Merge remote-tracking branch 'origin/main'
This commit is contained in:
Christian Galo
@ -22,3 +22,8 @@ Deploy using the `-c` flag to specify one or multiple compose files.
|
|||||||
```
|
```
|
||||||
docker stack deploy temporal --detach=true -c compose.yaml
|
docker stack deploy temporal --detach=true -c compose.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Next Steps and notes
|
||||||
|
|
||||||
|
- Need to better understand how static config files are managed in this setup.
|
||||||
|
- Are they baked into the image, or mounted at runtime? Where are they stored? What is a good default location?
|
||||||
@ -17,4 +17,5 @@ RUN --mount=type=cache,target=/go/pkg/mod \
|
|||||||
CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o /workspace/bin/temporal-server .
|
CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o /workspace/bin/temporal-server .
|
||||||
|
|
||||||
FROM ${TEMPORAL_IMAGE} AS runtime
|
FROM ${TEMPORAL_IMAGE} AS runtime
|
||||||
|
WORKDIR /etc/temporal
|
||||||
COPY --from=build /workspace/bin/temporal-server /usr/local/bin/temporal-server
|
COPY --from=build /workspace/bin/temporal-server /usr/local/bin/temporal-server
|
||||||
|
|||||||
@ -21,29 +21,23 @@ func main() {
|
|||||||
|
|
||||||
logger := templog.NewCLILogger()
|
logger := templog.NewCLILogger()
|
||||||
|
|
||||||
authorizer, err := authorization.GetAuthorizerFromConfig(&cfg.Global.Authorization)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("authorizer: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
claimMapper, err := authorization.GetClaimMapperFromConfig(&cfg.Global.Authorization, logger)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("claim mapper: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
audienceMapper, err := authorization.GetAudienceMapperFromConfig(&cfg.Global.Authorization)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("audience mapper: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
srv, err := temporal.NewServer(
|
srv, err := temporal.NewServer(
|
||||||
temporal.ForServices(temporal.DefaultServices),
|
temporal.ForServices(temporal.DefaultServices),
|
||||||
temporal.WithConfig(cfg),
|
temporal.WithConfig(cfg),
|
||||||
temporal.WithLogger(logger),
|
temporal.WithLogger(logger),
|
||||||
temporal.InterruptOn(temporal.InterruptCh()),
|
temporal.InterruptOn(temporal.InterruptCh()),
|
||||||
temporal.WithAuthorizer(authorizer),
|
temporal.WithAuthorizer(authorization.NewDefaultAuthorizer()),
|
||||||
temporal.WithClaimMapper(func(*config.Config) authorization.ClaimMapper { return claimMapper }),
|
temporal.WithClaimMapper(func(cfg *config.Config) authorization.ClaimMapper {
|
||||||
temporal.WithAudienceGetter(func(*config.Config) authorization.JWTAudienceMapper { return audienceMapper }),
|
return authorization.NewDefaultJWTClaimMapper(
|
||||||
|
// token key provider - fetches public keys from the OIDC provider
|
||||||
|
authorization.NewDefaultTokenKeyProvider(&cfg.Global.Authorization, logger),
|
||||||
|
&cfg.Global.Authorization,
|
||||||
|
logger,
|
||||||
|
)
|
||||||
|
}),
|
||||||
|
temporal.WithAudienceGetter(func(cfg *config.Config) authorization.JWTAudienceMapper {
|
||||||
|
return authorization.NewAudienceMapper(cfg.Global.Authorization.Audience)
|
||||||
|
}),
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("setup server: %v", err)
|
log.Fatalf("setup server: %v", err)
|
||||||
|
|||||||
Reference in New Issue
Block a user