feat: add service to service access

Author: HomelessDinosaur

cli/internal/simulation/simulation.go

@@ -274,13 +274,15 @@ func (s *SimulationServer) CopyDir(dst, src string) error {
 func (s *SimulationServer) startServices(output io.Writer) (<-chan service.ServiceEvent, error) {
 	serviceIntents := s.appSpec.ServiceIntents
 
+	servicePorts := make(map[string]netx.ReservedPort)
 	eventChans := []<-chan service.ServiceEvent{}
 
 	for serviceName, serviceIntent := range serviceIntents {
 		port, err := netx.GetNextPort()
 		if err != nil {
 			return nil, err
 		}
+		servicePorts[serviceName] = port
 
 		// Clone the service intent to add database connection strings
 		intentCopy := *serviceIntent
@@ -304,6 +306,16 @@ func (s *SimulationServer) startServices(output io.Writer) (<-chan service.Servi
 			}
 		}
 
+		// Inject URLs for services this service depends on
+		if access, ok := intentCopy.GetAccess(); ok {
+			for targetServiceName := range access {
+				if targetPort, exists := servicePorts[targetServiceName]; exists {
+					envVarName := fmt.Sprintf("%s_URL", strings.ToUpper(targetServiceName))
+					intentCopy.Env[envVarName] = fmt.Sprintf("http://localhost:%d", targetPort)
+				}
+			}
+		}
+
 		simulatedService, eventChan, err := service.NewServiceSimulation(serviceName, intentCopy, port, s.apiPort)
 		if err != nil {
 			return nil, err

cli/pkg/schema/access.go

@@ -7,13 +7,15 @@ type ResourceType string
 const (
 	Database ResourceType = "database"
 	Bucket   ResourceType = "bucket"
+	Service  ResourceType = "service"
 )
 
 const allAccess = "all"
 
 var validActions = map[ResourceType][]string{
 	Database: {"query", "mutate"},
 	Bucket:   {"read", "write", "delete"},
+	Service:  {"invoke"},
 }
 
 func GetValidActions(resourceType ResourceType) []string {

cli/pkg/schema/service.go

@@ -11,12 +11,18 @@ type ServiceIntent struct {
 	Dev *Dev `json:"dev,omitempty" yaml:"dev,omitempty"`
 
 	Schedules []*Schedule `json:"schedules,omitempty" yaml:"schedules,omitempty"`
+
+	Access map[string][]string `json:"access,omitempty" yaml:"access,omitempty"`
 }
 
 func (s *ServiceIntent) GetType() string {
 	return "service"
 }
 
+func (s *ServiceIntent) GetAccess() (map[string][]string, bool) {
+	return s.Access, true
+}
+
 type Schedule struct {
 	Cron string `json:"cron" yaml:"cron" jsonschema:"required"`
 	Path string `json:"path" yaml:"path" jsonschema:"required"`

cli/pkg/schema/validate.go

@@ -99,6 +99,27 @@ func (a *Application) checkAccessPermissions() []gojsonschema.ResultError {
 		}
 	}
 
+	for name, intent := range a.ServiceIntents {
+		if access, ok := intent.GetAccess(); ok {
+			for targetServiceName, actions := range access {
+				// Validate actions
+				invalidActions, ok := ValidateActions(actions, Service)
+				if !ok {
+					key := fmt.Sprintf("services.%s.access.%s", name, targetServiceName)
+					err := fmt.Sprintf("Invalid service %s: %s. Valid actions are: %s", pluralise("action", len(invalidActions)), strings.Join(invalidActions, ", "), strings.Join(GetValidActions(Service), ", "))
+					violations = append(violations, newValidationError(key, err))
+				}
+
+				// Validate that the target service exists
+				if _, exists := a.ServiceIntents[targetServiceName]; !exists {
+					key := fmt.Sprintf("services.%s.access.%s", name, targetServiceName)
+					err := fmt.Sprintf("Service %s requires access to non-existent service %s", name, targetServiceName)
+					violations = append(violations, newValidationError(key, err))
+				}
+			}
+		}
+	}
+
 	return violations
 }
 

engines/terraform/resource_handler.go

@@ -93,7 +93,44 @@ func (td *TerraformDeployment) processServiceIdentities(appSpec *app_spec_schema
 	return serviceInputs, nil
 }
 
+func (td *TerraformDeployment) collectServiceAccessors(appSpec *app_spec_schema.Application) map[string]map[string]interface{} {
+	serviceAccessors := make(map[string]map[string]interface{})
+
+	for targetServiceName := range appSpec.ServiceIntents {
+		accessors := map[string]interface{}{}
+
+		for sourceServiceName, sourceServiceIntent := range appSpec.ServiceIntents {
+			if access, ok := sourceServiceIntent.GetAccess(); ok {
+				if actions, needsAccess := access[targetServiceName]; needsAccess {
+					expandedActions := app_spec_schema.ExpandActions(actions, app_spec_schema.Service)
+					idMap := td.serviceIdentities[sourceServiceName]
+
+					accessors[sourceServiceName] = map[string]interface{}{
+						"actions":    jsii.Strings(expandedActions...),
+						"identities": idMap,
+					}
+				}
+			}
+		}
+
+		if len(accessors) > 0 {
+			serviceAccessors[targetServiceName] = accessors
+		}
+	}
+
+	return serviceAccessors
+}
+
 func (td *TerraformDeployment) processServiceResources(appSpec *app_spec_schema.Application, serviceInputs map[string]*SugaServiceVariables, serviceEnvs map[string][]interface{}) error {
+	serviceAccessors := td.collectServiceAccessors(appSpec)
+
+	// Track original env values before modification
+	originalEnvs := make(map[string]interface{})
+	for intentName := range appSpec.ServiceIntents {
+		sugaVar := serviceInputs[intentName]
+		originalEnvs[intentName] = sugaVar.Env
+	}
+
 	for intentName, serviceIntent := range appSpec.ServiceIntents {
 		spec, err := td.engine.platform.GetResourceBlueprint(serviceIntent.GetType(), serviceIntent.GetSubType())
 		if err != nil {
@@ -105,11 +142,10 @@ func (td *TerraformDeployment) processServiceResources(appSpec *app_spec_schema.
 		}
 
 		sugaVar := serviceInputs[intentName]
-		origEnv := sugaVar.Env
 
-		mergedEnv := serviceEnvs[intentName]
-		allEnv := append(mergedEnv, origEnv)
-		sugaVar.Env = cdktf.Fn_Merge(&allEnv)
+		if accessors, ok := serviceAccessors[intentName]; ok {
+			sugaVar.Services = accessors
+		}
 
 		td.createVariablesForIntent(intentName, spec)
 
@@ -121,6 +157,26 @@ func (td *TerraformDeployment) processServiceResources(appSpec *app_spec_schema.
 		})
 	}
 
+	// Add service to service urls
+	for intentName, serviceIntent := range appSpec.ServiceIntents {
+		if access, ok := serviceIntent.GetAccess(); ok {
+			for targetServiceName := range access {
+				if targetResource, ok := td.terraformResources[targetServiceName]; ok {
+					envVarName := fmt.Sprintf("%s_URL", strings.ToUpper(targetServiceName))
+					httpEndpoint := targetResource.Get(jsii.String("suga.http_endpoint"))
+					serviceEnvs[intentName] = append(serviceEnvs[intentName], map[string]interface{}{
+						envVarName: httpEndpoint,
+					})
+				}
+			}
+		}
+
+		sugaVar := serviceInputs[intentName]
+		mergedEnv := serviceEnvs[intentName]
+		allEnv := append(mergedEnv, originalEnvs[intentName])
+		sugaVar.Env = cdktf.Fn_Merge(&allEnv)
+	}
+
 	return nil
 }
 

engines/terraform/suga.go

@@ -9,6 +9,7 @@ type SugaServiceVariables struct {
 	ImageId       *string                         `json:"image_id"`
 	Env           interface{}                     `json:"env"`
 	Identities    *map[string]interface{}         `json:"identities"`
+	Services      map[string]interface{}          `json:"services,omitempty"`
 	Schedules     *map[string]SugaServiceSchedule `json:"schedules,omitempty"`
 	StackId       *string                         `json:"stack_id"`
 }