instance: dynamically load roles (#1324)

* instance: dynamically load roles

* fix oidc perms

* fix overview title

pkg/instance/instance.go

@@ -16,16 +16,7 @@ import (
 	"beryju.io/gravity/pkg/extconfig"
 	"beryju.io/gravity/pkg/instance/types"
 	"beryju.io/gravity/pkg/roles"
-	"beryju.io/gravity/pkg/roles/api"
-	"beryju.io/gravity/pkg/roles/backup"
-	"beryju.io/gravity/pkg/roles/debug"
-	"beryju.io/gravity/pkg/roles/dhcp"
-	"beryju.io/gravity/pkg/roles/discovery"
-	"beryju.io/gravity/pkg/roles/dns"
 	"beryju.io/gravity/pkg/roles/etcd"
-	"beryju.io/gravity/pkg/roles/monitoring"
-	"beryju.io/gravity/pkg/roles/tftp"
-	"beryju.io/gravity/pkg/roles/tsdb"
 	"beryju.io/gravity/pkg/storage"
 )
 
@@ -103,7 +94,7 @@ func (i *Instance) startEtcd(ctx context.Context) bool {
 		i.Stop()
 		return false
 	}
-	err := i.etcd.Start(es.Context())
+	err := i.etcd.Start(es.Context(), []byte{})
 	if err != nil {
 		i.log.Warn("failed to start etcd", zap.Error(err))
 		i.Stop()
@@ -177,30 +168,11 @@ func (i *Instance) bootstrap(ctx context.Context) {
 			ContextCancelFunc: cancel,
 		}
 		switch roleId {
-		case "dhcp":
-			rc.Role = dhcp.New(rc.RoleInstance)
-		case "dns":
-			rc.Role = dns.New(rc.RoleInstance)
-		case "api":
-			rc.Role = api.New(rc.RoleInstance)
-		case "discovery":
-			rc.Role = discovery.New(rc.RoleInstance)
-		case "backup":
-			rc.Role = backup.New(rc.RoleInstance)
-		case "monitoring":
-			rc.Role = monitoring.New(rc.RoleInstance)
-		case "debug":
-			rc.Role = debug.New(rc.RoleInstance)
-		case "tsdb":
-			rc.Role = tsdb.New(rc.RoleInstance)
-		case "tftp":
-			rc.Role = tftp.New(rc.RoleInstance)
 		case "etcd":
-			// Special case
+			// Special handling
 			continue
 		default:
-			i.log.Info("Invalid role, skipping", zap.String("roleId", roleId))
-			continue
+			rc.Role = roles.GetRole(roleId)(rc.RoleInstance)
 		}
 		i.rolesM.Lock()
 		i.roles[roleId] = rc

pkg/instance/roles.go

@@ -0,0 +1,13 @@
+package instance
+
+import (
+	_ "beryju.io/gravity/pkg/roles/api"
+	_ "beryju.io/gravity/pkg/roles/backup"
+	_ "beryju.io/gravity/pkg/roles/debug"
+	_ "beryju.io/gravity/pkg/roles/dhcp"
+	_ "beryju.io/gravity/pkg/roles/discovery"
+	_ "beryju.io/gravity/pkg/roles/dns"
+	_ "beryju.io/gravity/pkg/roles/monitoring"
+	_ "beryju.io/gravity/pkg/roles/tftp"
+	_ "beryju.io/gravity/pkg/roles/tsdb"
+)

pkg/roles/api/auth/method_oidc.go

@@ -95,6 +95,12 @@ func (ap *AuthProvider) oidcCallback(w http.ResponseWriter, r *http.Request) {
 	user := User{
 		Username: claims.Email,
 		Password: "",
+		Permissions: []Permission{
+			{
+				Path:    "/*",
+				Methods: []string{http.MethodGet, http.MethodPost, http.MethodPut, http.MethodHead, http.MethodDelete},
+			},
+		},
 	}
 	session.Values[types.SessionKeyUser] = user
 	session.Values[types.SessionKeyDirty] = true

pkg/roles/api/role.go

@@ -42,6 +42,12 @@ type Role struct {
 	socketServer http.Server
 }
 
+func init() {
+	roles.Register("api", func(i roles.Instance) roles.Role {
+		return New(i)
+	})
+}
+
 func New(instance roles.Instance) *Role {
 	mux := mux.NewRouter()
 	r := &Role{

pkg/roles/backup/role.go

@@ -31,6 +31,12 @@ type Role struct {
 	ctx context.Context
 }
 
+func init() {
+	roles.Register("backup", func(i roles.Instance) roles.Role {
+		return New(i)
+	})
+}
+
 func New(instance roles.Instance) *Role {
 	r := &Role{
 		log: instance.Log(),

pkg/roles/debug/role.go

@@ -27,6 +27,12 @@ type Role struct {
 	server *http.Server
 }
 
+func init() {
+	roles.Register("debug", func(i roles.Instance) roles.Role {
+		return New(i)
+	})
+}
+
 func New(instance roles.Instance) *Role {
 	mux := mux.NewRouter()
 	r := &Role{

pkg/roles/dhcp/role.go

@@ -38,6 +38,12 @@ type Role struct {
 	leasesM sync.RWMutex
 }
 
+func init() {
+	roles.Register("dhcp", func(i roles.Instance) roles.Role {
+		return New(i)
+	})
+}
+
 func New(instance roles.Instance) *Role {
 	r := &Role{
 		log:     instance.Log(),

pkg/roles/discovery/role.go

@@ -20,6 +20,12 @@ type Role struct {
 	ctx context.Context
 }
 
+func init() {
+	roles.Register("discovery", func(i roles.Instance) roles.Role {
+		return New(i)
+	})
+}
+
 func New(instance roles.Instance) *Role {
 	r := &Role{
 		log: instance.Log(),

pkg/roles/dns/role.go

@@ -29,6 +29,12 @@ type Role struct {
 	zonesM  sync.RWMutex
 }
 
+func init() {
+	roles.Register("dns", func(i roles.Instance) roles.Role {
+		return New(i)
+	})
+}
+
 func New(instance roles.Instance) *Role {
 	r := &Role{
 		servers: make([]*dns.Server, 0),

pkg/roles/etcd/role.go

@@ -24,6 +24,12 @@ const (
 	relInstKeyPath  = "/instance_key.pem"
 )
 
+func init() {
+	roles.Register("etcd", func(i roles.Instance) roles.Role {
+		return New(i)
+	})
+}
+
 type Role struct {
 	i roles.Instance
 
@@ -145,7 +151,7 @@ func (ee *Role) Config() *embed.Config {
 	return ee.cfg
 }
 
-func (ee *Role) Start(ctx context.Context) error {
+func (ee *Role) Start(ctx context.Context, cfg []byte) error {
 	start := time.Now()
 	ee.log.Info("starting embedded etcd")
 	e, err := embed.StartEtcd(ee.cfg)

pkg/roles/etcd/role_test.go

@@ -24,7 +24,7 @@ func TestEmbeddedEtcd_Start(t *testing.T) {
 		_ = os.RemoveAll(etcdRole.Config().Dir)
 	}()
 
-	err := etcdRole.Start(ctx)
+	err := etcdRole.Start(ctx, []byte{})
 	assert.NoError(t, err)
 
 	c := storage.NewClient(

pkg/roles/monitoring/role.go

@@ -30,6 +30,12 @@ type Role struct {
 //go:linkname blockyReg github.com/0xERR0R/blocky/metrics.reg
 var blockyReg *prometheus.Registry
 
+func init() {
+	roles.Register("monitoring", func(i roles.Instance) roles.Role {
+		return New(i)
+	})
+}
+
 func New(instance roles.Instance) *Role {
 	mux := mux.NewRouter()
 	r := &Role{

pkg/roles/role.go

@@ -82,3 +82,15 @@ type Instance interface {
 	ExecuteHook(HookOptions, ...interface{})
 	Migrator() RoleMigrator
 }
+
+type RoleConstructor func(Instance) Role
+
+var roleRegistry map[string]RoleConstructor = make(map[string]RoleConstructor)
+
+func Register(name string, constructor RoleConstructor) {
+	roleRegistry[name] = constructor
+}
+
+func GetRole(name string) RoleConstructor {
+	return roleRegistry[name]
+}

pkg/roles/tftp/role.go

@@ -32,6 +32,12 @@ type Role struct {
 	cfg *RoleConfig
 }
 
+func init() {
+	roles.Register("tftp", func(i roles.Instance) roles.Role {
+		return New(i)
+	})
+}
+
 func New(instance roles.Instance) *Role {
 	r := &Role{
 		log:     instance.Log(),

pkg/roles/tsdb/role.go

@@ -31,6 +31,12 @@ type Role struct {
 	ms  sync.RWMutex
 }
 
+func init() {
+	roles.Register("tsdb", func(i roles.Instance) roles.Role {
+		return New(i)
+	})
+}
+
 func New(instance roles.Instance) *Role {
 	r := &Role{
 		log: instance.Log(),

web/src/elements/PageHeader.ts

@@ -26,7 +26,7 @@ export class PageHeader extends AKElement {
     @property()
     set header(value: string) {
         let title = TITLE_DEFAULT;
-        title = `${"Admin"} - ${title}`;
+        title = `Admin - ${title}`;
         if (value !== "") {
             title = `${value} - ${title}`;
         }

web/src/pages/auth/AuthUserForm.ts

@@ -56,7 +56,11 @@ export class AuthUserForm extends ModelForm<AuthAPIUser, string> {
                   >
                       <input type="text" class="pf-c-form-control" required />
                   </ak-form-element-horizontal>`}
-            <ak-form-element-horizontal label="Password" ?required=${true} name="password">
+            <ak-form-element-horizontal
+                label="Password"
+                ?required=${this.instance === undefined}
+                name="password"
+            >
                 <input type="password" class="pf-c-form-control" required />
             </ak-form-element-horizontal>
             <ak-form-element-horizontal label=${"Permissions"} name="permissions">

web/src/pages/cluster/RoleAPIConfigForm.ts

@@ -57,7 +57,11 @@ export class RoleAPIConfigForm extends ModelForm<ApiRoleConfig, string> {
                 />
                 <p class="pf-c-form__helper-text">Secret used to sign cookies.</p>
             </ak-form-element-horizontal>
-            <ak-form-element-horizontal label="Session Duration" ?required=${true} name="sessionDuration">
+            <ak-form-element-horizontal
+                label="Session Duration"
+                ?required=${true}
+                name="sessionDuration"
+            >
                 <input
                     type="text"
                     value="${first(this.instance?.sessionDuration, "24h")}"

web/src/pages/overview/OverviewPage.ts

@@ -47,8 +47,7 @@ export class OverviewPage extends AKElement {
     }
 
     render(): TemplateResult {
-        return html` <ak-page-header>
-                <span slot="header"> ${this.me ? html`Hello, ${this.me.username}` : html``} </span>
+        return html`<ak-page-header header=${this.me ? `Hello, ${this.me.username}` : "Hello"}>
             </ak-page-header>
             <section class="pf-c-page__main-section">
                 <div class="pf-l-grid pf-m-gutter">

web/src/pages/overview/cards/VersionCard.ts

@@ -1,7 +1,4 @@
-import {
-    ClusterApi,
-    InstanceAPIClusterInfoOutput,
-} from "gravity-api";
+import { ClusterApi, InstanceAPIClusterInfoOutput } from "gravity-api";
 
 import { TemplateResult, html } from "lit";
 import { customElement } from "lit/decorators.js";
@@ -37,7 +34,8 @@ export class VersionCard extends AdminStatusCard<InstanceAPIClusterInfoOutput> {
 
     renderValue(): TemplateResult {
         return html`<a
-            href="https://github.com/BeryJu/gravity/releases/tag/v${this.value?.clusterVersionShort}"
+            href="https://github.com/BeryJu/gravity/releases/tag/v${this.value
+                ?.clusterVersionShort}"
             target="_blank"
         >
             ${this.value?.clusterVersion}