From 4b6e99149fbde52d69fb22757d53f6565b4ef8d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Va=C5=A1ko?= Date: Tue, 17 Dec 2024 09:43:28 +0100 Subject: [PATCH 1/2] feat: Add apps proxy local development docs --- .github/workflows/test-lint.yml | 1 + docs/apps-proxy/overview.md | 68 +++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 docs/apps-proxy/overview.md diff --git a/.github/workflows/test-lint.yml b/.github/workflows/test-lint.yml index 1f24fcca1d..13e0422e16 100644 --- a/.github/workflows/test-lint.yml +++ b/.github/workflows/test-lint.yml @@ -45,6 +45,7 @@ jobs: --exclude '^https://app.datadoghq.eu/.*' --exclude '^https://community.chocolatey.org/.*' --exclude '^https://packages.debian.org/$' + --exclude '^https://test.hub.keboola.local/$' - name: Run code linters run: make lint diff --git a/docs/apps-proxy/overview.md b/docs/apps-proxy/overview.md new file mode 100644 index 0000000000..fe64238fdf --- /dev/null +++ b/docs/apps-proxy/overview.md @@ -0,0 +1,68 @@ +# Apps proxy Architecture Overview + +- Serves for data apps authentication and authorization. +- Typicall usage is to perform OIDC login through some OIDC provider (e.g Microsoft login, google login etc.) +- Has possibility to add basic authorization which consists of password prompt on a web page. + + +## Entrypoint + +[cmd/apps-proxy/main.go](../../cmd/apps-proxy/main.go) + +## Apps Proxy Options + +## Operations + +In `/etc/hosts` add this: + +``` +127.0.0.1 test.hub.keboola.local +127.0.0.1 hub.keboola.local +``` +In project directory run: + +``` +docker compose run --rm --service-ports dev --net=my-test bash +``` + +Inside this bash run: + +``` +make run-app-proxy +``` + +There is a sandboxes service mock in place which returns configuration of data app. Simply adjust the [provisioning/apps-proxy/dev/sandboxesMock.json](../../provisioning/apps-proxy/dev/sandboxesMock.json) if you want to change received configuration by local testing. + +Out of the container check for using + +``` +docker ps -a +``` + +Find ID of the container running the `dev` environment. + +Next clone this repository: GitHub - [fsouza/docker-ssl-proxy](https://github.com/fsouza/docker-ssl-proxy) + +In its directory run this: + +``` +docker build -t https-proxy . +``` + +And then in this command replace with the id from earlier: + +``` +docker run --net=cli_default --rm \ + --env DOMAIN=test.hub.keboola.local \ + --env TARGET_HOST= \ + --env TARGET_HOST_HEADER=test.hub.keboola.local \ + --env TARGET_PORT=8002 \ + -p 443:443 \ + --volume=./ca:/etc/nginx/ca \ + --volume=./certs:/etc/nginx/certs \ + https-proxy +``` + +Now the proxy should be available under https://test.hub.keboola.local/. + + From 8f25f0df98ef22e5ec2d40f24a34ab092efaa4e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Va=C5=A1ko?= Date: Mon, 6 Jan 2025 14:55:20 +0100 Subject: [PATCH 2/2] fix: Rework compose with including https-proxy Change documentation to be more straight forward. Rework process from docker -> docker compose. Adjust provisioning as it was not possible to override sandboxesMock address and public API did not point to hub.keboola.local. --- .gitignore | 4 +++ docker-compose.yml | 28 ++++++++++++--- docs/apps-proxy/overview.md | 34 +++++-------------- provisioning/apps-proxy/dev/.air.toml | 2 +- .../apps-proxy/dev/sandboxesMock.json | 4 +-- 5 files changed, 40 insertions(+), 32 deletions(-) diff --git a/.gitignore b/.gitignore index 41baba02d1..97a33b8c09 100644 --- a/.gitignore +++ b/.gitignore @@ -50,3 +50,7 @@ vendor/* # CPU profiles /**/*.prof + +# Certificates +/ca +/certs diff --git a/docker-compose.yml b/docker-compose.yml index 348ad023ad..23f52cdd8d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,19 +5,20 @@ services: context: . dockerfile: ./provisioning/dev/docker/Dockerfile # Uncomment when you would like to inspect metrics of your service using prometheus container. - # Change the placeholder with desired service to be inspected. + # Change the placeholder with desired service to be inspected. E.g apps-proxy # See ./docs/development.md for more information how to startup the compose etc. #command: > # sh -c "git config --global --add safe.directory /code - # make run-" + # make run-" links: - etcd - redis - - sandboxesMock + - sandboxesmock - prometheus networks: - prometheus - etcd + - apps-proxy volumes: - ./:/code:z - cache:/tmp/cache @@ -49,6 +50,7 @@ services: - APPS_PROXY_LISTEN_ADDRESS=0.0.0.0:8002 - APPS_PROXY_METRICS_LISTEN_ADDRESS=0.0.0.0:9002 - APPS_PROXY_API_PUBLIC_URL=https://hub.keboola.local + - APPS_PROXY_SANDBOXES_API_URL=http://sandboxesmock:1080/ - APPS_PROXY_COOKIE_SECRET_SALT=secret # Disable DataDog integration - TEMPLATES_DATADOG_ENABLED=false @@ -145,7 +147,7 @@ services: - K6_RAMPING_DOWN_DURATION - STREAM_PAYLOAD_SIZE - sandboxesMock: + sandboxesmock: image: mockserver/mockserver:latest ports: - 1080:1080 @@ -155,6 +157,23 @@ services: MOCKSERVER_INITIALIZATION_JSON_PATH: /config/sandboxesMock.json volumes: - ./provisioning/apps-proxy/dev/sandboxesMock.json:/config/sandboxesMock.json:Z + networks: + - apps-proxy + + https-proxy: + image: https-proxy + volumes: + - ./ca:/etc/nginx/ca + - ./certs:/etc/nginx/certs + environment: + - DOMAIN=hub.keboola.local + - TARGET_HOST=dev + - TARGET_HOST_HEADER=test.hub.keboola.local + - TARGET_PORT=8000 + ports: + - 443:443 + networks: + - apps-proxy prometheus: image: prom/prometheus @@ -172,3 +191,4 @@ networks: prometheus: driver: bridge etcd: + apps-proxy: diff --git a/docs/apps-proxy/overview.md b/docs/apps-proxy/overview.md index fe64238fdf..7bd852196f 100644 --- a/docs/apps-proxy/overview.md +++ b/docs/apps-proxy/overview.md @@ -1,7 +1,7 @@ # Apps proxy Architecture Overview - Serves for data apps authentication and authorization. -- Typicall usage is to perform OIDC login through some OIDC provider (e.g Microsoft login, google login etc.) +- Typicall usage is to perform OIDC login through some OIDC provider (e.g Microsoft login, Google login etc.) - Has possibility to add basic authorization which consists of password prompt on a web page. @@ -19,28 +19,20 @@ In `/etc/hosts` add this: 127.0.0.1 test.hub.keboola.local 127.0.0.1 hub.keboola.local ``` -In project directory run: - +In project directory uncommect in [docker-compose.yml](../../docker-compose.yml) the `command` section and fill it with `apps-proxy` service. It should look like this ``` -docker compose run --rm --service-ports dev --net=my-test bash +command: > + sh -c "git config --global --add safe.directory /code + make run-apps-proxy" ``` -Inside this bash run: - +Then launch the dev container ``` -make run-app-proxy +docker compose up -d dev ``` There is a sandboxes service mock in place which returns configuration of data app. Simply adjust the [provisioning/apps-proxy/dev/sandboxesMock.json](../../provisioning/apps-proxy/dev/sandboxesMock.json) if you want to change received configuration by local testing. -Out of the container check for using - -``` -docker ps -a -``` - -Find ID of the container running the `dev` environment. - Next clone this repository: GitHub - [fsouza/docker-ssl-proxy](https://github.com/fsouza/docker-ssl-proxy) In its directory run this: @@ -49,18 +41,10 @@ In its directory run this: docker build -t https-proxy . ``` -And then in this command replace with the id from earlier: +And then go back to the root repository and launch the https-proxy: ``` -docker run --net=cli_default --rm \ - --env DOMAIN=test.hub.keboola.local \ - --env TARGET_HOST= \ - --env TARGET_HOST_HEADER=test.hub.keboola.local \ - --env TARGET_PORT=8002 \ - -p 443:443 \ - --volume=./ca:/etc/nginx/ca \ - --volume=./certs:/etc/nginx/certs \ - https-proxy +docker compose up https-proxy ``` Now the proxy should be available under https://test.hub.keboola.local/. diff --git a/provisioning/apps-proxy/dev/.air.toml b/provisioning/apps-proxy/dev/.air.toml index 4134baad18..1fd6f211d7 100644 --- a/provisioning/apps-proxy/dev/.air.toml +++ b/provisioning/apps-proxy/dev/.air.toml @@ -3,7 +3,7 @@ tmp_dir = "target/.watcher" [build] bin = "./target/apps-proxy/proxy" - args_bin = ["--sandboxes-api-url", "http://localhost:1080", "--sandboxes-api-token", "my-token", "--metrics-listen", "0.0.0.0:9002", "--api-public-url", "http://localhost:8000", "--cookie-secret-salt", "cookie", "--csrf-token-salt", "bcc3add3bf72e628149fbfbc11932329de7f375db3d8503ef0e32b336adf46c4"] + args_bin = ["--sandboxes-api-token", "my-token", "--metrics-listen", "0.0.0.0:9002", "--api-public-url", "http://hub.keboola.local", "--cookie-secret-salt", "cookie", "--csrf-token-salt", "bcc3add3bf72e628149fbfbc11932329de7f375db3d8503ef0e32b336adf46c4"] cmd = "make build-apps-proxy" delay = 2000 exclude_dir = [] diff --git a/provisioning/apps-proxy/dev/sandboxesMock.json b/provisioning/apps-proxy/dev/sandboxesMock.json index cc4aa3e3d1..42b2012d3c 100644 --- a/provisioning/apps-proxy/dev/sandboxesMock.json +++ b/provisioning/apps-proxy/dev/sandboxesMock.json @@ -2,11 +2,11 @@ { "httpRequest": { "method": "GET", - "path": "/apps/123/proxy-config" + "path": "/apps/test/proxy-config" }, "httpResponse": { "body": { - "appId": "123", + "appId": "test", "appName": "app", "projectId": "11", "upstreamAppUrl": "http://localhost:1235",