Skip to content

Commit

Permalink
simplify Docker compose and OpenFGA setup
Browse files Browse the repository at this point in the history
  • Loading branch information
kian99 committed Aug 23, 2024
1 parent de6bf2a commit f5c050f
Show file tree
Hide file tree
Showing 4 changed files with 492 additions and 50 deletions.
50 changes: 3 additions & 47 deletions docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -93,65 +93,21 @@ services:
cap_add:
- IPC_LOCK

migrateopenfga:
image: openfga/openfga:v1.2.0
container_name: migrateopenfga
command: migrate --datastore-engine postgres --datastore-uri 'postgresql://jimm:jimm@db/jimm?sslmode=disable'
depends_on:
db:
condition: service_healthy

insert-hardcoded-store:
image: governmentpaas/psql
container_name: insert-hardcoded-store
command: psql -Atx postgresql://jimm:jimm@db/jimm?sslmode=disable -c "INSERT INTO store (id,name,created_at,updated_at) VALUES ('01GP1254CHWJC1MNGVB0WDG1T0','jimm',NOW(),NOW());"
depends_on:
migrateopenfga:
condition: service_completed_successfully

openfga:
# We use our 'image' to mimic juju standard.
# image: openfga/openfga:latest
build:
context: .
dockerfile: ./local/openfga/Dockerfile
context: ./local/openfga/
dockerfile: Dockerfile
container_name: openfga
environment:
OPENFGA_AUTHN_METHOD: "preshared"
OPENFGA_AUTHN_PRESHARED_KEYS: "jimm"
OPENFGA_DATASTORE_ENGINE: "postgres"
OPENFGA_DATASTORE_URI: "postgresql://jimm:jimm@db/jimm?sslmode=disable"
command: run
ports:
- 8080:8080
- 3000:3000
depends_on:
migrateopenfga:
condition: service_completed_successfully
insert-hardcoded-store:
condition: service_completed_successfully
healthcheck:
test: [ "CMD", "curl", "http://0.0.0.0:8080/healthz" ]
interval: 5s
timeout: 5s
retries: 10

# Adds the auth model and updates its authorisation model id to be the expected hard-coded id such that our local JIMM can utilise it for queries.
# The auth model json is retrieved from file via volume mount.
insert-hardcoded-auth-model:
profiles: ["dev", "test"]
image: governmentpaas/psql
container_name: insert-hardcoded-auth-model
volumes:
- ./local/openfga/authorisation_model.json:/authorisation_model.json
command:
- /bin/sh
- -c
- |
wget -q -O - --header 'Content-Type: application/json' --header 'Authorization: Bearer jimm' --post-file authorisation_model.json openfga:8080/stores/01GP1254CHWJC1MNGVB0WDG1T0/authorization-models
psql -Atx postgresql://jimm:jimm@db/jimm?sslmode=disable -c "UPDATE authorization_model SET authorization_model_id = '01GP1EC038KHGB6JJ2XXXXCXKB' WHERE store = '01GP1254CHWJC1MNGVB0WDG1T0';"
depends_on:
openfga:
db:
condition: service_healthy

keycloak:
Expand Down
21 changes: 19 additions & 2 deletions local/openfga/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,9 +1,26 @@
# syntax=docker/dockerfile:1.3.1
FROM ubuntu:20.04 AS build
RUN apt-get -qq update && apt-get -qq install -y ca-certificates curl

# Install some tools necessary heath checks and setup.
RUN apt-get -qq update && apt-get -qq install -y ca-certificates curl wget postgresql-client

EXPOSE 8081
EXPOSE 8080

WORKDIR /app

# Copy OpenFGA binaries from upstream image
COPY --from=openfga/openfga:v1.2.0 /openfga /app/openfga
COPY --from=openfga/openfga:v1.2.0 /assets /app/assets
ENTRYPOINT ["/app/openfga"]

COPY entrypoint.sh /app/entrypoint.sh
COPY authorisation_model.json /app/authorisation_model.json

ENTRYPOINT [ "/app/entrypoint.sh" ]

HEALTHCHECK \
--start-period=5s \
--interval=1s \
--timeout=5s \
--retries=10 \
CMD [ "curl", "http://0.0.0.0:8080/healthz" ]
1 change: 0 additions & 1 deletion local/openfga/authorisation_model.json

This file was deleted.

Loading

0 comments on commit f5c050f

Please sign in to comment.