Allow components to cite "modules" to help with file management #147
Description
Is your feature request related to a problem? Please describe.
I've been working on creating a component for Ory Kratos, but I'm finding the component to be a bit on the lengthy side (>200 lines).
Describe the solution you would like
What I'd like to do is be able to split some of the component into another module (ideally the headless kratos service and the mechanics for configuring it) to make it easier to author the UI portion of the component without the noise of everything else in the file. It would also make it easier to create a strictly "Kratos" component that can be used by others without our opinionated UI.
# architectio/kratos component
version: v2
variables:
allowed_return_urls:
description: URLs that the service can safely redirect to after auth flows
required: true
identity_schema:
description: Ory Kratos identity schema json payload
required: true
error_ui_url:
description: URL of the error UI
required: true
settings_ui_url:
description: URL of the settings UI
required: true
login_ui_url:
description: URL of the login UI
required: true
registration_ui_url:
description: URL of the registration UI
required: true
verification_ui_url:
description: URL of the verification UI
required: true
recovery_ui_url:
description: URL of the recovery UI
dependencies:
smtp: architectio/mailslurper
databases:
kratos:
type: postgres:15
deployments:
kratos:
image: oryd/kratos:v1.0
entrypoint: [""]
command:
- sh
- -c
- |
mkdir ./kratos
echo "$IDENTITY_SCHEMA" > ./kratos/identity.schema.json
echo "$CONFIG" > ./kratos/.kratos.yml
kratos -c ./kratos/.kratos.yml migrate sql -e --yes
kratos serve -c ./kratos/.kratos.yml --watch-courier --dev
environment:
CONFIG: |
version: v0.13.0
dsn: ${{ databases.kratos.url }}?max_conns=20&max_idle_conns=4
serve:
public:
base_url: ${{ ingresses.kratos-public.url }}
cors:
enabled: false
admin:
base_url: ${{ services.kratos-admin.url }}
selfservice:
allowed_return_urls: ${{ variables.allowed_return_urls }}
methods:
password:
enabled: true
totp:
config:
issuer: Kratos
enabled: true
code:
enabled: true
link:
enabled: true
lookup_secret:
enabled: true
flows:
error:
ui_url: ${{ variables.error_ui_url }}
settings:
ui_url: ${{ variables.settings_ui_url }}
privileged_session_max_age: 15m
required_aal: highest_available
login:
ui_url: ${{ variables.login_ui_url }}
lifespan: 10m
registration:
ui_url: ${{ variables.registration_ui_url }}
lifespan: 10m
after:
password:
hooks:
- hook: session
- hook: show_verification_ui
verification:
enabled: true
ui_url: ${{ variables.verification_ui_url }}
use: code
recovery:
enabled: true
ui_url: ${{ variables.recovery_ui_url }}
use: code
courier:
smtp:
connection_uri: ${{ dependencies.smtp.services.smtp.url }}/?skip_ssl_verify=true
log:
level: info
format: text
leak_sensitive_values: true
secrets:
cookie:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
cipher:
- 32-LONG-SECRET-NOT-SECURE-AT-ALL
ciphers:
algorithm: xchacha20-poly1305
hashers:
algorithm: bcrypt
bcrypt:
cost: 8
identity:
default_schema_id: default
schemas:
- id: default
url: file://./kratos/identity.schema.json
cookies:
domain: 127.0.0.1.nip.io
IDENTITY_SCHEMA: ${{ variables.identity_schema }}
services:
kratos-public:
deployment: kratos
port: 4433
kratos-admin:
deployment: kratos
port: 4434
ingresses:
kratos-public:
service: kratos-public
headers:
Access-Control-Allow-Origin: ${{ variables.allowed_return_urls }}
Access-Control-Allow-Methods:
'["GET", "OPTIONS", "POST", "PUT", "DELETE"]'
Access-Control-Allow-Headers: "*"
Access-Control-Allow-Credentials: "true"# architectio/auth component
version: v2
variables:
allowed_return_urls:
description: URLs that the service can safely redirect to after auth flows
merge: true
modules:
kratos:
source: architectio/kratos:latest
variables:
allowed_return_urls: ${{ variables.allowed_return_urls }}
error_ui_url: ${{ ingresses.frontend.url }}error
settings_ui_url: ${{ ingresses.frontend.url }}settings
login_ui_url: ${{ ingresses.frontend.url }}login
registration_ui_url: ${{ ingresses.frontend.url }}registration
verification_ui_url: ${{ ingresses.frontend.url }}verification
recovery_ui_url: ${{ ingresses.frontend.url }}recovery
identity_schema: |
{
"$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"minLength": 3,
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
},
"verification": {
"via": "email"
},
"recovery": {
"via": "email"
}
}
},
"name": {
"type": "object",
"properties": {
"first": {
"title": "First Name",
"type": "string"
},
"last": {
"title": "Last Name",
"type": "string"
}
}
}
},
"required": [
"email"
],
"additionalProperties": false
}
}
}
builds:
kratos-ui:
context: ./
dockerfile: Dockerfile
debug:
dockerfile: Dockerfile-dev
deployments:
ui:
image: ${{ builds.kratos-ui.id }}
environment:
PORT: "4455"
KRATOS_PUBLIC_URL: ${{ modules.kratos.services.kratos-public.url }}
KRATOS_BROWSER_URL: ${{ modules.kratos.ingresses.kratos-public.url }}
debug:
volumes:
src:
host_path: ./src
mount_path: /usr/src/app/src
views:
host_path: ./views
mount_path: /usr/src/app/views
public:
host_path: ./public
mount_path: /usr/src/app/public
services:
frontend:
deployment: ui
port: 4455
ingresses:
frontend:
service: frontendDescribe alternatives you've considered
Another option is to have components consist of many different files in the same folder that share a suffix like terraform, but that wouldn't allow me to package up the headless Ory portion as a component to be easily consumed by others.