@platform-mesh/portal-server-lib 0.6.8 → 0.6.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/portal-options/auth-config-provider.d.ts +0 -1
- package/dist/portal-options/auth-config-provider.js +6 -22
- package/dist/portal-options/auth-config-provider.js.map +1 -1
- package/dist/portal-options/services/kcp-k8s.service.d.ts +2 -1
- package/dist/portal-options/services/kcp-k8s.service.js +17 -2
- package/dist/portal-options/services/kcp-k8s.service.js.map +1 -1
- package/jest.config.ts +1 -1
- package/package.json +2 -2
- package/src/portal-options/auth-config-provider.spec.ts +12 -82
- package/src/portal-options/auth-config-provider.ts +14 -31
- package/src/portal-options/services/kcp-k8s.service.ts +22 -2
|
@@ -7,5 +7,4 @@ export declare class PMAuthConfigProvider implements AuthConfigService {
|
|
|
7
7
|
constructor(discoveryService: DiscoveryService, kcpKubernetesService: KcpKubernetesService);
|
|
8
8
|
getAuthConfig(request: Request): Promise<ServerAuthVariables>;
|
|
9
9
|
private readClientId;
|
|
10
|
-
private getWelcomeClientSecret;
|
|
11
10
|
}
|
|
@@ -9,7 +9,6 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
};
|
|
10
10
|
import { KcpKubernetesService } from './services/kcp-k8s.service.js';
|
|
11
11
|
import { getDiscoveryEndpoint, getOrganization } from './utils/domain.js';
|
|
12
|
-
import { CoreV1Api, KubeConfig } from '@kubernetes/client-node';
|
|
13
12
|
import { HttpException, HttpStatus, Injectable } from '@nestjs/common';
|
|
14
13
|
import { DiscoveryService, } from '@openmfp/portal-server-lib';
|
|
15
14
|
let PMAuthConfigProvider = class PMAuthConfigProvider {
|
|
@@ -22,9 +21,9 @@ let PMAuthConfigProvider = class PMAuthConfigProvider {
|
|
|
22
21
|
async getAuthConfig(request) {
|
|
23
22
|
const oidcUrl = getDiscoveryEndpoint(request);
|
|
24
23
|
const org = getOrganization(request);
|
|
25
|
-
const clientId =
|
|
24
|
+
const clientId = await this.readClientId(org);
|
|
26
25
|
const clientSecret = org === 'welcome'
|
|
27
|
-
? await this.
|
|
26
|
+
? await this.kcpKubernetesService.getClientSecret(org, `portal-client-secret-${org}`)
|
|
28
27
|
: await this.kcpKubernetesService.getClientSecret(org);
|
|
29
28
|
const baseDomain = process.env['BASE_DOMAINS_DEFAULT'];
|
|
30
29
|
const oidc = await this.discoveryService.getOIDC(oidcUrl);
|
|
@@ -56,30 +55,15 @@ let PMAuthConfigProvider = class PMAuthConfigProvider {
|
|
|
56
55
|
plural: 'identityproviderconfigurations',
|
|
57
56
|
name: orgName,
|
|
58
57
|
};
|
|
58
|
+
if (orgName === 'welcome') {
|
|
59
|
+
const result = await this.kcpKubernetesService.getClusterCustomObjectByWorkspacePath(k8sResourceDescriptor, 'root:platform-mesh-system');
|
|
60
|
+
return result.status.managedClients[orgName].clientId;
|
|
61
|
+
}
|
|
59
62
|
const result = await this.kcpKubernetesService.listClusterCustomObject(k8sResourceDescriptor, {
|
|
60
63
|
organization: orgName,
|
|
61
64
|
});
|
|
62
65
|
return result.status.managedClients[orgName].clientId;
|
|
63
66
|
}
|
|
64
|
-
async getWelcomeClientSecret(orgName) {
|
|
65
|
-
const secretName = `portal-client-secret-${orgName}`;
|
|
66
|
-
const namespace = 'platform-mesh-system';
|
|
67
|
-
const kc = new KubeConfig();
|
|
68
|
-
kc.loadFromDefault();
|
|
69
|
-
const k8sApi = kc.makeApiClient(CoreV1Api);
|
|
70
|
-
try {
|
|
71
|
-
const res = await k8sApi.readNamespacedSecret({
|
|
72
|
-
namespace,
|
|
73
|
-
name: secretName,
|
|
74
|
-
});
|
|
75
|
-
const secretData = res.data;
|
|
76
|
-
return Buffer.from(secretData['attribute.client_secret'], 'base64').toString('utf-8');
|
|
77
|
-
}
|
|
78
|
-
catch (err) {
|
|
79
|
-
console.error(`Failed to fetch secret ${secretName}:`, err.response?.body || err);
|
|
80
|
-
throw err;
|
|
81
|
-
}
|
|
82
|
-
}
|
|
83
67
|
};
|
|
84
68
|
PMAuthConfigProvider = __decorate([
|
|
85
69
|
Injectable(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-config-provider.js","sourceRoot":"","sources":["../../src/portal-options/auth-config-provider.ts"],"names":[],"mappings":";;;;;;;;;AAIA,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC1E,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"auth-config-provider.js","sourceRoot":"","sources":["../../src/portal-options/auth-config-provider.ts"],"names":[],"mappings":";;;;;;;;;AAIA,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EAEL,gBAAgB,GAEjB,MAAM,4BAA4B,CAAC;AAI7B,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IAErB;IACA;IAFV,YACU,gBAAkC,EAClC,oBAA0C;QAD1C,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,yBAAoB,GAApB,oBAAoB,CAAsB;IACjD,CAAC;IAEJ,KAAK,CAAC,aAAa,CAAC,OAAgB;QAClC,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAErC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,YAAY,GAChB,GAAG,KAAK,SAAS;YACf,CAAC,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAC7C,GAAG,EACH,wBAAwB,GAAG,EAAE,CAC9B;YACH,CAAC,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE3D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,cAAc,GAClB,IAAI,EAAE,sBAAsB,IAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACzE,MAAM,aAAa,GACjB,IAAI,EAAE,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAE3D,IAAI,CAAC,cAAc,IAAI,CAAC,aAAa,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YACpE,MAAM,eAAe,GAAG,CAAC,CAAC,YAAY,CAAC;YACvC,MAAM,IAAI,aAAa,CACrB;gBACE,OAAO,EAAE,wCAAwC;gBACjD,KAAK,EAAE,qDAAqD,cAAc,qBAAqB,aAAa,gBAAgB,QAAQ,yBAAyB,MAAM,CACjK,eAAe,CAChB,EAAE;gBACH,UAAU,EAAE,UAAU,CAAC,SAAS;aACjC,EACD,UAAU,CAAC,SAAS,CACrB,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,GAAG;YACZ,UAAU;YACV,QAAQ;YACR,YAAY;YACZ,cAAc;YACd,aAAa;YACb,aAAa,EAAE,IAAI,EAAE,MAAM;YAC3B,aAAa,EAAE,IAAI,EAAE,oBAAoB;SAC1C,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,OAAe;QACxC,MAAM,qBAAqB,GAA0B;YACnD,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,UAAU;YACnB,MAAM,EAAE,gCAAgC;YACxC,IAAI,EAAE,OAAO;SACd,CAAC;QAEF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,MAAM,GACV,MAAM,IAAI,CAAC,oBAAoB,CAAC,qCAAqC,CACnE,qBAAqB,EACrB,2BAA2B,CAC5B,CAAC;YACJ,OAAO,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;QACxD,CAAC;QAED,MAAM,MAAM,GACV,MAAM,IAAI,CAAC,oBAAoB,CAAC,uBAAuB,CACrD,qBAAqB,EACrB;YACE,YAAY,EAAE,OAAO;SACtB,CACF,CAAC;QACJ,OAAO,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;IACxD,CAAC;CACF,CAAA;AA9EY,oBAAoB;IADhC,UAAU,EAAE;qCAGiB,gBAAgB;QACZ,oBAAoB;GAHzC,oBAAoB,CA8EhC"}
|
|
@@ -21,6 +21,7 @@ export declare class KcpKubernetesService {
|
|
|
21
21
|
getKcpWorkspacePublicUrl(request: Request): string;
|
|
22
22
|
private getAppPort;
|
|
23
23
|
listClusterCustomObject(gvr: K8sResourceDescriptor, requestContext: K8sRequestContext): Promise<any>;
|
|
24
|
+
getClusterCustomObjectByWorkspacePath(gvr: K8sResourceDescriptor, workspacePath: string): Promise<any>;
|
|
24
25
|
listClusterCustomObjectInKcpVirtualWorkspace(gvr: K8sResourceDescriptor, requestContext: K8sRequestContext, token: string): Promise<any>;
|
|
25
|
-
getClientSecret(orgName: string): Promise<string>;
|
|
26
|
+
getClientSecret(orgName: string, secretNameOverride?: string): Promise<string>;
|
|
26
27
|
}
|
|
@@ -112,6 +112,21 @@ let KcpKubernetesService = KcpKubernetesService_1 = class KcpKubernetesService {
|
|
|
112
112
|
],
|
|
113
113
|
});
|
|
114
114
|
}
|
|
115
|
+
async getClusterCustomObjectByWorkspacePath(gvr, workspacePath) {
|
|
116
|
+
return await this.k8sCustomObjectsApi.listClusterCustomObject(gvr, {
|
|
117
|
+
middleware: [
|
|
118
|
+
new PromiseMiddlewareWrapper({
|
|
119
|
+
pre: async (context) => {
|
|
120
|
+
const path = `${this.baseUrl.origin}/clusters/${workspacePath}/apis/${gvr.group}/${gvr.version}/${gvr.plural}/${gvr.name}`;
|
|
121
|
+
this.logger.log(`kcp url: ${path}`);
|
|
122
|
+
context.setUrl(path);
|
|
123
|
+
return context;
|
|
124
|
+
},
|
|
125
|
+
post: async (context) => context,
|
|
126
|
+
}),
|
|
127
|
+
],
|
|
128
|
+
});
|
|
129
|
+
}
|
|
115
130
|
async listClusterCustomObjectInKcpVirtualWorkspace(gvr, requestContext, token) {
|
|
116
131
|
return await this.k8sCustomObjectsApiOIDCUser.listClusterCustomObject(gvr, {
|
|
117
132
|
middleware: [
|
|
@@ -131,8 +146,8 @@ let KcpKubernetesService = KcpKubernetesService_1 = class KcpKubernetesService {
|
|
|
131
146
|
],
|
|
132
147
|
});
|
|
133
148
|
}
|
|
134
|
-
async getClientSecret(orgName) {
|
|
135
|
-
const secretName = `portal-client-secret-${orgName}-${orgName}`;
|
|
149
|
+
async getClientSecret(orgName, secretNameOverride) {
|
|
150
|
+
const secretName = secretNameOverride ?? `portal-client-secret-${orgName}-${orgName}`;
|
|
136
151
|
const namespace = 'default';
|
|
137
152
|
try {
|
|
138
153
|
const res = await this.k8sCoreV1Api.readNamespacedSecret({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kcp-k8s.service.js","sourceRoot":"","sources":["../../../src/portal-options/services/kcp-k8s.service.ts"],"names":[],"mappings":";;;;;;;;;;AACA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,UAAU,GACX,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,gDAAgD,CAAC;AAC1F,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAI7C,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IACvB,MAAM,GAAW,IAAI,MAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAE9C,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IACpD,2BAA2B,CAAmB;IAC9C,mBAAmB,CAAmB;IACtC,YAAY,CAAY;IACxB,OAAO,CAAM;IAErB;QACE,IAAI,CAAC,oCAAoC,EAAE,CAAC;QAC5C,IAAI,CAAC,yBAAyB,EAAE,CAAC;QACjC,IAAI,CAAC,qBAAqB,EAAE,CAAC;IAC/B,CAAC;IAEO,oCAAoC;QAC1C,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,EAAE,CAAC,OAAO,CAAC;YACT,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QACH,EAAE,CAAC,UAAU,CAAC;YACZ,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,EAAE,CAAC,iBAAiB,EAAE,EAAE,IAAI,IAAI,EAAE;SAC5C,CAAC,CAAC;QACH,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,2BAA2B,GAAG,EAAE,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IACxE,CAAC;IAEO,yBAAyB;QAC/B,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,IAAI,CAAC,mBAAmB,GAAG,EAAE,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAChE,CAAC;IAEO,qBAAqB;QAC3B,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;IAClD,CAAC;IAED,iCAAiC;QAC/B,OAAO,IAAI,CAAC,2BAA2B,CAAC;IAC1C,CAAC;IAED,yBAAyB;QACvB,OAAO,IAAI,CAAC,mBAAmB,CAAC;IAClC,CAAC;IAED,kBAAkB;QAChB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,kBAAkB,CAAC,YAAqB,EAAE,OAAgB;QAChE,IAAI,IAAI,GAAG,WAAW,CAAC;QACvB,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,IAAI,IAAI,YAAY,EAAE,CAAC;QAC7B,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;QACxB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yBAAyB,CAAC,YAAoB,EAAE,OAAe;QAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,GAAG,CACZ,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,4CAA4C,IAAI,EAAE,CACzE,CAAC;IACJ,CAAC;IAED,kBAAkB,CAAC,YAAqB,EAAE,OAAgB;QACxD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,aAAa,IAAI,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,wBAAwB,CAAC,OAAgB;QACvC,MAAM,YAAY,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC,+BAA+B,CAAC,CAAC;QACjE,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAE5D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAEtC,OAAO,mBAAmB,UAAU,GAAG,IAAI,aAAa,IAAI,EAAE,CAAC;IACjE,CAAC;IAEO,UAAU,CAAC,OAAgB;QACjC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,kBAAkB,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC;YACrD,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,aAAa,CAAC;QAClB,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,kBAAkB,IAAI,eAAe,IAAI,EAAE,CAAC;QAE3E,MAAM,qBAAqB,GACzB,eAAe,KAAK,IAAI,IAAI,eAAe,KAAK,KAAK,IAAI,CAAC,eAAe,CAAC;QAC5E,OAAO,qBAAqB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,eAAe,EAAE,CAAC;IAC5D,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,GAA0B,EAC1B,cAAiC;QAEjC,OAAO,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,GAAG,EAAE;YACjE,UAAU,EAAE;gBACV,IAAI,wBAAwB,CAAC;oBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;wBACrB,MAAM,WAAW,GACf,cAAc,EAAE,WAAW;4BAC3B,cAAc,EAAE,CAAC,+BAA+B,CAAC,CAAC;wBAEpD,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,CACpC,cAAc,CAAC,YAAY,EAC3B,WAAW,CACZ,CAAC;wBACF,MAAM,IAAI,GAAG,GAAG,MAAM,SAAS,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBACpF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;wBACpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACrB,OAAO,OAAO,CAAC;oBACjB,CAAC;oBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;iBACjC,CAAC;aACH;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,4CAA4C,CACvD,GAA0B,EAC1B,cAAiC,EACjC,KAAa;QAEb,OAAO,MAAM,IAAI,CAAC,2BAA2B,CAAC,uBAAuB,CAAC,GAAG,EAAE;YACzE,UAAU,EAAE;gBACV,IAAI,wBAAwB,CAAC;oBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;wBACrB,MAAM,WAAW,GACf,cAAc,EAAE,WAAW;4BAC3B,cAAc,EAAE,CAAC,+BAA+B,CAAC,CAAC;wBAEpD,MAAM,MAAM,GAAG,IAAI,CAAC,yBAAyB,CAC3C,cAAc,CAAC,YAAY,EAC3B,WAAW,CACZ,CAAC;wBACF,MAAM,IAAI,GAAG,GAAG,MAAM,SAAS,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACxE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;wBAEpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACrB,OAAO,CAAC,cAAc,CAAC,eAAe,EAAE,UAAU,KAAK,EAAE,CAAC,CAAC;wBAC3D,OAAO,OAAO,CAAC;oBACjB,CAAC;oBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;iBACjC,CAAC;aACH;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,OAAe;
|
|
1
|
+
{"version":3,"file":"kcp-k8s.service.js","sourceRoot":"","sources":["../../../src/portal-options/services/kcp-k8s.service.ts"],"names":[],"mappings":";;;;;;;;;;AACA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,UAAU,GACX,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,gDAAgD,CAAC;AAC1F,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAI7C,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IACvB,MAAM,GAAW,IAAI,MAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAE9C,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IACpD,2BAA2B,CAAmB;IAC9C,mBAAmB,CAAmB;IACtC,YAAY,CAAY;IACxB,OAAO,CAAM;IAErB;QACE,IAAI,CAAC,oCAAoC,EAAE,CAAC;QAC5C,IAAI,CAAC,yBAAyB,EAAE,CAAC;QACjC,IAAI,CAAC,qBAAqB,EAAE,CAAC;IAC/B,CAAC;IAEO,oCAAoC;QAC1C,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,EAAE,CAAC,OAAO,CAAC;YACT,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QACH,EAAE,CAAC,UAAU,CAAC;YACZ,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,EAAE,CAAC,iBAAiB,EAAE,EAAE,IAAI,IAAI,EAAE;SAC5C,CAAC,CAAC;QACH,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,2BAA2B,GAAG,EAAE,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IACxE,CAAC;IAEO,yBAAyB;QAC/B,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,IAAI,CAAC,mBAAmB,GAAG,EAAE,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAChE,CAAC;IAEO,qBAAqB;QAC3B,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;IAClD,CAAC;IAED,iCAAiC;QAC/B,OAAO,IAAI,CAAC,2BAA2B,CAAC;IAC1C,CAAC;IAED,yBAAyB;QACvB,OAAO,IAAI,CAAC,mBAAmB,CAAC;IAClC,CAAC;IAED,kBAAkB;QAChB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,kBAAkB,CAAC,YAAqB,EAAE,OAAgB;QAChE,IAAI,IAAI,GAAG,WAAW,CAAC;QACvB,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,IAAI,IAAI,YAAY,EAAE,CAAC;QAC7B,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;QACxB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yBAAyB,CAAC,YAAoB,EAAE,OAAe;QAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,GAAG,CACZ,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,4CAA4C,IAAI,EAAE,CACzE,CAAC;IACJ,CAAC;IAED,kBAAkB,CAAC,YAAqB,EAAE,OAAgB;QACxD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,aAAa,IAAI,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,wBAAwB,CAAC,OAAgB;QACvC,MAAM,YAAY,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC,+BAA+B,CAAC,CAAC;QACjE,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAE5D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAEtC,OAAO,mBAAmB,UAAU,GAAG,IAAI,aAAa,IAAI,EAAE,CAAC;IACjE,CAAC;IAEO,UAAU,CAAC,OAAgB;QACjC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,kBAAkB,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC;YACrD,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,aAAa,CAAC;QAClB,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,kBAAkB,IAAI,eAAe,IAAI,EAAE,CAAC;QAE3E,MAAM,qBAAqB,GACzB,eAAe,KAAK,IAAI,IAAI,eAAe,KAAK,KAAK,IAAI,CAAC,eAAe,CAAC;QAC5E,OAAO,qBAAqB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,eAAe,EAAE,CAAC;IAC5D,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,GAA0B,EAC1B,cAAiC;QAEjC,OAAO,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,GAAG,EAAE;YACjE,UAAU,EAAE;gBACV,IAAI,wBAAwB,CAAC;oBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;wBACrB,MAAM,WAAW,GACf,cAAc,EAAE,WAAW;4BAC3B,cAAc,EAAE,CAAC,+BAA+B,CAAC,CAAC;wBAEpD,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,CACpC,cAAc,CAAC,YAAY,EAC3B,WAAW,CACZ,CAAC;wBACF,MAAM,IAAI,GAAG,GAAG,MAAM,SAAS,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBACpF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;wBACpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACrB,OAAO,OAAO,CAAC;oBACjB,CAAC;oBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;iBACjC,CAAC;aACH;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,qCAAqC,CAChD,GAA0B,EAC1B,aAAqB;QAErB,OAAO,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,GAAG,EAAE;YACjE,UAAU,EAAE;gBACV,IAAI,wBAAwB,CAAC;oBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;wBACrB,MAAM,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,aAAa,aAAa,SAAS,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBAC3H,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;wBACpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACrB,OAAO,OAAO,CAAC;oBACjB,CAAC;oBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;iBACjC,CAAC;aACH;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,4CAA4C,CACvD,GAA0B,EAC1B,cAAiC,EACjC,KAAa;QAEb,OAAO,MAAM,IAAI,CAAC,2BAA2B,CAAC,uBAAuB,CAAC,GAAG,EAAE;YACzE,UAAU,EAAE;gBACV,IAAI,wBAAwB,CAAC;oBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;wBACrB,MAAM,WAAW,GACf,cAAc,EAAE,WAAW;4BAC3B,cAAc,EAAE,CAAC,+BAA+B,CAAC,CAAC;wBAEpD,MAAM,MAAM,GAAG,IAAI,CAAC,yBAAyB,CAC3C,cAAc,CAAC,YAAY,EAC3B,WAAW,CACZ,CAAC;wBACF,MAAM,IAAI,GAAG,GAAG,MAAM,SAAS,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACxE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;wBAEpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACrB,OAAO,CAAC,cAAc,CAAC,eAAe,EAAE,UAAU,KAAK,EAAE,CAAC,CAAC;wBAC3D,OAAO,OAAO,CAAC;oBACjB,CAAC;oBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;iBACjC,CAAC;aACH;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,OAAe,EAAE,kBAA2B;QACvE,MAAM,UAAU,GACd,kBAAkB,IAAI,wBAAwB,OAAO,IAAI,OAAO,EAAE,CAAC;QACrE,MAAM,SAAS,GAAG,SAAS,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CACtD;gBACE,SAAS;gBACT,IAAI,EAAE,UAAU;aACjB,EACD;gBACE,UAAU,EAAE;oBACV,IAAI,wBAAwB,CAAC;wBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;4BACrB,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;4BACzC,MAAM,IAAI,GAAG,GAAG,MAAM,sBAAsB,SAAS,YAAY,UAAU,EAAE,CAAC;4BAC9E,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;4BACpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;4BACrB,OAAO,OAAO,CAAC;wBACjB,CAAC;wBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;qBACjC,CAAC;iBACH;aACF,CACF,CAAC;YACF,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC;YAC5B,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAChE,OAAO,CACR,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,4BAA4B,EAC5B,UAAU,EACV,GAAG,CAAC,QAAQ,EAAE,IAAI,IAAI,GAAG,CAC1B,CAAC;YACF,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;CACF,CAAA;AA3NY,oBAAoB;IADhC,UAAU,EAAE;;GACA,oBAAoB,CA2NhC"}
|
package/jest.config.ts
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@platform-mesh/portal-server-lib",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.10",
|
|
4
4
|
"author": "Platform Mesh",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"publishConfig": {
|
|
@@ -61,7 +61,7 @@
|
|
|
61
61
|
"@types/supertest": "6.0.3",
|
|
62
62
|
"eslint": "9.39.2",
|
|
63
63
|
"eslint-config-prettier": "10.1.8",
|
|
64
|
-
"globals": "17.
|
|
64
|
+
"globals": "17.1.0",
|
|
65
65
|
"jest": "30.2.0",
|
|
66
66
|
"jest-junit": "16.0.0",
|
|
67
67
|
"jest-mock-extended": "4.0.0",
|
|
@@ -106,13 +106,19 @@ describe('PMAuthConfigProvider', () => {
|
|
|
106
106
|
it('should handle welcome organization', async () => {
|
|
107
107
|
jest.spyOn(domainUtils, 'getOrganization').mockReturnValue('welcome');
|
|
108
108
|
|
|
109
|
-
const
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
109
|
+
const mockIdpConfig: IdentityProviderConfiguration = {
|
|
110
|
+
status: {
|
|
111
|
+
managedClients: {
|
|
112
|
+
welcome: {
|
|
113
|
+
clientId: 'welcome',
|
|
114
|
+
},
|
|
115
|
+
},
|
|
114
116
|
},
|
|
115
|
-
}
|
|
117
|
+
} as IdentityProviderConfiguration;
|
|
118
|
+
kcpKubernetesService.getClusterCustomObjectByWorkspacePath.mockResolvedValue(
|
|
119
|
+
mockIdpConfig,
|
|
120
|
+
);
|
|
121
|
+
kcpKubernetesService.getClientSecret.mockResolvedValue('welcome-secret');
|
|
116
122
|
|
|
117
123
|
const result = await provider.getAuthConfig(mockRequest);
|
|
118
124
|
|
|
@@ -389,82 +395,6 @@ describe('PMAuthConfigProvider', () => {
|
|
|
389
395
|
});
|
|
390
396
|
});
|
|
391
397
|
|
|
392
|
-
describe('getWelcomeClientSecret', () => {
|
|
393
|
-
it('should read welcome client secret from Kubernetes secret', async () => {
|
|
394
|
-
jest.spyOn(domainUtils, 'getOrganization').mockReturnValue('welcome');
|
|
395
|
-
|
|
396
|
-
const { mockReadNamespacedSecret } = require('@kubernetes/client-node');
|
|
397
|
-
const secretValue = 'my-welcome-secret';
|
|
398
|
-
mockReadNamespacedSecret.mockResolvedValue({
|
|
399
|
-
data: {
|
|
400
|
-
'attribute.client_secret':
|
|
401
|
-
Buffer.from(secretValue).toString('base64'),
|
|
402
|
-
},
|
|
403
|
-
});
|
|
404
|
-
|
|
405
|
-
const result = await provider.getAuthConfig(mockRequest);
|
|
406
|
-
|
|
407
|
-
expect(mockReadNamespacedSecret).toHaveBeenCalledWith({
|
|
408
|
-
namespace: 'platform-mesh-system',
|
|
409
|
-
name: 'portal-client-secret-welcome',
|
|
410
|
-
});
|
|
411
|
-
expect(result.clientSecret).toBe(secretValue);
|
|
412
|
-
});
|
|
413
|
-
|
|
414
|
-
it('should decode base64 secret correctly', async () => {
|
|
415
|
-
jest.spyOn(domainUtils, 'getOrganization').mockReturnValue('welcome');
|
|
416
|
-
|
|
417
|
-
const { mockReadNamespacedSecret } = require('@kubernetes/client-node');
|
|
418
|
-
const secretValue = 'special-chars-@#$%';
|
|
419
|
-
mockReadNamespacedSecret.mockResolvedValue({
|
|
420
|
-
data: {
|
|
421
|
-
'attribute.client_secret':
|
|
422
|
-
Buffer.from(secretValue).toString('base64'),
|
|
423
|
-
},
|
|
424
|
-
});
|
|
425
|
-
|
|
426
|
-
const result = await provider.getAuthConfig(mockRequest);
|
|
427
|
-
|
|
428
|
-
expect(result.clientSecret).toBe(secretValue);
|
|
429
|
-
});
|
|
430
|
-
|
|
431
|
-
it('should throw error when secret read fails', async () => {
|
|
432
|
-
jest.spyOn(domainUtils, 'getOrganization').mockReturnValue('welcome');
|
|
433
|
-
|
|
434
|
-
const { mockReadNamespacedSecret } = require('@kubernetes/client-node');
|
|
435
|
-
const error = new Error('Secret not found');
|
|
436
|
-
mockReadNamespacedSecret.mockRejectedValue(error);
|
|
437
|
-
|
|
438
|
-
const consoleSpy = jest.spyOn(console, 'error').mockImplementation();
|
|
439
|
-
|
|
440
|
-
await expect(provider.getAuthConfig(mockRequest)).rejects.toThrow(
|
|
441
|
-
'Secret not found',
|
|
442
|
-
);
|
|
443
|
-
expect(consoleSpy).toHaveBeenCalled();
|
|
444
|
-
|
|
445
|
-
consoleSpy.mockRestore();
|
|
446
|
-
});
|
|
447
|
-
|
|
448
|
-
it('should log error with response body if available', async () => {
|
|
449
|
-
jest.spyOn(domainUtils, 'getOrganization').mockReturnValue('welcome');
|
|
450
|
-
|
|
451
|
-
const { mockReadNamespacedSecret } = require('@kubernetes/client-node');
|
|
452
|
-
const error: any = new Error('Secret not found');
|
|
453
|
-
error.response = { body: { message: 'Not found in namespace' } };
|
|
454
|
-
mockReadNamespacedSecret.mockRejectedValue(error);
|
|
455
|
-
|
|
456
|
-
const consoleSpy = jest.spyOn(console, 'error').mockImplementation();
|
|
457
|
-
|
|
458
|
-
await expect(provider.getAuthConfig(mockRequest)).rejects.toThrow();
|
|
459
|
-
expect(consoleSpy).toHaveBeenCalledWith(
|
|
460
|
-
'Failed to fetch secret portal-client-secret-welcome:',
|
|
461
|
-
{ message: 'Not found in namespace' },
|
|
462
|
-
);
|
|
463
|
-
|
|
464
|
-
consoleSpy.mockRestore();
|
|
465
|
-
});
|
|
466
|
-
});
|
|
467
|
-
|
|
468
398
|
describe('edge cases', () => {
|
|
469
399
|
it('should handle undefined OIDC discovery endpoints', async () => {
|
|
470
400
|
discoveryService.getOIDC.mockResolvedValue({
|
|
@@ -4,7 +4,6 @@ import {
|
|
|
4
4
|
} from './models/k8s.js';
|
|
5
5
|
import { KcpKubernetesService } from './services/kcp-k8s.service.js';
|
|
6
6
|
import { getDiscoveryEndpoint, getOrganization } from './utils/domain.js';
|
|
7
|
-
import { CoreV1Api, KubeConfig } from '@kubernetes/client-node';
|
|
8
7
|
import { HttpException, HttpStatus, Injectable } from '@nestjs/common';
|
|
9
8
|
import {
|
|
10
9
|
AuthConfigService,
|
|
@@ -24,11 +23,13 @@ export class PMAuthConfigProvider implements AuthConfigService {
|
|
|
24
23
|
const oidcUrl = getDiscoveryEndpoint(request);
|
|
25
24
|
const org = getOrganization(request);
|
|
26
25
|
|
|
27
|
-
const clientId =
|
|
28
|
-
org === 'welcome' ? 'welcome' : await this.readClientId(org);
|
|
26
|
+
const clientId = await this.readClientId(org);
|
|
29
27
|
const clientSecret =
|
|
30
28
|
org === 'welcome'
|
|
31
|
-
? await this.
|
|
29
|
+
? await this.kcpKubernetesService.getClientSecret(
|
|
30
|
+
org,
|
|
31
|
+
`portal-client-secret-${org}`,
|
|
32
|
+
)
|
|
32
33
|
: await this.kcpKubernetesService.getClientSecret(org);
|
|
33
34
|
|
|
34
35
|
const baseDomain = process.env['BASE_DOMAINS_DEFAULT'];
|
|
@@ -72,6 +73,15 @@ export class PMAuthConfigProvider implements AuthConfigService {
|
|
|
72
73
|
name: orgName,
|
|
73
74
|
};
|
|
74
75
|
|
|
76
|
+
if (orgName === 'welcome') {
|
|
77
|
+
const result: IdentityProviderConfiguration =
|
|
78
|
+
await this.kcpKubernetesService.getClusterCustomObjectByWorkspacePath(
|
|
79
|
+
k8sResourceDescriptor,
|
|
80
|
+
'root:platform-mesh-system',
|
|
81
|
+
);
|
|
82
|
+
return result.status.managedClients[orgName].clientId;
|
|
83
|
+
}
|
|
84
|
+
|
|
75
85
|
const result: IdentityProviderConfiguration =
|
|
76
86
|
await this.kcpKubernetesService.listClusterCustomObject(
|
|
77
87
|
k8sResourceDescriptor,
|
|
@@ -81,31 +91,4 @@ export class PMAuthConfigProvider implements AuthConfigService {
|
|
|
81
91
|
);
|
|
82
92
|
return result.status.managedClients[orgName].clientId;
|
|
83
93
|
}
|
|
84
|
-
|
|
85
|
-
private async getWelcomeClientSecret(orgName: string) {
|
|
86
|
-
const secretName = `portal-client-secret-${orgName}`;
|
|
87
|
-
const namespace = 'platform-mesh-system';
|
|
88
|
-
|
|
89
|
-
const kc = new KubeConfig();
|
|
90
|
-
kc.loadFromDefault();
|
|
91
|
-
const k8sApi = kc.makeApiClient(CoreV1Api);
|
|
92
|
-
try {
|
|
93
|
-
const res = await k8sApi.readNamespacedSecret({
|
|
94
|
-
namespace,
|
|
95
|
-
name: secretName,
|
|
96
|
-
});
|
|
97
|
-
const secretData = res.data;
|
|
98
|
-
|
|
99
|
-
return Buffer.from(
|
|
100
|
-
secretData['attribute.client_secret'],
|
|
101
|
-
'base64',
|
|
102
|
-
).toString('utf-8');
|
|
103
|
-
} catch (err) {
|
|
104
|
-
console.error(
|
|
105
|
-
`Failed to fetch secret ${secretName}:`,
|
|
106
|
-
err.response?.body || err,
|
|
107
|
-
);
|
|
108
|
-
throw err;
|
|
109
|
-
}
|
|
110
|
-
}
|
|
111
94
|
}
|
|
@@ -141,6 +141,25 @@ export class KcpKubernetesService {
|
|
|
141
141
|
});
|
|
142
142
|
}
|
|
143
143
|
|
|
144
|
+
public async getClusterCustomObjectByWorkspacePath(
|
|
145
|
+
gvr: K8sResourceDescriptor,
|
|
146
|
+
workspacePath: string,
|
|
147
|
+
) {
|
|
148
|
+
return await this.k8sCustomObjectsApi.listClusterCustomObject(gvr, {
|
|
149
|
+
middleware: [
|
|
150
|
+
new PromiseMiddlewareWrapper({
|
|
151
|
+
pre: async (context) => {
|
|
152
|
+
const path = `${this.baseUrl.origin}/clusters/${workspacePath}/apis/${gvr.group}/${gvr.version}/${gvr.plural}/${gvr.name}`;
|
|
153
|
+
this.logger.log(`kcp url: ${path}`);
|
|
154
|
+
context.setUrl(path);
|
|
155
|
+
return context;
|
|
156
|
+
},
|
|
157
|
+
post: async (context) => context,
|
|
158
|
+
}),
|
|
159
|
+
],
|
|
160
|
+
});
|
|
161
|
+
}
|
|
162
|
+
|
|
144
163
|
public async listClusterCustomObjectInKcpVirtualWorkspace(
|
|
145
164
|
gvr: K8sResourceDescriptor,
|
|
146
165
|
requestContext: K8sRequestContext,
|
|
@@ -171,8 +190,9 @@ export class KcpKubernetesService {
|
|
|
171
190
|
});
|
|
172
191
|
}
|
|
173
192
|
|
|
174
|
-
public async getClientSecret(orgName: string) {
|
|
175
|
-
const secretName =
|
|
193
|
+
public async getClientSecret(orgName: string, secretNameOverride?: string) {
|
|
194
|
+
const secretName =
|
|
195
|
+
secretNameOverride ?? `portal-client-secret-${orgName}-${orgName}`;
|
|
176
196
|
const namespace = 'default';
|
|
177
197
|
|
|
178
198
|
try {
|