[pull] main from permitio:main

.github/workflows/release.yml

@@ -14,54 +14,6 @@ jobs:
     uses: ./.github/workflows/tests.yml
     secrets: inherit
 
-  build-and-push-pdp-vanilla:
-    needs: pdp-tests
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Login to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-    - name: Pre build - for PDP-Vanilla
-      run: echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version
-
-    - name: Build and push PDP-Vanilla - (official release)
-      if: "!github.event.release.prerelease"
-      uses: docker/build-push-action@v5
-      with:
-        push: true
-        context: .
-        platforms: linux/amd64,linux/arm64
-        tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }}, permitio/pdp-v2-vanilla:latest
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-        build-args: |
-          OPA_BUILD=vanilla
-
-    - name: Build and push PDP-Vanilla image - (pre-release)
-      if: "github.event.release.prerelease"
-      uses: docker/build-push-action@v5
-      with:
-        push: true
-        context: .
-        platforms: linux/amd64,linux/arm64
-        tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }}
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-        build-args: |
-          OPA_BUILD=vanilla
-
   build-and-push-pdp:
     needs: pdp-tests
     runs-on: ubuntu-latest

charts/pdp/Chart.yaml

@@ -1,13 +1,14 @@
 apiVersion: v2
 name: pdp
-description: An official Helm chart for Permit.io PDP (Policy Decision Point) with OpenShift support
-version: 0.0.5
+description: An official Helm chart for Permit.io PDP (Policy Decision Point) with OpenShift support and configurable ports
+version: 0.0.6
 keywords:
   - policy
   - authorization
   - security
   - permit
   - openshift
+  - grpc
 maintainers:
   - name: Permit.io
     url: https://permit.io

charts/pdp/templates/deployment.yaml

@@ -45,6 +45,10 @@ spec:
           {{- end }}
           ports:
             - containerPort: {{ .Values.pdp.port }}
+            {{- range .Values.pdp.additionalPorts }}
+            - name: {{ .name }}
+              containerPort: {{ .targetPort }}
+            {{- end }}
           env:
             - name: PDP_API_KEY
               valueFrom:

charts/pdp/templates/service.yaml

@@ -14,6 +14,13 @@ spec:
   selector:
     {{- include "pdp.selectorLabels" . | nindent 4 }}
   ports:
-    - protocol: TCP
+    - name: http
+      protocol: TCP
       port: {{ .Values.pdp.port }}
       targetPort: 7000
+    {{- range .Values.pdp.additionalPorts }}
+    - name: {{ .name }}
+      port: {{ .port }}
+      targetPort: {{ .targetPort }}
+      protocol: TCP
+    {{- end }}

charts/pdp/values.yaml

@@ -6,6 +6,10 @@ pdp:
     []
     # - name: custom_env
     #   value: "custom_env"
+    #
+    # Example - enable Envoy gRPC ext_authz on port 9191 (requires PDP >= 0.9.10):
+    # - name: PDP_OPA_PLUGINS
+    #   value: '{"permit_graph":{},"envoy_ext_authz_grpc":{"addr":":9191","path":"permit/root"}}'
   ApiKey: "<your PDP API Key>"
 
   # Use an existing secret for the API key instead of creating one
@@ -14,6 +18,12 @@ pdp:
   #   name: "my-existing-secret"
   #   key: "api-key"
   port: 7766
+  # Example - expose Envoy gRPC ext_authz port (requires PDP_OPA_PLUGINS env var above):
+  #   additionalPorts:
+  #     - name: grpc
+  #       port: 9191
+  #       targetPort: 9191
+  additionalPorts: []
   replicas: 1
   image:
     repository: permitio/pdp-v2

pdp-server/src/cache/mod.rs

@@ -1,4 +1,3 @@
-use log::error;
 use serde::{de::DeserializeOwned, Serialize};
 use thiserror::Error;