feat: update setGiteaOIDCConfig function and logic (#108)

* feat: update setGiteaOIDCConfig function and logic

* feat: update setGiteaOIDCConfig flow

* test: gitea operator

* test: gitea operator

* test: gitea operator

* feat: remove console logs

* test: gitea operator

* feat: update gitea operator functions and env

* fix: typo

.env.sample

@@ -32,6 +32,7 @@ GITEA_PASSWORD=''
 GITEA_URL='http://127.0.0.1'
 GITEA_URL_PORT='8082'
 GITEA_OPERATOR_NAMESPACE='gitea-app'
+CHECK_OIDC_CONFIG_INTERVAL=30
 
 OTOMI_FLAGS='{}'
 WAIT_OPTIONS='{"retries":1}'

.vscode/launch.json

@@ -75,7 +75,7 @@
         "KUBECONFIG": "/path/to/your/kubeconfig.yaml",
         "GITEA_URL" : "http://localhost",
         "GITEA_URL_PORT" : "8082",
-        "GITEA_OPERATOR_NAMESPACE" : "gitea-app",
+        "GITEA_OPERATOR_NAMESPACE" : "apl-gitea-operator",
       },
       "preLaunchTask": "port-forward-gitea"
     },
@@ -92,7 +92,7 @@
         "KUBECONFIG": "/path/to/your/kubeconfig.yaml",
         "HARBOR_BASE_URL" : "http://localhost",
         "HARBOR_BASE_URL_PORT" : "8083",
-        "HARBOR_OPERATOR_NAMESPACE" : "harbor-app",
+        "HARBOR_OPERATOR_NAMESPACE" : "apl-harbor-operator",
         "HARBOR_SYSTEM_NAMESPACE" : "harbor",
       },
       "preLaunchTask": "port-forward-harbor"

src/operator/gitea.ts

@@ -15,7 +15,13 @@ import {
 } from '@linode/gitea-client-node'
 import { keys } from 'lodash'
 import { doApiCall } from '../utils'
-import { GITEA_OPERATOR_NAMESPACE, GITEA_URL, GITEA_URL_PORT, cleanEnv } from '../validators'
+import {
+  CHECK_OIDC_CONFIG_INTERVAL,
+  GITEA_OPERATOR_NAMESPACE,
+  GITEA_URL,
+  GITEA_URL_PORT,
+  cleanEnv,
+} from '../validators'
 import { orgName, otomiChartsRepoName, otomiValuesRepoName, teamNameViewer, username } from './common'
 
 // Interfaces
@@ -44,6 +50,7 @@ const localEnv = cleanEnv({
   GITEA_URL,
   GITEA_URL_PORT,
   GITEA_OPERATOR_NAMESPACE,
+  CHECK_OIDC_CONFIG_INTERVAL,
 })
 
 const GITEA_ENDPOINT = `${localEnv.GITEA_URL}:${localEnv.GITEA_URL_PORT}`
@@ -130,10 +137,29 @@ const secretsAndConfigmapsCallback = async (e: any) => {
   }
 }
 
+const createSetGiteaOIDCConfig = (() => {
+  let intervalId: any = null
+  return function runSetGiteaOIDCConfig() {
+    if (intervalId === null) {
+      intervalId = setInterval(() => {
+        setGiteaOIDCConfig()
+          .catch((error) => {
+            console.error('Error occurred during setGiteaOIDCConfig execution:', error)
+          })
+          .finally(() => {
+            intervalId = null
+          })
+      }, localEnv.CHECK_OIDC_CONFIG_INTERVAL * 1000)
+    }
+  }
+})()
+
 // Operator
 export default class MyOperator extends Operator {
   // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
   protected async init() {
+    // Run setGiteaOIDCConfig every 30 seconds
+    createSetGiteaOIDCConfig()
     // Watch apl-gitea-operator-secrets
     try {
       await this.watchResource('', 'v1', 'secrets', secretsAndConfigmapsCallback, localEnv.GITEA_OPERATOR_NAMESPACE)
@@ -191,16 +217,13 @@ async function checkAndExecute() {
     !currentState.oidcClientId ||
     !currentState.oidcClientSecret ||
     !currentState.oidcEndpoint ||
+    !currentState.teamNames ||
     currentState.oidcClientId !== lastState.oidcClientId ||
     currentState.oidcClientSecret !== lastState.oidcClientSecret ||
-    currentState.oidcEndpoint !== lastState.oidcEndpoint
+    currentState.oidcEndpoint !== lastState.oidcEndpoint ||
+    currentState.teamNames !== lastState.teamNames
   ) {
-    await setGiteaOIDCConfig()
-  }
-
-  // Check and execute setGiteaGroupMapping if dependencies changed
-  if (!currentState.teamNames || currentState.teamNames !== lastState.teamNames) {
-    await setGiteaGroupMapping('gitea', 'gitea-0')
+    await setGiteaOIDCConfig(true)
   }
 
   // Update last known state
@@ -427,85 +450,60 @@ export function buildTeamString(teamNames: any[]): string {
   return JSON.stringify(teamObject)
 }
 
-async function setGiteaGroupMapping(podNamespace: string, podName: string) {
-  if (!env.teamNames) {
-    console.debug('No team namespaces found with type=team configuration')
-    return
-  }
-  try {
-    const teamNamespaceString = buildTeamString(env.teamNames)
-    const execCommand = [
-      'sh',
-      '-c',
-      `AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\\|otomi-idp\\s+\\|" | grep -iE "\\|OAuth2\\s+\\|" | awk -F " " '{print $1}' | tr -d '\n') && gitea admin auth update-oauth --id "$AUTH_ID" --group-team-map '${teamNamespaceString}'`,
-    ]
-    if (podNamespace && podName) {
-      const exec = new k8s.Exec(kc)
-      // Run gitea CLI command to update the gitea oauth group mapping
-      await exec
-        .exec(
-          podNamespace,
-          podName,
-          'gitea',
-          execCommand,
-          null,
-          process.stderr as stream.Writable,
-          process.stdin as stream.Readable,
-          false,
-          (status: k8s.V1Status) => {
-            console.info('Gitea group mapping update status:', status.status)
-            console.info('New group mapping:', teamNamespaceString)
-          },
-        )
-        .catch((error) => {
-          console.debug('Error occurred during exec:', error)
-          throw error
-        })
-    }
-  } catch (error) {
-    console.debug(`Error updating IDP group mapping: ${error.message}`)
-    throw error
-  }
-}
-
-async function setGiteaOIDCConfig() {
+async function setGiteaOIDCConfig(update = false) {
   if (!env.oidcClientId || !env.oidcClientSecret || !env.oidcEndpoint) return
   const podNamespace = 'gitea'
   const podName = 'gitea-0'
   const clientID = env.oidcClientId
   const clientSecret = env.oidcClientSecret
   const discoveryURL = `${env.oidcEndpoint}/.well-known/openid-configuration`
+  const teamNamespaceString = buildTeamString(env.teamNames)
 
   try {
     const execCommand = [
       'sh',
       '-c',
-      `AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\\|otomi-idp\\s+\\|" | grep -iE "\\|OAuth2\\s+\\|" | awk -F " " '{print $1}' | tr -d '\\n') && gitea admin auth update-oauth --id "$AUTH_ID" --key "${clientID}" --secret "${clientSecret}" --auto-discover-url "${discoveryURL}"`,
+      `
+      AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\\|otomi-idp\\s+\\|" | grep -iE "\\|OAuth2\\s+\\|" | awk -F " " '{print $1}' | tr -d '\\n')
+      if [ -z "$AUTH_ID" ]; then
+        echo "Gitea OIDC config not found. Adding OIDC config for otomi-idp."
+        gitea admin auth add-oauth --name "otomi-idp" --key "${clientID}" --secret "${clientSecret}" --auto-discover-url "${discoveryURL}" --provider "openidConnect" --admin-group "team-admin" --group-claim-name "groups" --group-team-map "${teamNamespaceString}"
+      elif ${update}; then
+        echo "Gitea OIDC config is different. Updating OIDC config for otomi-idp."
+        gitea admin auth update-oauth --id "$AUTH_ID" --key "${clientID}" --secret "${clientSecret}" --auto-discover-url "${discoveryURL}" --group-team-map "${teamNamespaceString}"
+      else
+        echo "Gitea OIDC config is up to date."
+      fi
+      `,
     ]
-    if (podNamespace && podName) {
-      const exec = new k8s.Exec(kc)
-      // Run gitea CLI command to update the gitea oauth group mapping
-      await exec
-        .exec(
-          podNamespace,
-          podName,
-          'gitea',
-          execCommand,
-          null,
-          process.stderr as stream.Writable,
-          process.stdin as stream.Readable,
-          false,
-          (status: k8s.V1Status) => {
-            console.info('Gitea OIDC configuration update status:', status.status)
-          },
-        )
-        .catch((error) => {
-          console.debug('Error occurred during exec:', error)
-          throw error
-        })
-    }
+    const exec = new k8s.Exec(kc)
+    const outputStream = new stream.PassThrough()
+    let output = ''
+    outputStream.on('data', (chunk) => {
+      output += chunk.toString()
+    })
+    // Run gitea CLI command to create/update the gitea oauth configuration
+    await exec
+      .exec(
+        podNamespace,
+        podName,
+        'gitea',
+        execCommand,
+        outputStream,
+        process.stderr as stream.Writable,
+        process.stdin as stream.Readable,
+        false,
+        (status: k8s.V1Status) => {
+          console.info(output.trim())
+          console.info('Gitea OIDC config status:', status.status)
+        },
+      )
+      .catch((error) => {
+        console.debug('Error occurred during exec:', error)
+        throw error
+      })
   } catch (error) {
-    console.debug(`Error updating Gitea OIDC configuration: ${error.message}`)
+    console.debug(`Error Gitea OIDC config: ${error.message}`)
     throw error
   }
 }

src/validators.ts

@@ -49,6 +49,7 @@ export const GITEA_PASSWORD = str({ desc: 'The gitea admin password' })
 export const GITEA_URL = str({ desc: 'The gitea core service url' })
 export const GITEA_URL_PORT = str({ desc: 'The gitea core service url port' })
 export const GITEA_OPERATOR_NAMESPACE = str({ desc: 'The gitea operator namespace' })
+export const CHECK_OIDC_CONFIG_INTERVAL = num({ desc: 'The interval to check the OIDC config in seconds', default: 30 })
 export const KC_HOSTNAME_URL = str({ desc: 'The Keycloak Server address' })
 export const KEYCLOAK_ADDRESS_INTERNAL = str({ desc: 'The internal Keycloak kubernetes svc address' })
 export const KEYCLOAK_ADMIN = str({ desc: 'Default admin username for KeyCloak Server', default: 'admin' })