npm - @platform-mesh/portal-server-lib - Versions diffs - 0.5.44 → 0.5.46 - Mend

@platform-mesh/portal-server-lib 0.5.44 → 0.5.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/src/portal-options/services/kcp-k8s.service.ts CHANGED Viewed

@@ -1,18 +1,33 @@
+import { K8sRequestContext, K8sResourceDescriptor } from '../models/k8s.js';
 import { getOrganization } from '../utils/domain.js';
-import { CustomObjectsApi, KubeConfig } from '@kubernetes/client-node';
-import { Injectable } from '@nestjs/common';
+import {
+  CoreV1Api,
+  CustomObjectsApi,
+  KubeConfig,
+} from '@kubernetes/client-node';
+import { PromiseMiddlewareWrapper } from '@kubernetes/client-node/dist/gen/middleware.js';
+import { Injectable, Logger } from '@nestjs/common';
 import type { Request } from 'express';
 @Injectable()
 export class KcpKubernetesService {
-  private readonly k8sApi: CustomObjectsApi;
-  private readonly baseUrl: URL;
+  private logger: Logger = new Logger(KcpKubernetesService.name);
+  private readonly kubeConfigKcp = process.env.KUBECONFIG_KCP;
+  private k8sCustomObjectsApiOIDCUser: CustomObjectsApi;
+  private k8sCustomObjectsApi: CustomObjectsApi;
+  private k8sCoreV1Api: CoreV1Api;
+  private baseUrl: URL;
   constructor() {
-    const kubeConfigKcp = process.env.KUBECONFIG_KCP;
+    this.createK8sCustomObjectsApiForOIDCUser();
+    this.createK8sCustomObjectsApi();
+    this.createKcpK8sCoreV1Api();
+  }
+  private createK8sCustomObjectsApiForOIDCUser() {
     const kc = new KubeConfig();
-    kc.loadFromFile(kubeConfigKcp);
-    // Temporary change to test.
+    kc.loadFromFile(this.kubeConfigKcp);
     kc.addUser({
       name: 'oidc',
     });
@@ -23,15 +38,38 @@ export class KcpKubernetesService {
     });
     kc.setCurrentContext('oidc');
     this.baseUrl = new URL(kc.getCurrentCluster()?.server || '');
-    this.k8sApi = kc.makeApiClient(CustomObjectsApi);
+    this.k8sCustomObjectsApiOIDCUser = kc.makeApiClient(CustomObjectsApi);
+  }
+  private createK8sCustomObjectsApi() {
+    const kc = new KubeConfig();
+    kc.loadFromFile(this.kubeConfigKcp);
+    this.k8sCustomObjectsApi = kc.makeApiClient(CustomObjectsApi);
+  }
+  private createKcpK8sCoreV1Api() {
+    const kc = new KubeConfig();
+    kc.loadFromFile(this.kubeConfigKcp);
+    this.k8sCoreV1Api = kc.makeApiClient(CoreV1Api);
+  }
+  getKcpK8sCustomObjectsApiOIDCUser() {
+    return this.k8sCustomObjectsApiOIDCUser;
   }
-  getKcpK8sApiClient() {
-    return this.k8sApi;
+  getKcpK8sCustomObjectsApi() {
+    return this.k8sCustomObjectsApi;
   }
-  private buildWorkspacePath(organization: string, account?: string) {
-    let path = `root:orgs:${organization}`;
+  getKcpK8sCoreV1Api() {
+    return this.k8sCoreV1Api;
+  }
+  private buildWorkspacePath(organization?: string, account?: string) {
+    let path = `root:orgs`;
+    if (organization) {
+      path += `:${organization}`;
+    }
     if (account) {
       path += `:${account}`; // FIXME: how are nested accounts and paths handled in the portal?
     }
@@ -46,7 +84,7 @@ export class KcpKubernetesService {
     );
   }
-  getKcpWorkspaceUrl(organization: string, account: string) {
+  getKcpWorkspaceUrl(organization?: string, account?: string) {
     const path = this.buildWorkspacePath(organization, account);
     return new URL(`${this.baseUrl.origin}/clusters/${path}`);
   }
@@ -75,4 +113,100 @@ export class KcpKubernetesService {
       portFromRequest === '80' || portFromRequest === '443' || !portFromRequest;
     return isStandardOrEmptyPort ? '' : `:${portFromRequest}`;
   }
+  public async listClusterCustomObject(
+    gvr: K8sResourceDescriptor,
+    requestContext: K8sRequestContext,
+  ) {
+    return await this.k8sCustomObjectsApi.listClusterCustomObject(gvr, {
+      middleware: [
+        new PromiseMiddlewareWrapper({
+          pre: async (context) => {
+            const accountPath =
+              requestContext?.accountPath ??
+              requestContext?.['core_platform-mesh_io_account'];
+            const kcpUrl = this.getKcpWorkspaceUrl(
+              requestContext.organization,
+              accountPath,
+            );
+            const path = `${kcpUrl}/apis/${gvr.group}/${gvr.version}/${gvr.plural}/${gvr.name}`;
+            this.logger.log(`kcp url: ${path}`);
+            context.setUrl(path);
+            return context;
+          },
+          post: async (context) => context,
+        }),
+      ],
+    });
+  }
+  public async listClusterCustomObjectInKcpVirtualWorkspace(
+    gvr: K8sResourceDescriptor,
+    requestContext: K8sRequestContext,
+    token: string,
+  ) {
+    return await this.k8sCustomObjectsApiOIDCUser.listClusterCustomObject(gvr, {
+      middleware: [
+        new PromiseMiddlewareWrapper({
+          pre: async (context) => {
+            const accountPath =
+              requestContext?.accountPath ??
+              requestContext?.['core_platform-mesh_io_account'];
+            const kcpUrl = this.getKcpVirtualWorkspaceUrl(
+              requestContext.organization,
+              accountPath,
+            );
+            const path = `${kcpUrl}/apis/${gvr.group}/${gvr.version}/${gvr.plural}`;
+            this.logger.log(`kcp url: ${path}`);
+            context.setUrl(path);
+            context.setHeaderParam('Authorization', `Bearer ${token}`);
+            return context;
+          },
+          post: async (context) => context,
+        }),
+      ],
+    });
+  }
+  public async getClientSecret(orgName: string) {
+    const secretName = `portal-client-secret-${orgName}-${orgName}`;
+    const namespace = 'default';
+    try {
+      const res = await this.k8sCoreV1Api.readNamespacedSecret(
+        {
+          namespace,
+          name: secretName,
+        },
+        {
+          middleware: [
+            new PromiseMiddlewareWrapper({
+              pre: async (context) => {
+                const kcpUrl = this.getKcpWorkspaceUrl();
+                const path = `${kcpUrl}/api/v1/namespaces/${namespace}/secrets/${secretName}`;
+                this.logger.log(`kcp url: ${path}`);
+                context.setUrl(path);
+                return context;
+              },
+              post: async (context) => context,
+            }),
+          ],
+        },
+      );
+      const secretData = res.data;
+      return Buffer.from(secretData['client_secret'], 'base64').toString(
+        'utf-8',
+      );
+    } catch (err) {
+      this.logger.error(
+        `Failed to fetch secret %s:`,
+        secretName,
+        err.response?.body || err,
+      );
+      throw err;
+    }
+  }
 }