cli/server/server.go

@@ -54,10 +54,20 @@ func (c *command) run(*kingpin.ParseContext) error {
  // configure the log level
  setupLogger(config)
 
+ // add logger to context
+ log := log.Logger.With().Logger()
+ ctx = log.WithContext(ctx)
+
  // initialize system
  system, err := initSystem(ctx, config)
  if err != nil {
- return fmt.Errorf("encountered an error while initializing the system: %w", err)
+ return fmt.Errorf("encountered an error while wiring the system: %w", err)
+ }
+
+ // bootstrap the system
+ err = system.bootstrap(ctx)
+ if err != nil {
+ return fmt.Errorf("encountered an error while bootstrapping the system: %w", err)
  }
 
  // collects all go routines - gCTX cancels if any go routine encounters an error

cli/server/standalone.wire.go

@@ -16,6 +16,7 @@ import (
  "github.com/harness/gitness/internal/api/controller/user"
  "github.com/harness/gitness/internal/auth/authn"
  "github.com/harness/gitness/internal/auth/authz"
+ "github.com/harness/gitness/internal/bootstrap"
  "github.com/harness/gitness/internal/cron"
  "github.com/harness/gitness/internal/router"
  "github.com/harness/gitness/internal/server"
@@ -29,6 +30,7 @@ import (
 func initSystem(ctx context.Context, config *types.Config) (*system, error) {
  wire.Build(
  newSystem,
+ bootstrap.WireSet,
  database.WireSet,
  memory.WireSet,
  router.WireSet,

cli/server/system.go

@@ -5,20 +5,23 @@
 package server
 
 import (
+ "github.com/harness/gitness/internal/bootstrap"
  "github.com/harness/gitness/internal/cron"
  "github.com/harness/gitness/internal/server"
 )
 
 // system stores high level system sub-routines.
 type system struct {
- server *server.Server
- nightly *cron.Nightly
+ bootstrap bootstrap.Bootstrap
+ server *server.Server
+ nightly *cron.Nightly
 }
 
 // newSystem returns a new system structure.
-func newSystem(server *server.Server, nightly *cron.Nightly) *system {
+func newSystem(bootstrap bootstrap.Bootstrap, server *server.Server, nightly *cron.Nightly) *system {
  return &system{
- server: server,
- nightly: nightly,
+ bootstrap: bootstrap,
+ server: server,
+ nightly: nightly,
  }
 }

internal/api/auth/service.go

@@ -0,0 +1,31 @@
+// Copyright 2021 Harness Inc. All rights reserved.
+// Use of this source code is governed by the Polyform Free Trial License
+// that can be found in the LICENSE.md file for this repository.
+
+package auth
+
+import (
+ "context"
+
+ "github.com/harness/gitness/internal/auth"
+ "github.com/harness/gitness/internal/auth/authz"
+ "github.com/harness/gitness/types"
+ "github.com/harness/gitness/types/enum"
+)
+
+/*
+ * CheckService checks if a service specific permission is granted for the current auth session.
+ * Returns nil if the permission is granted, otherwise returns an error.
+ * NotAuthenticated, NotAuthorized, or any unerlaying error.
+ */
+func CheckService(ctx context.Context, authorizer authz.Authorizer, session *auth.Session,
+ svc *types.Service, permission enum.Permission) error {
+ // a service exists outside of any scope
+ scope := &types.Scope{}
+ resource := &types.Resource{
+ Type: enum.ResourceTypeService,
+ Name: svc.UID,
+ }
+
+ return Check(ctx, authorizer, session, scope, resource, permission)
+}

internal/api/controller/service/controller.go

@@ -0,0 +1,22 @@
+// Copyright 2021 Harness Inc. All rights reserved.
+// Use of this source code is governed by the Polyform Free Trial License
+// that can be found in the LICENSE.md file for this repository.
+
+package service
+
+import (
+ "github.com/harness/gitness/internal/auth/authz"
+ "github.com/harness/gitness/internal/store"
+)
+
+type Controller struct {
+ authorizer authz.Authorizer
+ serviceStore store.ServiceStore
+}
+
+func NewController(authorizer authz.Authorizer, serviceStore store.ServiceStore) *Controller {
+ return &Controller{
+ authorizer: authorizer,
+ serviceStore: serviceStore,
+ }
+}