gatekeeper

command module

v0.0.0-...-d0d2ad6 Latest Latest Go to latest Published: Apr 3, 2024 License: Apache-2.0, MIT Imports: 44 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

gitlab.com/gitlab-org/opstrace/opstrace/gatekeeper

README ¶

Gatekeeper

Gatekeeper is responsible for authentication/authorization in an GOB instance. Gatekeeper uses the attached GitLab instance as the trusted IAM.

Gatekeeper also creates GitLabNamespace resources when new namespaces are being provisioned.

We use the Gin HTTP framework for route handling.

Developing

Prerequisites:

Create a GitLab Application in your instance of choice.
Ensure you have a k8s cluster and appropriate config/context set up (from root, make kind deploy as an example).

Run:

cp .env.dev.example .env.dev

and configure .env.dev with the credentials from the GitLab Application, and the instance URL of the GitLab instance where the credentials were created.

Populate your shell environment:

source .env.dev

Start dependent services (redis):

docker compose up

And then run gatekeeper:

make run

Start developing!

Remote Development against a running GOB Instance

The following command will launch the telepresence agent in the GOB and proxy all gatekeeper traffic inside the remote GOB kubernetes cluster to the instance running on your local machine. All outbound traffic from the local gatekeeper instance running on your local machine will be proxied through telepresence to the kubernetes cluster.

cd into the root /gatekeeper directory and run:

make intercept-run

This starts the intercept and passes all environment variables from the gatekeeper pod to our local binary.

Ctrl+C this command and the intercept will be removed, returning the cluster to its default state.

Note: this starts a local redis via docker compose up -d. Redis sentinel used in GOB uses pod IPs directly, which doesn't work with telepresence.

Error Handling

The gatekeeper routes don't show error pages explicitly. We rely on Traefik to handle HTTP error codes call the gatekeeper /error_pages endpoint.

This uses the error pages Traefik middlewhare.

To signal an error in code, use one of the gin context error functions, e.g. ctx.AbortWithError(401, errors.New("Unauthorized")).

The error handling middleware will log the error for you.

Errors are designed to be rendered as JSON or HTML, depending on the request's Accept header and should be compatible with iframe embedding.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
docs Package docs Code generated by swaggo/swag.	Package docs Code generated by swaggo/swag.
gatekeeper
test

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL