TRA-4202 role management (#688)

* WIP * wip * Update keto.yml, socket_routes.go, and 12 more files... * fixes and docs * Update api.js * Update auth.go and api.js * Update user_role_provider.go * Update config_routes.go and api.js * Update consts.go
2025-09-09 06:21:57 +00:00 · 2022-01-25 14:25:24 +02:00
parent 86edc91f4c
commit 83c9194703
25 changed files with 590 additions and 76 deletions
--- a/cli/cmd/installRunner.go
+++ b/cli/cmd/installRunner.go
@@ -47,7 +47,7 @@ func runMizuInstall() {
 	if err = resources.CreateInstallMizuResources(ctx, kubernetesProvider, serializedValidationRules,
 		serializedContract, serializedMizuConfig, config.Config.IsNsRestrictedMode(),
 		config.Config.MizuResourcesNamespace, config.Config.AgentImage, config.Config.BasenineImage,
-		config.Config.KratosImage,
+		config.Config.KratosImage, config.Config.KetoImage,
 		nil, defaultMaxEntriesDBSizeBytes, defaultResources, config.Config.ImagePullPolicy(),
 		config.Config.LogLevel(), false); err != nil {
 		var statusError *k8serrors.StatusError
--- a/cli/config/configStruct.go
+++ b/cli/config/configStruct.go
@@ -2,15 +2,16 @@ package config

 import (
 	"fmt"
+	"os"
+	"path"
+	"path/filepath"
+
 	"github.com/op/go-logging"
 	"github.com/up9inc/mizu/cli/config/configStructs"
 	"github.com/up9inc/mizu/cli/mizu"
 	"github.com/up9inc/mizu/shared"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/util/homedir"
-	"os"
-	"path"
-	"path/filepath"
 )

 const (
@@ -29,6 +30,7 @@ type ConfigStruct struct {
 	AgentImage             string                      `yaml:"agent-image,omitempty" readonly:""`
 	BasenineImage          string                      `yaml:"basenine-image,omitempty" readonly:""`
 	KratosImage            string                      `yaml:"kratos-image,omitempty" readonly:""`
+	KetoImage              string                      `yaml:"keto-image,omitempty" readonly:""`
 	ImagePullPolicyStr     string                      `yaml:"image-pull-policy" default:"Always"`
 	MizuResourcesNamespace string                      `yaml:"mizu-resources-namespace" default:"mizu"`
 	Telemetry              bool                        `yaml:"telemetry" default:"true"`
@@ -52,6 +54,7 @@ func (config *ConfigStruct) validate() error {
 func (config *ConfigStruct) SetDefaults() {
 	config.BasenineImage = fmt.Sprintf("%s:%s", shared.BasenineImageRepo, shared.BasenineImageTag)
 	config.KratosImage = shared.KratosImageDefault
+	config.KetoImage = shared.KetoImageDefault
 	config.AgentImage = fmt.Sprintf("gcr.io/up9-docker-hub/mizu/%s:%s", mizu.Branch, mizu.SemVer)
 	config.ConfigFilePath = path.Join(mizu.GetMizuFolderPath(), "config.yaml")
 }
--- a/cli/resources/createResources.go
+++ b/cli/resources/createResources.go
@@ -44,6 +44,7 @@ func CreateTapMizuResources(ctx context.Context, kubernetesProvider *kubernetes.
 		PodImage:              agentImage,
 		BasenineImage:         basenineImage,
 		KratosImage:           "",
+		KetoImage:             "",
 		ServiceAccountName:    serviceAccountName,
 		IsNamespaceRestricted: isNsRestrictedMode,
 		SyncEntriesConfig:     syncEntriesConfig,
@@ -67,7 +68,7 @@ func CreateTapMizuResources(ctx context.Context, kubernetesProvider *kubernetes.
 	return mizuServiceAccountExists, nil
 }

-func CreateInstallMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, serializedValidationRules string, serializedContract string, serializedMizuConfig string, isNsRestrictedMode bool, mizuResourcesNamespace string, agentImage string, basenineImage string, kratosImage string, syncEntriesConfig *shared.SyncEntriesConfig, maxEntriesDBSizeBytes int64, apiServerResources shared.Resources, imagePullPolicy core.PullPolicy, logLevel logging.Level, noPersistentVolumeClaim bool) error {
+func CreateInstallMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, serializedValidationRules string, serializedContract string, serializedMizuConfig string, isNsRestrictedMode bool, mizuResourcesNamespace string, agentImage string, basenineImage string, kratosImage string, ketoImage string, syncEntriesConfig *shared.SyncEntriesConfig, maxEntriesDBSizeBytes int64, apiServerResources shared.Resources, imagePullPolicy core.PullPolicy, logLevel logging.Level, noPersistentVolumeClaim bool) error {
 	if err := createMizuNamespace(ctx, kubernetesProvider, mizuResourcesNamespace); err != nil {
 		return err
 	}
@@ -99,6 +100,7 @@ func CreateInstallMizuResources(ctx context.Context, kubernetesProvider *kuberne
 		PodImage:              agentImage,
 		BasenineImage:         basenineImage,
 		KratosImage:           kratosImage,
+		KetoImage:             ketoImage,
 		ServiceAccountName:    serviceAccountName,
 		IsNamespaceRestricted: isNsRestrictedMode,
 		SyncEntriesConfig:     syncEntriesConfig,