Basic docker compose setup

alukach · alukach · commit 9bc63db41c4a · 2024-03-04T17:36:24.000-08:00
diff --git a/demo/keto/.gitignore b/demo/keto/.gitignore
@@ -0,0 +1 @@
+node_modules
diff --git a/demo/keto/keto.yml b/demo/keto/keto.yml
@@ -0,0 +1,16 @@
+version: v0.6.0-alpha.1
+
+log:
+  level: debug
+
+namespaces:
+  - id: 0
+    name: videos
+
+serve:
+  read:
+    host: 0.0.0.0
+    port: 4466
+  write:
+    host: 0.0.0.0
+    port: 4467
diff --git a/demo/keto/migrate.sh b/demo/keto/migrate.sh
@@ -0,0 +1,6 @@
+!#/bin/bash
+
+# Create the database
+
+# Migrate the database
+keto migrate up -y
diff --git a/demo/keto/namespaces.keto.ts b/demo/keto/namespaces.keto.ts
@@ -0,0 +1,44 @@
+import { Namespace, SubjectSet, Context } from "@ory/keto-namespace-types";
+
+class User implements Namespace {
+  related: {
+    manager: User[];
+  };
+}
+
+class Group implements Namespace {
+  related: {
+    members: (User | Group)[];
+  };
+}
+
+class StacCollection implements Namespace {
+  related: {
+    parents: (StacItem | StacCollection)[];
+    viewers: SubjectSet<Group, "members">[];
+  };
+
+  permits = {
+    view: (ctx: Context): boolean =>
+      this.related.viewers.includes(ctx.subject) ||
+      this.related.parents.traverse((p) => p.permits.view(ctx)),
+  };
+}
+
+class StacItem implements Namespace {
+  related: {
+    parents: (StacItem | StacCollection)[];
+    viewers: (User | SubjectSet<Group, "members">)[];
+    owners: (User | SubjectSet<Group, "members">)[];
+  };
+
+  // Some comment
+  permits = {
+    view: (ctx: Context): boolean =>
+      this.related.parents.traverse((p) => p.permits.view(ctx)) ||
+      this.related.viewers.includes(ctx.subject) ||
+      this.related.owners.includes(ctx.subject),
+
+    edit: (ctx: Context) => this.related.owners.includes(ctx.subject),
+  };
+}
diff --git a/demo/keto/package.json b/demo/keto/package.json
@@ -0,0 +1,5 @@
+{
+	"devDependencies": {
+		"@ory/keto-namespace-types": "0.13.0-alpha.0"
+	}
+}
diff --git a/demo/keto/pnpm-lock.yaml b/demo/keto/pnpm-lock.yaml
diff --git a/demo/keto/relation-tuples/cats1_owner.json b/demo/keto/relation-tuples/cats1_owner.json
@@ -0,0 +1,11 @@
+{
+  "$schema": "../../../.schema/relation_tuple.schema.json",
+  "namespace": "videos",
+  "object": "/cats/1.mp4",
+  "relation": "owner",
+  "subject_set": {
+    "namespace": "videos",
+    "object": "/cats",
+    "relation": "owner"
+  }
+}
diff --git a/demo/keto/relation-tuples/cats1_view_owner.json b/demo/keto/relation-tuples/cats1_view_owner.json
@@ -0,0 +1,11 @@
+{
+  "$schema": "../../../.schema/relation_tuple.schema.json",
+  "namespace": "videos",
+  "object": "/cats/1.mp4",
+  "relation": "view",
+  "subject_set": {
+    "namespace": "videos",
+    "object": "/cats/1.mp4",
+    "relation": "owner"
+  }
+}
diff --git a/demo/keto/relation-tuples/cats1_view_public.json b/demo/keto/relation-tuples/cats1_view_public.json
@@ -0,0 +1,7 @@
+{
+  "$schema": "../../../.schema/relation_tuple.schema.json",
+  "namespace": "videos",
+  "object": "/cats/1.mp4",
+  "relation": "view",
+  "subject_id": "*"
+}
diff --git a/demo/keto/relation-tuples/cats2_owner.json b/demo/keto/relation-tuples/cats2_owner.json
@@ -0,0 +1,11 @@
+{
+  "$schema": "../../../.schema/relation_tuple.schema.json",
+  "namespace": "videos",
+  "object": "/cats/2.mp4",
+  "relation": "owner",
+  "subject_set": {
+    "namespace": "videos",
+    "object": "/cats",
+    "relation": "owner"
+  }
+}
diff --git a/demo/keto/relation-tuples/cats2_view.json b/demo/keto/relation-tuples/cats2_view.json
@@ -0,0 +1,11 @@
+{
+  "$schema": "../../../.schema/relation_tuple.schema.json",
+  "namespace": "videos",
+  "object": "/cats/2.mp4",
+  "relation": "view",
+  "subject_set": {
+    "namespace": "videos",
+    "object": "/cats/2.mp4",
+    "relation": "owner"
+  }
+}
diff --git a/demo/keto/relation-tuples/cats_owner.json b/demo/keto/relation-tuples/cats_owner.json
@@ -0,0 +1,7 @@
+{
+  "$schema": "../../../.schema/relation_tuple.schema.json",
+  "namespace": "videos",
+  "object": "/cats",
+  "relation": "owner",
+  "subject_id": "cat lady"
+}
diff --git a/demo/keto/relation-tuples/cats_view.json b/demo/keto/relation-tuples/cats_view.json
@@ -0,0 +1,11 @@
+{
+  "$schema": "../../../.schema/relation_tuple.schema.json",
+  "namespace": "videos",
+  "object": "/cats",
+  "relation": "view",
+  "subject_set": {
+    "namespace": "videos",
+    "object": "/cats",
+    "relation": "owner"
+  }
+}
diff --git a/demo/keto/relationships.json b/demo/keto/relationships.json
@@ -0,0 +1,72 @@
+[
+  {
+    "namespace": "Group",
+    "object": "developer",
+    "relation": "members",
+    "subject_id": "patrik"
+  },
+  {
+    "namespace": "Group",
+    "object": "developer",
+    "relation": "members",
+    "subject_set": {
+      "namespace": "User",
+      "object": "Patrik"
+    }
+  },
+  {
+    "namespace": "Group",
+    "object": "developer",
+    "relation": "members",
+    "subject_set": {
+      "namespace": "User",
+      "object": "Henning"
+    }
+  },
+  {
+    "namespace": "StacCollection",
+    "object": "keto/",
+    "relation": "viewers",
+    "subject_set": {
+      "namespace": "Group",
+      "object": "developer",
+      "relation": "members"
+    }
+  },
+  {
+    "namespace": "StacItem",
+    "object": "keto/README.md",
+    "relation": "parents",
+    "subject_set": {
+      "namespace": "StacCollection",
+      "object": "keto/"
+    }
+  },
+  {
+    "namespace": "StacCollection",
+    "object": "keto/src/",
+    "relation": "parents",
+    "subject_set": {
+      "namespace": "StacCollection",
+      "object": "keto/"
+    }
+  },
+  {
+    "namespace": "StacItem",
+    "object": "keto/src/main.go",
+    "relation": "parents",
+    "subject_set": {
+      "namespace": "StacCollection",
+      "object": "keto/src/"
+    }
+  },
+  {
+    "namespace": "StacItem",
+    "object": "private",
+    "relation": "owners",
+    "subject_set": {
+      "namespace": "User",
+      "object": "Henning"
+    }
+  }
+]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,9 +1,9 @@
-version: '3'
+version: "3"
 
 services:
-
   # change to official image when available https://github.com/radiantearth/stac-browser/pull/386
   stac-browser:
+    platform: linux/amd64
     build:
       context: dockerfiles
       dockerfile: Dockerfile.browser
@@ -13,7 +13,7 @@ services:
       - stac-fastapi
       - titiler-pgstac
       - database
-      
+
   stac-fastapi:
     # Note:
     # the official ghcr.io/stac-utils/stac-fastapi-pgstac image uses python 3.8 and uvicorn
@@ -47,8 +47,7 @@ services:
       - DB_MAX_CONN_SIZE=10
     depends_on:
       - database
-    command:
-      bash -c "bash /tmp/scripts/wait-for-it.sh -t 120 -h database -p 5432 && /start.sh"
+    command: bash -c "bash /tmp/scripts/wait-for-it.sh -t 120 -h database -p 5432 && /start.sh"
     volumes:
       - ./dockerfiles/scripts:/tmp/scripts
 
@@ -96,8 +95,7 @@ services:
       - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
     depends_on:
       - database
-    command:
-      bash -c "bash /tmp/scripts/wait-for-it.sh -t 120 -h database -p 5432 && /start.sh"
+    command: bash -c "bash /tmp/scripts/wait-for-it.sh -t 120 -h database -p 5432 && /start.sh"
     volumes:
       - ./dockerfiles/scripts:/tmp/scripts
 
@@ -123,14 +121,14 @@ services:
       - POSTGRES_PORT=5432
       - DB_MIN_CONN_SIZE=1
       - DB_MAX_CONN_SIZE=10
-    command:
-      bash -c "bash /tmp/scripts/wait-for-it.sh -t 120 -h database -p 5432 && /start.sh"
+    command: bash -c "bash /tmp/scripts/wait-for-it.sh -t 120 -h database -p 5432 && /start.sh"
     depends_on:
       - database
     volumes:
       - ./dockerfiles/scripts:/tmp/scripts
 
   database:
+    platform: linux/amd64
     image: ghcr.io/stac-utils/pgstac:v0.8.1
     environment:
       - POSTGRES_USER=username
@@ -139,12 +137,58 @@ services:
       - PGUSER=username
       - PGPASSWORD=password
       - PGDATABASE=postgis
+      - POSTGRES_MULTIPLE_DATABASES=accesscontroldb
     ports:
       - "${MY_DOCKER_IP:-127.0.0.1}:5439:5432"
     command: postgres -N 500
     volumes:
+      - ./dockerfiles/scripts/docker-postgresql-multiple-databases.sh:/docker-entrypoint-initdb.d/docker-postgresql-multiple-databases.sh
       - ./.pgdata:/var/lib/postgresql/data
 
+  keto-migrate:
+    image: oryd/keto:v0.12.0-alpha.0
+    volumes:
+      - type: bind
+        source: demo/keto
+        target: /home/ory
+      - type: bind
+        source: dockerfiles/scripts
+        target: /tmp/scripts
+    environment:
+      - LOG_LEVEL=debug
+      - DSN=postgres://username:password@database:5432/accesscontroldb?sslmode=disable
+    depends_on:
+      - database
+    restart: on-failure
+    command: migrate up -y
+
+  keto:
+    image: oryd/keto:v0.12.0-alpha.0
+    ports:
+      - "4466:4466"
+      - "4467:4467"
+    command: serve -c /home/ory/keto.yml
+    depends_on:
+      - keto-migrate
+    environment:
+      - DSN=postgres://username:password@database:5432/accesscontroldb?sslmode=disable
+    restart: on-failure
+    volumes:
+      - type: bind
+        source: demo/keto/keto.yml
+        target: /home/ory/keto.yml
+
+  keto-init:
+    image: oryd/keto:v0.12.0-alpha.0
+    environment:
+      - KETO_WRITE_REMOTE=keto:4467
+    volumes:
+      - type: bind
+        source: demo/keto
+        target: /home/ory
+    command: relation-tuple create /home/ory/relation-tuples
+    restart: on-failure
+
 networks:
   default:
     name: eoapi-network
diff --git a/dockerfiles/scripts/docker-postgresql-multiple-databases.sh b/dockerfiles/scripts/docker-postgresql-multiple-databases.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+set -u
+
+function create_user_and_database() {
+	local database=$1
+	echo "  Creating user and database '$database'"
+	psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+	    CREATE USER $database;
+	    CREATE DATABASE $database;
+	    GRANT ALL PRIVILEGES ON DATABASE $database TO $database;
+EOSQL
+}
+
+if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
+	echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
+	for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
+		create_user_and_database $db
+	done
+	echo "Multiple databases created"
+fi

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +{
 +	"devDependencies": {
 +		"@ory/keto-namespace-types": "0.13.0-alpha.0"
 +	}
 +}