Added a client-cedar Docker image.

Shaul Kremer · Shaul Kremer · commit bbe28ebd82a3 · 2023-05-10T19:31:58.000+03:00
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "cedar-agent"]
+	path = cedar-agent
+	url = https://github.com/permitio/cedar-agent.git
diff --git a/Makefile b/Makefile
@@ -41,6 +41,9 @@ install-develop:
 docker-build-client:
 	@docker build -t permitio/opal-client --target client -f docker/Dockerfile .
 
+docker-build-client-cedar:
+	@docker build -t permitio/opal-client-cedar --target client-cedar -f docker/Dockerfile .
+
 docker-build-client-standalone:
 	@docker build -t permitio/opal-client-standalone --target client-standalone -f docker/Dockerfile .
 
diff --git a/cedar-agent b/cedar-agent
@@ -0,0 +1 @@
+Subproject commit b5cdccec3b5476d6a983de4a9837e32d95b179d1
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -12,6 +12,16 @@ COPY ./packages/opal-server/requires.txt ./server_requires.txt
 # install python deps
 RUN pip install --no-cache-dir --upgrade pip && pip install --no-cache-dir -r ./base_requires.txt -r ./common_requires.txt -r ./client_requires.txt -r ./server_requires.txt
 
+# CEDAR AGENT BUILD STAGE ---------------------------
+# split this stage to save time and reduce image size
+# ---------------------------------------------------
+FROM rust:1.69.0 as cedar-builder
+COPY cedar-agent /tmp/cedar-agent/
+ARG cargo_flags="-r"
+RUN cd /tmp/cedar-agent && \
+	cargo build ${cargo_flags} && \
+	cp /tmp/cedar-agent/target/*/cedar-agent /
+
 # COMMON IMAGE --------------------------------------
 # ---------------------------------------------------
 FROM python:3.10-slim as common
@@ -70,6 +80,8 @@ RUN mkdir -p /opal/backup
 VOLUME /opal/backup
 
 
+# IMAGE to extract OPA from official image ----------
+# ---------------------------------------------------
 FROM alpine:latest as opa-extractor
 USER root
 
@@ -85,7 +97,7 @@ RUN skopeo copy "docker://${opa_image}:${opa_tag}" docker-archive:./image.tar &&
   rm -r image image.tar
 
 
-# CLIENT IMAGE --------------------------------------
+# OPA CLIENT IMAGE ----------------------------------
 # Using standalone image as base --------------------
 # ---------------------------------------------------
 FROM client-standalone as client
@@ -104,6 +116,25 @@ ENV OPAL_INLINE_OPA_ENABLED=true
 EXPOSE 8181
 USER opal
 
+# CEDAR CLIENT IMAGE --------------------------------
+# Using standalone image as base --------------------
+# ---------------------------------------------------
+FROM client-standalone as client-cedar
+
+# Temporarily move back to root for additional setup
+USER root
+
+RUN apt-get update && apt-get install -y netcat jq && apt-get clean
+
+# copy cedar from its build stage
+COPY --from=cedar-builder /cedar-agent /cedar-agent
+
+# enable inline Cedar agent
+ENV OPAL_INLINE_CEDAR_ENABLED=true
+# expose cedar port
+EXPOSE 8180
+USER opal
+
 # SERVER IMAGE --------------------------------------
 # ---------------------------------------------------
 FROM common as server

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[submodule "cedar-agent"]`
	`2`	`+ path = cedar-agent`
	`3`	`+ url = https://github.com/permitio/cedar-agent.git`