Upgrade API (#4)

* Changelog * Upgrade to latest AuthService interface * Add docs ref to README * Do not release from this repo * Add more info to README.md * Resize headings * Fix typo * Update README.md Co-Authored-By: Kevin Dorosh <kcdorosh@gmail.com> * Update README.md Co-Authored-By: Kevin Dorosh <kcdorosh@gmail.com> * Improve README
solo-io · Aug 30, 2019 · d5d4649 · d5d4649
1 parent a27c681
commit d5d4649
Show file tree

Hide file tree

Showing 8 changed files with 76 additions and 56 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -18,15 +18,17 @@ WORKDIR /go/src/github.com/solo-io/ext-auth-plugin-examples
 # We need this so that the import paths for any library shared between the plugins and Gloo are the same.
 RUN cp -a vendor/. /go/src/ && rm -rf vendor
 
-# Build plugins with CGO enabled
+# Build plugin(s) with CGO enabled
 RUN CGO_ENABLED=1 GOARCH=amd64 GOOS=linux go build -buildmode=plugin -gcflags="$GC_FLAGS" -o plugins/RequiredHeader.so plugins/required_header/plugin.go
 
-# Verify that plugins can be loaded by GlooE
+# Verify that plugin(s) can be loaded by GlooE
 RUN chmod +x $VERIFY_SCRIPT
 RUN $VERIFY_SCRIPT -pluginDir plugins -manifest plugins/plugin_manifest.yaml
 
-# This stage builds the final image containing just the plugin .so files
+# This stage just copies over the plugin .so files from the previous stage
 FROM alpine:3.10.1
 RUN mkdir /compiled-auth-plugins
 COPY --from=build-env /go/src/github.com/solo-io/ext-auth-plugin-examples/plugins/RequiredHeader.so /compiled-auth-plugins/
+# This is the command that will be executed when the container is run.
+# It has to copy the compiled plugin file(s) to a directory.
 CMD cp /compiled-auth-plugins/* /auth-plugins/
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -12,7 +12,7 @@
 
 [[constraint]]
   name = "github.com/solo-io/ext-auth-plugins"
-  version = "=v0.0.3"
+  version = "=v0.1.0"
 
 [[constraint]]
   name = "github.com/envoyproxy/go-control-plane"

diff --git a/Makefile b/Makefile
@@ -1,12 +1,3 @@
-GLOOE_VERSION := 0.18.13
-BUILD_ID := $(BUILD_ID)
-RELEASE := "true"
-ifeq ($(TAGGED_VERSION),)
-	TAGGED_VERSION := v$(BUILD_ID)
-	RELEASE := "false"
-endif
-VERSION ?= $(shell echo $(TAGGED_VERSION) | cut -c 2-)
-
 .PHONY: format
 format:
 	gofmt -w -e plugins scripts
@@ -18,6 +9,9 @@ format:
 GLOOE_DIR := _glooe
 _ := $(shell mkdir -p $(GLOOE_DIR))
 
+# Set this variable to the version of GlooE you want to target
+GLOOE_VERSION ?= 0.18.21
+
 .PHONY: get-glooe-info
 get-glooe-info: $(GLOOE_DIR)/Gopkg.lock $(GLOOE_DIR)/verify-plugins-linux-amd64 $(GLOOE_DIR)/build_env
 
@@ -52,7 +46,7 @@ endef
 
 .PHONY: build-plugins
 build-plugins: $(GLOOE_DIR)/build_env $(GLOOE_DIR)/verify-plugins-linux-amd64
-	docker build --no-cache -t quay.io/solo-io/ext-auth-plugin-examples:$(VERSION) \
+	docker build --no-cache \
 		--build-arg GO_BUILD_IMAGE=$(call get_glooe_var,GO_BUILD_IMAGE) \
 		--build-arg GC_FLAGS=$(call get_glooe_var,GC_FLAGS) \
 		--build-arg VERIFY_SCRIPT=$(GLOOE_DIR)/verify-plugins-linux-amd64 \
@@ -62,17 +56,4 @@ build-plugins: $(GLOOE_DIR)/build_env $(GLOOE_DIR)/verify-plugins-linux-amd64
 build-plugins-for-tests: $(EXAMPLES_DIR)/required_header/RequiredHeader.so
 
 $(EXAMPLES_DIR)/required_header/RequiredHeader.so: $(SOURCES)
-	go build -buildmode=plugin -o $(EXAMPLES_DIR)/required_header/RequiredHeader.so $(EXAMPLES_DIR)/required_header/plugin.go
-
-
-#----------------------------------------------------------------------------------
-# Release plugins
-#----------------------------------------------------------------------------------
-
-.PHONY: release-plugins
-release-plugins:
-ifeq ($(RELEASE),"true")
-	docker push quay.io/solo-io/ext-auth-plugin-examples:$(VERSION)
-else
-	@echo This is not a release build. Example plugins will not be published.
-endif
+	go build -buildmode=plugin -o $(EXAMPLES_DIR)/required_header/RequiredHeader.so $(EXAMPLES_DIR)/required_header/plugin.go
diff --git a/README.md b/README.md
@@ -6,4 +6,52 @@
 
 This repository contains example implementations of the 
 [ExtAuthPlugin interface](https://github.com/solo-io/ext-auth-plugins/blob/master/api/interface.go) and a set 
-of utilities that you can (and should!) use when building your own plugins.
+of utilities that you can (and should!) use when building your own plugins.
+
+Please refer to the [Auth Plugin Developer Guide](https://gloo.solo.io/dev/writing_auth_plugins/) for an in-depth 
+explanation on how you can use this repository as a template to write your own Gloo Auth plugins.
+
+## Makefile overview
+Following is an overview of the most relevant `make` targets.
+
+### get-glooe-info
+When you are writing your own Ext Auth plugins, you must target a specific GlooE version. This is because of the 
+nature of Go plugins (you can find more info in [this section](https://gloo.solo.io/dev/writing_auth_plugins/#build-helper-tools) 
+of the [Auth Plugin Developer Guide](https://gloo.solo.io/dev/writing_auth_plugins/)). With each release GlooE publishes 
+the information that you will require to replicate its build environment. You can get them by running
+
+```bash
+GLOOE_VERSION=<target-glooe-version> make get-glooe-info
+```
+
+where `GLOOE_VERSION` is the desired GlooE version, e.g. `0.18.21`.
+
+This will download the following files:
+- `_glooe/build_env`: values to parameterize the plugin build with
+- `_glooe/Gopkg.lock`: the [dep .lock file](https://golang.github.io/dep/docs/Gopkg.lock.html) containing all GlooE 
+dependency version
+- `_glooe/verify-plugins-linux-amd64`: a script to verify whether your plugin can be loaded by GlooE
+
+### compare-deps
+The `compare-deps` target compares the local `Gopkg.lock` with the one describing the GlooE dependencies. It will succeed 
+if the shared dependencies match _exactly_ (this is another constraint imposed by Go plugins, more info 
+[here](https://gloo.solo.io/dev/writing_auth_plugins/#build-helper-tools)) and fail otherwise, outputting information 
+about mismatches to stdout and a file.
+
+### build-plugins
+The `build-plugins` target compiles the plugin inside a docker container using the `Dockerfile` at the root of this 
+repository (this is done for reproducibility). It uses the information published by GlooE to mirror its build 
+environment and verify compatibility.
+
+## Get example images
+You can get the images for the example plugin(s) whose source code is contained in this repository by running:
+
+```bash
+docker pull quay.io/solo-io/ext-auth-plugins:<glooe_version>
+```
+
+where the tag `glooe_version` is the version of GlooE you want to run the plugins with, e.g. `0.18.21`.
+
+## Publishing your own plugins
+To publish your own images you can just tag the image built in the `build-plugins` target (by adding add a `-t` option) 
+and publish it to a docker registry that is reachable from the cluster you are running GlooE in.
diff --git a/changelog/v0.1.0/upgrade-to-new-api.yaml b/changelog/v0.1.0/upgrade-to-new-api.yaml
@@ -0,0 +1,10 @@
+changelog:
+- type: BREAKING_CHANGE
+  description: Upgrade examples to latest AuthService interface.
+  issueLink: https://github.com/solo-io/ext-auth-plugin-examples/issues/3
+- type: DEPENDENCY_BUMP
+  dependencyOwner: solo-io
+  dependencyRepo: ext-auth-plugins
+  dependencyTag: v0.1.0
+- type: NON_USER_FACING
+  description: Upgrade examples to latest AuthService interface.
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
@@ -46,25 +46,4 @@ steps:
   - 'GOPATH=/workspace/gopath'
   - 'TAGGED_VERSION=$TAG_NAME'
   - 'BUILD_ID=$BUILD_ID'
-  dir: './gopath/src/github.com/solo-io/ext-auth-plugin-examples'
-
-- name: 'gcr.io/cloud-builders/docker'
-  entrypoint: 'bash'
-  args: ['-c', 'docker login quay.io --username "solo-io+solobot" --password $$QUAY_IO_PASSWORD']
-  secretEnv: ['QUAY_IO_PASSWORD']
-  id: 'docker-login'
-
-- name: 'gcr.io/$PROJECT_ID/go-make:0.1.12'
-  args: ['release-plugins']
-  env:
-  - 'PROJECT_ROOT=github.com/solo-io/ext-auth-plugin-examples'
-  - 'GOPATH=/workspace/gopath'
-  - 'TAGGED_VERSION=$TAG_NAME'
-  - 'BUILD_ID=$BUILD_ID'
-  dir: './gopath/src/github.com/solo-io/ext-auth-plugin-examples'
-  id: 'release-plugins'
-
-secrets:
-- kmsKeyName: projects/solo-public/locations/global/keyRings/build/cryptoKeys/build-key
-  secretEnv:
-    QUAY_IO_PASSWORD: CiQABlzmSRx5TcOqbldXa/d/+bkmAfpNAWa3PTS06WvuloZL+vASaQCCPGSGCogonVZVEUNx4G3YJtWi18gSuNx4PvLe08q8xAflTMFkjsyQirAOK3Y2oCvgYwiw/ITcuydjkpMjxDygFyENXS9FKFJoAXHlPQE5qidKr8xxmxF5ezhmjGB0gjyjXIIkbSEnBg==
+  dir: './gopath/src/github.com/solo-io/ext-auth-plugin-examples'
diff --git a/plugins/required_header/pkg/impl.go b/plugins/required_header/pkg/impl.go
@@ -63,8 +63,8 @@ func (c *RequiredHeaderAuthService) Start(context.Context) error {
 	return nil
 }
 
-func (c *RequiredHeaderAuthService) Authorize(ctx context.Context, request *envoyauthv2.CheckRequest) (*api.AuthorizationResponse, error) {
-	for key, value := range request.Attributes.Request.Http.Headers {
+func (c *RequiredHeaderAuthService) Authorize(ctx context.Context, request *api.AuthorizationRequest) (*api.AuthorizationResponse, error) {
+	for key, value := range request.CheckRequest.GetAttributes().GetRequest().GetHttp().GetHeaders() {
 		if key == c.RequiredHeader {
 			logger(ctx).Infow("Found required header, checking value.", "header", key, "value", value)