@platform-mesh/portal-server-lib 0.6.9 → 0.6.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/portal-options/auth-config-provider.d.ts +0 -1
- package/dist/portal-options/auth-config-provider.js +6 -22
- package/dist/portal-options/auth-config-provider.js.map +1 -1
- package/dist/portal-options/index.d.ts +2 -4
- package/dist/portal-options/index.js +2 -4
- package/dist/portal-options/index.js.map +1 -1
- package/dist/portal-options/services/kcp-k8s.service.d.ts +2 -1
- package/dist/portal-options/services/kcp-k8s.service.js +17 -2
- package/dist/portal-options/services/kcp-k8s.service.js.map +1 -1
- package/jest.config.ts +1 -1
- package/package.json +1 -1
- package/src/portal-options/auth-config-provider.spec.ts +12 -82
- package/src/portal-options/auth-config-provider.ts +14 -31
- package/src/portal-options/index.ts +2 -4
- package/src/portal-options/services/kcp-k8s.service.spec.ts +53 -0
- package/src/portal-options/services/kcp-k8s.service.ts +22 -2
- package/dist/portal-options/auth-callback-provider.d.ts +0 -10
- package/dist/portal-options/auth-callback-provider.js +0 -36
- package/dist/portal-options/auth-callback-provider.js.map +0 -1
- package/dist/portal-options/services/iam-graphql.service.d.ts +0 -7
- package/dist/portal-options/services/iam-graphql.service.js +0 -40
- package/dist/portal-options/services/iam-graphql.service.js.map +0 -1
- package/src/portal-options/auth-callback-provider.spec.ts +0 -85
- package/src/portal-options/auth-callback-provider.ts +0 -27
- package/src/portal-options/services/iam-graphql.service.spec.ts +0 -77
- package/src/portal-options/services/iam-graphql.service.ts +0 -33
|
@@ -7,5 +7,4 @@ export declare class PMAuthConfigProvider implements AuthConfigService {
|
|
|
7
7
|
constructor(discoveryService: DiscoveryService, kcpKubernetesService: KcpKubernetesService);
|
|
8
8
|
getAuthConfig(request: Request): Promise<ServerAuthVariables>;
|
|
9
9
|
private readClientId;
|
|
10
|
-
private getWelcomeClientSecret;
|
|
11
10
|
}
|
|
@@ -9,7 +9,6 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
};
|
|
10
10
|
import { KcpKubernetesService } from './services/kcp-k8s.service.js';
|
|
11
11
|
import { getDiscoveryEndpoint, getOrganization } from './utils/domain.js';
|
|
12
|
-
import { CoreV1Api, KubeConfig } from '@kubernetes/client-node';
|
|
13
12
|
import { HttpException, HttpStatus, Injectable } from '@nestjs/common';
|
|
14
13
|
import { DiscoveryService, } from '@openmfp/portal-server-lib';
|
|
15
14
|
let PMAuthConfigProvider = class PMAuthConfigProvider {
|
|
@@ -22,9 +21,9 @@ let PMAuthConfigProvider = class PMAuthConfigProvider {
|
|
|
22
21
|
async getAuthConfig(request) {
|
|
23
22
|
const oidcUrl = getDiscoveryEndpoint(request);
|
|
24
23
|
const org = getOrganization(request);
|
|
25
|
-
const clientId =
|
|
24
|
+
const clientId = await this.readClientId(org);
|
|
26
25
|
const clientSecret = org === 'welcome'
|
|
27
|
-
? await this.
|
|
26
|
+
? await this.kcpKubernetesService.getClientSecret(org, `portal-client-secret-${org}`)
|
|
28
27
|
: await this.kcpKubernetesService.getClientSecret(org);
|
|
29
28
|
const baseDomain = process.env['BASE_DOMAINS_DEFAULT'];
|
|
30
29
|
const oidc = await this.discoveryService.getOIDC(oidcUrl);
|
|
@@ -56,30 +55,15 @@ let PMAuthConfigProvider = class PMAuthConfigProvider {
|
|
|
56
55
|
plural: 'identityproviderconfigurations',
|
|
57
56
|
name: orgName,
|
|
58
57
|
};
|
|
58
|
+
if (orgName === 'welcome') {
|
|
59
|
+
const result = await this.kcpKubernetesService.getClusterCustomObjectByWorkspacePath(k8sResourceDescriptor, 'root:platform-mesh-system');
|
|
60
|
+
return result.status.managedClients[orgName].clientId;
|
|
61
|
+
}
|
|
59
62
|
const result = await this.kcpKubernetesService.listClusterCustomObject(k8sResourceDescriptor, {
|
|
60
63
|
organization: orgName,
|
|
61
64
|
});
|
|
62
65
|
return result.status.managedClients[orgName].clientId;
|
|
63
66
|
}
|
|
64
|
-
async getWelcomeClientSecret(orgName) {
|
|
65
|
-
const secretName = `portal-client-secret-${orgName}`;
|
|
66
|
-
const namespace = 'platform-mesh-system';
|
|
67
|
-
const kc = new KubeConfig();
|
|
68
|
-
kc.loadFromDefault();
|
|
69
|
-
const k8sApi = kc.makeApiClient(CoreV1Api);
|
|
70
|
-
try {
|
|
71
|
-
const res = await k8sApi.readNamespacedSecret({
|
|
72
|
-
namespace,
|
|
73
|
-
name: secretName,
|
|
74
|
-
});
|
|
75
|
-
const secretData = res.data;
|
|
76
|
-
return Buffer.from(secretData['attribute.client_secret'], 'base64').toString('utf-8');
|
|
77
|
-
}
|
|
78
|
-
catch (err) {
|
|
79
|
-
console.error(`Failed to fetch secret ${secretName}:`, err.response?.body || err);
|
|
80
|
-
throw err;
|
|
81
|
-
}
|
|
82
|
-
}
|
|
83
67
|
};
|
|
84
68
|
PMAuthConfigProvider = __decorate([
|
|
85
69
|
Injectable(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-config-provider.js","sourceRoot":"","sources":["../../src/portal-options/auth-config-provider.ts"],"names":[],"mappings":";;;;;;;;;AAIA,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC1E,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"auth-config-provider.js","sourceRoot":"","sources":["../../src/portal-options/auth-config-provider.ts"],"names":[],"mappings":";;;;;;;;;AAIA,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EAEL,gBAAgB,GAEjB,MAAM,4BAA4B,CAAC;AAI7B,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IAErB;IACA;IAFV,YACU,gBAAkC,EAClC,oBAA0C;QAD1C,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,yBAAoB,GAApB,oBAAoB,CAAsB;IACjD,CAAC;IAEJ,KAAK,CAAC,aAAa,CAAC,OAAgB;QAClC,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAErC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,YAAY,GAChB,GAAG,KAAK,SAAS;YACf,CAAC,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAC7C,GAAG,EACH,wBAAwB,GAAG,EAAE,CAC9B;YACH,CAAC,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE3D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,cAAc,GAClB,IAAI,EAAE,sBAAsB,IAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACzE,MAAM,aAAa,GACjB,IAAI,EAAE,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAE3D,IAAI,CAAC,cAAc,IAAI,CAAC,aAAa,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YACpE,MAAM,eAAe,GAAG,CAAC,CAAC,YAAY,CAAC;YACvC,MAAM,IAAI,aAAa,CACrB;gBACE,OAAO,EAAE,wCAAwC;gBACjD,KAAK,EAAE,qDAAqD,cAAc,qBAAqB,aAAa,gBAAgB,QAAQ,yBAAyB,MAAM,CACjK,eAAe,CAChB,EAAE;gBACH,UAAU,EAAE,UAAU,CAAC,SAAS;aACjC,EACD,UAAU,CAAC,SAAS,CACrB,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,GAAG;YACZ,UAAU;YACV,QAAQ;YACR,YAAY;YACZ,cAAc;YACd,aAAa;YACb,aAAa,EAAE,IAAI,EAAE,MAAM;YAC3B,aAAa,EAAE,IAAI,EAAE,oBAAoB;SAC1C,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,OAAe;QACxC,MAAM,qBAAqB,GAA0B;YACnD,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,UAAU;YACnB,MAAM,EAAE,gCAAgC;YACxC,IAAI,EAAE,OAAO;SACd,CAAC;QAEF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,MAAM,GACV,MAAM,IAAI,CAAC,oBAAoB,CAAC,qCAAqC,CACnE,qBAAqB,EACrB,2BAA2B,CAC5B,CAAC;YACJ,OAAO,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;QACxD,CAAC;QAED,MAAM,MAAM,GACV,MAAM,IAAI,CAAC,oBAAoB,CAAC,uBAAuB,CACrD,qBAAqB,EACrB;YACE,YAAY,EAAE,OAAO;SACtB,CACF,CAAC;QACJ,OAAO,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;IACxD,CAAC;CACF,CAAA;AA9EY,oBAAoB;IADhC,UAAU,EAAE;qCAGiB,gBAAgB;QACZ,oBAAoB;GAHzC,oBAAoB,CA8EhC"}
|
|
@@ -1,10 +1,8 @@
|
|
|
1
1
|
export * from './account-entity-context-provider.service.js';
|
|
2
|
+
export * from './auth-config-provider.js';
|
|
3
|
+
export * from './logout-callback.service.js';
|
|
2
4
|
export * from './pm-portal-context.service.js';
|
|
3
5
|
export * from './pm-request-context-provider.js';
|
|
4
|
-
export * from './auth-config-provider.js';
|
|
5
6
|
export * from './service-providers/content-configuration-service-providers.service.js';
|
|
6
7
|
export * from './service-providers/kubernetes-service-providers.service.js';
|
|
7
|
-
export * from './auth-callback-provider.js';
|
|
8
|
-
export * from './logout-callback.service.js';
|
|
9
8
|
export * from './services/kcp-k8s.service.js';
|
|
10
|
-
export * from './services/iam-graphql.service.js';
|
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
export * from './account-entity-context-provider.service.js';
|
|
2
|
+
export * from './auth-config-provider.js';
|
|
3
|
+
export * from './logout-callback.service.js';
|
|
2
4
|
export * from './pm-portal-context.service.js';
|
|
3
5
|
export * from './pm-request-context-provider.js';
|
|
4
|
-
export * from './auth-config-provider.js';
|
|
5
6
|
export * from './service-providers/content-configuration-service-providers.service.js';
|
|
6
7
|
export * from './service-providers/kubernetes-service-providers.service.js';
|
|
7
|
-
export * from './auth-callback-provider.js';
|
|
8
|
-
export * from './logout-callback.service.js';
|
|
9
8
|
export * from './services/kcp-k8s.service.js';
|
|
10
|
-
export * from './services/iam-graphql.service.js';
|
|
11
9
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/portal-options/index.ts"],"names":[],"mappings":"AAAA,cAAc,8CAA8C,CAAC;AAC7D,cAAc,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/portal-options/index.ts"],"names":[],"mappings":"AAAA,cAAc,8CAA8C,CAAC;AAC7D,cAAc,2BAA2B,CAAC;AAC1C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kCAAkC,CAAC;AACjD,cAAc,wEAAwE,CAAC;AACvF,cAAc,6DAA6D,CAAC;AAE5E,cAAc,+BAA+B,CAAC"}
|
|
@@ -21,6 +21,7 @@ export declare class KcpKubernetesService {
|
|
|
21
21
|
getKcpWorkspacePublicUrl(request: Request): string;
|
|
22
22
|
private getAppPort;
|
|
23
23
|
listClusterCustomObject(gvr: K8sResourceDescriptor, requestContext: K8sRequestContext): Promise<any>;
|
|
24
|
+
getClusterCustomObjectByWorkspacePath(gvr: K8sResourceDescriptor, workspacePath: string): Promise<any>;
|
|
24
25
|
listClusterCustomObjectInKcpVirtualWorkspace(gvr: K8sResourceDescriptor, requestContext: K8sRequestContext, token: string): Promise<any>;
|
|
25
|
-
getClientSecret(orgName: string): Promise<string>;
|
|
26
|
+
getClientSecret(orgName: string, secretNameOverride?: string): Promise<string>;
|
|
26
27
|
}
|
|
@@ -112,6 +112,21 @@ let KcpKubernetesService = KcpKubernetesService_1 = class KcpKubernetesService {
|
|
|
112
112
|
],
|
|
113
113
|
});
|
|
114
114
|
}
|
|
115
|
+
async getClusterCustomObjectByWorkspacePath(gvr, workspacePath) {
|
|
116
|
+
return await this.k8sCustomObjectsApi.listClusterCustomObject(gvr, {
|
|
117
|
+
middleware: [
|
|
118
|
+
new PromiseMiddlewareWrapper({
|
|
119
|
+
pre: async (context) => {
|
|
120
|
+
const path = `${this.baseUrl.origin}/clusters/${workspacePath}/apis/${gvr.group}/${gvr.version}/${gvr.plural}/${gvr.name}`;
|
|
121
|
+
this.logger.log(`kcp url: ${path}`);
|
|
122
|
+
context.setUrl(path);
|
|
123
|
+
return context;
|
|
124
|
+
},
|
|
125
|
+
post: async (context) => context,
|
|
126
|
+
}),
|
|
127
|
+
],
|
|
128
|
+
});
|
|
129
|
+
}
|
|
115
130
|
async listClusterCustomObjectInKcpVirtualWorkspace(gvr, requestContext, token) {
|
|
116
131
|
return await this.k8sCustomObjectsApiOIDCUser.listClusterCustomObject(gvr, {
|
|
117
132
|
middleware: [
|
|
@@ -131,8 +146,8 @@ let KcpKubernetesService = KcpKubernetesService_1 = class KcpKubernetesService {
|
|
|
131
146
|
],
|
|
132
147
|
});
|
|
133
148
|
}
|
|
134
|
-
async getClientSecret(orgName) {
|
|
135
|
-
const secretName = `portal-client-secret-${orgName}-${orgName}`;
|
|
149
|
+
async getClientSecret(orgName, secretNameOverride) {
|
|
150
|
+
const secretName = secretNameOverride ?? `portal-client-secret-${orgName}-${orgName}`;
|
|
136
151
|
const namespace = 'default';
|
|
137
152
|
try {
|
|
138
153
|
const res = await this.k8sCoreV1Api.readNamespacedSecret({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kcp-k8s.service.js","sourceRoot":"","sources":["../../../src/portal-options/services/kcp-k8s.service.ts"],"names":[],"mappings":";;;;;;;;;;AACA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,UAAU,GACX,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,gDAAgD,CAAC;AAC1F,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAI7C,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IACvB,MAAM,GAAW,IAAI,MAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAE9C,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IACpD,2BAA2B,CAAmB;IAC9C,mBAAmB,CAAmB;IACtC,YAAY,CAAY;IACxB,OAAO,CAAM;IAErB;QACE,IAAI,CAAC,oCAAoC,EAAE,CAAC;QAC5C,IAAI,CAAC,yBAAyB,EAAE,CAAC;QACjC,IAAI,CAAC,qBAAqB,EAAE,CAAC;IAC/B,CAAC;IAEO,oCAAoC;QAC1C,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,EAAE,CAAC,OAAO,CAAC;YACT,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QACH,EAAE,CAAC,UAAU,CAAC;YACZ,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,EAAE,CAAC,iBAAiB,EAAE,EAAE,IAAI,IAAI,EAAE;SAC5C,CAAC,CAAC;QACH,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,2BAA2B,GAAG,EAAE,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IACxE,CAAC;IAEO,yBAAyB;QAC/B,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,IAAI,CAAC,mBAAmB,GAAG,EAAE,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAChE,CAAC;IAEO,qBAAqB;QAC3B,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;IAClD,CAAC;IAED,iCAAiC;QAC/B,OAAO,IAAI,CAAC,2BAA2B,CAAC;IAC1C,CAAC;IAED,yBAAyB;QACvB,OAAO,IAAI,CAAC,mBAAmB,CAAC;IAClC,CAAC;IAED,kBAAkB;QAChB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,kBAAkB,CAAC,YAAqB,EAAE,OAAgB;QAChE,IAAI,IAAI,GAAG,WAAW,CAAC;QACvB,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,IAAI,IAAI,YAAY,EAAE,CAAC;QAC7B,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;QACxB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yBAAyB,CAAC,YAAoB,EAAE,OAAe;QAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,GAAG,CACZ,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,4CAA4C,IAAI,EAAE,CACzE,CAAC;IACJ,CAAC;IAED,kBAAkB,CAAC,YAAqB,EAAE,OAAgB;QACxD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,aAAa,IAAI,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,wBAAwB,CAAC,OAAgB;QACvC,MAAM,YAAY,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC,+BAA+B,CAAC,CAAC;QACjE,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAE5D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAEtC,OAAO,mBAAmB,UAAU,GAAG,IAAI,aAAa,IAAI,EAAE,CAAC;IACjE,CAAC;IAEO,UAAU,CAAC,OAAgB;QACjC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,kBAAkB,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC;YACrD,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,aAAa,CAAC;QAClB,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,kBAAkB,IAAI,eAAe,IAAI,EAAE,CAAC;QAE3E,MAAM,qBAAqB,GACzB,eAAe,KAAK,IAAI,IAAI,eAAe,KAAK,KAAK,IAAI,CAAC,eAAe,CAAC;QAC5E,OAAO,qBAAqB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,eAAe,EAAE,CAAC;IAC5D,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,GAA0B,EAC1B,cAAiC;QAEjC,OAAO,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,GAAG,EAAE;YACjE,UAAU,EAAE;gBACV,IAAI,wBAAwB,CAAC;oBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;wBACrB,MAAM,WAAW,GACf,cAAc,EAAE,WAAW;4BAC3B,cAAc,EAAE,CAAC,+BAA+B,CAAC,CAAC;wBAEpD,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,CACpC,cAAc,CAAC,YAAY,EAC3B,WAAW,CACZ,CAAC;wBACF,MAAM,IAAI,GAAG,GAAG,MAAM,SAAS,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBACpF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;wBACpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACrB,OAAO,OAAO,CAAC;oBACjB,CAAC;oBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;iBACjC,CAAC;aACH;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,4CAA4C,CACvD,GAA0B,EAC1B,cAAiC,EACjC,KAAa;QAEb,OAAO,MAAM,IAAI,CAAC,2BAA2B,CAAC,uBAAuB,CAAC,GAAG,EAAE;YACzE,UAAU,EAAE;gBACV,IAAI,wBAAwB,CAAC;oBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;wBACrB,MAAM,WAAW,GACf,cAAc,EAAE,WAAW;4BAC3B,cAAc,EAAE,CAAC,+BAA+B,CAAC,CAAC;wBAEpD,MAAM,MAAM,GAAG,IAAI,CAAC,yBAAyB,CAC3C,cAAc,CAAC,YAAY,EAC3B,WAAW,CACZ,CAAC;wBACF,MAAM,IAAI,GAAG,GAAG,MAAM,SAAS,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACxE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;wBAEpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACrB,OAAO,CAAC,cAAc,CAAC,eAAe,EAAE,UAAU,KAAK,EAAE,CAAC,CAAC;wBAC3D,OAAO,OAAO,CAAC;oBACjB,CAAC;oBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;iBACjC,CAAC;aACH;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,OAAe;
|
|
1
|
+
{"version":3,"file":"kcp-k8s.service.js","sourceRoot":"","sources":["../../../src/portal-options/services/kcp-k8s.service.ts"],"names":[],"mappings":";;;;;;;;;;AACA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,UAAU,GACX,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,gDAAgD,CAAC;AAC1F,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAI7C,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IACvB,MAAM,GAAW,IAAI,MAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAE9C,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IACpD,2BAA2B,CAAmB;IAC9C,mBAAmB,CAAmB;IACtC,YAAY,CAAY;IACxB,OAAO,CAAM;IAErB;QACE,IAAI,CAAC,oCAAoC,EAAE,CAAC;QAC5C,IAAI,CAAC,yBAAyB,EAAE,CAAC;QACjC,IAAI,CAAC,qBAAqB,EAAE,CAAC;IAC/B,CAAC;IAEO,oCAAoC;QAC1C,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,EAAE,CAAC,OAAO,CAAC;YACT,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QACH,EAAE,CAAC,UAAU,CAAC;YACZ,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,EAAE,CAAC,iBAAiB,EAAE,EAAE,IAAI,IAAI,EAAE;SAC5C,CAAC,CAAC;QACH,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,2BAA2B,GAAG,EAAE,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IACxE,CAAC;IAEO,yBAAyB;QAC/B,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,IAAI,CAAC,mBAAmB,GAAG,EAAE,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAChE,CAAC;IAEO,qBAAqB;QAC3B,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACpC,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;IAClD,CAAC;IAED,iCAAiC;QAC/B,OAAO,IAAI,CAAC,2BAA2B,CAAC;IAC1C,CAAC;IAED,yBAAyB;QACvB,OAAO,IAAI,CAAC,mBAAmB,CAAC;IAClC,CAAC;IAED,kBAAkB;QAChB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,kBAAkB,CAAC,YAAqB,EAAE,OAAgB;QAChE,IAAI,IAAI,GAAG,WAAW,CAAC;QACvB,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,IAAI,IAAI,YAAY,EAAE,CAAC;QAC7B,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;QACxB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yBAAyB,CAAC,YAAoB,EAAE,OAAe;QAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,GAAG,CACZ,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,4CAA4C,IAAI,EAAE,CACzE,CAAC;IACJ,CAAC;IAED,kBAAkB,CAAC,YAAqB,EAAE,OAAgB;QACxD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,aAAa,IAAI,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,wBAAwB,CAAC,OAAgB;QACvC,MAAM,YAAY,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC,+BAA+B,CAAC,CAAC;QACjE,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAE5D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAEtC,OAAO,mBAAmB,UAAU,GAAG,IAAI,aAAa,IAAI,EAAE,CAAC;IACjE,CAAC;IAEO,UAAU,CAAC,OAAgB;QACjC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,kBAAkB,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC;YACrD,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,aAAa,CAAC;QAClB,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,kBAAkB,IAAI,eAAe,IAAI,EAAE,CAAC;QAE3E,MAAM,qBAAqB,GACzB,eAAe,KAAK,IAAI,IAAI,eAAe,KAAK,KAAK,IAAI,CAAC,eAAe,CAAC;QAC5E,OAAO,qBAAqB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,eAAe,EAAE,CAAC;IAC5D,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,GAA0B,EAC1B,cAAiC;QAEjC,OAAO,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,GAAG,EAAE;YACjE,UAAU,EAAE;gBACV,IAAI,wBAAwB,CAAC;oBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;wBACrB,MAAM,WAAW,GACf,cAAc,EAAE,WAAW;4BAC3B,cAAc,EAAE,CAAC,+BAA+B,CAAC,CAAC;wBAEpD,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,CACpC,cAAc,CAAC,YAAY,EAC3B,WAAW,CACZ,CAAC;wBACF,MAAM,IAAI,GAAG,GAAG,MAAM,SAAS,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBACpF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;wBACpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACrB,OAAO,OAAO,CAAC;oBACjB,CAAC;oBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;iBACjC,CAAC;aACH;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,qCAAqC,CAChD,GAA0B,EAC1B,aAAqB;QAErB,OAAO,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,GAAG,EAAE;YACjE,UAAU,EAAE;gBACV,IAAI,wBAAwB,CAAC;oBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;wBACrB,MAAM,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,aAAa,aAAa,SAAS,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBAC3H,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;wBACpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACrB,OAAO,OAAO,CAAC;oBACjB,CAAC;oBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;iBACjC,CAAC;aACH;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,4CAA4C,CACvD,GAA0B,EAC1B,cAAiC,EACjC,KAAa;QAEb,OAAO,MAAM,IAAI,CAAC,2BAA2B,CAAC,uBAAuB,CAAC,GAAG,EAAE;YACzE,UAAU,EAAE;gBACV,IAAI,wBAAwB,CAAC;oBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;wBACrB,MAAM,WAAW,GACf,cAAc,EAAE,WAAW;4BAC3B,cAAc,EAAE,CAAC,+BAA+B,CAAC,CAAC;wBAEpD,MAAM,MAAM,GAAG,IAAI,CAAC,yBAAyB,CAC3C,cAAc,CAAC,YAAY,EAC3B,WAAW,CACZ,CAAC;wBACF,MAAM,IAAI,GAAG,GAAG,MAAM,SAAS,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACxE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;wBAEpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACrB,OAAO,CAAC,cAAc,CAAC,eAAe,EAAE,UAAU,KAAK,EAAE,CAAC,CAAC;wBAC3D,OAAO,OAAO,CAAC;oBACjB,CAAC;oBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;iBACjC,CAAC;aACH;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,OAAe,EAAE,kBAA2B;QACvE,MAAM,UAAU,GACd,kBAAkB,IAAI,wBAAwB,OAAO,IAAI,OAAO,EAAE,CAAC;QACrE,MAAM,SAAS,GAAG,SAAS,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CACtD;gBACE,SAAS;gBACT,IAAI,EAAE,UAAU;aACjB,EACD;gBACE,UAAU,EAAE;oBACV,IAAI,wBAAwB,CAAC;wBAC3B,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;4BACrB,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;4BACzC,MAAM,IAAI,GAAG,GAAG,MAAM,sBAAsB,SAAS,YAAY,UAAU,EAAE,CAAC;4BAC9E,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;4BACpC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;4BACrB,OAAO,OAAO,CAAC;wBACjB,CAAC;wBACD,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO;qBACjC,CAAC;iBACH;aACF,CACF,CAAC;YACF,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC;YAC5B,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAChE,OAAO,CACR,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,4BAA4B,EAC5B,UAAU,EACV,GAAG,CAAC,QAAQ,EAAE,IAAI,IAAI,GAAG,CAC1B,CAAC;YACF,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;CACF,CAAA;AA3NY,oBAAoB;IADhC,UAAU,EAAE;;GACA,oBAAoB,CA2NhC"}
|
package/jest.config.ts
CHANGED
package/package.json
CHANGED
|
@@ -106,13 +106,19 @@ describe('PMAuthConfigProvider', () => {
|
|
|
106
106
|
it('should handle welcome organization', async () => {
|
|
107
107
|
jest.spyOn(domainUtils, 'getOrganization').mockReturnValue('welcome');
|
|
108
108
|
|
|
109
|
-
const
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
109
|
+
const mockIdpConfig: IdentityProviderConfiguration = {
|
|
110
|
+
status: {
|
|
111
|
+
managedClients: {
|
|
112
|
+
welcome: {
|
|
113
|
+
clientId: 'welcome',
|
|
114
|
+
},
|
|
115
|
+
},
|
|
114
116
|
},
|
|
115
|
-
}
|
|
117
|
+
} as IdentityProviderConfiguration;
|
|
118
|
+
kcpKubernetesService.getClusterCustomObjectByWorkspacePath.mockResolvedValue(
|
|
119
|
+
mockIdpConfig,
|
|
120
|
+
);
|
|
121
|
+
kcpKubernetesService.getClientSecret.mockResolvedValue('welcome-secret');
|
|
116
122
|
|
|
117
123
|
const result = await provider.getAuthConfig(mockRequest);
|
|
118
124
|
|
|
@@ -389,82 +395,6 @@ describe('PMAuthConfigProvider', () => {
|
|
|
389
395
|
});
|
|
390
396
|
});
|
|
391
397
|
|
|
392
|
-
describe('getWelcomeClientSecret', () => {
|
|
393
|
-
it('should read welcome client secret from Kubernetes secret', async () => {
|
|
394
|
-
jest.spyOn(domainUtils, 'getOrganization').mockReturnValue('welcome');
|
|
395
|
-
|
|
396
|
-
const { mockReadNamespacedSecret } = require('@kubernetes/client-node');
|
|
397
|
-
const secretValue = 'my-welcome-secret';
|
|
398
|
-
mockReadNamespacedSecret.mockResolvedValue({
|
|
399
|
-
data: {
|
|
400
|
-
'attribute.client_secret':
|
|
401
|
-
Buffer.from(secretValue).toString('base64'),
|
|
402
|
-
},
|
|
403
|
-
});
|
|
404
|
-
|
|
405
|
-
const result = await provider.getAuthConfig(mockRequest);
|
|
406
|
-
|
|
407
|
-
expect(mockReadNamespacedSecret).toHaveBeenCalledWith({
|
|
408
|
-
namespace: 'platform-mesh-system',
|
|
409
|
-
name: 'portal-client-secret-welcome',
|
|
410
|
-
});
|
|
411
|
-
expect(result.clientSecret).toBe(secretValue);
|
|
412
|
-
});
|
|
413
|
-
|
|
414
|
-
it('should decode base64 secret correctly', async () => {
|
|
415
|
-
jest.spyOn(domainUtils, 'getOrganization').mockReturnValue('welcome');
|
|
416
|
-
|
|
417
|
-
const { mockReadNamespacedSecret } = require('@kubernetes/client-node');
|
|
418
|
-
const secretValue = 'special-chars-@#$%';
|
|
419
|
-
mockReadNamespacedSecret.mockResolvedValue({
|
|
420
|
-
data: {
|
|
421
|
-
'attribute.client_secret':
|
|
422
|
-
Buffer.from(secretValue).toString('base64'),
|
|
423
|
-
},
|
|
424
|
-
});
|
|
425
|
-
|
|
426
|
-
const result = await provider.getAuthConfig(mockRequest);
|
|
427
|
-
|
|
428
|
-
expect(result.clientSecret).toBe(secretValue);
|
|
429
|
-
});
|
|
430
|
-
|
|
431
|
-
it('should throw error when secret read fails', async () => {
|
|
432
|
-
jest.spyOn(domainUtils, 'getOrganization').mockReturnValue('welcome');
|
|
433
|
-
|
|
434
|
-
const { mockReadNamespacedSecret } = require('@kubernetes/client-node');
|
|
435
|
-
const error = new Error('Secret not found');
|
|
436
|
-
mockReadNamespacedSecret.mockRejectedValue(error);
|
|
437
|
-
|
|
438
|
-
const consoleSpy = jest.spyOn(console, 'error').mockImplementation();
|
|
439
|
-
|
|
440
|
-
await expect(provider.getAuthConfig(mockRequest)).rejects.toThrow(
|
|
441
|
-
'Secret not found',
|
|
442
|
-
);
|
|
443
|
-
expect(consoleSpy).toHaveBeenCalled();
|
|
444
|
-
|
|
445
|
-
consoleSpy.mockRestore();
|
|
446
|
-
});
|
|
447
|
-
|
|
448
|
-
it('should log error with response body if available', async () => {
|
|
449
|
-
jest.spyOn(domainUtils, 'getOrganization').mockReturnValue('welcome');
|
|
450
|
-
|
|
451
|
-
const { mockReadNamespacedSecret } = require('@kubernetes/client-node');
|
|
452
|
-
const error: any = new Error('Secret not found');
|
|
453
|
-
error.response = { body: { message: 'Not found in namespace' } };
|
|
454
|
-
mockReadNamespacedSecret.mockRejectedValue(error);
|
|
455
|
-
|
|
456
|
-
const consoleSpy = jest.spyOn(console, 'error').mockImplementation();
|
|
457
|
-
|
|
458
|
-
await expect(provider.getAuthConfig(mockRequest)).rejects.toThrow();
|
|
459
|
-
expect(consoleSpy).toHaveBeenCalledWith(
|
|
460
|
-
'Failed to fetch secret portal-client-secret-welcome:',
|
|
461
|
-
{ message: 'Not found in namespace' },
|
|
462
|
-
);
|
|
463
|
-
|
|
464
|
-
consoleSpy.mockRestore();
|
|
465
|
-
});
|
|
466
|
-
});
|
|
467
|
-
|
|
468
398
|
describe('edge cases', () => {
|
|
469
399
|
it('should handle undefined OIDC discovery endpoints', async () => {
|
|
470
400
|
discoveryService.getOIDC.mockResolvedValue({
|
|
@@ -4,7 +4,6 @@ import {
|
|
|
4
4
|
} from './models/k8s.js';
|
|
5
5
|
import { KcpKubernetesService } from './services/kcp-k8s.service.js';
|
|
6
6
|
import { getDiscoveryEndpoint, getOrganization } from './utils/domain.js';
|
|
7
|
-
import { CoreV1Api, KubeConfig } from '@kubernetes/client-node';
|
|
8
7
|
import { HttpException, HttpStatus, Injectable } from '@nestjs/common';
|
|
9
8
|
import {
|
|
10
9
|
AuthConfigService,
|
|
@@ -24,11 +23,13 @@ export class PMAuthConfigProvider implements AuthConfigService {
|
|
|
24
23
|
const oidcUrl = getDiscoveryEndpoint(request);
|
|
25
24
|
const org = getOrganization(request);
|
|
26
25
|
|
|
27
|
-
const clientId =
|
|
28
|
-
org === 'welcome' ? 'welcome' : await this.readClientId(org);
|
|
26
|
+
const clientId = await this.readClientId(org);
|
|
29
27
|
const clientSecret =
|
|
30
28
|
org === 'welcome'
|
|
31
|
-
? await this.
|
|
29
|
+
? await this.kcpKubernetesService.getClientSecret(
|
|
30
|
+
org,
|
|
31
|
+
`portal-client-secret-${org}`,
|
|
32
|
+
)
|
|
32
33
|
: await this.kcpKubernetesService.getClientSecret(org);
|
|
33
34
|
|
|
34
35
|
const baseDomain = process.env['BASE_DOMAINS_DEFAULT'];
|
|
@@ -72,6 +73,15 @@ export class PMAuthConfigProvider implements AuthConfigService {
|
|
|
72
73
|
name: orgName,
|
|
73
74
|
};
|
|
74
75
|
|
|
76
|
+
if (orgName === 'welcome') {
|
|
77
|
+
const result: IdentityProviderConfiguration =
|
|
78
|
+
await this.kcpKubernetesService.getClusterCustomObjectByWorkspacePath(
|
|
79
|
+
k8sResourceDescriptor,
|
|
80
|
+
'root:platform-mesh-system',
|
|
81
|
+
);
|
|
82
|
+
return result.status.managedClients[orgName].clientId;
|
|
83
|
+
}
|
|
84
|
+
|
|
75
85
|
const result: IdentityProviderConfiguration =
|
|
76
86
|
await this.kcpKubernetesService.listClusterCustomObject(
|
|
77
87
|
k8sResourceDescriptor,
|
|
@@ -81,31 +91,4 @@ export class PMAuthConfigProvider implements AuthConfigService {
|
|
|
81
91
|
);
|
|
82
92
|
return result.status.managedClients[orgName].clientId;
|
|
83
93
|
}
|
|
84
|
-
|
|
85
|
-
private async getWelcomeClientSecret(orgName: string) {
|
|
86
|
-
const secretName = `portal-client-secret-${orgName}`;
|
|
87
|
-
const namespace = 'platform-mesh-system';
|
|
88
|
-
|
|
89
|
-
const kc = new KubeConfig();
|
|
90
|
-
kc.loadFromDefault();
|
|
91
|
-
const k8sApi = kc.makeApiClient(CoreV1Api);
|
|
92
|
-
try {
|
|
93
|
-
const res = await k8sApi.readNamespacedSecret({
|
|
94
|
-
namespace,
|
|
95
|
-
name: secretName,
|
|
96
|
-
});
|
|
97
|
-
const secretData = res.data;
|
|
98
|
-
|
|
99
|
-
return Buffer.from(
|
|
100
|
-
secretData['attribute.client_secret'],
|
|
101
|
-
'base64',
|
|
102
|
-
).toString('utf-8');
|
|
103
|
-
} catch (err) {
|
|
104
|
-
console.error(
|
|
105
|
-
`Failed to fetch secret ${secretName}:`,
|
|
106
|
-
err.response?.body || err,
|
|
107
|
-
);
|
|
108
|
-
throw err;
|
|
109
|
-
}
|
|
110
|
-
}
|
|
111
94
|
}
|
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
export * from './account-entity-context-provider.service.js';
|
|
2
|
+
export * from './auth-config-provider.js';
|
|
3
|
+
export * from './logout-callback.service.js';
|
|
2
4
|
export * from './pm-portal-context.service.js';
|
|
3
5
|
export * from './pm-request-context-provider.js';
|
|
4
|
-
export * from './auth-config-provider.js';
|
|
5
6
|
export * from './service-providers/content-configuration-service-providers.service.js';
|
|
6
7
|
export * from './service-providers/kubernetes-service-providers.service.js';
|
|
7
|
-
export * from './auth-callback-provider.js';
|
|
8
|
-
export * from './logout-callback.service.js';
|
|
9
8
|
|
|
10
9
|
export * from './services/kcp-k8s.service.js';
|
|
11
|
-
export * from './services/iam-graphql.service.js';
|
|
@@ -335,6 +335,35 @@ describe('KcpKubernetesService', () => {
|
|
|
335
335
|
);
|
|
336
336
|
});
|
|
337
337
|
|
|
338
|
+
it('executes post middleware', async () => {
|
|
339
|
+
const svc = new KcpKubernetesService();
|
|
340
|
+
const gvr: K8sResourceDescriptor = {
|
|
341
|
+
group: 'apps',
|
|
342
|
+
version: 'v1',
|
|
343
|
+
plural: 'deployments',
|
|
344
|
+
name: 'my-deployment',
|
|
345
|
+
};
|
|
346
|
+
const context: K8sRequestContext = {
|
|
347
|
+
organization: 'org1',
|
|
348
|
+
'core_platform-mesh_io_account': 'acc1',
|
|
349
|
+
};
|
|
350
|
+
|
|
351
|
+
let postResult: any;
|
|
352
|
+
mockListClusterCustomObject.mockImplementation(async (_gvr, options) => {
|
|
353
|
+
const middleware = options.middleware[0];
|
|
354
|
+
const mockContext = {
|
|
355
|
+
setUrl: jest.fn(),
|
|
356
|
+
};
|
|
357
|
+
await middleware.options.pre(mockContext);
|
|
358
|
+
postResult = await middleware.options.post(mockContext);
|
|
359
|
+
return { data: {} };
|
|
360
|
+
});
|
|
361
|
+
|
|
362
|
+
await svc.listClusterCustomObject(gvr, context);
|
|
363
|
+
|
|
364
|
+
expect(postResult).toBeDefined();
|
|
365
|
+
});
|
|
366
|
+
|
|
338
367
|
it('builds correct URL path in middleware', async () => {
|
|
339
368
|
const svc = new KcpKubernetesService();
|
|
340
369
|
const gvr: K8sResourceDescriptor = {
|
|
@@ -579,6 +608,30 @@ describe('KcpKubernetesService', () => {
|
|
|
579
608
|
);
|
|
580
609
|
});
|
|
581
610
|
|
|
611
|
+
it('executes post middleware', async () => {
|
|
612
|
+
const svc = new KcpKubernetesService();
|
|
613
|
+
const orgName = 'post-org';
|
|
614
|
+
|
|
615
|
+
let postResult: any;
|
|
616
|
+
mockReadNamespacedSecret.mockImplementation(async (_params, options) => {
|
|
617
|
+
const middleware = options.middleware[0];
|
|
618
|
+
const mockContext = {
|
|
619
|
+
setUrl: jest.fn(),
|
|
620
|
+
};
|
|
621
|
+
await middleware.options.pre(mockContext);
|
|
622
|
+
postResult = await middleware.options.post(mockContext);
|
|
623
|
+
return {
|
|
624
|
+
data: {
|
|
625
|
+
client_secret: Buffer.from('test').toString('base64'),
|
|
626
|
+
},
|
|
627
|
+
};
|
|
628
|
+
});
|
|
629
|
+
|
|
630
|
+
await svc.getClientSecret(orgName);
|
|
631
|
+
|
|
632
|
+
expect(postResult).toBeDefined();
|
|
633
|
+
});
|
|
634
|
+
|
|
582
635
|
it('throws error when secret retrieval fails', async () => {
|
|
583
636
|
const svc = new KcpKubernetesService();
|
|
584
637
|
const orgName = 'fail-org';
|
|
@@ -141,6 +141,25 @@ export class KcpKubernetesService {
|
|
|
141
141
|
});
|
|
142
142
|
}
|
|
143
143
|
|
|
144
|
+
public async getClusterCustomObjectByWorkspacePath(
|
|
145
|
+
gvr: K8sResourceDescriptor,
|
|
146
|
+
workspacePath: string,
|
|
147
|
+
) {
|
|
148
|
+
return await this.k8sCustomObjectsApi.listClusterCustomObject(gvr, {
|
|
149
|
+
middleware: [
|
|
150
|
+
new PromiseMiddlewareWrapper({
|
|
151
|
+
pre: async (context) => {
|
|
152
|
+
const path = `${this.baseUrl.origin}/clusters/${workspacePath}/apis/${gvr.group}/${gvr.version}/${gvr.plural}/${gvr.name}`;
|
|
153
|
+
this.logger.log(`kcp url: ${path}`);
|
|
154
|
+
context.setUrl(path);
|
|
155
|
+
return context;
|
|
156
|
+
},
|
|
157
|
+
post: async (context) => context,
|
|
158
|
+
}),
|
|
159
|
+
],
|
|
160
|
+
});
|
|
161
|
+
}
|
|
162
|
+
|
|
144
163
|
public async listClusterCustomObjectInKcpVirtualWorkspace(
|
|
145
164
|
gvr: K8sResourceDescriptor,
|
|
146
165
|
requestContext: K8sRequestContext,
|
|
@@ -171,8 +190,9 @@ export class KcpKubernetesService {
|
|
|
171
190
|
});
|
|
172
191
|
}
|
|
173
192
|
|
|
174
|
-
public async getClientSecret(orgName: string) {
|
|
175
|
-
const secretName =
|
|
193
|
+
public async getClientSecret(orgName: string, secretNameOverride?: string) {
|
|
194
|
+
const secretName =
|
|
195
|
+
secretNameOverride ?? `portal-client-secret-${orgName}-${orgName}`;
|
|
176
196
|
const namespace = 'default';
|
|
177
197
|
|
|
178
198
|
try {
|
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
import { IAMGraphQlService } from './services/iam-graphql.service.js';
|
|
2
|
-
import { AuthCallback, AuthTokenData } from '@openmfp/portal-server-lib';
|
|
3
|
-
import { Request, Response } from 'express';
|
|
4
|
-
export declare class AuthCallbackProvider implements AuthCallback {
|
|
5
|
-
private iamService;
|
|
6
|
-
private logger;
|
|
7
|
-
constructor(iamService: IAMGraphQlService);
|
|
8
|
-
handleSuccess(request: Request, response: Response, authTokenResponse: AuthTokenData): Promise<void>;
|
|
9
|
-
handleFailure(request: Request, response: Response): Promise<void>;
|
|
10
|
-
}
|
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
var AuthCallbackProvider_1;
|
|
11
|
-
import { IAMGraphQlService } from './services/iam-graphql.service.js';
|
|
12
|
-
import { Injectable, Logger } from '@nestjs/common';
|
|
13
|
-
let AuthCallbackProvider = AuthCallbackProvider_1 = class AuthCallbackProvider {
|
|
14
|
-
iamService;
|
|
15
|
-
logger = new Logger(AuthCallbackProvider_1.name);
|
|
16
|
-
constructor(iamService) {
|
|
17
|
-
this.iamService = iamService;
|
|
18
|
-
}
|
|
19
|
-
async handleSuccess(request, response, authTokenResponse) {
|
|
20
|
-
try {
|
|
21
|
-
await this.iamService.addUser(authTokenResponse.id_token, request, response);
|
|
22
|
-
}
|
|
23
|
-
catch (e) {
|
|
24
|
-
this.logger.error(e);
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
async handleFailure(request, response) {
|
|
28
|
-
return Promise.resolve();
|
|
29
|
-
}
|
|
30
|
-
};
|
|
31
|
-
AuthCallbackProvider = AuthCallbackProvider_1 = __decorate([
|
|
32
|
-
Injectable(),
|
|
33
|
-
__metadata("design:paramtypes", [IAMGraphQlService])
|
|
34
|
-
], AuthCallbackProvider);
|
|
35
|
-
export { AuthCallbackProvider };
|
|
36
|
-
//# sourceMappingURL=auth-callback-provider.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"auth-callback-provider.js","sourceRoot":"","sources":["../../src/portal-options/auth-callback-provider.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAK7C,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAGX;IAFZ,MAAM,GAAW,IAAI,MAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAE/D,YAAoB,UAA6B;QAA7B,eAAU,GAAV,UAAU,CAAmB;IAAG,CAAC;IAErD,KAAK,CAAC,aAAa,CACjB,OAAgB,EAChB,QAAkB,EAClB,iBAAgC;QAEhC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,iBAAiB,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC/E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAgB,EAAE,QAAkB;QACtD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF,CAAA;AApBY,oBAAoB;IADhC,UAAU,EAAE;qCAIqB,iBAAiB;GAHtC,oBAAoB,CAoBhC"}
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
import { PMRequestContextProvider } from '../pm-request-context-provider.js';
|
|
2
|
-
import type { Request, Response } from 'express';
|
|
3
|
-
export declare class IAMGraphQlService {
|
|
4
|
-
private requestContextProvider;
|
|
5
|
-
constructor(requestContextProvider: PMRequestContextProvider);
|
|
6
|
-
addUser(token: string, request: Request, response: Response): Promise<void>;
|
|
7
|
-
}
|
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
import { PMRequestContextProvider } from '../pm-request-context-provider.js';
|
|
11
|
-
import { MUTATION_LOGIN } from './queries.js';
|
|
12
|
-
import { Injectable } from '@nestjs/common';
|
|
13
|
-
import { GraphQLClient } from 'graphql-request';
|
|
14
|
-
let IAMGraphQlService = class IAMGraphQlService {
|
|
15
|
-
requestContextProvider;
|
|
16
|
-
constructor(requestContextProvider) {
|
|
17
|
-
this.requestContextProvider = requestContextProvider;
|
|
18
|
-
}
|
|
19
|
-
async addUser(token, request, response) {
|
|
20
|
-
const requestContext = await this.requestContextProvider.getContextValues(request, response);
|
|
21
|
-
const iamUrl = requestContext.iamServiceApiUrl;
|
|
22
|
-
const client = new GraphQLClient(iamUrl, {
|
|
23
|
-
headers: {
|
|
24
|
-
Authorization: `Bearer ${token}`,
|
|
25
|
-
},
|
|
26
|
-
});
|
|
27
|
-
try {
|
|
28
|
-
await client.request(MUTATION_LOGIN);
|
|
29
|
-
}
|
|
30
|
-
catch (e) {
|
|
31
|
-
console.error(e);
|
|
32
|
-
}
|
|
33
|
-
}
|
|
34
|
-
};
|
|
35
|
-
IAMGraphQlService = __decorate([
|
|
36
|
-
Injectable(),
|
|
37
|
-
__metadata("design:paramtypes", [PMRequestContextProvider])
|
|
38
|
-
], IAMGraphQlService);
|
|
39
|
-
export { IAMGraphQlService };
|
|
40
|
-
//# sourceMappingURL=iam-graphql.service.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"iam-graphql.service.js","sourceRoot":"","sources":["../../../src/portal-options/services/iam-graphql.service.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,mCAAmC,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGzC,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IACR;IAApB,YAAoB,sBAAgD;QAAhD,2BAAsB,GAAtB,sBAAsB,CAA0B;IAAG,CAAC;IAExE,KAAK,CAAC,OAAO,CACX,KAAa,EACb,OAAgB,EAChB,QAAkB;QAElB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,gBAAgB,CACvE,OAAO,EACP,QAAQ,CACT,CAAC;QACF,MAAM,MAAM,GAAG,cAAc,CAAC,gBAAgB,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,MAAM,EAAE;YACvC,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;aACjC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;CACF,CAAA;AAzBY,iBAAiB;IAD7B,UAAU,EAAE;qCAEiC,wBAAwB;GADzD,iBAAiB,CAyB7B"}
|
|
@@ -1,85 +0,0 @@
|
|
|
1
|
-
import { AuthCallbackProvider } from './auth-callback-provider.js';
|
|
2
|
-
import { IAMGraphQlService } from './services/iam-graphql.service.js';
|
|
3
|
-
import { Test, TestingModule } from '@nestjs/testing';
|
|
4
|
-
import type { AuthTokenData } from '@openmfp/portal-server-lib';
|
|
5
|
-
import type { Request, Response } from 'express';
|
|
6
|
-
import { mock } from 'jest-mock-extended';
|
|
7
|
-
|
|
8
|
-
jest.mock('@kubernetes/client-node', () => {
|
|
9
|
-
class KubeConfig {
|
|
10
|
-
loadFromDefault = jest.fn();
|
|
11
|
-
loadFromFile = jest.fn();
|
|
12
|
-
getCurrentCluster = jest.fn().mockReturnValue({
|
|
13
|
-
server: 'https://k8s.example.com/base',
|
|
14
|
-
name: 'test-cluster',
|
|
15
|
-
});
|
|
16
|
-
makeApiClient = jest.fn();
|
|
17
|
-
addUser = jest.fn();
|
|
18
|
-
addContext = jest.fn();
|
|
19
|
-
setCurrentContext = jest.fn();
|
|
20
|
-
}
|
|
21
|
-
class CustomObjectsApi {}
|
|
22
|
-
return { KubeConfig, CustomObjectsApi };
|
|
23
|
-
});
|
|
24
|
-
|
|
25
|
-
describe('AuthCallbackProvider', () => {
|
|
26
|
-
let callback: AuthCallbackProvider;
|
|
27
|
-
let iamServiceMock: IAMGraphQlService;
|
|
28
|
-
|
|
29
|
-
beforeEach(async () => {
|
|
30
|
-
iamServiceMock = mock<IAMGraphQlService>();
|
|
31
|
-
const module: TestingModule = await Test.createTestingModule({
|
|
32
|
-
providers: [
|
|
33
|
-
AuthCallbackProvider,
|
|
34
|
-
{
|
|
35
|
-
provide: IAMGraphQlService,
|
|
36
|
-
useValue: iamServiceMock,
|
|
37
|
-
},
|
|
38
|
-
],
|
|
39
|
-
}).compile();
|
|
40
|
-
|
|
41
|
-
callback = module.get<AuthCallbackProvider>(AuthCallbackProvider);
|
|
42
|
-
});
|
|
43
|
-
|
|
44
|
-
it('should be defined', () => {
|
|
45
|
-
expect(callback).toBeDefined();
|
|
46
|
-
});
|
|
47
|
-
|
|
48
|
-
it('should create a user', async () => {
|
|
49
|
-
const req = mock<Request>();
|
|
50
|
-
const res = mock<Response>();
|
|
51
|
-
|
|
52
|
-
await callback.handleSuccess(req, res, {
|
|
53
|
-
id_token: 'idtoken',
|
|
54
|
-
} as AuthTokenData);
|
|
55
|
-
|
|
56
|
-
expect(iamServiceMock.addUser).toHaveBeenCalledTimes(1);
|
|
57
|
-
expect(iamServiceMock.addUser).toHaveBeenCalledWith('idtoken', req, res);
|
|
58
|
-
});
|
|
59
|
-
|
|
60
|
-
it('should log error if addUser throws', async () => {
|
|
61
|
-
const req = mock<Request>();
|
|
62
|
-
const res = mock<Response>();
|
|
63
|
-
const error = new Error('boom');
|
|
64
|
-
(iamServiceMock.addUser as jest.Mock).mockRejectedValueOnce(error);
|
|
65
|
-
|
|
66
|
-
const errorSpy = jest
|
|
67
|
-
|
|
68
|
-
.spyOn((callback as any).logger, 'error')
|
|
69
|
-
.mockImplementation(() => undefined as unknown as never);
|
|
70
|
-
|
|
71
|
-
await callback.handleSuccess(req, res, {
|
|
72
|
-
id_token: 'bad',
|
|
73
|
-
} as AuthTokenData);
|
|
74
|
-
|
|
75
|
-
expect(iamServiceMock.addUser).toHaveBeenCalledTimes(1);
|
|
76
|
-
expect(errorSpy).toHaveBeenCalledWith(error);
|
|
77
|
-
});
|
|
78
|
-
|
|
79
|
-
it('should resolve handleFailure without action', async () => {
|
|
80
|
-
const req = mock<Request>();
|
|
81
|
-
const res = mock<Response>();
|
|
82
|
-
|
|
83
|
-
await expect(callback.handleFailure(req, res)).resolves.toBeUndefined();
|
|
84
|
-
});
|
|
85
|
-
});
|
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
import { IAMGraphQlService } from './services/iam-graphql.service.js';
|
|
2
|
-
import { Injectable, Logger } from '@nestjs/common';
|
|
3
|
-
import { AuthCallback, AuthTokenData } from '@openmfp/portal-server-lib';
|
|
4
|
-
import { Request, Response } from 'express';
|
|
5
|
-
|
|
6
|
-
@Injectable()
|
|
7
|
-
export class AuthCallbackProvider implements AuthCallback {
|
|
8
|
-
private logger: Logger = new Logger(AuthCallbackProvider.name);
|
|
9
|
-
|
|
10
|
-
constructor(private iamService: IAMGraphQlService) {}
|
|
11
|
-
|
|
12
|
-
async handleSuccess(
|
|
13
|
-
request: Request,
|
|
14
|
-
response: Response,
|
|
15
|
-
authTokenResponse: AuthTokenData,
|
|
16
|
-
): Promise<void> {
|
|
17
|
-
try {
|
|
18
|
-
await this.iamService.addUser(authTokenResponse.id_token, request, response);
|
|
19
|
-
} catch (e) {
|
|
20
|
-
this.logger.error(e);
|
|
21
|
-
}
|
|
22
|
-
}
|
|
23
|
-
|
|
24
|
-
async handleFailure(request: Request, response: Response): Promise<void> {
|
|
25
|
-
return Promise.resolve();
|
|
26
|
-
}
|
|
27
|
-
}
|
|
@@ -1,77 +0,0 @@
|
|
|
1
|
-
import { PMRequestContextProvider } from '../pm-request-context-provider.js';
|
|
2
|
-
import { IAMGraphQlService } from './iam-graphql.service.js';
|
|
3
|
-
import { MUTATION_LOGIN } from './queries.js';
|
|
4
|
-
import { GraphQLClient } from 'graphql-request';
|
|
5
|
-
import { mock } from 'jest-mock-extended';
|
|
6
|
-
|
|
7
|
-
jest.mock('@kubernetes/client-node', () => {
|
|
8
|
-
class KubeConfig {
|
|
9
|
-
loadFromDefault = jest.fn();
|
|
10
|
-
loadFromFile = jest.fn();
|
|
11
|
-
getCurrentCluster = jest.fn().mockReturnValue({
|
|
12
|
-
server: 'https://k8s.example.com/base',
|
|
13
|
-
name: 'test-cluster',
|
|
14
|
-
});
|
|
15
|
-
makeApiClient = jest.fn();
|
|
16
|
-
addUser = jest.fn();
|
|
17
|
-
addContext = jest.fn();
|
|
18
|
-
setCurrentContext = jest.fn();
|
|
19
|
-
}
|
|
20
|
-
class CustomObjectsApi {}
|
|
21
|
-
return { KubeConfig, CustomObjectsApi };
|
|
22
|
-
});
|
|
23
|
-
|
|
24
|
-
describe('IAMGraphQlService', () => {
|
|
25
|
-
const mockIamServiceApiUrl = 'http://localhost:8080/query';
|
|
26
|
-
let service: IAMGraphQlService;
|
|
27
|
-
const gqlClient = {
|
|
28
|
-
request: jest.fn(),
|
|
29
|
-
} as unknown as GraphQLClient;
|
|
30
|
-
|
|
31
|
-
const requestContextProvider = mock<PMRequestContextProvider>({
|
|
32
|
-
getContextValues: jest
|
|
33
|
-
.fn()
|
|
34
|
-
.mockResolvedValue({ iamServiceApiUrl: mockIamServiceApiUrl }),
|
|
35
|
-
});
|
|
36
|
-
|
|
37
|
-
let GraphQLClientMock: jest.SpyInstance;
|
|
38
|
-
|
|
39
|
-
beforeEach(() => {
|
|
40
|
-
jest.resetAllMocks();
|
|
41
|
-
|
|
42
|
-
// Re-apply RequestContextProvider mock after resetAllMocks
|
|
43
|
-
(
|
|
44
|
-
requestContextProvider.getContextValues as unknown as jest.Mock
|
|
45
|
-
).mockResolvedValue({
|
|
46
|
-
iamServiceApiUrl: mockIamServiceApiUrl,
|
|
47
|
-
});
|
|
48
|
-
|
|
49
|
-
// Mock GraphQLClient constructor to return our mocked client
|
|
50
|
-
GraphQLClientMock = jest
|
|
51
|
-
.spyOn<any, any>(require('graphql-request'), 'GraphQLClient')
|
|
52
|
-
.mockImplementation(() => gqlClient);
|
|
53
|
-
|
|
54
|
-
service = new IAMGraphQlService(requestContextProvider as any);
|
|
55
|
-
});
|
|
56
|
-
|
|
57
|
-
it('should call mutation addUser', async () => {
|
|
58
|
-
(gqlClient.request as jest.Mock).mockResolvedValue('');
|
|
59
|
-
|
|
60
|
-
const response = await service.addUser('token', {} as any, {} as any);
|
|
61
|
-
|
|
62
|
-
expect(GraphQLClientMock).toHaveBeenCalledWith(mockIamServiceApiUrl, {
|
|
63
|
-
headers: { Authorization: 'Bearer token' },
|
|
64
|
-
});
|
|
65
|
-
expect(gqlClient.request).toHaveBeenCalledWith(MUTATION_LOGIN);
|
|
66
|
-
expect(response).toBe(undefined);
|
|
67
|
-
});
|
|
68
|
-
|
|
69
|
-
it('should call mutation addUser and log error', async () => {
|
|
70
|
-
console.error = jest.fn();
|
|
71
|
-
(gqlClient.request as jest.Mock).mockRejectedValue('error');
|
|
72
|
-
|
|
73
|
-
const response = await service.addUser('token', {} as any, {} as any);
|
|
74
|
-
expect(response).toBe(undefined);
|
|
75
|
-
expect(console.error).toHaveBeenCalledWith('error');
|
|
76
|
-
});
|
|
77
|
-
});
|
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
import { PMRequestContextProvider } from '../pm-request-context-provider.js';
|
|
2
|
-
import { MUTATION_LOGIN } from './queries.js';
|
|
3
|
-
import { Injectable } from '@nestjs/common';
|
|
4
|
-
import type { Request, Response } from 'express';
|
|
5
|
-
import { GraphQLClient } from 'graphql-request';
|
|
6
|
-
|
|
7
|
-
@Injectable()
|
|
8
|
-
export class IAMGraphQlService {
|
|
9
|
-
constructor(private requestContextProvider: PMRequestContextProvider) {}
|
|
10
|
-
|
|
11
|
-
async addUser(
|
|
12
|
-
token: string,
|
|
13
|
-
request: Request,
|
|
14
|
-
response: Response,
|
|
15
|
-
): Promise<void> {
|
|
16
|
-
const requestContext = await this.requestContextProvider.getContextValues(
|
|
17
|
-
request,
|
|
18
|
-
response,
|
|
19
|
-
);
|
|
20
|
-
const iamUrl = requestContext.iamServiceApiUrl;
|
|
21
|
-
const client = new GraphQLClient(iamUrl, {
|
|
22
|
-
headers: {
|
|
23
|
-
Authorization: `Bearer ${token}`,
|
|
24
|
-
},
|
|
25
|
-
});
|
|
26
|
-
|
|
27
|
-
try {
|
|
28
|
-
await client.request(MUTATION_LOGIN);
|
|
29
|
-
} catch (e) {
|
|
30
|
-
console.error(e);
|
|
31
|
-
}
|
|
32
|
-
}
|
|
33
|
-
}
|