Latest

Author: ryanclark

.dockerignore

@@ -1,2 +1,3 @@
 .git
-node_modules
+node_modules
+data

.idea/development.iml

@@ -5,13 +5,13 @@ export COMPOSE_FILE = docker-compose.solo.yml
 endif
 
 ifeq ($(wildcard .e),)
-export VITE_CONFIG_DIRECTORY = /app/web/packages/teleport
+export VITE_CONFIG_DIRECTORY = /app/teleport/web/packages/teleport
 export TOOL_FOLDER = tool
 export LICENSE_FILE = ../teleport/empty.pem
 else
-export VITE_CONFIG_DIRECTORY = /app/e/web/teleport
+export VITE_CONFIG_DIRECTORY = /app/web
 export TOOL_FOLDER = e/tool
-export LICENSE_FILE = ../../teleport/e/fixtures/license-all-features.pem
+export LICENSE_FILE = ../../teleport/e/fixtures/license-enterprise.pem
 endif
 
 ## -- 🛟  Lifecycle --
@@ -99,6 +99,11 @@ teleport-logs:
 teleport-shell:
 	docker compose exec -it go.teleport /bin/bash
 
+
+.PHONY: delete-db-volume
+delete-db-volume:
+	docker compose down db -v
+
 ## -- 🔧 Misc --
 
 .PHONY: help

.idea/material_theme_project_new.xml

@@ -0,0 +1,25 @@
+root = "."
+tmp_dir = "tmp"
+
+[build]
+bin = "tmp/tag"
+include_ext = ["go", "yaml"]
+exclude_dir = ["web", "e2e", "teleport"]
+exclude_unchanged = true
+follow_symlink = true
+stop_on_error = true
+send_interrupt = true
+kill_delay = 1000
+args_bin = ["start"]
+
+[log]
+time = false
+
+[color]
+main = "magenta"
+watcher = "cyan"
+build = "yellow"
+runner = "green"
+
+[misc]
+clean_on_exit = true

Makefile

@@ -0,0 +1,20 @@
+# First stage: Build the Go application
+FROM golang:1.24 AS builder
+
+# Set the Current Working Directory inside the container
+WORKDIR /app
+
+ENV GOPATH "/go"
+ENV GOROOT "/usr/local/go"
+ENV GOOS "linux"
+ENV CGO_ENABLED 1
+ENV GOARCH "amd64"
+
+COPY development/certs/server.key /var/lib/teleport-certs/server.key
+COPY development/certs/server.crt /var/lib/teleport-certs/server.crt
+
+RUN cp /var/lib/teleport-certs/server.crt /usr/local/share/ca-certificates/teleport.crt && update-ca-certificates
+
+RUN go install github.com/air-verse/air@latest
+
+ENTRYPOINT ["/go/bin/air"]

accessgraph/.air.toml

@@ -0,0 +1,16 @@
+backend:
+  postgres:
+    connection: postgres://postgres:localpass@db:5432/postgres?sslmode=disable
+tls:
+  cert: keys/server.crt
+  key: keys/server_docker.key
+
+tracing:
+  enabled: false
+
+log:
+  level: DEBUG
+
+registration_cas:
+  - keys/teleport_host_ca.pem
+  - keys/ca.crt

accessgraph/Dockerfile

@@ -2,21 +2,19 @@ services:
   frontend:
     container_name: frontend
     build:
-      dockerfile: ../development/frontend/Dockerfile
-      context: ../../teleport
-    working_dir: ${VITE_CONFIG_DIRECTORY}
-    command: pnpm start
+      dockerfile: development/frontend/Dockerfile
+      context: ../../
+      target: node-dependencies
+    working_dir: /app/web
+    command: yarn start
     networks:
       - teleport
     ports:
       - 443:3000
     volumes:
-      - ../../teleport/web/:/app/web/
-      - ../../teleport/gen/proto/ts/:/app/gen/proto/ts/
-      - ../../teleport/e/web/:/app/e/web/
-      - ../../teleport/lib/srv/desktop/rdp/rdpclient/:/app/lib/srv/desktop/rdp/rdpclient
+      - ../../access-graph/web:/app/web
+      - ../../access-graph/teleport:/app/teleport
       - ../certs:/app/certs:ro
-      - /usr/local/cargo
     environment:
       NODE_OPTIONS: --max-old-space-size=8192
       PROXY_TARGET: go.teleport:443
@@ -30,8 +28,6 @@ services:
       target: static
       args:
         TOOL_FOLDER: ${TOOL_FOLDER}
-    volumes:
-      - /var/lib/teleport
     networks:
       - teleport
 
@@ -68,6 +64,50 @@ services:
       - ../build/.air.toml:/app/.air.toml
       - ../teleport/teleport.yaml:/etc/teleport.yaml
       - ${LICENSE_FILE}:/etc/license.pem
+      - ../../access-graph/keys/ca.crt:/etc/access-graph/keys/ca.crt
+    environment:
+      TELEPORT_UNSTABLE_VC_SYNC_ON_START: yes
+      TELEPORT_ALLOW_NO_SECOND_FACTOR: yes
+      TELEPORT_UNSTABLE_SKIP_VERSION_UPGRADE_CHECK: yes
+    deploy:
+      resources:
+        limits:
+          memory: 48G
+
+  access-graph:
+    build:
+      context: ../..
+      dockerfile: development/accessgraph/Dockerfile
+    command:
+      - --build.cmd
+      - "go build -o tmp/tag ./cmd/tag/main.go"
+    ports:
+      - 50051:50051
+    volumes:
+      - ../accessgraph/config.yaml:/app/config.yaml
+      - ../../access-graph:/app
+      - ../accessgraph/.air.toml:/app/.air.toml
+      - /go/pkg/mod
+      - /root/.cache/go-build
+    networks:
+      - teleport
+
+  db:
+    build:
+      context: ../..
+      dockerfile: development/postgres/Dockerfile
+    restart: always
+    shm_size: 256m
+    ports:
+      - 5434:5432
+    volumes:
+      - /var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: localpass
+      POSTGRES_DB: postgres
+    networks:
+      - teleport
 
 networks:
   teleport:

accessgraph/config.yaml

@@ -1,4 +1,4 @@
-FROM golang:1.23 AS base
+FROM golang:1.24 AS base
 
 WORKDIR /app
 
@@ -44,7 +44,7 @@ RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
     go build -o /bin/tctl -ldflags '-w -s' ./tool/tctl
 
-FROM golang:1.23 AS live-reload
+FROM golang:1.24 AS live-reload
 
 COPY development/certs/server.key /var/lib/teleport-certs/server.key
 COPY development/certs/server.crt /var/lib/teleport-certs/server.crt
@@ -53,6 +53,12 @@ RUN cp /var/lib/teleport-certs/server.crt /usr/local/share/ca-certificates/telep
 
 RUN go install github.com/air-verse/air@latest
 
+COPY access-graph/keys/server.crt /var/lib/teleport-certs/access-graph.crt
+COPY access-graph/keys/ca.crt /var/lib/teleport-certs/access-graph-ca.crt
+
+RUN cp /var/lib/teleport-certs/access-graph.crt /usr/local/share/ca-certificates/access-graph.crt && update-ca-certificates
+RUN cp /var/lib/teleport-certs/access-graph-ca.crt /usr/local/share/ca-certificates/access-graph-ca.crt && update-ca-certificates
+
 COPY --from=tctl /bin/tctl /bin/tctl
 
 ENV DEBUG "1"

base/docker-compose.yml

@@ -0,0 +1,40 @@
+services:
+  go.teleport:
+    platform: linux/arm64/v8
+    extends:
+      file: base/docker-compose.yml
+      service: go.teleport
+    container_name: go.teleport
+    hostname: go.teleport
+    volumes:
+      - ./teleport/local/teleport.yaml:/etc/teleport.yaml
+    networks:
+      teleport:
+        aliases:
+          - go.teleport
+          - dumper.go.teleport
+
+  node:
+    container_name: node
+    hostname: node
+    platform: linux/arm64/v8
+    extends:
+      file: base/docker-compose.yml
+      service: node
+    volumes:
+      - ./data/node:/var/lib/teleport
+      - ./node/teleport.yaml:/etc/teleport.yaml
+
+  accessgraph:
+    platform: linux/arm64/v8
+    extends:
+      file: base/docker-compose.yml
+      service: accessgraph
+
+  db:
+    extends:
+      file: base/docker-compose.yml
+      service: db
+
+networks:
+  teleport: