Skip to content

Commit

Permalink
Fix build and vendoring
Browse files Browse the repository at this point in the history 
The build was running glide install which installs the dependencies
found in the lock file. As a result we were running a very old version
of OPA.

These changes vendor the plugin dependencies and remove the glide step
from the build process. It's no longer required since all of the deps
are contained in the repo.

Also, remove broken plugin install from the README.

Signed-off-by: Torin Sandall <[email protected]>
  • Loading branch information
@tsandall
tsandall committed Sep 4, 2018
1 parent 9a58d7b commit 1330a47
Show file tree
Hide file tree
Showing 1,937 changed files with 498,736 additions and 39 deletions.
1 change: 0 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,3 @@

# Build output
/opa-docker-authz
/vendor
4 changes: 2 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
.PHONY: all build

VERSION := 0.3
OPA_VERSION := 0.8.0
VERSION := 0.4
OPA_VERSION := $(shell ./get-opa-version-from-glide.sh)
GO_VERSION := 1.10
REPO := openpolicyagent/opa-docker-authz
DOCKER_VERSION := $(shell docker version --format '{{.Server.Version}}')
Expand Down
14 changes: 2 additions & 12 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ The following steps detail how to install the managed plugin.
Download the `opa-docker-authz` plugin from the Docker Hub (depending on how your Docker environment is configured, you may need to execute the following commands using the `sudo` utility), and specify the location of the policy file, using the `opa-args` key, and an appropriate value:

```
$ docker plugin install --alias opa-docker-authz openpolicyagent/opa-docker-authz-v2:0.3 opa-args="-policy-file /opa/policies/authz.rego"
$ docker plugin install --alias opa-docker-authz openpolicyagent/opa-docker-authz-v2:0.4 opa-args="-policy-file /opa/policies/authz.rego"
Plugin "openpolicyagent/opa-docker-authz-v2:<VERSION>" is requesting the following privileges:
- mount: [/etc/docker]
Do you grant the above permissions? [y/N] y
Expand Down Expand Up @@ -67,16 +67,6 @@ $ sudo kill -HUP $(pidof dockerd)

The Docker daemon will now send authorization requests for all Docker client API calls, to the `opa-docker-authz` plugin, for evaluation.

If an alternate host location is preferred for the bind mount, then it's possible to set the source during plugin installation. For example, if policy files are located in `$HOME/opa/policies`, then a policy file called `authz.rego` can be made available to the plugin, with the following:

```
$ docker plugin install --alias opa-docker-authz \
openpolicyagent-v2/opa-docker-authz:0.3 \
policy.source=$HOME/opa/policies \
opa-args="-policy-file /opa/authz.rego"
```

**Legacy Plugin**

If you prefer to use the legacy plugin, it needs to be started as a container, before applying the same configuration to the Docker daemon, as detailed above:
Expand All @@ -85,7 +75,7 @@ If you prefer to use the legacy plugin, it needs to be started as a container, b
$ docker container run -d --restart=always --name opa-docker-authz \
-v /run/docker/plugins:/run/docker/plugins \
-v $HOME/opa/policies:/opa \
openpolicyagent/opa-docker-authz:0.3 -policy-file /opa/authz.rego
openpolicyagent/opa-docker-authz:0.4 -policy-file /opa/authz.rego
```

### Logs
Expand Down
12 changes: 1 addition & 11 deletions build.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,11 @@

set -e

echo "Building opa-docker-authz version: $VERSION"

echo -e "\nInstalling glide ..."
curl -s https://glide.sh/get | sh

echo -e "\nInstalling all the dependencies ..."
glide install

echo -e "\nSetting OPA version to $OPA_VERSION ..."
sed -i "s/\( version: v\)[0-9]\.[0-9]\.[0-9]/\1$OPA_VERSION/g" glide.yaml
echo "Building opa-docker-authz version: $VERSION (OPA version: $OPA_VERSION)"

echo -e "\nBuilding opa-docker-authz ..."
CGO_ENABLED=0 go build -ldflags \
"-X github.com/open-policy-agent/opa-docker-authz/version.Version=$VERSION -X github.com/open-policy-agent/opa-docker-authz/version.OPAVersion=$OPA_VERSION" \
-o opa-docker-authz
rm -rf ./vendor

echo -e "\n... done!"
3 changes: 3 additions & 0 deletions get-opa-version-from-glide.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/usr/bin/env sh

grep '^- package: github.com/open-policy-agent/opa$' glide.yaml -A 1 | grep 'version: ' | awk '{print $2}'
32 changes: 20 additions & 12 deletions glide.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion glide.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ import:
- package: github.com/fsnotify/fsnotify
version: 4da3e2cfbabc9f751898f250b49f2439785783a1
- package: github.com/open-policy-agent/opa
version: v0.8.0
version: v0.9.1
1 change: 1 addition & 0 deletions vendor/github.com/Microsoft/go-winio/.gitignore
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 22 additions & 0 deletions vendor/github.com/Microsoft/go-winio/LICENSE
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 22 additions & 0 deletions vendor/github.com/Microsoft/go-winio/README.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 27 additions & 0 deletions vendor/github.com/Microsoft/go-winio/archive/tar/LICENSE
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 1330a47

Please sign in to comment.