Release - audience mapper (#224)

* Adds status banner component * Adds outlined variant to status banner * Build storybook files * Build storybook files * Builds storybook * Test Chromatic GitHub Action * Tests branch * Fix for chromatic github action * Removes index.html from feature branch; adds workingdir params to chromatic workflow file * Adds src to install depency command * Removes src from run command * Testing Chromatic regression testing * Finish up status banner * Adds status variant to Status Banner. Fixes colors, outline variant styling. * Tests Chromatic build to feature branch; resizes status banner title as part of test * Finishing touches to status banner * Clean up status banner folder/package.json chromatic script command * Enlargen, bold status banner title for demo * revert back to original * add await to signin * add await to signin * upd TokenService to use issuer token_endpoint * add debug for token svc * finish adding token endpoint to Token service * add server-side rendering API ROOT * refactor the keycloak services * refactor the keycloak services * refactor the keycloak services * fix crashing bug with delete access * refactor the issuer and uma2 services, updates to whitelist * upd cicd deploy with SSR_API_ROOT * Add queries to whitelist * update whitelist * update whitelist * upd whitelist and permissions * upd UI for environment plugins * upd to env plugins for jwt-keycloak template * upd whitelist * better handling of my access requests * refactor the access mgr and credential admin * adj credential issuer retrieval * upd whitelist * cleanup poc manager pages * upd auth profile failure messages * fix error on environment detail * adj authz matrix * upd whitelist and upd business profile handling * upd scope retrieval and consumer list * fix service account list query * upd whitelists * updated data rules with Blob list type to link blob object to Activity * create connectExclusiveOne function to return one record to connect. Updated data rules to use the new function to connect Blob record to Activity record * fix the ci remove to remote feeder deployment * added label list * Removes storybook build files * upd docker compose fix * implement audience client mapper (#219) Implement audience client mapper * minor fix for publishing auth profile with client mapper Co-authored-by: Justin Tendeck <[email protected]> Co-authored-by: Nithin Shekar Kuruba <[email protected]>
bcgov · Oct 28, 2021 · f8c3454 · f8c3454
1 parent 25bbc8e
commit f8c3454
Show file tree

Hide file tree

Showing 33 changed files with 121,479 additions and 40,755 deletions.
diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml
@@ -0,0 +1,31 @@
+# name of our action
+name: "Chromatic Deployment"
+# the event that will trigger the action
+on:
+  push:
+    branches:
+      - 'feature/**'
+  pull_request:
+    branches:
+      - dev
+
+# what the action will do
+jobs:
+  test:
+    # the operating system it will run on
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./src/
+    # the list of steps that the action will go through
+    steps:
+      - uses: actions/checkout@v1
+      - run: yarn
+      - uses: chromaui/action@v1
+        # options required to the GitHub chromatic action
+        with:
+          workingDir: ./src/
+          # our project token, to see how to obtain it
+          # refer to https://storybook.js.org/tutorials/intro-to-storybook/react/en/deploy/
+          projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci-remove.yaml b/.github/workflows/ci-remove.yaml
@@ -48,3 +48,4 @@ jobs:
           helm delete proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db
           helm delete proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}
           helm delete proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-routes
+          helm delete proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-feeder
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -117,7 +117,7 @@ services:
     networks:
       - aps-net
   kong-db:
-    image: postgres:latest
+    image: postgres:12.8
     container_name: kong-db
     environment:
       POSTGRES_USER: postgres
@@ -185,7 +185,7 @@ services:
         aliases:
           - redis.localtest.me
   gwa-gateway-api:
-    image: gateway-api:e2e-testing
+    image: ghcr.io/bcgov/gwa-api/gwa-gateway-api:dev
     container_name: gwa-gateway-api
     entrypoint: sh -c "chmod +x /tmp/gwa/entrypoint.sh && sh /tmp/gwa/entrypoint.sh"
     ports:

diff --git a/src/authz/graphql-whitelist/httplocalhost4180managerauthorizationprofiles-f8e05c.gql b/src/authz/graphql-whitelist/httplocalhost4180managerauthorizationprofiles-f8e05c.gql
@@ -0,0 +1,30 @@
+
+  query GetCredentialIssuer($id: ID!) {
+    OwnedCredentialIssuer(where: { id: $id }) {
+      id
+      name
+      flow
+      mode
+      apiKeyName
+      clientAuthenticator
+      clientRoles
+      clientMappers
+      availableScopes
+      resourceScopes
+      resourceType
+      resourceAccessScope
+      environmentDetails
+      owner {
+        id
+        name
+        username
+        email
+      }
+      environments {
+        name
+        product {
+          name
+        }
+      }
+    }
+  }
diff --git a/src/batch/data-rules.ts b/src/batch/data-rules.ts
@@ -367,6 +367,7 @@ export const metadata = {
       'clientId',
       'clientSecret',
       'clientRoles',
+      'clientMappers',
       'availableScopes',
       'resourceScopes',
       'resourceType',
@@ -378,6 +379,7 @@ export const metadata = {
       availableScopes: { name: 'toStringDefaultArray' },
       resourceScopes: { name: 'toStringDefaultArray' },
       clientRoles: { name: 'toStringDefaultArray' },
+      clientMappers: { name: 'toStringDefaultArray' },
       environmentDetails: { name: 'toString' },
       owner: { name: 'connectOne', list: 'allUsers', refKey: 'username' },
     },
@@ -443,10 +445,15 @@ export const metadata = {
       'refId',
       'namespace',
       'actor',
+      'blob',
     ],
     transformations: {
       actor: { name: 'connectOne', list: 'allUsers', refKey: 'username' },
-      blob: { name: 'connectOne', list: 'allBlobs', refKey: 'ref' },
+      blob: {
+        name: 'connectExclusiveOne',
+        list: 'Blob',
+        syncFirst: true,
+      },
     },
   },
   User: {
@@ -455,4 +462,10 @@ export const metadata = {
     sync: ['name', 'username', 'email'],
     transformations: {},
   },
+  Blob: {
+    query: 'allBlobs',
+    refKey: 'ref',
+    sync: ['ref', 'blob'],
+    transformations: {},
+  },
 };
diff --git a/src/batch/feed-worker.ts b/src/batch/feed-worker.ts
@@ -3,6 +3,7 @@ import {
   alwaysTrue,
   alwaysFalse,
   connectExclusiveList,
+  connectExclusiveOne,
   connectMany,
   connectOne,
   mapNamespace,
@@ -38,6 +39,7 @@ const transformations = {
   toString: toString,
   mapNamespace: mapNamespace,
   connectExclusiveList: connectExclusiveList,
+  connectExclusiveOne: connectExclusiveOne,
   connectMany: connectMany,
   connectOne: connectOne,
   alwaysTrue: alwaysTrue,

diff --git a/src/batch/transformations/connectExclusiveOne.ts b/src/batch/transformations/connectExclusiveOne.ts
@@ -0,0 +1,20 @@
+export function connectExclusiveOne(
+  keystone: any,
+  transformInfo: any,
+  currentData: any,
+  inputData: any,
+  fieldKey: string
+) {
+  if (
+    currentData != null &&
+    currentData[fieldKey] &&
+    'id' in currentData[fieldKey] &&
+    currentData[fieldKey]['id'] == inputData[fieldKey + '_ids'][0]
+  ) {
+    return null;
+  }
+  return {
+    // assuming there will be just one id
+    connect: { id: inputData[fieldKey + '_ids'][0] },
+  };
+}
diff --git a/src/batch/transformations/index.ts b/src/batch/transformations/index.ts
@@ -1,31 +1,17 @@
-export {
-    alwaysTrue
-} from './alwaysTrue'
+export { alwaysTrue } from './alwaysTrue';
 
-export {
-    alwaysFalse
-} from './alwaysFalse'
+export { alwaysFalse } from './alwaysFalse';
 
-export {
-    connectExclusiveList
-} from './connectExclusiveList'
+export { connectExclusiveList } from './connectExclusiveList';
 
-export {
-    connectMany
-} from './connectMany'
+export { connectExclusiveOne } from './connectExclusiveOne';
 
-export {
-    connectOne
-} from './connectOne'
+export { connectMany } from './connectMany';
 
-export {
-    toStringDefaultArray
-} from './toStringDefaultArray'
+export { connectOne } from './connectOne';
 
-export {
-    toString,
-} from './toString'
+export { toStringDefaultArray } from './toStringDefaultArray';
 
-export {
-    mapNamespace,
-} from './mapNamespace'
+export { toString } from './toString';
+
+export { mapNamespace } from './mapNamespace';
diff --git a/src/lists/Blob.js b/src/lists/Blob.js
@@ -1,17 +1,15 @@
-const {
-  Text
-} = require('@keystonejs/fields');
+const { Text } = require('@keystonejs/fields');
 
 module.exports = {
   fields: {
     ref: {
-        type: Text,
-        isRequired: true,
-        isUnique: true
+      type: Text,
+      isRequired: true,
+      isUnique: true,
     },
     blob: {
       type: Text,
-      isRequired: true
-    }
-  }
+      isRequired: true,
+    },
+  },
 };
diff --git a/src/lists/CredentialIssuer.js b/src/lists/CredentialIssuer.js
@@ -86,6 +86,10 @@ module.exports = {
         { value: 'client-jwt-jwks-url', label: 'Signed JWT with JWKS URL' },
       ],
     },
+    clientMappers: {
+      type: Text,
+      isRequired: false,
+    },
     authPlugin: {
       type: Text,
       isRequired: false,

diff --git a/src/lists/Label.js b/src/lists/Label.js
@@ -0,0 +1,14 @@
+const { Text } = require('@keystonejs/fields');
+
+module.exports = {
+  fields: {
+    name: {
+      type: Text,
+      isRequired: true,
+    },
+    value: {
+      type: Text,
+      isRequired: true,
+    },
+  },
+};
diff --git a/src/lists/ServiceAccess.js b/src/lists/ServiceAccess.js
@@ -68,6 +68,7 @@ module.exports = {
       isRequired: false,
       ref: 'Environment',
     },
+    labels: { type: Relationship, ref: 'Label', many: true },
   },
   access: EnforcementPoint,
   plugins: [atTracking()],

diff --git a/src/nextapp/components/authorization-profile-controls/authorization-profile.tsx b/src/nextapp/components/authorization-profile-controls/authorization-profile.tsx
@@ -94,9 +94,7 @@ const AuthorizationProfileForm: React.FC<AuthorizationProfileFormProps> = ({
           <NextLink href="/manager/authorization-profiles">
             <Button variant="secondary">Cancel</Button>
           </NextLink>
-          <Button type="submit">
-            {issuer ? 'Save Changes' : 'Create'}
-          </Button>
+          <Button type="submit">{issuer ? 'Save Changes' : 'Create'}</Button>
         </ButtonGroup>
       </Flex>
     </form>

diff --git a/src/nextapp/components/authorization-profile-controls/authorization.tsx b/src/nextapp/components/authorization-profile-controls/authorization.tsx
@@ -6,6 +6,9 @@ import {
   FormControl,
   FormLabel,
   Input,
+  Table,
+  Tr,
+  Td,
   AlertIcon,
   Stack,
   Radio,
@@ -17,6 +20,8 @@ import Section from '../section';
 import { CredentialIssuer } from '@/shared/types/query.types';
 import FormGroup from './form-group';
 import { useAuth } from '@/shared/services/auth';
+import { ClientMapper } from './types';
+import startCase from 'lodash/startCase';
 
 interface AuthorizationProfileAuthorizationProps {
   issuer: CredentialIssuer;
@@ -32,6 +37,26 @@ const AuthorizationProfileAuthorization: React.FC<AuthorizationProfileAuthorizat
   const { user } = useAuth();
   const administrator = issuer?.owner ?? user;
 
+  const [audienceValue, setAudienceValue] = React.useState<string>(() => {
+    try {
+      if (!issuer?.clientMappers) {
+        return '';
+      }
+      return JSON.parse(issuer?.clientMappers).filter(
+        (m) => m.name === 'audience'
+      )[0].defaultValue;
+    } catch {
+      return '';
+    }
+  });
+
+  const handleAudienceUpdate = React.useCallback(
+    (e: React.ChangeEvent<HTMLInputElement>) => {
+      setAudienceValue((state) => e.target.value);
+    },
+    [setAudienceValue]
+  );
+
   return (
     <Section title="Authorization">
       <FormGroup
@@ -116,6 +141,34 @@ const AuthorizationProfileAuthorization: React.FC<AuthorizationProfileAuthorizat
         />
       </FormGroup>
       <Divider />
+      <FormGroup>
+        <FormControl>
+          <FormLabel>Client Mappers (optional)</FormLabel>
+          <Input
+            hidden
+            name="clientMappers"
+            value={JSON.stringify([
+              { name: 'audience', defaultValue: audienceValue },
+            ])}
+          ></Input>
+          <Table variant="unstyled" m={0}>
+            <Tr b={0}>
+              <Td bg="gray.100">
+                <Text>Audience</Text>
+              </Td>
+              <Td p={2} m={0}>
+                <Input
+                  placeholder=""
+                  variant="bc-input"
+                  value={audienceValue}
+                  onChange={handleAudienceUpdate}
+                />
+              </Td>
+            </Tr>
+          </Table>
+        </FormControl>
+      </FormGroup>
+      <Divider />
       <FormGroup>
         <FormControl>
           <FormLabel>UMA2 Resource Type</FormLabel>

diff --git a/src/nextapp/components/authorization-profile-controls/types.ts b/src/nextapp/components/authorization-profile-controls/types.ts
@@ -6,3 +6,9 @@ export interface EnvironmentItem {
   clientId?: string;
   clientSecret?: string;
 }
+
+export interface ClientMapper {
+  name: string;
+  defaultValue: string;
+  claimName?: string;
+}
diff --git a/src/nextapp/components/status-banner/index.ts b/src/nextapp/components/status-banner/index.ts
@@ -0,0 +1 @@
+export { default } from './status-banner';