[server] fix flaky tests

components/server/src/authorization/authorizer.ts

@@ -5,8 +5,9 @@
  */
 
 import { v1 } from "@authzed/authzed-node";
-import { inject, injectable } from "inversify";
 
+import { Organization, Project, TeamMemberInfo, TeamMemberRole } from "@gitpod/gitpod-protocol";
+import { ApplicationError, ErrorCodes } from "@gitpod/gitpod-protocol/lib/messaging/error";
 import {
     InstallationID,
     OrganizationPermission,
@@ -17,23 +18,29 @@ import {
     UserPermission,
 } from "./definitions";
 import { SpiceDBAuthorizer } from "./spicedb-authorizer";
-import { Organization, TeamMemberInfo, Project, TeamMemberRole } from "@gitpod/gitpod-protocol";
-import { ApplicationError, ErrorCodes } from "@gitpod/gitpod-protocol/lib/messaging/error";
 import { BUILTIN_INSTLLATION_ADMIN_USER_ID } from "@gitpod/gitpod-db/lib";
-import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 
-@injectable()
-export class Authorizer {
-    constructor(
-        @inject(SpiceDBAuthorizer)
-        private authorizer: SpiceDBAuthorizer,
-    ) {
-        this.initialize().catch((err) => log.error("Failed to add installation admin", err));
-    }
+export function createInitializingAuthorizer(spiceDbAuthorizer: SpiceDBAuthorizer): Authorizer {
+    const target = new Authorizer(spiceDbAuthorizer);
+    const initialized = target.addAdminRole(BUILTIN_INSTLLATION_ADMIN_USER_ID);
+    return new Proxy(target, {
+        get(target, propKey, receiver) {
+            const originalMethod = target[propKey as keyof typeof target];
+
+            if (typeof originalMethod === "function") {
+                return async function (...args: any[]) {
+                    await initialized;
+                    return (originalMethod as any).apply(target, args);
+                };
+            } else {
+                return originalMethod;
+            }
+        },
+    });
+}
 
-    private async initialize(): Promise<void> {
-        await this.addAdminRole(BUILTIN_INSTLLATION_ADMIN_USER_ID);
-    }
+export class Authorizer {
+    constructor(private authorizer: SpiceDBAuthorizer) {}
 
     async hasPermissionOnOrganization(
         userId: string,

components/server/src/authorization/spicedb-authorizer.ts

@@ -22,14 +22,6 @@ export class SpiceDBAuthorizer {
         private client: SpiceDBClient,
     ) {}
 
-    /**
-     * @deprecated only for testing
-     */
-    async logRelationships() {
-        //        const resources = await this.client?.readRelationships({});
-        //log.info(JSON.stringify(resources, undefined, 2));
-    }
-
     async check(
         req: v1.CheckPermissionRequest,
         experimentsFields: {

components/server/src/container-module.ts

@@ -49,7 +49,7 @@ import { HostContextProviderImpl } from "./auth/host-context-provider-impl";
 import { AuthJWT, SignInJWT } from "./auth/jwt";
 import { LoginCompletionHandler } from "./auth/login-completion-handler";
 import { VerificationService } from "./auth/verification-service";
-import { Authorizer } from "./authorization/authorizer";
+import { Authorizer, createInitializingAuthorizer } from "./authorization/authorizer";
 import { SpiceDBClient, spicedbClientFromEnv } from "./authorization/spicedb";
 import { BillingModes } from "./billing/billing-mode";
 import { EntitlementService, EntitlementServiceImpl } from "./billing/entitlement-service";
@@ -305,7 +305,12 @@ export const productionContainerModule = new ContainerModule(
             .toDynamicValue(() => spicedbClientFromEnv())
             .inSingletonScope();
         bind(SpiceDBAuthorizer).toSelf().inSingletonScope();
-        bind(Authorizer).toSelf().inSingletonScope();
+        bind(Authorizer)
+            .toDynamicValue((ctx) => {
+                const authorizer = ctx.container.get<SpiceDBAuthorizer>(SpiceDBAuthorizer);
+                return createInitializingAuthorizer(authorizer);
+            })
+            .inSingletonScope();
 
         // grpc / Connect API
         bind(APIUserService).toSelf().inSingletonScope();

components/server/src/projects/projects-service.spec.db.ts

@@ -14,7 +14,6 @@ import { OrganizationService } from "../orgs/organization-service";
 import { createTestContainer } from "../test/service-testing-container-module";
 import { ProjectsService } from "./projects-service";
 import { ErrorCodes } from "@gitpod/gitpod-protocol/lib/messaging/error";
-import { SpiceDBAuthorizer } from "../authorization/spicedb-authorizer";
 import { resetDB } from "@gitpod/gitpod-db/lib/test/reset-db";
 import { expectError } from "../test/expect-utils";
 
@@ -41,8 +40,6 @@ describe("ProjectsService", async () => {
         const orgService = container.get(OrganizationService);
         org = await orgService.createOrganization(owner.id, "my-org");
 
-        const a = container.get(SpiceDBAuthorizer);
-        await a.logRelationships();
         // create and add a member
         member = await userDB.newUser();
         const invite = await orgService.getOrCreateInvite(owner.id, org.id);