Verification script (#6)

* Invoke GlooE plugin verification script
* Cleanup
* Fix Makefile
* Use GlooE dev version for now
* Fix test
* Update cmd flag name
* Use new GlooE release
* PR comments
* Fix cut command
* Use awk instead of grep|cut
* Revert "Use awk instead of grep|cut"

This reverts commit 99dd879
* Fix arg name
* Update to latest GlooE
* Update interface doc
* Revert "Update interface doc"

This reverts commit c643a57

.gitignore

@@ -1,5 +1,4 @@
 .idea
 vendor
 **.so
-GlooE-Gopkg.lock
-mismatched_dependencies.json
+_glooe

Dockerfile

@@ -1,6 +1,15 @@
-FROM golang:1.12.7-alpine AS build-env
+# This stage is parametrized to replicate the same environment GlooE was built in.
+# All ARGs need to be set via the docker `--build-arg` flags.
+ARG GO_BUILD_IMAGE
+FROM $GO_BUILD_IMAGE AS build-env
 
-RUN apk add --no-cache gcc musl-dev git
+ARG GC_FLAGS
+ARG VERIFY_SCRIPT
+
+# Fail if VERIFY_SCRIPT not set
+RUN if [[ ! $VERIFY_SCRIPT ]]; then echo "Required VERIFY_SCRIPT build argument not set" && exit 1; fi
+
+RUN apk add --no-cache gcc musl-dev
 
 ADD . /go/src/github.com/solo-io/ext-auth-plugins/
 WORKDIR /go/src/github.com/solo-io/ext-auth-plugins
@@ -10,11 +19,14 @@ WORKDIR /go/src/github.com/solo-io/ext-auth-plugins
 RUN cp -a vendor/. /go/src/ && rm -rf vendor
 
 # Build plugins with CGO enabled
-RUN CGO_ENABLED=1 GOARCH=amd64 GOOS=linux go build -buildmode=plugin -gcflags='all=-N -l' -o AuthorizeAll.so examples/authorize_all/plugin.go
-RUN CGO_ENABLED=1 GOARCH=amd64 GOOS=linux go build -buildmode=plugin -gcflags='all=-N -l' -o RequiredHeader.so examples/header/plugin.go
+RUN CGO_ENABLED=1 GOARCH=amd64 GOOS=linux go build -buildmode=plugin -gcflags="$GC_FLAGS" -o examples/RequiredHeader.so examples/required_header/plugin.go
+
+# Verify that plugins can be loaded by GlooE
+RUN chmod +x $VERIFY_SCRIPT
+RUN $VERIFY_SCRIPT -pluginDir examples -manifest examples/plugin_manifest.yaml
 
+# This stage builds the final image containing just the plugin .so files
 FROM alpine:3.10.1
 RUN mkdir /compiled-auth-plugins
-COPY --from=build-env /go/src/github.com/solo-io/ext-auth-plugins/AuthorizeAll.so /compiled-auth-plugins/
-COPY --from=build-env /go/src/github.com/solo-io/ext-auth-plugins/RequiredHeader.so /compiled-auth-plugins/
+COPY --from=build-env /go/src/github.com/solo-io/ext-auth-plugins/examples/RequiredHeader.so /compiled-auth-plugins/
 CMD cp /compiled-auth-plugins/* /auth-plugins/

Gopkg.toml

@@ -8,7 +8,7 @@
 
 [[constraint]]
   name = "github.com/solo-io/go-utils"
-  version = "=v0.9.13"
+  version = "=v0.9.17"
 
 [[constraint]]
   name = "github.com/envoyproxy/go-control-plane"
@@ -20,7 +20,7 @@
 
 [[override]]
   name = "go.uber.org/zap"
-  version = "=v1.9.0"
+  version = "=v1.10.0"
 
 [[override]]
   name = "go.uber.org/atomic"

Makefile

@@ -1,10 +1,4 @@
-#----------------------------------------------------------------------------------
-# Compare dependencies against GlooE
-#----------------------------------------------------------------------------------
-# Export all variables to sub-makes
-export
-
-GLOOE_VERSION := 0.18.6
+GLOOE_VERSION := 0.18.12
 BUILD_ID := $(BUILD_ID)
 RELEASE := "true"
 ifeq ($(TAGGED_VERSION),)
@@ -13,41 +7,67 @@ ifeq ($(TAGGED_VERSION),)
 endif
 VERSION ?= $(shell echo $(TAGGED_VERSION) | cut -c 2-)
 
-.PHONY: compare-deps
-compare-deps: Gopkg.lock GlooE-Gopkg.lock print-info
-	go run scripts/compare_dependencies.go Gopkg.lock GlooE-Gopkg.lock
+#----------------------------------------------------------------------------------
+# Retrieve GlooE build information
+#----------------------------------------------------------------------------------
+GLOOE_DIR := _glooe
+_ := $(shell mkdir -p $(GLOOE_DIR))
+
+.PHONY: get-glooe-info
+get-glooe-info: $(GLOOE_DIR)/Gopkg.lock $(GLOOE_DIR)/verify-plugins-linux-amd64 $(GLOOE_DIR)/build_env
 
-GlooE-Gopkg.lock:
-	curl -o GlooE-Gopkg.lock http://storage.googleapis.com/gloo-ee-dependencies/$(GLOOE_VERSION)/Gopkg.lock
+$(GLOOE_DIR)/Gopkg.lock:
+	curl -o $@ http://storage.googleapis.com/gloo-ee-dependencies/$(GLOOE_VERSION)/Gopkg.lock
+
+$(GLOOE_DIR)/verify-plugins-linux-amd64:
+	curl -o $@ http://storage.googleapis.com/gloo-ee-dependencies/$(GLOOE_VERSION)/verify-plugins-linux-amd64
+
+$(GLOOE_DIR)/build_env:
+	curl -o $@ http://storage.googleapis.com/gloo-ee-dependencies/$(GLOOE_VERSION)/build_env
 
-# TODO: remove
-.PHONY: print-info
-print-info:
-	@echo BUILD_ID: $(BUILD_ID)
-	@echo TAGGED_VERSION: $(TAGGED_VERSION)
-	@echo VERSION: $(VERSION)
-	@echo RELEASE: $(RELEASE)
 
 #----------------------------------------------------------------------------------
-# Build, test and publish example plugins
+# Compare dependencies against GlooE
+#----------------------------------------------------------------------------------
+
+.PHONY: compare-deps
+compare-deps: Gopkg.lock $(GLOOE_DIR)/Gopkg.lock
+	go run scripts/compare_dependencies.go Gopkg.lock $(GLOOE_DIR)/Gopkg.lock
+
+
+#----------------------------------------------------------------------------------
+# Build plugins
 #----------------------------------------------------------------------------------
 EXAMPLES_DIR := examples
 SOURCES := $(shell find . -name "*.go" | grep -v test)
 
-.PHONY: publish-examples
-publish-examples:
+define get_glooe_var
+$(shell grep $(1) $(GLOOE_DIR)/build_env | cut -d '=' -f 2-)
+endef
+
+.PHONY: build-plugins
+build-plugins: $(GLOOE_DIR)/build_env $(GLOOE_DIR)/verify-plugins-linux-amd64
+	docker build --no-cache -t quay.io/solo-io/ext-auth-plugins:$(VERSION) \
+		--build-arg GO_BUILD_IMAGE=$(call get_glooe_var,GO_BUILD_IMAGE) \
+		--build-arg GC_FLAGS=$(call get_glooe_var,GC_FLAGS) \
+		--build-arg VERIFY_SCRIPT=$(GLOOE_DIR)/verify-plugins-linux-amd64 \
+		.
+
+.PHONY: build-plugins-for-tests
+build-plugins-for-tests: $(EXAMPLES_DIR)/required_header/RequiredHeader.so
+
+$(EXAMPLES_DIR)/required_header/RequiredHeader.so: $(SOURCES)
+	go build -buildmode=plugin -o $(EXAMPLES_DIR)/required_header/RequiredHeader.so $(EXAMPLES_DIR)/required_header/plugin.go
+
+
+#----------------------------------------------------------------------------------
+# Release plugins
+#----------------------------------------------------------------------------------
+
+.PHONY: release-plugins
+release-plugins: build-plugins
 ifeq ($(RELEASE),"true")
-	docker build -t quay.io/solo-io/ext-auth-plugins:$(VERSION) .
 	docker push quay.io/solo-io/ext-auth-plugins:$(VERSION)
 else
 	@echo This is not a release build. Example plugins will not be published.
-endif
-
-.PHONY: build-examples-for-tests
-build-examples-for-tests: $(EXAMPLES_DIR)/authorize_all/AuthorizeAll.so $(EXAMPLES_DIR)/header/RequiredHeader.so
-
-$(EXAMPLES_DIR)/authorize_all/AuthorizeAll.so: $(SOURCES)
-	go build -buildmode=plugin -o $(EXAMPLES_DIR)/authorize_all/AuthorizeAll.so $(EXAMPLES_DIR)/authorize_all/plugin.go
-
-$(EXAMPLES_DIR)/header/RequiredHeader.so: $(SOURCES)
-	go build -buildmode=plugin -o $(EXAMPLES_DIR)/header/RequiredHeader.so $(EXAMPLES_DIR)/header/plugin.go
+endif

api/interface.go

@@ -69,7 +69,7 @@ type ExtAuthPlugin interface {
 	//
 	//   type MyPluginConfig struct {
 	//     SomeKey string
-	//	   SomeStruct NestedConfig
+	//     SomeStruct NestedConfig
 	//   }
 	//
 	// where `NestedConfig` is:

changelog/v0.0.2/verify-plugins-script.yaml

@@ -0,0 +1,4 @@
+changelog:
+- type: NEW_FEATURE
+  description: Verify plugin compatibility with GlooE during build.
+  issueLink: https://github.com/solo-io/ext-auth-plugins/issues/5

cloudbuild.yaml

@@ -1,7 +1,7 @@
 steps:
 # Using dep container from github.com/solo-io/cloud-builders/dep
-# This copies files into the proper workspace layout and so must be run before other tasks
-# Subsequent steps should set GOPATH variable to avoid setting up unnecessary sym link
+# This copies files into the proper workspace layout and so must be run before other tasks.
+# Subsequent steps must set the $GOPATH env variable.
 - name: 'gcr.io/$PROJECT_ID/dep'
   id: 'dep'
   args: ['ensure']
@@ -19,8 +19,8 @@ steps:
   dir: './gopath/src/github.com/solo-io/ext-auth-plugins'
 
 - name: 'gcr.io/$PROJECT_ID/go-make:0.1.12'
-  id: 'build-examples'
-  args: ['build-examples-for-tests']
+  id: 'build-plugins-for-tests'
+  args: ['build-plugins-for-tests']
   env:
   - 'PROJECT_ROOT=github.com/solo-io/ext-auth-plugins'
   - 'GOPATH=/workspace/gopath'
@@ -29,7 +29,7 @@ steps:
   dir: './gopath/src/github.com/solo-io/ext-auth-plugins'
 
 - name: 'gcr.io/$PROJECT_ID/ginkgo:0.1.12'
-  id: 'test-examples'
+  id: 'test-plugins'
   args: ['-r']
   env:
   - 'PROJECT_ROOT=github.com/solo-io/ext-auth-plugins'
@@ -38,21 +38,31 @@ steps:
   - 'BUILD_ID=$BUILD_ID'
   dir: './gopath/src/github.com/solo-io/ext-auth-plugins'
 
+- name: 'gcr.io/$PROJECT_ID/go-make:0.1.12'
+  id: 'build-plugins'
+  args: ['build-plugins']
+  env:
+  - 'PROJECT_ROOT=github.com/solo-io/ext-auth-plugins'
+  - 'GOPATH=/workspace/gopath'
+  - 'TAGGED_VERSION=$TAG_NAME'
+  - 'BUILD_ID=$BUILD_ID'
+  dir: './gopath/src/github.com/solo-io/ext-auth-plugins'
+
 - name: 'gcr.io/cloud-builders/docker'
   entrypoint: 'bash'
   args: ['-c', 'docker login quay.io --username "solo-io+solobot" --password $$QUAY_IO_PASSWORD']
   secretEnv: ['QUAY_IO_PASSWORD']
   id: 'docker-login'
 
 - name: 'gcr.io/$PROJECT_ID/go-make:0.1.12'
-  args: ['publish-examples']
+  args: ['release-plugins']
   env:
   - 'PROJECT_ROOT=github.com/solo-io/ext-auth-plugins'
   - 'GOPATH=/workspace/gopath'
   - 'TAGGED_VERSION=$TAG_NAME'
   - 'BUILD_ID=$BUILD_ID'
   dir: './gopath/src/github.com/solo-io/ext-auth-plugins'
-  id: 'publish-examples'
+  id: 'release-plugins'
 
 secrets:
 - kmsKeyName: projects/solo-public/locations/global/keyRings/build/cryptoKeys/build-key