Skip to content

Commit

Permalink
feat: add new metrics server to keto (#832)
Browse files Browse the repository at this point in the history
Co-authored-by: Patrik <[email protected]>
  • Loading branch information
Demonsthere and zepatrik authored Feb 9, 2022
1 parent d9397cc commit 8beba60
Show file tree
Hide file tree
Showing 14 changed files with 369 additions and 101 deletions.
43 changes: 38 additions & 5 deletions .github/workflows/cve-scan.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Docker Image Scan
name: Docker Image Scanners
on:
push:
branches:
Expand All @@ -10,22 +10,55 @@ on:
- 'master'

jobs:
docker:
scanners:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Env
id: vars
shell: bash
run: |
echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Build images
shell: bash
run: |
make docker
- name: Scan image Sqlite
touch keto
DOCKER_BUILDKIT=1 docker build -f .docker/Dockerfile-build --build-arg=COMMIT=${{ steps.vars.outputs.sha_short }} -t oryd/keto:${{ steps.vars.outputs.sha_short }} .
rm keto
- name: Anchore Scanner
uses: anchore/scan-action@v3
id: grype-scan
with:
image: oryd/keto:latest
image: oryd/keto:${{ steps.vars.outputs.sha_short }}
fail-build: true
severity-cutoff: high
debug: false
acs-report-enable: true
- name: Anchore upload scan SARIF report
if: always()
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.grype-scan.outputs.sarif }}
- name: Trivy Scanner
uses: aquasecurity/trivy-action@master
if: ${{ always() }}
with:
image-ref: oryd/keto:${{ steps.vars.outputs.sha_short }}
format: 'table'
exit-code: '42'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
- name: Dockle Linter
uses: erzz/[email protected]
if: ${{ always() }}
with:
image: oryd/keto:${{ steps.vars.outputs.sha_short }}
exit-code: 42
failure-threshold: fatal
20 changes: 15 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,28 @@
<a href="https://github.com/ory/keto/blob/master/CODE_OF_CONDUCT.md" alt="Ory Code of Conduct"><img src="https://img.shields.io/badge/ory-code%20of%20conduct-green" /></a>
</p>

Ory Keto is the first and most popular open source implementation of "Zanzibar: Google's
Consistent, Global Authorization System"!
Ory Keto is the first and most popular open source implementation of "Zanzibar:
Google's Consistent, Global Authorization System"!

## Ory Cloud

The easiest way to get started with Ory Software is in Ory Cloud! It is [**free for developers**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=keto-readme), forever, no credit card required!
The easiest way to get started with Ory Software is in Ory Cloud! It is
[**free for developers**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=keto-readme),
forever, no credit card required!

Ory Cloud has easy examples, administrative user interfaces, hosted pages (e.g. for login or registration), support for custom domains, collaborative features for your colleagues, and much more!
Ory Cloud has easy examples, administrative user interfaces, hosted pages (e.g.
for login or registration), support for custom domains, collaborative features
for your colleagues, and much more!

### :mega: Community gets Ory Cloud for Free! :mega:

Ory community members get the Ory Cloud Start Up plan **free for a year**, with all quality-of-life features available, such as custom domains and giving your team members access. [Sign up with your GitHub account](https://console.ory.sh/registration?preferred_plan=start-up&utm_source=github&utm_medium=banner&utm_campaign=keto-readme-first900) and use the coupon code **`FIRST900`** on the *"Start-Up Plan"* checkout page to calim your free project now! Make sure to be signed up to the [Ory Community Slack](https://slack.ory.sh) when using the code!
Ory community members get the Ory Cloud Start Up plan **free for a year**, with
all quality-of-life features available, such as custom domains and giving your
team members access.
[Sign up with your GitHub account](https://console.ory.sh/registration?preferred_plan=start-up&utm_source=github&utm_medium=banner&utm_campaign=keto-readme-first900)
and use the coupon code **`FIRST900`** on the _"Start-Up Plan"_ checkout page to
calim your free project now! Make sure to be signed up to the
[Ory Community Slack](https://slack.ory.sh) when using the code!

### Google's Zanzibar

Expand Down
21 changes: 21 additions & 0 deletions docker-compose-build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
version: '3'

services:
keto:
build:
context: "."
dockerfile: ".docker/Dockerfile-build"
ports:
- "4466:4466"
- "4467:4467"
- "4468:4468"
command: serve -c /home/ory/keto.yml
restart: on-failure
volumes:
- type: bind
source: "./config"
target: "/home/ory"
environment:
- LOG_LEVEL=debug
- PORT=4466
- DSN=memory
7 changes: 6 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ require (
github.com/luna-duclos/instrumentedsql v1.1.3
github.com/luna-duclos/instrumentedsql/opentracing v0.0.0-20201103091713-40d03108b6f4
github.com/ory/analytics-go/v4 v4.0.2
github.com/ory/graceful v0.1.1
github.com/ory/graceful v0.1.2
github.com/ory/herodot v0.9.12
github.com/ory/jsonschema/v3 v3.0.6
github.com/ory/keto/proto v0.0.0-00010101000000-000000000000
Expand Down Expand Up @@ -69,6 +69,7 @@ require (
github.com/armon/go-radix v1.0.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
github.com/aymerick/douceur v0.2.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cenkalti/backoff/v4 v4.1.2 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/cockroachdb/cockroach-go/v2 v2.2.1 // indirect
Expand Down Expand Up @@ -143,6 +144,7 @@ require (
github.com/mattn/go-colorable v0.1.11 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
github.com/microcosm-cc/bluemonday v1.0.16 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/mapstructure v1.4.2 // indirect
Expand All @@ -164,6 +166,9 @@ require (
github.com/philhofer/fwd v1.1.1 // indirect
github.com/pkg/profile v1.6.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_golang v1.11.0 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/common v0.32.1 // indirect
github.com/prometheus/procfs v0.7.3 // indirect
github.com/rogpeppe/go-internal v1.8.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
Expand Down
9 changes: 7 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,7 @@ github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuP
github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
Expand Down Expand Up @@ -1017,6 +1018,7 @@ github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJK
github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
Expand Down Expand Up @@ -1151,8 +1153,8 @@ github.com/ory/go-acc v0.2.6/go.mod h1:4Kb/UnPcT8qRAk3IAxta+hvVapdxTLWtrr7bFLlEg
github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs=
github.com/ory/gojsonreference v0.0.0-20190720135523-6b606c2d8ee8/go.mod h1:wsH1C4nIeeQClDtD5AH7kF1uTS6zWyqfjVDTmB0Em7A=
github.com/ory/gojsonschema v1.1.1-0.20190919112458-f254ca73d5e9/go.mod h1:BNZpdJgB74KOLSsWFvzw6roXg1I6O51WO8roMmW+T7Y=
github.com/ory/graceful v0.1.1 h1:zx+8tDObLPrG+7Tc8jKYlXsqWnLtOQA1IZ/FAAKHMXU=
github.com/ory/graceful v0.1.1/go.mod h1:zqu70l95WrKHF4AZ6tXHvAqAvpY6M7g6ttaAVcMm7KU=
github.com/ory/graceful v0.1.2 h1:ErCFGuO0T6IHMQ9Fu9GKjIaRbNCrKDX/WdHDwM/mAlY=
github.com/ory/graceful v0.1.2/go.mod h1:4zFz687IAF7oNHHiB586U4iL+/4aV09o/PYLE34t2bA=
github.com/ory/herodot v0.6.2/go.mod h1:3BOneqcyBsVybCPAJoi92KN2BpJHcmDqAMcAAaJiJow=
github.com/ory/herodot v0.7.0/go.mod h1:YXKOfAXYdQojDP5sD8m0ajowq3+QXNdtxA+QiUXBwn0=
github.com/ory/herodot v0.8.3/go.mod h1:rvLjxOAlU5omtmgjCfazQX2N82EpMfl3BytBWc1jjsk=
Expand Down Expand Up @@ -1229,12 +1231,14 @@ github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQ
github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
github.com/prometheus/client_golang v1.9.0/go.mod h1:FqZLKOZnGdFAhOK4nqGHa7D66IdsO+O441Eve7ptJDU=
github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ=
github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
Expand All @@ -1245,6 +1249,7 @@ github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt2
github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
Expand Down
31 changes: 31 additions & 0 deletions internal/driver/config/config.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,37 @@
"$ref": "#/definitions/tlsx"
}
}
},
"metrics": {
"type": "object",
"title": "Metrics API (http only)",
"additionalProperties": false,
"properties": {
"port": {
"type": "integer",
"default": 4468,
"title": "Port",
"description": "The port to listen on.",
"minimum": 0,
"maximum": 65535
},
"host": {
"type": "string",
"default": "",
"examples": [
"localhost",
"127.0.0.1"
],
"title": "Host",
"description": "The network interface to listen on."
},
"cors": {
"$ref": "#/definitions/cors"
},
"tls": {
"$ref": "#/definitions/tlsx"
}
}
}
}
},
Expand Down
13 changes: 12 additions & 1 deletion internal/driver/config/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ const (
KeyWriteAPIHost = "serve.write.host"
KeyWriteAPIPort = "serve.write.port"

KeyMetricsHost = "serve.metrics.host"
KeyMetricsPort = "serve.metrics.port"

KeyNamespaces = "namespaces"

DSNMemory = "sqlite://file::memory:?_fk=true&cache=shared"
Expand Down Expand Up @@ -154,7 +157,7 @@ func (k *Config) WriteAPIListenOn() string {

func (k *Config) CORS(iface string) (cors.Options, bool) {
switch iface {
case "read", "write":
case "read", "write", "metrics":
default:
panic("expected interface 'read' or 'write', but got unknown interface " + iface)
}
Expand Down Expand Up @@ -241,3 +244,11 @@ func (k *Config) getNamespaces() (interface{}, error) {
return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("could not infer namespaces for type %T", nTyped))
}
}

func (k *Config) MetricsListenOn() string {
return fmt.Sprintf(
"%s:%d",
k.p.StringF(KeyMetricsHost, ""),
k.p.IntF(KeyMetricsPort, 4468),
)
}
Loading

0 comments on commit 8beba60

Please sign in to comment.