[server] WorkspaceService.startWorkspace

Author: geropl

components/server/src/api/user.spec.ts

@@ -8,7 +8,6 @@ import { suite, test } from "@testdeck/mocha";
 import { APIUserService } from "./user";
 import { Container } from "inversify";
 import { testContainer } from "@gitpod/gitpod-db/lib";
-import { WorkspaceStarter } from "../workspace/workspace-starter";
 import { UserAuthentication } from "../user/user-authentication";
 import { BlockUserRequest, BlockUserResponse } from "@gitpod/public-api/lib/gitpod/experimental/v1/user_pb";
 import { User } from "@gitpod/gitpod-protocol";
@@ -18,24 +17,26 @@ import { TraceContext } from "@gitpod/gitpod-protocol/lib/util/tracing";
 import { v4 as uuidv4 } from "uuid";
 import { ConnectError, Code } from "@bufbuild/connect";
 import * as chai from "chai";
+import { WorkspaceService } from "../workspace/workspace-service";
 
 const expect = chai.expect;
 
 @suite()
 export class APIUserServiceSpec {
     private container: Container;
-    private workspaceStarterMock: WorkspaceStarter = {
+    private workspaceStarterMock: WorkspaceService = {
         stopRunningWorkspacesForUser: async (
             ctx: TraceContext,
-            userID: string,
+            userId: string,
+            userIdToStop: string,
             reason: string,
             policy?: StopWorkspacePolicy,
         ): Promise<Workspace[]> => {
             return [];
         },
-    } as WorkspaceStarter;
+    } as WorkspaceService;
     private userServiceMock: UserAuthentication = {
-        blockUser: async (targetUserId: string, block: boolean): Promise<User> => {
+        blockUser: async (userId: string, targetUserId: string, block: boolean): Promise<User> => {
             return {
                 id: targetUserId,
             } as User;
@@ -45,7 +46,7 @@ export class APIUserServiceSpec {
     async before() {
         this.container = testContainer.createChild();
 
-        this.container.bind(WorkspaceStarter).toConstantValue(this.workspaceStarterMock);
+        this.container.bind(WorkspaceService).toConstantValue(this.workspaceStarterMock);
         this.container.bind(UserAuthentication).toConstantValue(this.userServiceMock);
         this.container.bind(APIUserService).toSelf().inSingletonScope();
     }

components/server/src/api/user.ts

@@ -23,15 +23,16 @@ import {
     GetGitTokenResponse,
     BlockUserResponse,
 } from "@gitpod/public-api/lib/gitpod/experimental/v1/user_pb";
-import { WorkspaceStarter } from "../workspace/workspace-starter";
 import { UserAuthentication } from "../user/user-authentication";
+import { WorkspaceService } from "../workspace/workspace-service";
+import { SYSTEM_USER } from "../authorization/authorizer";
 import { validate } from "uuid";
-import { StopWorkspacePolicy } from "@gitpod/ws-manager/lib";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
+import { StopWorkspacePolicy } from "@gitpod/ws-manager/lib";
 
 @injectable()
 export class APIUserService implements ServiceImpl<typeof UserServiceInterface> {
-    @inject(WorkspaceStarter) protected readonly workspaceStarter: WorkspaceStarter;
+    @inject(WorkspaceService) protected readonly workspaceService: WorkspaceService;
     @inject(UserAuthentication) protected readonly userService: UserAuthentication;
 
     public async getAuthenticatedUser(req: GetAuthenticatedUserRequest): Promise<GetAuthenticatedUserResponse> {
@@ -73,14 +74,17 @@ export class APIUserService implements ServiceImpl<typeof UserServiceInterface>
 
         // TODO: Once connect-node supports middlewares, lift the tracing into the middleware.
         const trace = {};
-        await this.userService.blockUser(userId, true);
+        // TODO for now we use SYSTEM_USER, since it is only called by internal componenets like usage
+        // and not exposed publically, but there should be better way to get an authenticated user
+        await this.userService.blockUser(SYSTEM_USER, userId, true);
         log.info(`Blocked user ${userId}.`, {
             userId,
             reason,
         });
 
-        const stoppedWorkspaces = await this.workspaceStarter.stopRunningWorkspacesForUser(
+        const stoppedWorkspaces = await this.workspaceService.stopRunningWorkspacesForUser(
             trace,
+            SYSTEM_USER,
             userId,
             reason,
             StopWorkspacePolicy.IMMEDIATELY,

components/server/src/authorization/authorizer.ts

@@ -59,7 +59,7 @@ export class Authorizer {
         permission: OrganizationPermission,
         orgId: string,
     ): Promise<boolean> {
-        if (userId === "SYSTEM_USER") {
+        if (userId === SYSTEM_USER) {
             return true;
         }
 
@@ -89,7 +89,7 @@ export class Authorizer {
     }
 
     async hasPermissionOnProject(userId: string, permission: ProjectPermission, projectId: string): Promise<boolean> {
-        if (userId === "SYSTEM_USER") {
+        if (userId === SYSTEM_USER) {
             return true;
         }
 
@@ -119,7 +119,7 @@ export class Authorizer {
     }
 
     async hasPermissionOnUser(userId: string, permission: UserPermission, resourceUserId: string): Promise<boolean> {
-        if (userId === "SYSTEM_USER") {
+        if (userId === SYSTEM_USER) {
             return true;
         }
 
@@ -152,7 +152,7 @@ export class Authorizer {
         permission: WorkspacePermission,
         workspaceId: string,
     ): Promise<boolean> {
-        if (userId === "SYSTEM_USER") {
+        if (userId === SYSTEM_USER) {
             return true;
         }
 

components/server/src/user/user-authentication.ts

@@ -39,8 +39,8 @@ export class UserAuthentication {
         @inject(HostContextProvider) private readonly hostContextProvider: HostContextProvider,
     ) {}
 
-    async blockUser(targetUserId: string, block: boolean): Promise<User> {
-        const target = await this.userService.findUserById(targetUserId, targetUserId);
+    async blockUser(userId: string, targetUserId: string, block: boolean): Promise<User> {
+        const target = await this.userService.findUserById(userId, targetUserId);
         if (!target) {
             throw new ApplicationError(ErrorCodes.NOT_FOUND, "not found");
         }

components/server/src/user/user-controller.ts

@@ -27,9 +27,9 @@ import { ClientMetadata } from "../websocket/websocket-connection-manager";
 import * as fs from "fs/promises";
 import { ApplicationError, ErrorCodes } from "@gitpod/gitpod-protocol/lib/messaging/error";
 import { GitpodServerImpl } from "../workspace/gitpod-server-impl";
-import { WorkspaceStarter } from "../workspace/workspace-starter";
 import { StopWorkspacePolicy } from "@gitpod/ws-manager/lib";
 import { UserService } from "./user-service";
+import { WorkspaceService } from "../workspace/workspace-service";
 
 export const ServerFactory = Symbol("ServerFactory");
 export type ServerFactory = () => GitpodServerImpl;
@@ -47,7 +47,7 @@ export class UserController {
     @inject(SessionHandler) protected readonly sessionHandler: SessionHandler;
     @inject(OneTimeSecretServer) protected readonly otsServer: OneTimeSecretServer;
     @inject(OneTimeSecretDB) protected readonly otsDb: OneTimeSecretDB;
-    @inject(WorkspaceStarter) protected readonly workspaceStarter: WorkspaceStarter;
+    @inject(WorkspaceService) protected readonly workspaceService: WorkspaceService;
     @inject(ServerFactory) private readonly serverFactory: ServerFactory;
 
     get apiRouter(): express.Router {
@@ -241,8 +241,8 @@ export class UserController {
             // stop all running workspaces
             const user = req.user as User;
             if (user) {
-                this.workspaceStarter
-                    .stopRunningWorkspacesForUser({}, user.id, "logout", StopWorkspacePolicy.NORMALLY)
+                this.workspaceService
+                    .stopRunningWorkspacesForUser({}, user.id, user.id, "logout", StopWorkspacePolicy.NORMALLY)
                     .catch((error) =>
                         log.error(logContext, "cannot stop workspaces on logout", { error, ...logPayload }),
                     );

components/server/src/user/user-deletion-service.ts

@@ -12,7 +12,7 @@ import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { StopWorkspacePolicy } from "@gitpod/ws-manager/lib";
 import { AuthProviderService } from "../auth/auth-provider-service";
 import { IAnalyticsWriter } from "@gitpod/gitpod-protocol/lib/analytics";
-import { WorkspaceStarter } from "../workspace/workspace-starter";
+import { WorkspaceService } from "../workspace/workspace-service";
 
 @injectable()
 export class UserDeletionService {
@@ -22,7 +22,7 @@ export class UserDeletionService {
         @inject(TeamDB) private readonly teamDb: TeamDB,
         @inject(ProjectDB) private readonly projectDb: ProjectDB,
         @inject(StorageClient) private readonly storageClient: StorageClient,
-        @inject(WorkspaceStarter) private readonly workspaceStarter: WorkspaceStarter,
+        @inject(WorkspaceService) private readonly workspaceService: WorkspaceService,
         @inject(AuthProviderService) private readonly authProviderService: AuthProviderService,
         @inject(IAnalyticsWriter) private readonly analytics: IAnalyticsWriter,
     ) {}
@@ -33,19 +33,20 @@ export class UserDeletionService {
      * To guarantee that, but also maintain traceability
      * we anonymize data that might contain user related/relatable data and keep the entities itself (incl. ids).
      */
-    async deleteUser(id: string): Promise<void> {
-        const user = await this.db.findUserById(id);
+    async deleteUser(userId: string, targetUserId: string): Promise<void> {
+        const user = await this.db.findUserById(targetUserId);
         if (!user) {
-            throw new Error(`No user with id ${id} found!`);
+            throw new Error(`No user with id ${targetUserId} found!`);
         }
 
         if (user.markedDeleted === true) {
-            log.debug({ userId: id }, "Is deleted but markDeleted already set. Continuing.");
+            log.debug({ userId: targetUserId }, "Is deleted but markDeleted already set. Continuing.");
         }
 
         // Stop all workspaces
-        await this.workspaceStarter.stopRunningWorkspacesForUser(
+        await this.workspaceService.stopRunningWorkspacesForUser(
             {},
+            userId,
             user.id,
             "user deleted",
             StopWorkspacePolicy.IMMEDIATELY,
@@ -57,7 +58,7 @@ export class UserDeletionService {
             try {
                 await this.authProviderService.deleteAuthProvider(provider);
             } catch (error) {
-                log.error({ userId: id }, "Failed to delete user's auth provider.", error);
+                log.error({ userId: targetUserId }, "Failed to delete user's auth provider.", error);
             }
         }
 
@@ -73,13 +74,13 @@ export class UserDeletionService {
 
         await Promise.all([
             // Workspace
-            this.anonymizeAllWorkspaces(id),
+            this.anonymizeAllWorkspaces(targetUserId),
             // Bucket
-            this.deleteUserBucket(id),
+            this.deleteUserBucket(targetUserId),
             // Teams owned only by this user
-            this.deleteSoleOwnedTeams(id),
+            this.deleteSoleOwnedTeams(targetUserId),
             // Team memberships
-            this.deleteTeamMemberships(id),
+            this.deleteTeamMemberships(targetUserId),
         ]);
 
         // Track the deletion Event for Analytics Purposes