Merge branch 'main' into kevin/service-config-cleanup

kurtosis-tech · Feb 27, 2024 · ff742ad · ff742ad
2 parents 900b14b + 93bcf62
commit ff742ad
Show file tree

Hide file tree

Showing 8 changed files with 63 additions and 4,345 deletions.
diff --git a/.gitignore b/.gitignore
@@ -126,3 +126,9 @@ Cargo.lock
 
 # Lerna debug
 lerna-debug.log
+
+# We ignore these files at the base of the monorepo because the monorepo isn't a library that gets shipped rather it
+# contains several libraries that get shipped
+yarn.lock
+package.json
+package-lock.json
diff --git a/docs/docs/cli-reference/engine-start.md b/docs/docs/cli-reference/engine-start.md
@@ -15,5 +15,6 @@ You may optionally pass in the following flags with this command:
 * `--log-level`: The level that the started engine should log at. Options include: `panic`, `fatal`, `error`, `warning`, `info`, `debug`, or `trace`. The engine logs at the `info` level by default.
 * `--version`: The version (Docker tag) of the Kurtosis engine that should be started. If not set, the engine will start up with the default version.
 * `--enclave-pool-size`: The size of the Kurtosis engine enclave pool. The enclave pool is a component of the Kurtosis engine that allows us to create and maintain 'n' number of idle enclaves for future use. This functionality allows to improve the performance for each new creation enclave request.
+* `--github-auth-token`: The auth token to use for authorizing GitHub operations. If set, this will override the currently logged in GitHub user from `kurtosis github login`, if one exists. Note, this token does not persist when restarting the engine.
 
 CAUTION: The `--enclave-pool-size` flag is only available for Kubernetes.
diff --git a/docs/docs/get-started/write-your-first-package.md b/docs/docs/get-started/write-your-first-package.md
@@ -491,7 +491,7 @@ def run(plan, args):
     api = plan.add_service(
         name = "api", # Naming our PostgREST service "api"
         config = ServiceConfig(
-            image = "postgrest/postgrest:v10.2.0.20230209",
+            image = "postgrest/postgrest:v10.2.0",
             env_vars = {
                 "PGRST_DB_URI": postgres_url,
                 "PGRST_DB_ANON_ROLE": POSTGRES_USER,
@@ -511,10 +511,10 @@ kurtosis clean -a && kurtosis run --enclave kurtosis-postgres .
 We got a failure, just like we might when building a real system!
 
 ```text
-> add_service name="api" config=ServiceConfig(image="postgrest/postgrest:v10.2.0.20230209", ports={"http": PortSpec(number=3000, application_protocol="http")}, env_vars={"PGRST_DB_ANON_ROLE": "app_user", "PGRST_DB_URI": "postgresql://postgres:password@{{kurtosis:4d65eca66b5749df8988419ae31dda21:ip_address.runtime_value}}:5432/app_db"})
+> add_service name="api" config=ServiceConfig(image="postgrest/postgrest:v10.2.0", ports={"http": PortSpec(number=3000, application_protocol="http")}, env_vars={"PGRST_DB_ANON_ROLE": "app_user", "PGRST_DB_URI": "postgresql://postgres:password@{{kurtosis:4d65eca66b5749df8988419ae31dda21:ip_address.runtime_value}}:5432/app_db"})
 There was an error executing Starlark code
 An error occurred executing instruction (number 4) at DEFAULT_PACKAGE_ID_FOR_SCRIPT[54:27]:
-  add_service(name="api", config=ServiceConfig(image="postgrest/postgrest:v10.2.0.20230209", ports={"http": PortSpec(number=3000, application_protocol="http")}, env_vars={"PGRST_DB_ANON_ROLE": "app_user", "PGRST_DB_URI": "postgresql://postgres:password@{{kurtosis:4d65eca66b5749df8988419ae31dda21:ip_address.runtime_value}}:5432/app_db"}))
+  add_service(name="api", config=ServiceConfig(image="postgrest/postgrest:v10.2.0", ports={"http": PortSpec(number=3000, application_protocol="http")}, env_vars={"PGRST_DB_ANON_ROLE": "app_user", "PGRST_DB_URI": "postgresql://postgres:password@{{kurtosis:4d65eca66b5749df8988419ae31dda21:ip_address.runtime_value}}:5432/app_db"}))
   Caused by: Unexpected error occurred starting service 'api'
   Caused by: An error occurred waiting for all TCP and UDP ports being open for service 'api' with private IP '10.1.0.4'; as the most common error is a wrong service configuration, here you can find the service logs:
   == SERVICE 'api' LOGS ===================================
@@ -775,7 +775,7 @@ def run(plan, args):
     api = plan.add_service(
         name = "api",
         config = ServiceConfig(
-            image = "postgrest/postgrest:v10.2.0.20230209",
+            image = "postgrest/postgrest:v10.2.0",
             env_vars = {
                 "PGRST_DB_URI": postgres_url,
                 "PGRST_DB_ANON_ROLE": POSTGRES_USER,

diff --git a/docs/docs/guides/running-private-packages.md b/docs/docs/guides/running-private-packages.md
@@ -5,7 +5,7 @@ slug: /private-packages
 sidebar_position: 14
 ---
 
-Kurtosis CLI supports the ability to run private packages hosted on GitHub via `kurtosis github login`. This guide assumes that you have [Kurtosis installed](../get-started/installing-the-cli.md) and a package hosted GitHub that is private.
+Kurtosis CLI supports the ability to run private packages hosted on GitHub via `kurtosis github login`. This guide assumes that you have [Kurtosis installed](../get-started/installing-the-cli.md) and a package hosted on GitHub that is private.
 
 :::note
 GitHub Login is not yet supported over Kubernetes backend. Please create an [issue](https://github.com/kurtosis-tech/kurtosis/issues) to request this feature!
@@ -28,7 +28,11 @@ A GitHub screen should pop up in your browser instructing you to enter the one-t
 
 After entering the code, GitHub will prompt you to authorize Kurtosis CLI. Kurtosis CLI requests [`repo`](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes) access to repositories for the ability to read and pull from private repositories.
 
-:::info Private Packages within GitHub Orgs
+:::info OAuth Token Scopes
+While `repo` gives Kurtosis read and write access to private repositories, Kurtosis only performs read operations. GitHub does not support a [`repo:read`](https://github.com/jollygoodcode/jollygoodcode.github.io/issues/6) OAuth scope, but an alternative is to use a [fine-grained personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens) to restrict Kurtosis CLI read/write and repository permissions. This token can be passed to Kurtosis CLI via the [`kurtosis engine start --github-auth-token=<>`](../cli-reference/engine-start.md) flag.
+:::
+
+:::note Private Packages within GitHub Orgs
 If the private package you'd like to develop on lives in a GitHub org, the organization must also authorize Kurtosis CLI. To have an organization you are a part of authorize Kurtosis CLI, click the `Request` button next to the organization name on the authorization page, then notify your org admins to accept the request via email.
 :::