Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow components to cite "modules" to help with file management #147

Open
davidthor opened this issue Jul 27, 2023 · 0 comments
Open

Allow components to cite "modules" to help with file management #147

davidthor opened this issue Jul 27, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@davidthor
Copy link
Member

Is your feature request related to a problem? Please describe.

I've been working on creating a component for Ory Kratos, but I'm finding the component to be a bit on the lengthy side (>200 lines).

Describe the solution you would like

What I'd like to do is be able to split some of the component into another module (ideally the headless kratos service and the mechanics for configuring it) to make it easier to author the UI portion of the component without the noise of everything else in the file. It would also make it easier to create a strictly "Kratos" component that can be used by others without our opinionated UI.

# architectio/kratos component
version: v2

variables:
  allowed_return_urls:
    description: URLs that the service can safely redirect to after auth flows
    required: true
  identity_schema:
    description: Ory Kratos identity schema json payload
    required: true
  error_ui_url:
    description: URL of the error UI
    required: true
  settings_ui_url:
    description: URL of the settings UI
    required: true
  login_ui_url:
    description: URL of the login UI
    required: true
  registration_ui_url:
    description: URL of the registration UI
    required: true
  verification_ui_url:
    description: URL of the verification UI
    required: true
  recovery_ui_url:
    description: URL of the recovery UI

dependencies:
  smtp: architectio/mailslurper

databases:
  kratos:
    type: postgres:15

deployments:
  kratos:
    image: oryd/kratos:v1.0
    entrypoint: [""]
    command:
      - sh
      - -c
      - |
        mkdir ./kratos
        echo "$IDENTITY_SCHEMA" > ./kratos/identity.schema.json
        echo "$CONFIG" > ./kratos/.kratos.yml
        kratos -c ./kratos/.kratos.yml migrate sql -e --yes
        kratos serve -c ./kratos/.kratos.yml --watch-courier --dev
    environment:
      CONFIG: |
        version: v0.13.0
        dsn: ${{ databases.kratos.url }}?max_conns=20&max_idle_conns=4
        serve:
          public:
            base_url: ${{ ingresses.kratos-public.url }}
            cors:
              enabled: false
          admin:
            base_url: ${{ services.kratos-admin.url }}
        selfservice:
          allowed_return_urls: ${{ variables.allowed_return_urls }}
          methods:
            password:
              enabled: true
            totp:
              config:
                issuer: Kratos
              enabled: true
            code:
              enabled: true
            link:
              enabled: true
            lookup_secret:
              enabled: true
          flows:
            error:
              ui_url: ${{ variables.error_ui_url }}
            settings:
              ui_url: ${{ variables.settings_ui_url }}
              privileged_session_max_age: 15m
              required_aal: highest_available
            login:
              ui_url: ${{ variables.login_ui_url }}
              lifespan: 10m
            registration:
              ui_url: ${{ variables.registration_ui_url }}
              lifespan: 10m
              after:
                password:
                  hooks:
                    - hook: session
                    - hook: show_verification_ui
            verification:
              enabled: true
              ui_url: ${{ variables.verification_ui_url }}
              use: code
            recovery:
              enabled: true
              ui_url: ${{ variables.recovery_ui_url }}
              use: code
        courier:
          smtp:
            connection_uri: ${{ dependencies.smtp.services.smtp.url }}/?skip_ssl_verify=true
        log:
          level: info
          format: text
          leak_sensitive_values: true
        secrets:
          cookie:
            - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
          cipher:
            - 32-LONG-SECRET-NOT-SECURE-AT-ALL
        ciphers:
          algorithm: xchacha20-poly1305
        hashers:
          algorithm: bcrypt
          bcrypt:
            cost: 8
        identity:
          default_schema_id: default
          schemas:
            - id: default
              url: file://./kratos/identity.schema.json
        cookies:
          domain: 127.0.0.1.nip.io
      IDENTITY_SCHEMA: ${{ variables.identity_schema }}

services:
  kratos-public:
    deployment: kratos
    port: 4433
  kratos-admin:
    deployment: kratos
    port: 4434

ingresses:
  kratos-public:
    service: kratos-public
    headers:
      Access-Control-Allow-Origin: ${{ variables.allowed_return_urls }}
      Access-Control-Allow-Methods:
        '["GET", "OPTIONS", "POST", "PUT", "DELETE"]'
      Access-Control-Allow-Headers: "*"
      Access-Control-Allow-Credentials: "true"
# architectio/auth component
version: v2

variables:
  allowed_return_urls:
    description: URLs that the service can safely redirect to after auth flows
    merge: true

modules:
  kratos:
    source: architectio/kratos:latest
    variables:
      allowed_return_urls: ${{ variables.allowed_return_urls }}
      error_ui_url: ${{ ingresses.frontend.url }}error
      settings_ui_url: ${{ ingresses.frontend.url }}settings
      login_ui_url: ${{ ingresses.frontend.url }}login
      registration_ui_url: ${{ ingresses.frontend.url }}registration
      verification_ui_url: ${{ ingresses.frontend.url }}verification
      recovery_ui_url: ${{ ingresses.frontend.url }}recovery
      identity_schema: |
        {
          "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
          "$schema": "http://json-schema.org/draft-07/schema#",
          "title": "Person",
          "type": "object",
          "properties": {
            "traits": {
              "type": "object",
              "properties": {
                "email": {
                  "type": "string",
                  "format": "email",
                  "title": "E-Mail",
                  "minLength": 3,
                  "ory.sh/kratos": {
                    "credentials": {
                      "password": {
                        "identifier": true
                      }
                    },
                    "verification": {
                      "via": "email"
                    },
                    "recovery": {
                      "via": "email"
                    }
                  }
                },
                "name": {
                  "type": "object",
                  "properties": {
                    "first": {
                      "title": "First Name",
                      "type": "string"
                    },
                    "last": {
                      "title": "Last Name",
                      "type": "string"
                    }
                  }
                }
              },
              "required": [
                "email"
              ],
              "additionalProperties": false
            }
          }
        }

builds:
  kratos-ui:
    context: ./
    dockerfile: Dockerfile
    debug:
      dockerfile: Dockerfile-dev

deployments:
  ui:
    image: ${{ builds.kratos-ui.id }}
    environment:
      PORT: "4455"
      KRATOS_PUBLIC_URL: ${{ modules.kratos.services.kratos-public.url }}
      KRATOS_BROWSER_URL: ${{ modules.kratos.ingresses.kratos-public.url }}
    debug:
      volumes:
        src:
          host_path: ./src
          mount_path: /usr/src/app/src
        views:
          host_path: ./views
          mount_path: /usr/src/app/views
        public:
          host_path: ./public
          mount_path: /usr/src/app/public

services:
  frontend:
    deployment: ui
    port: 4455

ingresses:
  frontend:
    service: frontend

Describe alternatives you've considered

Another option is to have components consist of many different files in the same folder that share a suffix like terraform, but that wouldn't allow me to package up the headless Ory portion as a component to be easily consumed by others.
@davidthor davidthor added the enhancement New feature or request label Jul 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@davidthor