diff --git a/.github/workflows/test-lint.yml b/.github/workflows/test-lint.yml index bf33e082e3..33ed108e7e 100644 --- a/.github/workflows/test-lint.yml +++ b/.github/workflows/test-lint.yml @@ -45,6 +45,7 @@ jobs: --exclude '^https://app.datadoghq.eu/.*' --exclude '^https://community.chocolatey.org/.*' --exclude '^https://packages.debian.org/$' + --exclude '^https://test.hub.keboola.local/$' - name: Run code linters run: make lint diff --git a/.gitignore b/.gitignore index 41baba02d1..97a33b8c09 100644 --- a/.gitignore +++ b/.gitignore @@ -50,3 +50,7 @@ vendor/* # CPU profiles /**/*.prof + +# Certificates +/ca +/certs diff --git a/docker-compose.yml b/docker-compose.yml index 348ad023ad..23f52cdd8d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,19 +5,20 @@ services: context: . dockerfile: ./provisioning/dev/docker/Dockerfile # Uncomment when you would like to inspect metrics of your service using prometheus container. - # Change the placeholder with desired service to be inspected. + # Change the placeholder with desired service to be inspected. E.g apps-proxy # See ./docs/development.md for more information how to startup the compose etc. #command: > # sh -c "git config --global --add safe.directory /code - # make run-" + # make run-" links: - etcd - redis - - sandboxesMock + - sandboxesmock - prometheus networks: - prometheus - etcd + - apps-proxy volumes: - ./:/code:z - cache:/tmp/cache @@ -49,6 +50,7 @@ services: - APPS_PROXY_LISTEN_ADDRESS=0.0.0.0:8002 - APPS_PROXY_METRICS_LISTEN_ADDRESS=0.0.0.0:9002 - APPS_PROXY_API_PUBLIC_URL=https://hub.keboola.local + - APPS_PROXY_SANDBOXES_API_URL=http://sandboxesmock:1080/ - APPS_PROXY_COOKIE_SECRET_SALT=secret # Disable DataDog integration - TEMPLATES_DATADOG_ENABLED=false @@ -145,7 +147,7 @@ services: - K6_RAMPING_DOWN_DURATION - STREAM_PAYLOAD_SIZE - sandboxesMock: + sandboxesmock: image: mockserver/mockserver:latest ports: - 1080:1080 @@ -155,6 +157,23 @@ services: MOCKSERVER_INITIALIZATION_JSON_PATH: /config/sandboxesMock.json volumes: - ./provisioning/apps-proxy/dev/sandboxesMock.json:/config/sandboxesMock.json:Z + networks: + - apps-proxy + + https-proxy: + image: https-proxy + volumes: + - ./ca:/etc/nginx/ca + - ./certs:/etc/nginx/certs + environment: + - DOMAIN=hub.keboola.local + - TARGET_HOST=dev + - TARGET_HOST_HEADER=test.hub.keboola.local + - TARGET_PORT=8000 + ports: + - 443:443 + networks: + - apps-proxy prometheus: image: prom/prometheus @@ -172,3 +191,4 @@ networks: prometheus: driver: bridge etcd: + apps-proxy: diff --git a/docs/apps-proxy/overview.md b/docs/apps-proxy/overview.md new file mode 100644 index 0000000000..7bd852196f --- /dev/null +++ b/docs/apps-proxy/overview.md @@ -0,0 +1,52 @@ +# Apps proxy Architecture Overview + +- Serves for data apps authentication and authorization. +- Typicall usage is to perform OIDC login through some OIDC provider (e.g Microsoft login, Google login etc.) +- Has possibility to add basic authorization which consists of password prompt on a web page. + + +## Entrypoint + +[cmd/apps-proxy/main.go](../../cmd/apps-proxy/main.go) + +## Apps Proxy Options + +## Operations + +In `/etc/hosts` add this: + +``` +127.0.0.1 test.hub.keboola.local +127.0.0.1 hub.keboola.local +``` +In project directory uncommect in [docker-compose.yml](../../docker-compose.yml) the `command` section and fill it with `apps-proxy` service. It should look like this +``` +command: > + sh -c "git config --global --add safe.directory /code + make run-apps-proxy" +``` + +Then launch the dev container +``` +docker compose up -d dev +``` + +There is a sandboxes service mock in place which returns configuration of data app. Simply adjust the [provisioning/apps-proxy/dev/sandboxesMock.json](../../provisioning/apps-proxy/dev/sandboxesMock.json) if you want to change received configuration by local testing. + +Next clone this repository: GitHub - [fsouza/docker-ssl-proxy](https://github.com/fsouza/docker-ssl-proxy) + +In its directory run this: + +``` +docker build -t https-proxy . +``` + +And then go back to the root repository and launch the https-proxy: + +``` +docker compose up https-proxy +``` + +Now the proxy should be available under https://test.hub.keboola.local/. + + diff --git a/provisioning/apps-proxy/dev/.air.toml b/provisioning/apps-proxy/dev/.air.toml index 4134baad18..1fd6f211d7 100644 --- a/provisioning/apps-proxy/dev/.air.toml +++ b/provisioning/apps-proxy/dev/.air.toml @@ -3,7 +3,7 @@ tmp_dir = "target/.watcher" [build] bin = "./target/apps-proxy/proxy" - args_bin = ["--sandboxes-api-url", "http://localhost:1080", "--sandboxes-api-token", "my-token", "--metrics-listen", "0.0.0.0:9002", "--api-public-url", "http://localhost:8000", "--cookie-secret-salt", "cookie", "--csrf-token-salt", "bcc3add3bf72e628149fbfbc11932329de7f375db3d8503ef0e32b336adf46c4"] + args_bin = ["--sandboxes-api-token", "my-token", "--metrics-listen", "0.0.0.0:9002", "--api-public-url", "http://hub.keboola.local", "--cookie-secret-salt", "cookie", "--csrf-token-salt", "bcc3add3bf72e628149fbfbc11932329de7f375db3d8503ef0e32b336adf46c4"] cmd = "make build-apps-proxy" delay = 2000 exclude_dir = [] diff --git a/provisioning/apps-proxy/dev/sandboxesMock.json b/provisioning/apps-proxy/dev/sandboxesMock.json index cc4aa3e3d1..42b2012d3c 100644 --- a/provisioning/apps-proxy/dev/sandboxesMock.json +++ b/provisioning/apps-proxy/dev/sandboxesMock.json @@ -2,11 +2,11 @@ { "httpRequest": { "method": "GET", - "path": "/apps/123/proxy-config" + "path": "/apps/test/proxy-config" }, "httpResponse": { "body": { - "appId": "123", + "appId": "test", "appName": "app", "projectId": "11", "upstreamAppUrl": "http://localhost:1235",