chore: add canary and dashboard client ids

docs/DEVELOPING.md

@@ -34,7 +34,7 @@ pre-commit install
 LittleHorse depends upon Kafka as its backing data store. You can set up Kafka via:
 
 ```
-./local-dev/setup.sh --kafka
+./local-dev/setup.sh
 ```
 
 Note that this will also set up a Keycloak container in case you want to test LittleHorse's OAuth capabilities.

local-dev/README.md

@@ -7,7 +7,7 @@ This tools are intended to be use for development purposes.
 The LH Server depends on Kafka as a backend database. To start Kafka using docker compose, you can run:
 
 ```
-./local-dev/setup.sh --kafka
+./local-dev/setup.sh
 ```
 
 Next, you can start the LH server itself. The server can be started in a single command:
@@ -40,17 +40,21 @@ You can clean up (i.e. stop Kafka and delete the data from the state directory)
 
 ## Cleanup Data
 
-To "reset" the LittleHorse cluster, you need to delete the data in Kafka and also delete the KafkaStreams RocksDB state. That can be done as follows:
+To "reset" the LittleHorse cluster, you need to delete the data in Kafka and also delete the KafkaStreams RocksDB state.
+That can be done as follows:
 
 1. Stop all LH Server processes.
 2. Run `./local-dev/refresh.sh`.
 3. Start the LH Servers again.
 
 ## Running Multiple LH Servers
 
-LittleHorse is a distributed system in which the different LH Server Instances (Brokers) need to communicate with each other. For example (among many others), all GET requests on the API use Interactive Queries, which involves requests between the different Brokers. Therefore, you'll need to be able to test with multiple brokers running at once.
+LittleHorse is a distributed system in which the different LH Server Instances (Brokers) need to communicate with each
+other. For example (among many others), all GET requests on the API use Interactive Queries, which involves requests
+between the different Brokers. Therefore, you'll need to be able to test with multiple brokers running at once.
 
-Running two brokers is slightly tricky as you must configure the ports, advertised hostnames, and Kafka group instance ID's correctly.
+Running two brokers is slightly tricky as you must configure the ports, advertised hostnames, and Kafka group instance
+ID's correctly.
 
 However, you can start two Brokers in your terminal as follows:
 
@@ -92,16 +96,18 @@ To build the `littlehorse-server` image for local development utilizing the loca
 Run keycloak and creates clients:
 
 ```
-./local-dev/setup.sh --keycloak --kafka
+./local-dev/setup.sh --keycloak
 ```
 
 Clients:
 
-| Client Id | Client Secret                    | Description                                                    |
-| --------- |----------------------------------| -------------------------------------------------------------- |
-| server    | 3bdca420cf6c48e2aa4f56d46d6327e0 | Server Introspection                                           |
-| worker    | 40317ab43bd34a9e93499c7ea03ad398 | For Workers to issue access tokens (Client Credentials FLow)   |
-| lhctl     | N/A                              | For lhctl cli to issue access tokens (Authorization Code Flow) |
+| Client Id | Client Secret                    | Description                                                      |
+|-----------|----------------------------------|------------------------------------------------------------------|
+| server    | 3bdca420cf6c48e2aa4f56d46d6327e0 | Server Introspection                                             |
+| worker    | 40317ab43bd34a9e93499c7ea03ad398 | For Workers to issue access tokens (Client Credentials FLow)     |
+| canary    | 8b629ff9b2684014b8c62d4da8cc371e | For LH Canary to issue access tokens (Client Credentials FLow)   |
+| dashboard | 74b897a0b5804ad3879b2117e1d51015 | For LH Dasboard to issue access tokens (Client Credentials FLow) |
+| lhctl     | N/A                              | For lhctl to issue access tokens (Authorization Code Flow)       |
 
 Run the server:
 
@@ -111,7 +117,7 @@ Run the server:
 
 Open Keycloak:
 
-https://localhost:8443
+http://localhost:8888
 
 - User: `admin`
 - Password: `admin`

local-dev/issue-certificates.sh

@@ -76,8 +76,3 @@ openssl x509 -req -sha256 -days 3650 \
     -out "$KEYCLOAK_PATH/keycloak.crt" \
     -set_serial 2 \
     -extfile <(printf "subjectAltName=DNS:localhost") > /dev/null 2>&1
-
-# Add this to your ~/.config/littlehorse.config file
-# LHC_CLIENT_CERT=$(pwd)/$CLIENT_PATH/client.crt
-# LHC_CLIENT_KEY=$(pwd)/$CLIENT_PATH/client.key
-# LHC_CA_CERT=$(pwd)/$CA_PATH/ca.crt"

local-dev/setup.sh

@@ -85,12 +85,19 @@ EOF
         exit 1
     fi
 
-    REALM_NAME="lh"
+    # clients
+    CANARY_CLIENT_ID="canary"
+    CANARY_CLIENT_SECRET="8b629ff9b2684014b8c62d4da8cc371e"
+    DASHBOARD_CLIENT_ID="dashboard"
+    DASHBOARD_CLIENT_SECRET="74b897a0b5804ad3879b2117e1d51015"
     SERVER_CLIENT_ID="server"
     SERVER_CLIENT_SECRET="3bdca420cf6c48e2aa4f56d46d6327e0"
     WORKER_CLIENT_ID="worker"
     WORKER_CLIENT_SECRET="40317ab43bd34a9e93499c7ea03ad398"
     CLI_CLIENT_ID="lhctl"
+
+    # server
+    REALM_NAME="lh"
     KEYCLOAK_ADMIN="admin"
     KEYCLOAK_ADMIN_PASSWORD="admin"
     KEYCLOAK_PORT="8888"
@@ -121,27 +128,10 @@ EOF
 
     echo "Realm '${REALM_NAME}' created"
 
-    http -q -A bearer -a "$KEYCLOAK_ADMIN_ACCESS_TOKEN" POST "http://localhost:${KEYCLOAK_PORT}/admin/realms/${REALM_NAME}/clients" \
-        protocol=openid-connect \
-        clientId="$SERVER_CLIENT_ID" \
-        id="$SERVER_CLIENT_ID" \
-        secret="$SERVER_CLIENT_SECRET" \
-        serviceAccountsEnabled:=true \
-        directAccessGrantsEnabled:=true \
-        publicClient:=false
-
-    echo "Client '${SERVER_CLIENT_ID}' created"
-
-    http -q -A bearer -a "$KEYCLOAK_ADMIN_ACCESS_TOKEN" POST "http://localhost:${KEYCLOAK_PORT}/admin/realms/${REALM_NAME}/clients" \
-        protocol=openid-connect \
-        clientId="$WORKER_CLIENT_ID" \
-        id="$WORKER_CLIENT_ID" \
-        secret="$WORKER_CLIENT_SECRET" \
-        serviceAccountsEnabled:=true \
-        directAccessGrantsEnabled:=true \
-        publicClient:=false
-
-    echo "Client '${WORKER_CLIENT_ID}' created"
+    create_keycloak_client $SERVER_CLIENT_ID $SERVER_CLIENT_SECRET
+    create_keycloak_client $WORKER_CLIENT_ID $WORKER_CLIENT_SECRET
+    create_keycloak_client $CANARY_CLIENT_ID $CANARY_CLIENT_SECRET
+    create_keycloak_client $DASHBOARD_CLIENT_ID $DASHBOARD_CLIENT_SECRET
 
     http -q -A bearer -a "$KEYCLOAK_ADMIN_ACCESS_TOKEN" POST "http://localhost:${KEYCLOAK_PORT}/admin/realms/${REALM_NAME}/clients" \
         protocol=openid-connect \
@@ -157,6 +147,19 @@ EOF
     echo "Keycloak TLS: https://localhost:8443"
 }
 
+create_keycloak_client() {
+    http -q -A bearer -a "$KEYCLOAK_ADMIN_ACCESS_TOKEN" POST "http://localhost:${KEYCLOAK_PORT}/admin/realms/${REALM_NAME}/clients" \
+        protocol=openid-connect \
+        clientId="$1" \
+        id="$1" \
+        secret="$2" \
+        serviceAccountsEnabled:=true \
+        directAccessGrantsEnabled:=true \
+        publicClient:=false
+
+    echo "Client '${1}' created"
+}
+
 setup_kafka() {
     echo "Setting Up Kafka"
     docker compose --file /dev/stdin \
@@ -187,7 +190,6 @@ EOF
     ./gradlew -q clean
 }
 
-kafka=false
 keycloak=false
 clean=false
 
@@ -197,10 +199,6 @@ while [[ $# -gt 0 ]]; do
       clean=true
       shift
       ;;
-    --kafka)
-      kafka=true
-      shift
-      ;;
     --keycloak)
       keycloak=true
       shift
@@ -223,6 +221,4 @@ if [ ${keycloak} = true ]; then
     setup_keycloak
 fi
 
-if [ ${kafka} = true ]; then
-    setup_kafka
-fi
+setup_kafka

server/README.md

@@ -24,7 +24,7 @@ Then:
 Start a local kafka cluster:
 
 ```
-../local-dev/setup.sh --kafka
+../local-dev/setup.sh
 ```
 
 Next, you can start the LH server itself. The server can be started in a single command: