[public-api] Implement CreateClientConfig

AlexTugarev · roboquat · commit ba6ce0eccee2 · 2023-01-13T17:37:21.000+01:00
diff --git a/components/public-api-server/pkg/apiv1/oidc.go b/components/public-api-server/pkg/apiv1/oidc.go
@@ -12,6 +12,7 @@ import (
 	connect "github.com/bufbuild/connect-go"
 	"github.com/gitpod-io/gitpod/common-go/experiments"
 	"github.com/gitpod-io/gitpod/common-go/log"
+	iam "github.com/gitpod-io/gitpod/components/iam-api/go/v1"
 	v1 "github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1"
 	"github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1/v1connect"
 	protocol "github.com/gitpod-io/gitpod/gitpod-protocol"
@@ -20,16 +21,18 @@ import (
 	"github.com/google/uuid"
 )
 
-func NewOIDCService(connPool proxy.ServerConnectionPool, expClient experiments.Client) *OIDCService {
+func NewOIDCService(connPool proxy.ServerConnectionPool, expClient experiments.Client, oidcService iam.OIDCServiceClient) *OIDCService {
 	return &OIDCService{
 		connectionPool: connPool,
 		expClient:      expClient,
+		oidcService:    oidcService,
 	}
 }
 
 type OIDCService struct {
 	expClient      experiments.Client
 	connectionPool proxy.ServerConnectionPool
+	oidcService    iam.OIDCServiceClient
 
 	v1connect.UnimplementedOIDCServiceHandler
 }
@@ -45,7 +48,42 @@ func (s *OIDCService) CreateClientConfig(ctx context.Context, req *connect.Reque
 		return nil, err
 	}
 
-	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("gitpod.experimental.v1.OIDCService.CreateClientConfig is not implemented"))
+	result, err := s.oidcService.CreateClientConfig(ctx, &iam.CreateClientConfigRequest{
+		Config: papiConfigToIAM(req.Msg.GetConfig()),
+	})
+	if err != nil {
+		// todo@at fix error handling
+		return nil, connect.NewError(connect.CodeInternal, err)
+	}
+
+	return connect.NewResponse(&v1.CreateClientConfigResponse{
+		Config: iamConfigToPAPI(result.GetConfig()),
+	}), nil
+}
+
+func papiConfigToIAM(c *v1.OIDCClientConfig) *iam.OIDCClientConfig {
+	return &iam.OIDCClientConfig{
+		OidcConfig: &iam.OIDCConfig{
+			Issuer: c.OidcConfig.GetIssuer(),
+		},
+		Oauth2Config: &iam.OAuth2Config{
+			ClientId:     c.GetOauth2Config().GetClientId(),
+			ClientSecret: c.GetOauth2Config().GetClientSecret(),
+		},
+	}
+}
+func iamConfigToPAPI(c *iam.OIDCClientConfig) *v1.OIDCClientConfig {
+	return &v1.OIDCClientConfig{
+		Id: c.GetId(),
+		OidcConfig: &v1.OIDCConfig{
+			Issuer: c.OidcConfig.GetIssuer(),
+		},
+		Oauth2Config: &v1.OAuth2Config{
+			ClientId:     c.GetOauth2Config().GetClientId(),
+			ClientSecret: "REDACTED",
+		},
+		CreationTime: c.GetCreationTime(),
+	}
 }
 
 func (s *OIDCService) GetClientConfig(ctx context.Context, req *connect.Request[v1.GetClientConfigRequest]) (*connect.Response[v1.GetClientConfigResponse], error) {
diff --git a/components/public-api-server/pkg/apiv1/oidc_test.go b/components/public-api-server/pkg/apiv1/oidc_test.go
@@ -10,6 +10,13 @@ import (
 	"net/http/httptest"
 	"testing"
 
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	grpc "google.golang.org/grpc"
+
+	iam "github.com/gitpod-io/gitpod/components/iam-api/go/v1"
+
 	connect "github.com/bufbuild/connect-go"
 	"github.com/gitpod-io/gitpod/common-go/experiments"
 	"github.com/gitpod-io/gitpod/common-go/experiments/experimentstest"
@@ -37,7 +44,7 @@ var (
 )
 
 func TestOIDCService_CreateClientConfig(t *testing.T) {
-	t.Run("feature flag disabled returns unathorized", func(t *testing.T) {
+	t.Run("feature flag disabled returns unauthorized", func(t *testing.T) {
 		serverMock, client := setupOIDCService(t, withOIDCFeatureDisabled)
 
 		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
@@ -48,19 +55,29 @@ func TestOIDCService_CreateClientConfig(t *testing.T) {
 		require.Equal(t, connect.CodePermissionDenied, connect.CodeOf(err))
 	})
 
-	t.Run("feature flag enabled returns unimplemented", func(t *testing.T) {
+	t.Run("feature flag enabled returns created config", func(t *testing.T) {
 		serverMock, client := setupOIDCService(t, withOIDCFeatureEnabled)
 
 		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
 
-		_, err := client.CreateClientConfig(context.Background(), connect.NewRequest(&v1.CreateClientConfigRequest{}))
-		require.Error(t, err)
-		require.Equal(t, connect.CodeUnimplemented, connect.CodeOf(err))
+		config := &v1.OIDCClientConfig{
+			OidcConfig:   &v1.OIDCConfig{Issuer: "test-issuer"},
+			Oauth2Config: &v1.OAuth2Config{ClientId: "test-id", ClientSecret: "test-secret"},
+		}
+		response, err := client.CreateClientConfig(context.Background(), connect.NewRequest(&v1.CreateClientConfigRequest{
+			Config: config,
+		}))
+		require.NoError(t, err)
+		require.NotNil(t, response)
+		config.Oauth2Config.ClientSecret = "REDACTED"
+		requireEqualProto(t, &v1.CreateClientConfigResponse{
+			Config: config,
+		}, response.Msg)
 	})
 }
 
 func TestOIDCService_GetClientConfig(t *testing.T) {
-	t.Run("feature flag disabled returns unathorized", func(t *testing.T) {
+	t.Run("feature flag disabled returns unauthorized", func(t *testing.T) {
 		serverMock, client := setupOIDCService(t, withOIDCFeatureDisabled)
 
 		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
@@ -83,7 +100,7 @@ func TestOIDCService_GetClientConfig(t *testing.T) {
 }
 
 func TestOIDCService_ListClientConfigs(t *testing.T) {
-	t.Run("feature flag disabled returns unathorized", func(t *testing.T) {
+	t.Run("feature flag disabled returns unauthorized", func(t *testing.T) {
 		serverMock, client := setupOIDCService(t, withOIDCFeatureDisabled)
 
 		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
@@ -106,7 +123,7 @@ func TestOIDCService_ListClientConfigs(t *testing.T) {
 }
 
 func TestOIDCService_UpdateClientConfig(t *testing.T) {
-	t.Run("feature flag disabled returns unathorized", func(t *testing.T) {
+	t.Run("feature flag disabled returns unauthorized", func(t *testing.T) {
 		serverMock, client := setupOIDCService(t, withOIDCFeatureDisabled)
 
 		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
@@ -129,7 +146,7 @@ func TestOIDCService_UpdateClientConfig(t *testing.T) {
 }
 
 func TestOIDCService_DeleteClientConfig(t *testing.T) {
-	t.Run("feature flag disabled returns unathorized", func(t *testing.T) {
+	t.Run("feature flag disabled returns unauthorized", func(t *testing.T) {
 		serverMock, client := setupOIDCService(t, withOIDCFeatureDisabled)
 
 		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
@@ -159,7 +176,7 @@ func setupOIDCService(t *testing.T, expClient experiments.Client) (*protocol.Moc
 
 	serverMock := protocol.NewMockAPIInterface(ctrl)
 
-	svc := NewOIDCService(&FakeServerConnPool{api: serverMock}, expClient)
+	svc := NewOIDCService(&FakeServerConnPool{api: serverMock}, expClient, &stubOIDCServiceServer{})
 
 	_, handler := v1connect.NewOIDCServiceHandler(svc, connect.WithInterceptors(auth.NewServerInterceptor()))
 
@@ -172,3 +189,24 @@ func setupOIDCService(t *testing.T, expClient experiments.Client) (*protocol.Moc
 
 	return serverMock, client
 }
+
+type stubOIDCServiceServer struct {
+}
+
+func (stubOIDCServiceServer) CreateClientConfig(ctx context.Context, request *iam.CreateClientConfigRequest, options ...grpc.CallOption) (*iam.CreateClientConfigResponse, error) {
+	return &iam.CreateClientConfigResponse{
+		Config: request.GetConfig(),
+	}, nil
+}
+func (stubOIDCServiceServer) GetClientConfig(context.Context, *iam.GetClientConfigRequest, ...grpc.CallOption) (*iam.GetClientConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetClientConfig not implemented")
+}
+func (stubOIDCServiceServer) ListClientConfigs(context.Context, *iam.ListClientConfigsRequest, ...grpc.CallOption) (*iam.ListClientConfigsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListClientConfigs not implemented")
+}
+func (stubOIDCServiceServer) UpdateClientConfig(context.Context, *iam.UpdateClientConfigRequest, ...grpc.CallOption) (*iam.UpdateClientConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateClientConfig not implemented")
+}
+func (stubOIDCServiceServer) DeleteClientConfig(context.Context, *iam.DeleteClientConfigRequest, ...grpc.CallOption) (*iam.DeleteClientConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteClientConfig not implemented")
+}
diff --git a/components/public-api-server/pkg/server/server.go b/components/public-api-server/pkg/server/server.go
@@ -16,6 +16,10 @@ import (
 	"github.com/gitpod-io/gitpod/common-go/log"
 	"gorm.io/gorm"
 
+	grpc "google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+
+	iam "github.com/gitpod-io/gitpod/components/iam-api/go/v1"
 	"github.com/gitpod-io/gitpod/components/public-api/go/config"
 	"github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1/v1connect"
 	"github.com/gorilla/handlers"
@@ -33,6 +37,10 @@ import (
 func Start(logger *logrus.Entry, version string, cfg *config.Configuration) error {
 	logger.WithField("config", cfg).Info("Starting public-api.")
 
+	if cfg.OIDCServiceAddress == "" {
+		return fmt.Errorf("`oidcServiceAddress` is missing in config")
+	}
+
 	gitpodAPI, err := url.Parse(cfg.GitpodServiceURL)
 	if err != nil {
 		return fmt.Errorf("failed to parse Gitpod API URL: %w", err)
@@ -92,7 +100,13 @@ func Start(logger *logrus.Entry, version string, cfg *config.Configuration) erro
 
 	srv.HTTPMux().Handle("/stripe/invoices/webhook", handlers.ContentTypeHandler(stripeWebhookHandler, "application/json"))
 
-	if registerErr := register(srv, connPool, expClient, dbConn, signer); registerErr != nil {
+	conn, err := grpc.Dial(cfg.OIDCServiceAddress, grpc.WithTransportCredentials(insecure.NewCredentials()))
+	if err != nil {
+		return fmt.Errorf("failed to dial oidc service gRPC server: %w", err)
+	}
+	var oidcService = iam.NewOIDCServiceClient(conn)
+
+	if registerErr := register(srv, connPool, expClient, dbConn, signer, oidcService); registerErr != nil {
 		return fmt.Errorf("failed to register services: %w", registerErr)
 	}
 
@@ -103,7 +117,7 @@ func Start(logger *logrus.Entry, version string, cfg *config.Configuration) erro
 	return nil
 }
 
-func register(srv *baseserver.Server, connPool proxy.ServerConnectionPool, expClient experiments.Client, dbConn *gorm.DB, signer auth.Signer) error {
+func register(srv *baseserver.Server, connPool proxy.ServerConnectionPool, expClient experiments.Client, dbConn *gorm.DB, signer auth.Signer, oidcService iam.OIDCServiceClient) error {
 	proxy.RegisterMetrics(srv.MetricsRegistry())
 
 	connectMetrics := NewConnectMetrics()
@@ -140,7 +154,7 @@ func register(srv *baseserver.Server, connPool proxy.ServerConnectionPool, expCl
 	projectsRoute, projectsServiceHandler := v1connect.NewProjectsServiceHandler(apiv1.NewProjectsService(connPool), handlerOptions...)
 	srv.HTTPMux().Handle(projectsRoute, projectsServiceHandler)
 
-	oidcRoute, oidcServiceHandler := v1connect.NewOIDCServiceHandler(apiv1.NewOIDCService(connPool, expClient), handlerOptions...)
+	oidcRoute, oidcServiceHandler := v1connect.NewOIDCServiceHandler(apiv1.NewOIDCService(connPool, expClient, oidcService), handlerOptions...)
 	srv.HTTPMux().Handle(oidcRoute, oidcServiceHandler)
 
 	return nil
