add client facade (JsonRpcAuthProviderClient)

Author: AlexTugarev

components/dashboard/src/service/json-rpc-authprovider-client.ts

@@ -0,0 +1,125 @@
+/**
+ * Copyright (c) 2023 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { Code, ConnectError, PromiseClient } from "@connectrpc/connect";
+import { PartialMessage } from "@bufbuild/protobuf";
+import { AuthProviderService } from "@gitpod/public-api/lib/gitpod/v1/authprovider_connect";
+import {
+    CreateAuthProviderRequest,
+    GetAuthProviderRequest,
+    ListAuthProvidersRequest,
+    ListAuthProviderDescriptionsRequest,
+    UpdateAuthProviderRequest,
+    DeleteAuthProviderRequest,
+    CreateAuthProviderResponse,
+    ListAuthProvidersResponse,
+    GetAuthProviderResponse,
+    ListAuthProviderDescriptionsResponse,
+    UpdateAuthProviderResponse,
+    DeleteAuthProviderResponse,
+    AuthProvider,
+    AuthProviderType,
+    OAuth2Config,
+} from "@gitpod/public-api/lib/gitpod/v1/authprovider_pb";
+import { AuthProviderEntry } from "@gitpod/gitpod-protocol";
+import { getGitpodService } from "./service";
+
+export class JsonRpcAuthProviderClient implements PromiseClient<typeof AuthProviderService> {
+    async createAuthProvider(request: PartialMessage<CreateAuthProviderRequest>): Promise<CreateAuthProviderResponse> {
+        throw new ConnectError("unimplemented", Code.Unimplemented);
+    }
+    async getAuthProvider(request: PartialMessage<GetAuthProviderRequest>): Promise<GetAuthProviderResponse> {
+        if (!request.authProviderId) {
+            throw new ConnectError("authProviderId is required", Code.InvalidArgument);
+        }
+        throw new ConnectError("unimplemented", Code.Unimplemented);
+    }
+    async listAuthProviders(request: PartialMessage<ListAuthProvidersRequest>): Promise<ListAuthProvidersResponse> {
+        if (!request.id?.case) {
+            throw new ConnectError("id is required", Code.InvalidArgument);
+        }
+        const organizationId = request.id.case === "organizationId" ? request.id.value : undefined;
+        const userId = request.id.case === "userId" ? request.id.value : undefined;
+
+        if (organizationId) {
+            const result = await getGitpodService().server.getOrgAuthProviders({
+                organizationId,
+            });
+            const response = new ListAuthProvidersResponse();
+            response.list = result.map(toAuthProvider);
+            return response;
+        }
+        if (userId) {
+            const result = await getGitpodService().server.getOwnAuthProviders();
+            const response = new ListAuthProvidersResponse();
+            response.list = result.map(toAuthProvider);
+            return response;
+        }
+        throw new ConnectError("either organizationId or userId are required", Code.InvalidArgument);
+    }
+    async listAuthProviderDescriptions(
+        request: PartialMessage<ListAuthProviderDescriptionsRequest>,
+    ): Promise<ListAuthProviderDescriptionsResponse> {
+        throw new ConnectError("unimplemented", Code.Unimplemented);
+    }
+    async updateAuthProvider(request: PartialMessage<UpdateAuthProviderRequest>): Promise<UpdateAuthProviderResponse> {
+        if (!request.authProviderId) {
+            throw new ConnectError("authProviderId is required", Code.InvalidArgument);
+        }
+        const clientId = request?.oauth2Config?.clientId;
+        const clientSecret = request?.oauth2Config?.clientSecret;
+        if (!clientId || !clientSecret) {
+            throw new ConnectError("clientId or clientSecret are required", Code.InvalidArgument);
+        }
+
+        await getGitpodService().server.updateAuthProvider(request.authProviderId, {
+            clientId,
+            clientSecret,
+        });
+        return new UpdateAuthProviderResponse();
+    }
+    async deleteAuthProvider(request: PartialMessage<DeleteAuthProviderRequest>): Promise<DeleteAuthProviderResponse> {
+        if (!request.authProviderId) {
+            throw new ConnectError("authProviderId is required", Code.InvalidArgument);
+        }
+        await getGitpodService().server.deleteAuthProvider(request.authProviderId);
+        return new DeleteAuthProviderResponse();
+    }
+}
+
+function toAuthProvider(entry: AuthProviderEntry): AuthProvider {
+    const ap = new AuthProvider();
+    ap.verified = entry.status === "verified";
+    ap.host = entry.host;
+    ap.id = entry.id;
+    ap.type = toAuthProviderType(entry.type);
+    ap.oauth2Config = toOAuth2Config(entry);
+    ap.scopes = entry.oauth?.scope?.split(entry.oauth?.scopeSeparator || " ") || [];
+    ap.settingsUrl = entry.oauth.settingsUrl;
+    return ap;
+}
+
+function toOAuth2Config(entry: AuthProviderEntry): OAuth2Config {
+    const config = new OAuth2Config();
+    config.clientId = entry.oauth.clientId;
+    config.clientSecret = entry.oauth.clientSecret;
+    return config;
+}
+
+function toAuthProviderType(type: string): AuthProviderType {
+    switch (type) {
+        case "GitHub":
+            return AuthProviderType.GITHUB;
+        case "GitLab":
+            return AuthProviderType.GITLAB;
+        case "Bitbucket":
+            return AuthProviderType.BITBUCKET;
+        case "BitbucketServer":
+            return AuthProviderType.BITBUCKET_SERVER;
+        default:
+            return AuthProviderType.UNSPECIFIED; // not allowed
+    }
+}

components/dashboard/src/service/public-api.ts

@@ -22,6 +22,8 @@ import { getMetricsInterceptor } from "@gitpod/public-api/lib/metrics";
 import { getExperimentsClient } from "../experiments/client";
 import { JsonRpcOrganizationClient } from "./json-rpc-organization-client";
 import { JsonRpcWorkspaceClient } from "./json-rpc-workspace-client";
+import { JsonRpcAuthProviderClient } from "./json-rpc-authprovider-client";
+import { AuthProviderService } from "@gitpod/public-api/lib/gitpod/v1/authprovider_connect";
 
 const transport = createConnectTransport({
     baseUrl: `${window.location.protocol}//${window.location.host}/public-api`,
@@ -45,6 +47,7 @@ export const organizationClient = createServiceClient(
     new JsonRpcOrganizationClient(),
     "organization",
 );
+export const authProviderClient = createServiceClient(AuthProviderService, new JsonRpcAuthProviderClient());
 
 export async function listAllProjects(opts: { orgId: string }): Promise<ProtocolProject[]> {
     let pagination = {

components/gitpod-protocol/src/gitpod-service.ts

@@ -104,7 +104,7 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer,
     /** @deprecated used for public-api compatibility only */
     deleteAuthProvider(id: string): Promise<void>;
     /** @deprecated used for public-api compatibility only */
-    updateAuthProvider(id: string, update: AuthProviderEntry.UpdateEntry): Promise<AuthProviderEntry>;
+    updateAuthProvider(id: string, update: AuthProviderEntry.UpdateOAuth2Config): Promise<AuthProviderEntry>;
 
     // Query/retrieve workspaces
     getWorkspaces(options: GitpodServer.GetWorkspacesOptions): Promise<WorkspaceInfo[]>;

components/gitpod-protocol/src/protocol.ts

@@ -1588,6 +1588,7 @@ export namespace AuthProviderEntry {
         clientSecret: string;
         organizationId: string;
     };
+    export type UpdateOAuth2Config = Pick<OAuth2Config, "clientId" | "clientSecret">;
     export function redact(entry: AuthProviderEntry): AuthProviderEntry {
         return {
             ...entry,

components/server/src/workspace/gitpod-server-impl.ts

@@ -3154,7 +3154,7 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
     async updateAuthProvider(
         ctx: TraceContextWithSpan,
         id: string,
-        entry: AuthProviderEntry.UpdateEntry,
+        update: AuthProviderEntry.UpdateOAuth2Config,
     ): Promise<AuthProviderEntry> {
         traceAPIParams(ctx, { id });
 
@@ -3167,10 +3167,22 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
 
         if (authProvider.organizationId) {
             return this.updateOrgAuthProvider(ctx, {
-                entry: { ...entry, organizationId: authProvider.organizationId },
+                entry: {
+                    organizationId: authProvider.organizationId,
+                    id: authProvider.id,
+                    clientId: update.clientId,
+                    clientSecret: update.clientSecret,
+                },
             });
         } else {
-            return this.updateOwnAuthProvider(ctx, { entry });
+            return this.updateOwnAuthProvider(ctx, {
+                entry: {
+                    id: authProvider.id,
+                    clientId: update.clientId,
+                    clientSecret: update.clientSecret,
+                    ownerId: user.id,
+                },
+            });
         }
     }