Merge pull request meshery#6644 from abdullah1308/enforce-provider

fixes meshery#6597

Makefile

@@ -28,7 +28,7 @@ docker-build:
 docker-playground-build:
 	# `make docker-playground-build` builds Meshery inside of a multi-stage Docker container.
 	# This method does NOT require that you have Go, NPM, etc. installed locally.
-	DOCKER_BUILDKIT=1 docker build -f install/docker/Dockerfile -t layer5/meshery --build-arg TOKEN=$(GLOBAL_TOKEN) --build-arg GIT_COMMITSHA=$(GIT_COMMITSHA) --build-arg GIT_VERSION=$(GIT_VERSION) --build-arg RELEASE_CHANNEL=${RELEASE_CHANNEL} --build-arg ENFORCED_PROVIDER=$(LOCAL_PROVIDER) --build-arg PROVIDER_BASE_URLS=$(MESHERY_CLOUD_PROD) .	
+	DOCKER_BUILDKIT=1 docker build -f install/docker/Dockerfile -t layer5/meshery --build-arg TOKEN=$(GLOBAL_TOKEN) --build-arg GIT_COMMITSHA=$(GIT_COMMITSHA) --build-arg GIT_VERSION=$(GIT_VERSION) --build-arg RELEASE_CHANNEL=${RELEASE_CHANNEL} --build-arg PROVIDER=$(LOCAL_PROVIDER) --build-arg PROVIDER_BASE_URLS=$(MESHERY_CLOUD_PROD) .	
 
 ## Meshery Cloud for user authentication.
 ## Runs Meshery in a container locally and points to locally-running
@@ -109,7 +109,7 @@ server: dep-check
 server-remote-provider: dep-check
 	cd server; cd cmd; go mod tidy; \
 	BUILD="$(GIT_VERSION)" \
-	ENFORCED_PROVIDER=$(REMOTE_PROVIDER) \
+	PROVIDER=$(REMOTE_PROVIDER) \
 	PROVIDER_BASE_URLS=$(MESHERY_CLOUD_PROD) \
 	PORT=9081 \
 	DEBUG=true \
@@ -121,7 +121,7 @@ server-remote-provider: dep-check
 server-local-provider: dep-check
 	cd server; cd cmd; go mod tidy; \
 	BUILD="$(GIT_VERSION)" \
-	ENFORCED_PROVIDER=$(LOCAL_PROVIDER) \
+	PROVIDER=$(LOCAL_PROVIDER) \
 	PROVIDER_BASE_URLS=$(MESHERY_CLOUD_PROD) \
 	PORT=9081 \
 	DEBUG=true \
@@ -155,7 +155,7 @@ server-no-content:
 server-playground: dep-check
 	cd server; cd cmd; go mod tidy; \
 	BUILD="$(GIT_VERSION)" \
-	ENFORCED_PROVIDER=$(REMOTE_PROVIDER) \
+	PROVIDER=$(REMOTE_PROVIDER) \
 	PROVIDER_BASE_URLS=$(MESHERY_CLOUD_PROD) \
 	PORT=9081 \
 	DEBUG=true \

docs/pages/extensibility/providers.md

@@ -9,7 +9,7 @@ language: en
 list: include
 ---
 
-Meshery offers Providers as a point of extensibility. With a built-in Local Provider (named "None"), Meshery Remote Providers are designed to be pluggable. Remote Providers offer points of extension to users / integrators to deliver enhanced functionality, using Meshery as a platform. A specific type of provider can be enforced in a Meshery instance by passing it with the env variable ENFORCED_PROVIDER.
+Meshery offers Providers as a point of extensibility. With a built-in Local Provider (named "None"), Meshery Remote Providers are designed to be pluggable. Remote Providers offer points of extension to users / integrators to deliver enhanced functionality, using Meshery as a platform. A specific provider can be enforced in a Meshery instance by passing the name of the provider with the env variable PROVIDER.
 
 1. **Extensibility points offer clean separation of Meshery's core functionality versus plugin functionality.**
    - Meshmap is an example of a feature to be delivered via Remote Provider.

install/Makefile.core.mk

@@ -18,8 +18,8 @@
 GIT_VERSION	= $(shell git describe --tags `git rev-list --tags --max-count=1`)
 GIT_COMMITSHA = $(shell git rev-list -1 HEAD)
 GIT_STRIPPED_VERSION=$(shell git describe --tags `git rev-list --tags --max-count=1` | cut -c 2-)
-REMOTE_PROVIDER="remote"
-LOCAL_PROVIDER="local"
+REMOTE_PROVIDER="Meshery"
+LOCAL_PROVIDER="None"
 GOVERSION = 1.19
 GOPATH = $(shell go env GOPATH)
 GOBIN  = $(GOPATH)/bin

install/docker-extension/docker-compose.yaml

@@ -10,7 +10,6 @@ services:
     pull_policy: always
     environment:
       - "PROVIDER_BASE_URLS=https://meshery.layer5.io"
-      - "SAAS_BASE_URL=https://meshery.layer5.io"
       - "ADAPTER_URLS=meshery-istio:10000 meshery-linkerd:10001 meshery-consul:10002 meshery-nginx-sm:10010 meshery-app-mesh:10005 meshery-kuma:10007 meshery-osm:10009 meshery-traefik-mesh:10006  meshery-cilium:10012"
       - "EVENT=mesheryLocal"
       - "PORT=9081"

install/docker/docker-compose.yaml

@@ -6,7 +6,6 @@ services:
       - "com.centurylinklabs.watchtower.enable=true"
     environment:
       - "PROVIDER_BASE_URLS=https://meshery.layer5.io"
-      - "SAAS_BASE_URL=https://meshery.layer5.io"
       - "ADAPTER_URLS=meshery-istio:10000 meshery-linkerd:10001 meshery-consul:10002 meshery-nsm:10004 meshery-app-mesh:10005 meshery-kuma:10007 meshery-osm:10009 meshery-traefik-mesh:10006 meshery-nginx-sm:10010 meshery-cilium:10012"
       - "EVENT=mesheryLocal"
       - "PORT=9081"

install/kubernetes/helm/meshery/README.md

@@ -39,7 +39,6 @@ Meshery chart for deploying Meshery and Meshery's adapters.
 | env.ADAPTER_URLS | string | `"meshery-istio:10000 meshery-linkerd:10001 meshery-consul:10002 meshery-kuma:10007 meshery-osm:10009 meshery-nginx-sm:10010 meshery-nsm:10004 meshery-app-mesh:10005 meshery-traefik-mesh:10006 meshery-cilium:10012 meshery-perf:10013"` |  |
 | env.EVENT | string | `"mesheryLocal"` |  |
 | env.PROVIDER_BASE_URLS | string | `"https://meshery.layer5.io"` |  |
-| env.SAAS_BASE_URL | string | `"https://meshery.layer5.io"` |  |
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"Always"` |  |
 | image.repository | string | `"layer5/meshery"` |  |

install/kubernetes/helm/meshery/values.yaml

@@ -12,7 +12,6 @@ image:
 
 env:
   EVENT: mesheryLocal
-  SAAS_BASE_URL: https://meshery.layer5.io
   PROVIDER_BASE_URLS: https://meshery.layer5.io
   ADAPTER_URLS: meshery-istio:10000 meshery-linkerd:10001 meshery-consul:10002 meshery-kuma:10007 meshery-osm:10009 meshery-nginx-sm:10010 meshery-nsm:10004 meshery-app-mesh:10005 meshery-traefik-mesh:10006 meshery-cilium:10012
 

install/playground/meshery-playground-deployment.yaml

@@ -20,8 +20,8 @@ spec:
         - env:
             - name: PROVIDER_BASE_URLS
               value: https://meshery.layer5.io
-            - name: ENFORCED_PROVIDER
-              value: remote
+            - name: PROVIDER
+              value: Meshery
             - name: PLAYGROUND
               value: "true"
           image: layer5/meshery:playground-v0.6.35

mesheryctl/internal/cli/root/config/config.go

@@ -24,25 +24,26 @@ type Version struct {
 
 // MesheryCtlConfig is configuration structure of mesheryctl with contexts
 type MesheryCtlConfig struct {
-	Contexts       map[string]Context `mapstructure:"contexts"`
-	CurrentContext string             `mapstructure:"current-context"`
-	Tokens         []Token            `mapstructure:"tokens"`
+	Contexts       map[string]Context `yaml:"contexts" mapstructure:"contexts"`
+	CurrentContext string             `yaml:"current-context" mapstructure:"current-context"`
+	Tokens         []Token            `yaml:"tokens" mapstructure:"tokens"`
 }
 
 // Token defines the structure of Token stored in mesheryctl
 type Token struct {
-	Name     string `mapstructure:"name"`
-	Location string `mapstructure:"location"`
+	Name     string `yaml:"name" mapstructure:"name"`
+	Location string `yaml:"location" mapstructure:"location"`
 }
 
 // Context defines a meshery environment
 type Context struct {
-	Endpoint   string   `mapstructure:"endpoint,omitempty"`
-	Token      string   `mapstructure:"token,omitempty"`
-	Platform   string   `mapstructure:"platform"`
-	Components []string `mapstructure:"components,omitempty"`
-	Channel    string   `mapstructure:"channel,omitempty"`
-	Version    string   `mapstructure:"version,omitempty"`
+	Endpoint   string   `yaml:"endpoint,omitempty" mapstructure:"endpoint,omitempty"`
+	Token      string   `yaml:"token,omitempty" mapstructure:"token,omitempty"`
+	Platform   string   `yaml:"platform" mapstructure:"platform"`
+	Components []string `yaml:"components,omitempty" mapstructure:"components,omitempty"`
+	Channel    string   `yaml:"channel,omitempty" mapstructure:"channel,omitempty"`
+	Version    string   `yaml:"version,omitempty" mapstructure:"version,omitempty"`
+	Provider   string   `yaml:"provider,omitempty" mapstructure:"provider,omitempty"`
 }
 
 // GetMesheryCtl returns a reference to the mesheryctl configuration object
@@ -256,6 +257,16 @@ func (ctx *Context) ValidateVersion() error {
 	return nil
 }
 
+// GetProvider returns the provider of the current context
+func (ctx *Context) GetProvider() string {
+	return ctx.Provider
+}
+
+// SetProvider sets the provider of the current context
+func (ctx *Context) SetProvider(provider string) {
+	ctx.Provider = provider
+}
+
 // GetName returns the token name
 func (t *Token) GetName() string {
 	return t.Name

mesheryctl/internal/cli/root/config/config_test.go

@@ -90,7 +90,7 @@ func TestGetChannel(t *testing.T) {
 
 func TestGetComponents(t *testing.T) {
 	dummy := []string{"abc", "def", "ghi", "jkl", "mno", "pqr"}
-	context := Context{"", "", "", dummy, "", ""}
+	context := Context{"", "", "", dummy, "", "", ""}
 	got := context.GetComponents()
 	want := dummy
 	for i, j := range got {
@@ -230,7 +230,7 @@ func TestSetVersion(t *testing.T) {
 
 func TestSetComponents(t *testing.T) {
 	dummy := []string{"abc", "def", "ghi", "jkl", "mno", "pqr"}
-	context := Context{"", "", "", dummy, "", ""}
+	context := Context{"", "", "", dummy, "", "", ""}
 	got := context.GetComponents()
 	want := dummy
 	for i, j := range got {
@@ -240,6 +240,31 @@ func TestSetComponents(t *testing.T) {
 	}
 }
 
+func TestGetProvider(t *testing.T) {
+	for _, test := range tests {
+		context := Context{"", "", "", nil, "", "", test}
+		got := context.GetProvider()
+		want := test
+
+		if got != want {
+			t.Errorf("got %q want %q", got, want)
+		}
+	}
+}
+
+func TestSetProvider(t *testing.T) {
+	context := Context{}
+	for _, test := range tests {
+		context.SetProvider(test)
+		got := context.GetProvider()
+		want := test
+
+		if got != want {
+			t.Errorf("got %q want %q", got, want)
+		}
+	}
+}
+
 // TODO: Shift Testing utility functions to meshkit so import cycle problems can be eliminated in future
 
 // func TestChangePlatform(t *testing.T) {

mesheryctl/internal/cli/root/system/fixtures/.meshery/meshery.yaml

@@ -5,7 +5,6 @@ services:
             - com.centurylinklabs.watchtower.enable=true
         environment:
             - PROVIDER_BASE_URLS=https://meshery.layer5.io
-            - SAAS_BASE_URL=https://meshery.layer5.io
             - ADAPTER_URLS=meshery-istio:10000 meshery-linkerd:10001 meshery-consul:10002 meshery-nsm:10004 meshery-app-mesh:10005 meshery-kuma:10007 meshery-osm:10009 meshery-traefik-mesh:10006 meshery-nginx-sm:10010 meshery-cilium:10012
             - EVENT=mesheryLocal
             - PORT=9081

mesheryctl/internal/cli/root/system/start.go

@@ -235,6 +235,10 @@ func start() error {
 					temp.Environment = append(temp.Environment, fmt.Sprintf("%s=%s", "MESHERY_SERVER_CALLBACK_URL", viper.GetString("MESHERY_SERVER_CALLBACK_URL")))
 				}
 
+				if currCtx.GetProvider() != "" {
+					temp.Environment = append(temp.Environment, fmt.Sprintf("%s=%s", "PROVIDER", currCtx.GetProvider()))
+				}
+
 				temp.Image = fmt.Sprintf("%s:%s-%s", spliter[0], currCtx.GetChannel(), mesheryImageVersion)
 			}
 			services[v] = temp

mesheryctl/pkg/utils/helpers.go

@@ -928,6 +928,13 @@ func SetOverrideValues(ctx *config.Context, mesheryImageVersion string) map[stri
 		"tag": ctx.GetChannel() + "-" + mesheryImageVersion,
 	}
 
+	// set the provider
+	if ctx.GetProvider() != "" {
+		valueOverrides["env"] = map[string]interface{}{
+			"PROVIDER": ctx.GetProvider(),
+		}
+	}
+
 	return valueOverrides
 }
 

server/cmd/main.go

@@ -84,7 +84,7 @@ func main() {
 	viper.SetDefault("COMMITSHA", commitsha)
 	viper.SetDefault("RELEASE_CHANNEL", releasechannel)
 	viper.SetDefault("INSTANCE_ID", &instanceID)
-	viper.SetDefault("ENFORCED_PROVIDER", "")
+	viper.SetDefault("PROVIDER", "")
 	viper.SetDefault("REGISTER_STATIC_K8S", true)
 	viper.SetDefault("SKIP_DOWNLOAD_CONTENT", false)
 	viper.SetDefault("SKIP_COMP_GEN", false)
@@ -323,7 +323,7 @@ func main() {
 	mctrlHelper := models.NewMesheryControllersHelper(log, operatorDeploymentConfig, dbHandler)
 	k8sComponentsRegistrationHelper := models.NewComponentsRegistrationHelper(log)
 
-	h := handlers.NewHandlerInstance(hc, meshsyncCh, log, brokerConn, k8sComponentsRegistrationHelper, mctrlHelper, dbHandler, events.NewEventStreamer(), regManager, viper.GetString("ENFORCED_PROVIDER"))
+	h := handlers.NewHandlerInstance(hc, meshsyncCh, log, brokerConn, k8sComponentsRegistrationHelper, mctrlHelper, dbHandler, events.NewEventStreamer(), regManager, viper.GetString("PROVIDER"))
 
 	b := broadcast.NewBroadcaster(100)
 	defer b.Close()

server/handlers/handler_instance.go

@@ -22,7 +22,7 @@ type Handler struct {
 	brokerConn         broker.Handler
 	K8sCompRegHelper   *models.ComponentsRegistrationHelper
 	MesheryCtrlsHelper *models.MesheryControllersHelper
-	EnforceProvider    string // When set, all endpoints consider tokens / identities / capabilities valid from the single, designated provider.
+	Provider           string // When set, all endpoints consider tokens / identities / capabilities valid from the single, designated provider.
 	dbHandler          *database.Handler
 	registryManager    *meshmodel.RegistryManager
 	EventsBuffer       *events.EventStreamer
@@ -39,7 +39,7 @@ func NewHandlerInstance(
 	dbHandler *database.Handler,
 	eb *events.EventStreamer,
 	regManager *meshmodel.RegistryManager,
-	enforcedProvider string,
+	provider string,
 ) models.HandlerInterface {
 	h := &Handler{
 		config:             handlerConfig,
@@ -51,7 +51,7 @@ func NewHandlerInstance(
 		dbHandler:          dbHandler,
 		EventsBuffer:       eb,
 		registryManager:    regManager,
-		EnforceProvider:    enforcedProvider,
+		Provider:           provider,
 	}
 
 	h.task = taskq.RegisterTask(&taskq.TaskOptions{

server/handlers/middlewares.go

@@ -42,13 +42,13 @@ func (h *Handler) ProviderMiddleware(next http.Handler) http.Handler {
 // AuthMiddleware is a middleware to validate if a user is authenticated
 func (h *Handler) AuthMiddleware(next http.Handler, auth models.AuthenticationMechanism) http.Handler {
 	fn := func(w http.ResponseWriter, req *http.Request) {
-		enforcedProvider := h.EnforceProvider
-		if auth == models.NoAuth && enforcedProvider != "" {
+		providerH := h.Provider
+		if auth == models.NoAuth && providerH != "" {
 			auth = models.ProviderAuth //If a provider is enforced then use provider authentication even in case of NoAuth
 		}
 		switch auth {
 		// case models.NoAuth:
-		// 	if enforcedProvider != "" {
+		// 	if providerH != "" {
 		// 		w.WriteHeader(http.StatusUnauthorized)
 		// 		return
 		// 	}
@@ -60,7 +60,7 @@ func (h *Handler) AuthMiddleware(next http.Handler, auth models.AuthenticationMe
 				http.Redirect(w, req, "/provider", http.StatusFound)
 				return
 			}
-			if enforcedProvider != "" && enforcedProvider != string(provider.GetProviderType()) {
+			if providerH != "" && providerH != provider.Name() {
 				w.WriteHeader(http.StatusUnauthorized)
 				return
 			}