-
Notifications
You must be signed in to change notification settings - Fork 2.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Embedded] Harness Router, Inline Space Creation, Bootstrap, Harness/…
…Admin User Setup (#28) Adds the basic for harness embedded mode: - Harness dedicated router with custom APIHandler - Inline Space Creation - Client for Account/Org/Project - Bootstrap (Allows for automated creation of admin user and gitness service (used for all platform required ops)) - Inline harness service principal creation - Ignore flag for ACL.
- Loading branch information
1 parent
c07dc4c
commit 5786ad2
Showing
87 changed files
with
1,057 additions
and
158 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,28 @@ | ||
# Gitness values | ||
GITNESS_TRACE=true | ||
GITNESS_ADMIN_NAME=Administrator | ||
GITNESS_ADMIN_EMAIL=[email protected] | ||
GITNESS_ADMIN_PASSWORD=changeit | ||
|
||
# Harness specifc values | ||
HARNESS_JWT_IDENTITY="gitness" | ||
HARNESS_JWT_SECRET="IC04LYMBf1lDP5oeY4hupxd4HJhLmN6azUku3xEbeE3SUx5G3ZYzhbiwVtK4i7AmqyU9OZkwB4v8E9qM" | ||
HARNESS_JWT_VALIDINMIN=1440 | ||
HARNESS_JWT_BEARER_IDENTITY="Bearer" | ||
HARNESS_JWT_BEARER_SECRET="dOkdsVqdRPPRJG31XU0qY4MPqmBBMk0PTAGIKM6O7TGqhjyxScIdJe80mwh5Yb5zF3KxYBHw6B3Lfzlq" | ||
HARNESS_JWT_IDENTITY_SERVICE_IDENTITY="IdentityService" | ||
HARNESS_JWT_IDENTITY_SERVICE_SECRET="HVSKUYqD4e5Rxu12hFDdCJKGM64sxgEynvdDhaOHaTHhwwn0K4Ttr0uoOxSsEVYNrUU" | ||
HARNESS_JWT_MANAGER_IDENTITY="Manager" | ||
HARNESS_JWT_MANAGER_SECRET="dOkdsVqdRPPRJG31XU0qY4MPqmBBMk0PTAGIKM6O7TGqhjyxScIdJe80mwh5Yb5zF3KxYBHw6B3Lfzlq" | ||
HARNESS_JWT_NGMANAGER_IDENTITY="NextGenManager" | ||
HARNESS_JWT_NGMANAGER_SECRET="IC04LYMBf1lDP5oeY4hupxd4HJhLmN6azUku3xEbeE3SUx5G3ZYzhbiwVtK4i7AmqyU9OZkwB4v8E9qM" | ||
HARNESS_CLIENTS_ACL_SECURE=false | ||
HARNESS_CLIENTS_ACL_BASEURL="http:https://localhost:9006/api" | ||
HARNESS_CLIENTS_MANAGER_SECURE=false | ||
HARNESS_CLIENTS_MANAGER_BASEURL="http:https://localhost:3457/api" | ||
HARNESS_CLIENTS_NGMANAGER_SECURE=false | ||
HARNESS_CLIENTS_NGMANAGER_BASEURL="http:https://localhost:7457" | ||
|
||
HARNESS_SERVICES_IDENTITY_JWT_IDENTITY="IdentityService" | ||
HARNESS_SERVICES_IDENTITY_JWT_SECRET="HVSKUYqD4e5Rxu12hFDdCJKGM64sxgEynvdDhaOHaTHhwwn0K4Ttr0uoOxSsEVYNrUU" | ||
|
||
HARNESS_SERVICES_ACL_IGNORE=true | ||
HARNESS_SERVICES_ACL_CLIENT_SECURE=false | ||
HARNESS_SERVICES_ACL_CLIENT_BASEURL="http:https://localhost:9006/api" | ||
|
||
HARNESS_SERVICES_MANAGER_CLIENT_SECURE=false | ||
HARNESS_SERVICES_MANAGER_CLIENT_BASEURL="http:https://localhost:3457/api" | ||
HARNESS_SERVICES_MANAGER_JWT_IDENTITY="Manager" | ||
HARNESS_SERVICES_MANAGER_JWT_SECRET="dOkdsVqdRPPRJG31XU0qY4MPqmBBMk0PTAGIKM6O7TGqhjyxScIdJe80mwh5Yb5zF3KxYBHw6B3Lfzlq" | ||
|
||
HARNESS_SERVICES_NGMANAGER_CLIENT_SECURE=false | ||
HARNESS_SERVICES_NGMANAGER_CLIENT_BASEURL="http:https://localhost:7457" | ||
HARNESS_SERVICES_NGMANAGER_JWT_IDENTITY="NextGenManager" | ||
HARNESS_SERVICES_NGMANAGER_JWT_SECRET="IC04LYMBf1lDP5oeY4hupxd4HJhLmN6azUku3xEbeE3SUx5G3ZYzhbiwVtK4i7AmqyU9OZkwB4v8E9qM" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,5 @@ | ||
GITNESS_TRACE=true | ||
GITNESS_TRACE=true | ||
GITNESS_ADMIN_UID=admin | ||
GITNESS_ADMIN_NAME=Administrator | ||
GITNESS_ADMIN_EMAIL=[email protected] | ||
GITNESS_ADMIN_PASSWORD=changeit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
// Copyright 2021 Harness Inc. All rights reserved. | ||
// Use of this source code is governed by the Polyform Free Trial License | ||
// that can be found in the LICENSE.md file for this repository. | ||
|
||
package auth | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/harness/gitness/internal/auth" | ||
"github.com/harness/gitness/internal/auth/authz" | ||
"github.com/harness/gitness/types" | ||
"github.com/harness/gitness/types/enum" | ||
) | ||
|
||
/* | ||
* CheckService checks if a service specific permission is granted for the current auth session. | ||
* Returns nil if the permission is granted, otherwise returns an error. | ||
* NotAuthenticated, NotAuthorized, or any unerlaying error. | ||
*/ | ||
func CheckService(ctx context.Context, authorizer authz.Authorizer, session *auth.Session, | ||
svc *types.Service, permission enum.Permission) error { | ||
// a service exists outside of any scope | ||
scope := &types.Scope{} | ||
resource := &types.Resource{ | ||
Type: enum.ResourceTypeService, | ||
Name: svc.UID, | ||
} | ||
|
||
return Check(ctx, authorizer, session, scope, resource, permission) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
// Copyright 2021 Harness Inc. All rights reserved. | ||
// Use of this source code is governed by the Polyform Free Trial License | ||
// that can be found in the LICENSE.md file for this repository. | ||
|
||
package service | ||
|
||
import ( | ||
"github.com/harness/gitness/internal/auth/authz" | ||
"github.com/harness/gitness/internal/store" | ||
) | ||
|
||
type Controller struct { | ||
authorizer authz.Authorizer | ||
serviceStore store.ServiceStore | ||
} | ||
|
||
func NewController(authorizer authz.Authorizer, serviceStore store.ServiceStore) *Controller { | ||
return &Controller{ | ||
authorizer: authorizer, | ||
serviceStore: serviceStore, | ||
} | ||
} |
Oops, something went wrong.