-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
simplify Docker compose and OpenFGA setup
- Loading branch information
Showing
5 changed files
with
47 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,25 @@ | ||
# syntax=docker/dockerfile:1.3.1 | ||
FROM ubuntu:20.04 AS build | ||
RUN apt-get -qq update && apt-get -qq install -y ca-certificates curl | ||
|
||
# Install some tools necessary for health checks and setup. | ||
RUN apt-get -qq update && apt-get -qq install -y ca-certificates curl wget postgresql-client | ||
|
||
EXPOSE 8081 | ||
EXPOSE 8080 | ||
|
||
WORKDIR /app | ||
|
||
# Copy OpenFGA binaries from upstream image | ||
COPY --from=openfga/openfga:v1.2.0 /openfga /app/openfga | ||
COPY --from=openfga/openfga:v1.2.0 /assets /app/assets | ||
ENTRYPOINT ["/app/openfga"] | ||
|
||
COPY entrypoint.sh /app/entrypoint.sh | ||
|
||
ENTRYPOINT [ "/app/entrypoint.sh" ] | ||
|
||
HEALTHCHECK \ | ||
--start-period=5s \ | ||
--interval=1s \ | ||
--timeout=5s \ | ||
--retries=10 \ | ||
CMD [ "curl", "http://0.0.0.0:8080/healthz" ] |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
#!/bin/sh | ||
|
||
# This script starts the OpenFGA server, migrates the associated database and applies JIMM's auth model. | ||
# It also manually edits the authorization_model_id to a hardcoded value for easier testing. | ||
# Note that this script expects an authorisation_model.json file to be present. We provide that file | ||
# by mounting the file from the host rather than putting it into the Docker container to avoid duplication. | ||
|
||
set -e | ||
|
||
# Migrate the database | ||
./openfga migrate --datastore-engine postgres --datastore-uri "$OPENFGA_DATASTORE_URI" | ||
|
||
./openfga run & | ||
sleep 3 | ||
|
||
# Cleanup old auth model from previous starts | ||
psql -Atx "$OPENFGA_DATASTORE_URI" -c "DELETE FROM authorization_model;" | ||
# Adds the auth model and updates its authorisation model id to be the expected hard-coded id such that our local JIMM can utilise it for queries. | ||
wget -q -O - --header 'Content-Type: application/json' --header 'Authorization: Bearer jimm' --post-file authorisation_model.json localhost:8080/stores/01GP1254CHWJC1MNGVB0WDG1T0/authorization-models | ||
psql -Atx "$OPENFGA_DATASTORE_URI" -c "INSERT INTO store (id,name,created_at,updated_at) VALUES ('01GP1254CHWJC1MNGVB0WDG1T0','jimm',NOW(),NOW()) ON CONFLICT DO NOTHING;" | ||
psql -Atx "$OPENFGA_DATASTORE_URI" -c "UPDATE authorization_model SET authorization_model_id = '01GP1EC038KHGB6JJ2XXXXCXKB' WHERE store = '01GP1254CHWJC1MNGVB0WDG1T0';" | ||
|
||
# Keep container alive | ||
tail -f /dev/null & trap 'kill %1' TERM ; wait |