Reduce deployment complexity and refactor internals

.circleci/config.yml

@@ -41,33 +41,15 @@ jobs:
     docker:
       - image: circleci/golang:1.12
         environment:
-        - TEST_DATABASE_POSTGRESQL=postgres://test:test@localhost:5432/oathkeeper?sslmode=disable
-        - TEST_DATABASE_MYSQL=root:test@(localhost:3306)/mysql?parseTime=true
-        - TEST_HYDRA_ADMIN_URL=http://localhost:4445
-      - image: oryd/hydra:v1.0.0-rc.3_oryOS.9
-        environment:
-        - DATABASE_URL=memory
-        command: "serve all --dangerous-force-http"
-      - image: mysql:5.7
-        environment:
-        - MYSQL_ROOT_PASSWORD=test
-      - image: postgres:9.5
-        environment:
-        - POSTGRES_USER=test
-        - POSTGRES_PASSWORD=test
-        - POSTGRES_DB=oathkeeper
+        - GO111MODULE=on
     working_directory: /go/src/github.com/ory/oathkeeper
     steps:
-      - run:
-          name: Enable go1.12 modules
-          command: |
-            echo 'export GO111MODULE=on' >> $BASH_ENV
-            source $BASH_ENV
       - checkout
       - run: go mod download
       - run: go install github.com/ory/go-acc github.com/mattn/goveralls
       - run: go-acc -o coverage.txt ./... -- -failfast -timeout=20m
       - run: test -z "$CIRCLE_PR_NUMBER" && goveralls -service=circle-ci -coverprofile=coverage.txt -repotoken=$COVERALLS_REPO_TOKEN || echo "forks are not allowed to push to coveralls"
+      - run: ./test/e2e/run.sh
 
   release:
     docker:
@@ -87,7 +69,7 @@ jobs:
       - run: cp ./.releaser/LICENSE.txt ./LICENSE.txt
       - run: curl -sL https://git.io/goreleaser | bash
 
-  release-docs:
+  docs:
     docker:
       - image: alpine/git:1.0.4
     working_directory: /go/src/github.com/ory/oathkeeper
@@ -97,6 +79,8 @@ jobs:
       - run: git config --global user.name "ORY Continuous Integration"
       - run: "git clone https://arekkas:[email protected]/ory/docs.git ../docs"
       - run: "cp ./docs/api.swagger.json ../docs/apis/oathkeeper.json"
+      - run: ./scripts/run-configuration.sh
+      - run: "cp configuration.md ../docs/docs/oathkeeper/configuration.md"
       - run: "(cd ../docs && git add -A && git commit -a -m \"Updates ORY Oathkeeper Swagger definitions\" && git push origin) || exit 0"
 
   release-changelog:

.github/ISSUE_TEMPLATE/support.md

@@ -1,8 +1,10 @@
 ---
 name: Support request
-about: Please use our forums (community.ory.sh) or the chat (ory.sh/chat) to ask for support
-
+about:
+  Please use our forums (community.ory.sh) or the chat (ory.sh/chat) to ask for
+  support
 ---
 
-Please use issues only to file potential bugs or request features. For everything else please go to
-the [ORY Community](https://community.ory.sh/) or join the [ORY Chat](https://www.ory.sh/chat).
+Please use issues only to file potential bugs or request features. For
+everything else please go to the [ORY Community](https://community.ory.sh/) or
+join the [ORY Chat](https://www.ory.sh/chat).

CODE_OF_CONDUCT.md

@@ -2,45 +2,73 @@
 
 ## Our Pledge
 
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of
+experience, nationality, personal appearance, race, religion, or sexual identity
+and orientation.
 
 ## Our Standards
 
-Examples of behavior that contributes to creating a positive environment include:
+Examples of behavior that contributes to creating a positive environment
+include:
 
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
 
 Examples of unacceptable behavior by participants include:
 
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
+- The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
 
 ## Our Responsibilities
 
-Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
 
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, or to ban temporarily or permanently any
+contributor for other behaviors that they deem inappropriate, threatening,
+offensive, or harmful.
 
 ## Scope
 
-This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [email protected]. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at [email protected]. The project team will
+review and investigate all complaints, and will respond in a way that it deems
+appropriate to the circumstances. The project team is obligated to maintain
+confidentiality with regard to the reporter of an incident. Further details of
+specific enforcement policies may be posted separately.
 
-Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
 
 [homepage]: http://contributor-covenant.org
 [version]: http://contributor-covenant.org/version/1/4/

Makefile

@@ -1,11 +1,10 @@
 SHELL=/bin/bash -o pipefail
 
+# Formats the code
 .PHONY: format
 format:
 		goreturns -w -local github.com/ory $$(listx .)
-
-.PHONY: mocks
-mocks:
+		npm run format:docs
 
 .PHONY: gen
 		gen: mocks sdk
@@ -42,3 +41,9 @@ install-stable:
 .PHONY: install
 install:
 		GO111MODULE=on go install .
+
+.PHONY: docker
+docker:
+		CGO_ENABLED=0 GO111MODULE=on GOOS=linux GOARCH=amd64 go build
+		docker build -t oryd/oathkeeper:latest .
+		rm oathkeeper

README.md

@@ -10,21 +10,23 @@
     <a href="https://opencollective.com/ory">Support this project!</a>
 </h4>
 
-ORY Oathkeeper is an Identity & Access Proxy (IAP) that authorizes HTTP requests based on sets of rules. The BeyondCorp
-Model is designed by [Google](https://cloud.google.com/beyondcorp/) and secures applications in Zero-Trust networks.
-An Identity & Access Proxy is typically deployed in front of (think API Gateway) web-facing applications and is capable
-of authenticating and optionally authorizing access requests.
+ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests
+based on sets of Access Rules. The BeyondCorp Model is designed by [Google](https://cloud.google.com/beyondcorp/) and
+secures applications in Zero-Trust networks.
 
-While the full feature set of the BeyondCorp Whitepaper is not yet implemented, the goal of this project is to achieve this in the future.
+An Identity & Access Proxy is typically deployed in front of (think API Gateway) web-facing applications and is capable
+of authenticating and optionally authorizing access requests. The Access Control Decision API can be deployed alongside
+an existing API Gateway or reverse proxy. ORY Oathkeeper's Access Control Decision API works with:
 
-ORY Oathkeeper is a reverse proxy which evaluates incoming HTTP requests based on a set of rules that are defined
-by administrative users. ORY Oathkeeper is thus capable of:
+- [Ambassador](https://github.com/datawire/ambassador) via [auth service](https://www.getambassador.io/reference/services/auth-service).
+- [Envoy](https://www.envoyproxy.io) via the [External Authorization HTTP Filter](https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/ext_authz_filter#config-http-filters-ext-authz)
+- AWS API Gateway via [Custom Authorizers](https://aws.amazon.com/de/blogs/compute/introducing-custom-authorizers-in-amazon-api-gateway/)
+- [Nginx](https://www.nginx.com) via [Authentication Based on Subrequest Result](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/)
 
-* Identifying the user and providing the user session to API backends (authentication).
-* Restricting access to certain resources based on a set of rules (authorization).
-* Transforms access credentials (e.g. OAuth2 Access Tokens, SAML Assertions, ...) to a format (e.g. JSON Web Token, Plaintext, Basic Authorization, ...) consumable by your API services.
+among others.
 
-This service is stable, but under active development and may introduce breaking changes in future releases. Any breaking change will have extensive documentation and upgrade instructions.
+This service is stable, but under active development and may introduce breaking changes in future releases.
+Any breaking change will have extensive documentation and upgrade instructions.
 
 [![CircleCI](https://circleci.com/gh/ory/oathkeeper.svg?style=shield&circle-token=eb458bf636326d41674141b6bbfa475a39c9db1e)](https://circleci.com/gh/ory/oathkeeper)
 [![Coverage Status](https://coveralls.io/repos/github/ory/oathkeeper/badge.svg?branch=master)](https://coveralls.io/github/ory/oathkeeper?branch=master)
@@ -37,9 +39,6 @@ This service is stable, but under active development and may introduce breaking
 
 
 - [Installation](#installation)
-  - [Download binaries](#download-binaries)
-  - [Using Docker](#using-docker)
-  - [Building from source](#building-from-source)
 - [Ecosystem](#ecosystem)
   - [ORY Security Console: Administrative User Interface](#ory-security-console-administrative-user-interface)
   - [ORY Hydra: OAuth2 & OpenID Connect Server](#ory-hydra-oauth2--openid-connect-server)
@@ -64,46 +63,6 @@ This service is stable, but under active development and may introduce breaking
 Head over to the [ORY Developer Documentation](https://www.ory.sh/docs/oathkeeper/install) to learn how to install ORY
 Oathkeeper on Linux, macOS, Windows, and Docker and how to build ORY Oathkeeper from source.
 
-### Download binaries
-
-The client and server **binaries are downloadable at [releases](https://github.com/ory/oathkeeper/releases)**.
-There is currently no installer available. You have to add the ORY Oathkeeper binary to the PATH environment variable yourself or put
-the binary in a location that is already in your path (`/usr/bin`, ...).
-If you do not understand what that all of this means, ask in our [chat channel](https://www.ory.sh/chat). We are happy to help.
-
-### Using Docker
-
-**Starting the host** is easiest with docker. The host process handles HTTP requests and is backed by a database.
-Read how to install docker on [Linux](https://docs.docker.com/linux/), [OSX](https://docs.docker.com/mac/) or
-[Windows](https://docs.docker.com/windows/). ORY Oathkeeper is available on [Docker Hub](https://hub.docker.com/r/oryd/oathkeeper/).
-
-You can use ORY Oathkeeper without a database, but be aware that restarting, scaling
-or stopping the container will **lose all data**:
-
-```
-$ docker run -e "DATABASE_URL=memory" -d --name my-oathkeeper -p 4455:4455 -p 4456:4456 oryd/oathkeeper serve api
-ec91228cb105db315553499c81918258f52cee9636ea2a4821bdb8226872f54b
-```
-
-### Building from source
-
-If you wish to compile ORY Oathkeeper yourself, you need to install and set up [Go 1.11+](https://golang.org/).
-
-The following commands will check out the latest release tag of ORY Oathkeeper and compile it and set up flags so that `oathkeeper version`
-works as expected. Please note that this will only work with a linux shell like bash or sh.
-
-```
-go get -d -u github.com/ory/oathkeeper
-cd $(go env GOPATH)/src/github.com/ory/oathkeeper
-OATHKEEPER_LATEST=$(git describe --abbrev=0 --tags)
-git checkout $OATHKEEPER_LATEST
-GO111MODULE=on go install \
-    -ldflags "-X github.com/ory/oathkeeper/cmd.Version=$OATHKEEPER_LATEST -X github.com/ory/oathkeeper/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/oathkeeper/cmd.GitHash=`git rev-parse HEAD`" \
-    github.com/ory/oathkeeper
-git checkout master
-$GOPATH/bin/oathkeeper help
-```
-
 ## Ecosystem
 
 <a href="https://console.ory.sh/">
@@ -167,17 +126,12 @@ Run `oathkeeper -h` or `oathkeeper help`.
 
 Developing with ORY Oathkeeper is as easy as:
 
-```
-go get -d -u github.com/ory/oathkeeper
-cd $GOPATH/src/github.com/ory/oathkeeper
-dep ensure
-go test ./...
-```
-
-Then run it with in-memory database:
-
-```
-DATABASE_URL=memory go run main.go serve all
+```shell
+$ cd ~
+$ go get -d -u github.com/ory/oathkeeper
+$ cd $GOPATH/src/github.com/ory/oathkeeper
+$ export GO111MODULE=on
+$ go test ./...
 ```
 
 ## Backers