diff --git a/cmd/serve.go b/cmd/serve.go index 632c106a9..7a7823efb 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -54,14 +54,35 @@ func serve() { } logger := logging.NewLogger(specs.LogLevel, specs.LogFile) - monitor := prometheus.NewMonitor("identity-admin-ui", logger) tracer := tracing.NewTracer(tracing.NewConfig(specs.TracingEnabled, specs.OtelGRPCEndpoint, specs.OtelHTTPEndpoint, logger)) - hAdminClient := ih.NewClient(specs.HydraAdminURL, specs.Debug) - kAdminClient := ik.NewClient(specs.KratosAdminURL, specs.Debug) - kPublicClient := ik.NewClient(specs.KratosPublicURL, specs.Debug) - oPublicClient := io.NewClient(specs.OathkeeperPublicURL, specs.Debug) + extCfg := web.NewExternalClientsConfig( + ih.NewClient(specs.HydraAdminURL, specs.Debug), + ik.NewClient(specs.KratosAdminURL, specs.Debug), + ik.NewClient(specs.KratosPublicURL, specs.Debug), + io.NewClient(specs.OathkeeperPublicURL, specs.Debug), + openfga.NewClient( + openfga.NewConfig( + specs.ApiScheme, + specs.ApiHost, + specs.StoreId, + specs.ApiToken, + specs.ModelId, + specs.Debug, + tracer, + monitor, + logger, + ), + ), + // default to noop client for authorization + openfga.NewNoopClient(tracer, monitor, logger), + ) + + if specs.AuthorizationEnabled { + logger.Info("Authorization is enabled") + extCfg.SetAuthorizer(extCfg.OpenFGA()) + } k8sCoreV1, err := k8s.NewCoreV1Client("") @@ -69,6 +90,7 @@ func serve() { panic(err) } + // TODO @shipperizer standardize idp, schemas and rules configs idpConfig := &idp.Config{ K8s: k8sCoreV1, Name: specs.IDPConfigMapName, @@ -77,30 +99,16 @@ func serve() { schemasConfig := &schemas.Config{ K8s: k8sCoreV1, - Kratos: kPublicClient.IdentityApi(), + Kratos: extCfg.KratosPublic().IdentityApi(), Name: specs.SchemasConfigMapName, Namespace: specs.SchemasConfigMapNamespace, } - rulesConfig := rules.NewConfig(specs.RulesConfigMapName, specs.RulesConfigFileName, specs.RulesConfigMapNamespace, k8sCoreV1, oPublicClient.ApiApi()) - - ofgaClient := openfga.NewClient( - openfga.NewConfig( - specs.ApiScheme, - specs.ApiHost, - specs.StoreId, - specs.ApiToken, - specs.ModelId, - specs.Debug, - tracer, - monitor, - logger, - ), - ) + rulesConfig := rules.NewConfig(specs.RulesConfigMapName, specs.RulesConfigFileName, specs.RulesConfigMapNamespace, k8sCoreV1, extCfg.OathkeeperPublic().ApiApi()) if specs.AuthorizationEnabled { authorizer := authorization.NewAuthorizer( - ofgaClient, + extCfg.OpenFGA(), tracer, monitor, logger, @@ -111,15 +119,7 @@ func serve() { } } - var router http.Handler - - if specs.AuthorizationEnabled { - logger.Info("Authorization is enabled") - router = web.NewRouter(idpConfig, schemasConfig, rulesConfig, hAdminClient, kAdminClient, ofgaClient, ofgaClient, tracer, monitor, logger) - } else { - logger.Info("Authorization is disabled, using noop authorizer") - router = web.NewRouter(idpConfig, schemasConfig, rulesConfig, hAdminClient, kAdminClient, ofgaClient, openfga.NewNoopClient(tracer, monitor, logger), tracer, monitor, logger) - } + router := web.NewRouter(idpConfig, schemasConfig, rulesConfig, extCfg, web.NewO11yConfig(tracer, monitor, logger)) logger.Infof("Starting server on port %v", specs.Port) diff --git a/pkg/web/router.go b/pkg/web/router.go index db8413826..a4872a9de 100644 --- a/pkg/web/router.go +++ b/pkg/web/router.go @@ -8,11 +8,8 @@ import ( chi "github.com/go-chi/chi/v5" middleware "github.com/go-chi/chi/v5/middleware" - trace "go.opentelemetry.io/otel/trace" "github.com/canonical/identity-platform-admin-ui/internal/authorization" - ih "github.com/canonical/identity-platform-admin-ui/internal/hydra" - ik "github.com/canonical/identity-platform-admin-ui/internal/kratos" "github.com/canonical/identity-platform-admin-ui/internal/logging" "github.com/canonical/identity-platform-admin-ui/internal/monitoring" "github.com/canonical/identity-platform-admin-ui/internal/tracing" @@ -28,9 +25,13 @@ import ( "github.com/canonical/identity-platform-admin-ui/pkg/status" ) -func NewRouter(idpConfig *idp.Config, schemasConfig *schemas.Config, rulesConfig *rules.Config, hydraClient *ih.Client, kratos *ik.Client, ofga OpenFGAClientInterface, authorizationClient OpenFGAClientInterface, tracer trace.Tracer, monitor monitoring.MonitorInterface, logger logging.LoggerInterface) http.Handler { +func NewRouter(idpConfig *idp.Config, schemasConfig *schemas.Config, rulesConfig *rules.Config, externalConfig ExternalClientsConfigInterface, ollyConfig O11yConfigInterface) http.Handler { router := chi.NewMux() + logger := ollyConfig.Logger() + monitor := ollyConfig.Monitor() + tracer := ollyConfig.Tracer() + middlewares := make(chi.Middlewares, 0) middlewares = append( middlewares, @@ -52,17 +53,17 @@ func NewRouter(idpConfig *idp.Config, schemasConfig *schemas.Config, rulesConfig // apply authorization middleware using With to overcome issue with URLParams not available router = router.With( authorization.NewMiddleware( - authorization.NewAuthorizer(authorizationClient, tracer, monitor, logger), monitor, logger).Authorize(), + authorization.NewAuthorizer(externalConfig.Authorizer(), tracer, monitor, logger), monitor, logger).Authorize(), ).(*chi.Mux) status.NewAPI(tracer, monitor, logger).RegisterEndpoints(router) metrics.NewAPI(logger).RegisterEndpoints(router) identities.NewAPI( - identities.NewService(kratos.IdentityApi(), tracer, monitor, logger), + identities.NewService(externalConfig.KratosAdmin().IdentityApi(), tracer, monitor, logger), logger, ).RegisterEndpoints(router) clients.NewAPI( - clients.NewService(hydraClient, tracer, monitor, logger), + clients.NewService(externalConfig.HydraAdmin(), tracer, monitor, logger), logger, ).RegisterEndpoints(router) idp.NewAPI( @@ -78,16 +79,17 @@ func NewRouter(idpConfig *idp.Config, schemasConfig *schemas.Config, rulesConfig logger, ).RegisterEndpoints(router) roles.NewAPI( - roles.NewService(ofga, tracer, monitor, logger), + roles.NewService(externalConfig.OpenFGA(), tracer, monitor, logger), tracer, monitor, logger, ).RegisterEndpoints(router) groups.NewAPI( - groups.NewService(ofga, tracer, monitor, logger), + groups.NewService(externalConfig.OpenFGA(), tracer, monitor, logger), tracer, monitor, logger, ).RegisterEndpoints(router) + return tracing.NewMiddleware(monitor, logger).OpenTelemetry(router) }