Skip to content

Commit

Permalink
Topaz: option to enable the profiler service.
Browse files Browse the repository at this point in the history
Also add a manifest, test data, and assertions, and use them in
the topaz chart test.
  • Loading branch information
ronenh committed Dec 3, 2024
1 parent 0f4e45a commit 38c510a
Show file tree
Hide file tree
Showing 15 changed files with 650 additions and 26 deletions.
20 changes: 14 additions & 6 deletions charts/topaz/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -373,23 +373,25 @@ decisionLogs:

## Service Ports

Topaz pods expose four ports:
Topaz pods expose the following ports:

| Protocol | Default Port | Description |
|----------|--------------|-------------|
| gRPC | 8282 | gRPC services |
| HTTPS | 8383 | REST endpoints and web console |
| Health | 8484 | gRPC [health service](https://github.com/grpc/grpc/blob/master/doc/health-checking.md) |
| Metrics | 8585 | Prometheus metrics |
| Metrics | 8585 | Prometheus metrics [optional, enabled by default] |
| Profiler | 8686 | Profiler service [optional, disabled by default] |

The default ports can be overridden in `values.yaml`:

```yaml
ports:
grpc: 9292
https: 9393
health: 9494
metrics: 9595
grpc: 8282
https: 8383
health: 8484
metrics: 8585
profiler: 8686
```

The metrics service can be disabled if not needed:
Expand All @@ -399,6 +401,12 @@ metrics:
enabled: false
```

The profiler service can be enabled using:
```yaml
profiler:
enabled: true
```

## Authentication

By default, anyone with access to the topaz pod can use the gRPC and REST endpoints. That means that any
Expand Down
6 changes: 6 additions & 0 deletions charts/topaz/templates/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,12 @@ stringData:
log_level: {{ .Values.logLevel | default "info" }}
grpc_log_level: {{ .Values.grpcLogLevel | default "info" }}
{{- if (.Values.profiler).enabled }}
debug_service:
enabled: true
listen_address: 0.0.0.0:{{ (.Values.ports).profiler | default "8686"}}
{{- end }}

{{- if empty ((.Values.directory).remote).address }}
directory:
db_path: /db/directory.db
Expand Down
16 changes: 14 additions & 2 deletions charts/topaz/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,13 @@ spec:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- run
- -c
- /config/config.yaml
{{- if (.Values.profiler).enabled }}
- --debug
{{- end }}
ports:
- name: grpc
containerPort: {{ (.Values.ports).grpc | default "8282" }}
Expand All @@ -57,11 +64,16 @@ spec:
- name: health
containerPort: {{ (.Values.ports).health | default "8484" }}
protocol: TCP
{{- if (.Values.metrics).enabled }}
{{- if (.Values.metrics).enabled }}
- name: metrics
containerPort: {{ (.Values.ports).metrics | default "8585" }}
protocol: TCP
{{- end }}
{{- end }}
{{- if (.Values.profiler).enabled }}
- name: profiler
containerPort: {{ (.Values.ports).profiler | default "8686"}}
protocol: TCP
{{- end }}
startupProbe:
grpc:
port: {{ (.Values.ports).health | default "8484" }}
Expand Down
7 changes: 7 additions & 0 deletions charts/topaz/templates/service.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Service
metadata:
Expand Down Expand Up @@ -25,5 +26,11 @@ spec:
protocol: TCP
name: metrics
{{- end }}
{{- if (.Values.profiler).enabled }}
- port: {{ (.Values.ports).profiler | default "8686" }}
targetPort: profiler
protocol: TCP
name: profiler
{{- end }}
selector:
{{- include "topaz.selectorLabels" . | nindent 4 }}
14 changes: 14 additions & 0 deletions charts/topaz/test/assertions.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"assertions": [
{
"check": {
"subject_type": "user",
"subject_id": "rick@the-citadel.com",
"relation": "member",
"object_type": "group",
"object_id": "admin"
},
"expected": true
}
]
}
34 changes: 34 additions & 0 deletions charts/topaz/test/data/domain_objects.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"objects": [
{
"type": "resource-creator",
"id": "resource-creators",
"display_name": "Resource creators",
"properties": {}
},
{
"type": "resource",
"id": "mega-seed",
"display_name": "Mega seed",
"properties": {}
},
{
"type": "resource",
"id": "portal-gun",
"display_name": "Portal gun",
"properties": {}
},
{
"type": "resource",
"id": "space-cruiser",
"display_name": "Space cruiser",
"properties": {}
},
{
"type": "resource",
"id": "time-crystal",
"display_name": "Time crystal",
"properties": {}
}
]
}
88 changes: 88 additions & 0 deletions charts/topaz/test/data/domain_relations.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
{
"relations": [
{
"object_type": "resource-creator",
"object_id": "resource-creators",
"relation": "member",
"subject_type": "user",
"subject_id": "morty@the-citadel.com"
},
{
"object_type": "resource-creator",
"object_id": "resource-creators",
"relation": "member",
"subject_type": "user",
"subject_id": "rick@the-citadel.com"
},
{
"object_type": "resource-creator",
"object_id": "resource-creators",
"relation": "member",
"subject_type": "user",
"subject_id": "summer@the-smiths.com"
},
{
"object_type": "resource",
"object_id": "mega-seed",
"relation": "owner",
"subject_type": "user",
"subject_id": "morty@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "mega-seed",
"relation": "reader",
"subject_type": "user",
"subject_id": "rick@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "space-cruiser",
"relation": "owner",
"subject_type": "user",
"subject_id": "rick@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "space-cruiser",
"relation": "writer",
"subject_type": "user",
"subject_id": "morty@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "space-cruiser",
"relation": "reader",
"subject_type": "user",
"subject_id": "summer@the-smiths.com"
},
{
"object_type": "resource",
"object_id": "portal-gun",
"relation": "owner",
"subject_type": "user",
"subject_id": "morty@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "portal-gun",
"relation": "writer",
"subject_type": "user",
"subject_id": "rick@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "time-crystal",
"relation": "writer",
"subject_type": "user",
"subject_id": "rick@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "time-crystal",
"relation": "reader",
"subject_type": "user",
"subject_id": "morty@the-citadel.com"
}
]
}
Loading

0 comments on commit 38c510a

Please sign in to comment.