chore: wire up doc and helm charts with README and main entrypoint (#24)

Author: jon-whit

.gitignore

@@ -1,6 +1,5 @@
 .vscode/
 dist/
 genprotos/
-localconfig/
 coverage.out
 internal/mock_*.go

README.md

@@ -1,42 +1,67 @@
 # access-controller
 
+[![Latest Release](https://img.shields.io/github/v/release/authorizer-tech/access-controller)](https://github.com/authorizer-tech/access-controller/releases/latest)
 [![Go Report Card](https://goreportcard.com/badge/github.com/authorizer-tech/access-controller)](https://goreportcard.com/report/github.com/authorizer-tech/access-controller)
+[![Slack](https://img.shields.io/badge/slack-%23authorizer--tech-green)](https://authorizer-tech.slack.com)
 
 An implementation of a distributed access-control server that is based on [Google Zanzibar](https://research.google/pubs/pub48190/) - "Google's Consistent, Global Authorization System".
 
 An instance of an `access-controller` is similar to the `aclserver` implementation called out in the paper. A cluster of access-controllers implement the functional equivalent of the Zanzibar `aclserver` cluster.
 
 # Getting Started
+If you want to setup an instance of the Authorizer platform as a whole, browse the API References, or just brush up on the concepts and design of the platform, take a look at the [official platform documentation](https://authorizer-tech.github.io/docs/overview/introduction). If you're only interested in running the access-controller then continue on.
 
-## Start a Local Cluster
+## Setup a Cluster
 An access-controller server supports single node or multi-node (clustered) topologies. Instructions for running the server with these topologies are outlined below.
 
 To gain the benefits of the distributed query model that the access-controller implements, it is recommend to run a large cluster. Doing so will help distribute query load across more nodes within the cluster. The underlying cluster membership list is based on Hashicorp's [`memberlist`](https://github.com/hashicorp/memberlist)
 
 > a library that manages cluster membership and member failure detection using a gossip based protocol.
 
-A cluster should be able to suport hundreds of nodes. If you find otherwise, please submit an issue.
+A cluster should be able to suport hundreds of nodes. If you find otherwise, please [submit an issue](https://github.com/authorizer-tech/access-controller/issues/new).
 
-### Binary
+### Docker Compose
+[`docker-compose.yml`](./docker/docker-compose.yml) provides an example of how to setup a multi-node cluster using Docker and is a great way to get started quickly.
+
+```console
+$ docker compose -f docker/docker-compose.yml up
+```
+
+### Kubernetes (Recommended)
+Take a look at our [official Helm chart](https://authorizer-tech.github.io/helm-charts/access-controller).
+
+### Pre-compiled Binaries
+Download the [latest release](https://github.com/authorizer-tech/access-controller/releases/latest) and extract it.
+
+#### Pre-requisites
+To run an access-controller you must have a running CockroachDB database. Take a look at setting up [CockroachDB with Docker](https://www.cockroachlabs.com/docs/stable/start-a-local-cluster-in-docker-mac.html).
 
 #### Single Node
-```bash
-$ ./access-controller
+```console
+$ ./bin/access-controller
 ```
 
 #### Multi-node
-Start a multi-node cluster by starting multiple independent servers and use the `--join` flag
+Start a multi-node cluster by starting multiple independent servers and use the `-join` flag
 to join the node to an existing cluster.
 
-```bash
-$ ./access-controller --node-port 7946 --grpc-port 50052
-$ ./access-controller --node-port 7947 --grpc-port 50053 --join 127.0.0.1:7946
-$ ./access-controller --node-port 7948 --grpc-port 50054 --join 127.0.0.1:7947
+```console
+$ ./bin/access-controller -node-port 7946 -grpc-port 50052
+$ ./bin/access-controller -node-port 7947 -grpc-port 50053 -join 127.0.0.1:7946
+$ ./bin/access-controller -node-port 7948 -grpc-port 50054 -join 127.0.0.1:7947
 ```
 
-### Kubernetes
-A [Helm chart](./helm/access-controller) is included in this repository to provision an access-controller cluster in Kubernetes.
+## Next Steps...
+Take a look at the examples of how to:
+* [Add a Namespace Configuration](https://authorizer-tech.github.io/docs/getting-started/add-namespace-config)
+* [Write a Relation Tuple](https://authorizer-tech.github.io/docs/getting-started/write-relation-tuple)
+* [Check a Subject's Access](https://authorizer-tech.github.io/docs/getting-started/check-access)
+
+Don't hesitate to browse the official [Documentation](https://authorizer-tech.github.io/docs/overview/introduction), [API Reference](https://authorizer-tech.github.io/docs/api-reference/overview) and [Examples](https://authorizer-tech.github.io/docs/overview/examples/examples-intro).
+
+# Community
+The access-controller is an open-source project and we value and welcome new contributors and members
+of the community. Here are ways to get in touch with the community:
 
-```bash
-helm install access-controller ./helm/access-controller
-```
+* Slack: [#authorizer-tech](https://authorizer-tech.slack.com)
+* Issue Tracker: [GitHub Issues](https://github.com/authorizer-tech/access-controller/issues)

api/openapiv2/authorizer/accesscontroller/v1alpha1/namespace_service.swagger.json

@@ -40,12 +40,6 @@
             "in": "query",
             "required": false,
             "type": "string"
-          },
-          {
-            "name": "snaptoken",
-            "in": "query",
-            "required": false,
-            "type": "string"
           }
         ],
         "tags": [
@@ -175,9 +169,6 @@
         },
         "config": {
           "$ref": "#/definitions/v1alpha1NamespaceConfig"
-        },
-        "snaptoken": {
-          "type": "string"
         }
       },
       "description": "The response for a NamespaceConfigService.ReadConfig rpc."

api/protos/authorizer/accesscontroller/v1alpha1/namespace_service.proto

@@ -45,14 +45,12 @@ message WriteConfigResponse {
 // The request for a NamespaceConfigService.ReadConfig rpc.
 message ReadConfigRequest {
     string namespace = 1;
-    string snaptoken = 2;
 }
 
 // The response for a NamespaceConfigService.ReadConfig rpc.
 message ReadConfigResponse {
     string namespace = 1;
     NamespaceConfig config = 2;
-    string snaptoken = 3;
 }
 
 message NamespaceConfig {

cmd/access-controller/main.go

@@ -50,7 +50,7 @@ type config struct {
 		Enabled bool
 	}
 
-	Postgres struct {
+	CockroachDB struct {
 		Host     string
 		Port     int
 		Database string
@@ -75,12 +75,31 @@ func main() {
 
 	pgUsername := viper.GetString("POSTGRES_USERNAME")
 	pgPassword := viper.GetString("POSTGRES_PASSWORD")
+
+	dbHost := cfg.CockroachDB.Host
+	if dbHost == "" {
+		dbHost = "localhost"
+		log.Warn("The database host was not configured. Defaulting to 'localhost'")
+	}
+
+	dbPort := cfg.CockroachDB.Port
+	if dbPort == 0 {
+		dbPort = 26257
+		log.Warn("The database port was not configured. Defaulting to '26257'")
+	}
+
+	dbName := cfg.CockroachDB.Database
+	if dbName == "" {
+		dbName = "postgres"
+		log.Warn("The database name was not configured. Defaulting to 'postgres'")
+	}
+
 	dsn := fmt.Sprintf("postgresql://%s:%s@%s:%d/%s?sslmode=disable",
 		pgUsername,
 		pgPassword,
-		cfg.Postgres.Host,
-		cfg.Postgres.Port,
-		cfg.Postgres.Database,
+		dbHost,
+		dbPort,
+		dbName,
 	)
 
 	db, err := sql.Open("postgres", dsn)

docker/config.yaml

@@ -0,0 +1,7 @@
+grpcGateway:
+  enabled: true
+
+cockroachdb:
+  host: cockroachdb
+  port: 26257
+  database: postgres

docker/docker-compose.yml

@@ -0,0 +1,47 @@
+version: "3.9"
+services:
+  access-controller0:
+    image: gcr.io/authorizer-tech/access-controller:latest
+    ports:
+      - "50052:50052"
+      - "8082:8082"
+    command: access-controller -config /etc/config/config.yaml
+    volumes:
+      - "${PWD}/docker:/etc/config"
+    depends_on:
+      - cockroachdb
+
+  access-controller1:
+    image: gcr.io/authorizer-tech/access-controller:latest
+    ports:
+      - "50053:50053"
+      - "8083:8083"
+    command: access-controller -config /etc/config/config.yaml -grpc-port 50053 -http-port 8083 -node-port 7947 -join access-controller0:7946
+    volumes:
+      - "${PWD}/docker:/etc/config"
+    depends_on:
+      - access-controller0
+
+  access-controller2:
+    image: gcr.io/authorizer-tech/access-controller:latest
+    ports:
+      - "50054:50054"
+      - "8084:8084"
+    command: access-controller -config /etc/config/config.yaml -grpc-port 50054 -http-port 8084 -node-port 7948 -join access-controller0:7946,access-controller1:7947
+    volumes:
+      - "${PWD}/docker:/etc/config"
+    depends_on:
+      - access-controller1
+
+  cockroachdb:
+    image: cockroachdb/cockroach:v21.1.1
+    ports:
+      - "26257:26257"
+      - "8080:8080"
+    command: start-single-node --insecure
+    volumes:
+      - "cockroach_data:/cockroach/cockroach-data"
+
+volumes:
+  cockroach_data:
+    driver: local