openmfp
diff --git a/‎.github/workflows/pipeline.yml
Lines changed: 7 additions & 4 deletions b/‎.github/workflows/pipeline.yml
Lines changed: 7 additions & 4 deletions
diff --git a/‎.gitignore
Lines changed: 7 additions & 0 deletions b/‎.gitignore
Lines changed: 7 additions & 0 deletions
diff --git a/‎.testcoverage.yml
Lines changed: 5 additions & 1 deletion b/‎.testcoverage.yml
Lines changed: 5 additions & 1 deletion
diff --git a/‎Dockerfile
Lines changed: 16 additions & 0 deletions b/‎Dockerfile
Lines changed: 16 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 187 additions & 52 deletions b/‎README.md
Lines changed: 187 additions & 52 deletions
@@ -6,10 +6,13 @@ jobs:
     concurrency:
       group: ${{ github.ref }}
       cancel-in-progress: true
-    uses: openmfp/gha/.github/workflows/pipeline-golang-module.yml@main
+    uses: openmfp/gha/.github/workflows/pipeline-golang-app.yml@main
     secrets: inherit
     with:
+      useTask: true
       useLocalCoverageConfig: true
-      coverageThreasholdFile: 0
-      coverageThreasholdPackage: 0
-      coverageThreasholdTotal: 0
+      imageTagName: ghcr.io/openmfp/gql-gateway
+      coverageThreasholdFile: 50
+      coverageThreasholdPackage: 51
+      coverageThreasholdTotal: 56
+
@@ -18,9 +18,16 @@ bin
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
+coverage.html
 
 # Dependency directories (remove the comment below to include it)
 # vendor/
 
 # Go workspace file
 go.work
+
+# binary files
+main
+
+# kcp
+.kcp
@@ -1,3 +1,7 @@
 exclude:
   paths:
-    - ^cmd/*
+    - main.go
+    - cmd
+    - gateway
+    - tests
+    - internal/config/config.go
@@ -0,0 +1,16 @@
+FROM golang:1.23-alpine AS builder
+WORKDIR /app
+COPY . .
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags '-w -s' main.go
+
+FROM alpine
+
+WORKDIR /app
+
+
+COPY --from=builder  /app/main .
+
+USER 1001:1001
+
+ENTRYPOINT ["./main"]
+CMD ["gql-gateway"]
@@ -1,83 +1,218 @@
 > [!WARNING]
 > This repository is under construction and not yet ready for public consumption. Please check back later for updates.
 
+# GQL Gateway 
 
-# crd-gql-gateway
+The goal of this library is to provide a reusable and generic way of exposing k8s resources from within a cluster using GraphQL.
+This enables UIs that need to consume these objects to do so in a developer-friendly way, leveraging a rich ecosystem.
 
-The goal of this library is to provide a reusable and generic way of exposing Custom Resource Definitions from within a cluster using GraphQL. This enables UIs that need to consume these objects to do so in a developer-friendly way, leveraging a rich ecosystem.
+## Overview
+GQL Gateway expects a directory as input to watch for files containing OpenAPI specifications with resources.
 
-For each registered CRD, the gateway provides the following:
+Each file in that directory will correspond to a KCP workspace (or API server).
 
-- A list query that allows the client to request a list of specific CRDs based on label selectors and/or namespace.
-- A query for an individual resource.
-- Create/Update/Delete mutations.
-- A list subscription type that opens a watch and serves the client live updates from CRDs within the cluster.
+For each file it will create a separate URL like `/<workspace-name>/graphql` which will be used to query the resources of that workspace.
 
-Additionally, the gateway ensures that client requests are authorized to perform the desired actions using `SubjectAccessReview`, which ensures proper authorization.
+It will be watching for changes in the directory and update the schema accordingly.
 
 ## Usage
 
-The goal is to provide a reusable library that can serve Custom Resources from any cluster without being specifically tied to a cluster/setup. The library is also able to dynamically infer which custom resource to expose based on the registered types in the [`runtime.Scheme`](https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime#Scheme), which need to be registered anyway in order to get a functioning `controller-runtime` client.
+### OpenAPI Spec
 
-To get started, you can consume the library in the following way:
+You can run the gateway using the existing generic OpenAPI spec file which is located in the `./definitions` directory.
 
-#### 1. Create a `controller-runtime.Client` however you like
-
-Please make sure to also include the `k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1` and the `k8s.io/api/authorization/v1` types, so the library can create `SubjectAccessReviews` and load `CustomResourceDefinitions`.
-
-```go
-schema := runtime.NewScheme()
-apiextensionsv1.AddToScheme(schema)
-authzv1.AddToScheme(schema)
+(Optional) Or you can generate a new one from your own cluster by running the following command:
+```shell
+kubectl get --raw /openapi/v2 > filename
+```
+### Start the Service 
+```shell
+task start
+```
+OR
+```shell
+go run main.go start --watched-dir=./definitions
+# where ./definitions is the directory containing the OpenAPI spec files
 ```
 
-After you set up the generally needed schema, feel free to add the types of any CRD that is available in your target cluster to the scheme. For every type that you register, there will be a set of queries, mutations, and subscriptions generated to expose your type via the gateway.
+After service start you can access the GraphQL playground. 
+All addresses correspond the content of the watched directory and can be found in the terminal output.
 
-```go
-package main
+For example, we have two KCP workspaces: `root` and `root:alpha`, for each of them we have a separate spec file in the `./definitions` directory.
 
-import (
-    // ...
-    accountv1alpha1 "github.com/openmfp/account-operator/api/v1alpha1"
-    // ...
-)
+Then we will have two URLs:
+- `http://localhost:3000/root/graphql`
+- `http://localhost:3000/root:alpha/graphql`
 
-func main() {
-    // ...
-    accountv1alpha1.AddToScheme(schema)
+Open the URL in the browser and you will see the GraphQL playground. 
 
-    cfg := controllerruntime.GetConfigOrDie()
+### Authorization
 
-    cl, err := client.NewWithWatch(cfg, client.Options{
-        Scheme: schema,
-    })
-    if err != nil {
-        panic(err)
+To send the request, you can attach the `Authorization` header with the token from kubeconfig `users.user.token`:
+```shell
+{
+  "Authorization": "5f89bc76-c5b8-4d6f-b575-9ca7a6240bca"
+}
+```
+
+**If you skip that header, service will try to use a runtime client with current context.(`kubectl config current-context`)**
+
+P.S. Skipping the header works with both API server and KCP workspace.
+
+#### Sending queries
+
+##### Create a Pod:
+
+```shell
+mutation {
+  core {
+    createPod(
+      namespace: "default",
+      object: {
+        metadata: {
+          name: "my-new-pod",
+          labels: {
+            app: "my-app"
+          }
+        }
+        spec: {
+          containers: [
+            {
+              name: "nginx-container"
+              image: "nginx:latest"
+              ports: [
+                {
+                  containerPort: 80
+                }
+              ]
+            }
+          ]
+          restartPolicy: "Always"
+        }
+      }
+    ) {
+      metadata {
+        name
+        namespace
+        labels
+      }
+      spec {
+        containers {
+          name
+          image
+          ports {
+            containerPort
+          }
+        }
+        restartPolicy
+      }
+      status {
+        phase
+      }
     }
+  }
 }
 ```
 
-#### 2. Pass the client to the gateway library and see your resource being exposed :rocket:
+##### Get the created Pod:
+```shell
+query {
+  core {
+    Pod(name:"my-new-pod", namespace:"default") {
+      metadata {
+        name
+      }
+      spec{
+        containers {
+          image
+          ports {
+            containerPort
+          }
+        }
+      }
+    }
+  }
+}
+```
 
-```go
-gqlSchema, err := gateway.New(cmd.Context(), gateway.Config{
-    Client: cl,
-})
-if err != nil {
-    return err
+##### Delete the created Pod:
+```shell
+mutation {
+  core {
+    deletePod(
+      namespace: "default",
+      name: "my-new-pod"
+    )
+  }
 }
+```
+### Components Overview
+
+#### Workspace manager
+
+Holds the logic for watching a directory, triggering schema generation, and binding it to an HTTP handler.
+
+*P.S. We are going to have an Event Listener that will watch the KCP workspace and write the OpenAPI spec into that directory.*
+
+#### Gateway
+
+Is responsible for the conversion from OpenAPI spec into the GraphQL schema.
+
+#### Resolver
+
+Holds the logic of interaction with the cluster.
 
-http.Handle("/graphql", gateway.Handler(gateway.HandlerConfig{
-    Config: &handler.Config{
-        Schema:     &gqlSchema,
-        Pretty:     true,
-        Playground: true,
-    },
-    UserClaim: "mail",
-}))
+### Testing
+
+```shell
+task test
+```
+
+If you want to run single test, you need to export a KUBEBUILDER_ASSETS environment variable:
+```shell
+KUBEBUILDER_ASSETS=$(pwd)/bin/k8s/$DIR_WITH_ASSETS
+# where $DIR_WITH_ASSETS is the directory that contains binaries for your OS.
+```
+P.S. You can also integrate it within your IDE run configuration.
+
+Then you can run the test:
+```
+
+
+You can also check the coverage:
+```shell
+task coverage
+```
+P.S. If you want to exclude some files from the coverage report, you can add them to the `.testcoverage.yml` file.
+
+
+
+### Linting
+
+```shell
+task lint
 ```
 
-You can expose the `gateway.Handler()` via the normal `net/http` package.
+### Subscriptions
+
+To subscribe to events, you should use the SSE (Server-Sent Events) protocol.
 
-It takes care of serving the right protocol based on the `Content-Type` header, as it exposes the `subscriptions` via the [`SSE`](https://html.spec.whatwg.org/multipage/server-sent-events.html) standard.
+Since GraphQL playground doesn't support it, you should use curl.
 
+For instance, to subscribe to a change of a specific fields of the deployments, you can run the following command:
+```shell
+curl -H "Accept: text/event-stream" -H "Content-Type: application/json" http://localhost:3000/fullSchema/subscriptions \
+-d '{"query": "subscription { apps_deployments(namespace: \"default\") { metadata { name } spec { replicas } } }"}'
+```
+Fields that will be listened are defined in the graphql query within the `{}` brackets.
+
+If you want to listen to all fields, you can set `subscribeToAll` to `true`:
+```shell
+curl -H "Accept: text/event-stream" -H "Content-Type: application/json" http://localhost:3000/fullSchema/subscriptions \
+-d '{"query": "subscription { apps_deployments(namespace: \"default\", subscribeToAll: true) { metadata { name } spec { replicas } } }"}'
+```
+If you want to listen to a specific deployment:
+```shell
+curl -H "Accept: text/event-stream" -H "Content-Type: application/json" http://localhost:3000/fullSchema/subscriptions \
+-d '{"query": "subscription { apps_deployment(namespace: \"default\", name: \"my-new-deployment\") { metadata { name } spec { replicas } } }"}'
+```
-Original file line number
+Diff line change
@@ @@ -1,3 +1,7 @@ @@
 exclude:
   paths:
 -    - ^cmd/*
 +    - main.go
 +    - cmd
 +    - gateway
 +    - tests
 +    - internal/config/config.go