Merge pull request #3631 from uselagoon/task-deployment-user-triggered

Improvement: add source user and type to tasks and deployments
uselagoon · Feb 14, 2024 · 06a6e44 · 06a6e44
2 parents 85aa0f1 + 45628c0
commit 06a6e44
Show file tree

Hide file tree

Showing 35 changed files with 555 additions and 51 deletions.
diff --git a/node-packages/commons/src/api.ts b/node-packages/commons/src/api.ts
@@ -1367,11 +1367,15 @@ export const addDeployment = (
   completed: string = null,
   priority: number = null,
   bulkId: string = null,
-  bulkName: string = null
+  bulkName: string = null,
+  sourceUser = null,
+  sourceType = null,
 ): Promise<any> =>
   graphqlapi.mutate(
     `
-  ($name: String!, $status: DeploymentStatusType!, $created: String!, $environment: Int!, $id: Int, $remoteId: String, $started: String, $completed: String, $priority: Int, $bulkId: String, $bulkName: String) {
+  ($name: String!, $status: DeploymentStatusType!, $created: String!, $environment: Int!, $id: Int, $remoteId: String,
+    $started: String, $completed: String, $priority: Int, $bulkId: String, $bulkName: String,
+    $sourceUser: String, $sourceType: DeploymentSourceType) {
     addDeployment(input: {
         name: $name
         status: $status
@@ -1384,6 +1388,8 @@ export const addDeployment = (
         priority: $priority
         bulkId: $bulkId
         bulkName: $bulkName
+        sourceUser: $sourceUser
+        sourceType: $sourceType
     }) {
       ...${deploymentFragment}
     }
@@ -1400,7 +1406,9 @@ export const addDeployment = (
       completed,
       priority,
       bulkId,
-      bulkName
+      bulkName,
+      sourceUser,
+      sourceType,
     }
   );
 
@@ -1416,10 +1424,14 @@ export const addDeployment = (
     service = null,
     command = null,
     execute = false,
+    sourceUser = null,
+    sourceType = null,
   ) =>
     graphqlapi.mutate(
       `
-    ($name: String!, $status: TaskStatusType!, $created: String!, $environment: Int!, $id: Int, $remoteId: String, $started: String, $completed: String, $service: String, $command: String, $execute: Boolean) {
+    ($name: String!, $status: TaskStatusType!, $created: String!, $environment: Int!, $id: Int, $remoteId: String,
+      $started: String, $completed: String, $service: String, $command: String, $execute: Boolean,
+      $sourceUser: String, $sourceType: TaskSourceType) {
       addTask(input: {
           name: $name
           status: $status
@@ -1432,6 +1444,8 @@ export const addDeployment = (
           service: $service
           command: $command
           execute: $execute
+          sourceUser: $sourceUser
+          sourceType: $sourceType
       }) {
         ...${taskFragment}
       }
@@ -1449,6 +1463,8 @@ export const addDeployment = (
         service,
         command,
         execute,
+        sourceUser,
+        sourceType,
       },
     );
 

diff --git a/node-packages/commons/src/tasks.ts b/node-packages/commons/src/tasks.ts
@@ -372,7 +372,9 @@ export const getControllerBuildData = async function(deployData: any) {
     buildPriority,
     bulkId,
     bulkName,
-    buildVariables
+    buildVariables,
+    sourceUser,
+    sourceType,
   } = deployData;
 
   var environmentName = makeSafe(branchName)
@@ -593,7 +595,9 @@ export const getControllerBuildData = async function(deployData: any) {
       null, null, null, null,
       buildPriority,
       bulkId,
-      bulkName
+      bulkName,
+      sourceUser,
+      sourceType,
     );
   } catch (error) {
     logger.error(`Could not save deployment for project ${lagoonProjectData.id}. Message: ${error}`);

diff --git a/services/api/database/migrations/20240115000000_taskdeployment_source.js b/services/api/database/migrations/20240115000000_taskdeployment_source.js
@@ -0,0 +1,31 @@
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.up = async function(knex) {
+    return knex.schema
+    .alterTable('task', function (table) {
+        table.enu('source_type', ['api']);
+        table.string('source_user', 300);
+    })
+    .alterTable('deployment', function (table) {
+        table.enu('source_type', ['api', 'webhook']);
+        table.string('source_user', 300);
+    })
+};
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.down = async function(knex) {
+    return knex.schema
+    .alterTable('task', (table) => {
+        table.dropColumn('source_type');
+        table.dropColumn('source_user');
+    })
+    .alterTable('deployment', (table) => {
+        table.dropColumn('source_type');
+        table.dropColumn('source_user');
+    })
+};
diff --git a/services/api/src/apolloServer.js b/services/api/src/apolloServer.js
@@ -149,6 +149,7 @@ const apolloServer = new ApolloServer({
       let keycloakUsersGroups = []
       let groupRoleProjectIds = []
       const keycloakGrant = grant
+      let legacyGrant = legacyCredentials ? legacyCredentials : null
       if (keycloakGrant) {
         keycloakUsersGroups = await User.User(modelClients).getAllGroupsForUser(keycloakGrant.access_token.content.sub);
         serviceAccount = await keycloakGrantManager.obtainFromClientCredentials();
@@ -164,6 +165,7 @@ const apolloServer = new ApolloServer({
           ? keycloakHasPermission(grant, requestCache, modelClients, serviceAccount, currentUser, groupRoleProjectIds)
           : legacyHasPermission(legacyCredentials),
         keycloakGrant,
+        legacyGrant,
         requestCache,
         models: {
           UserModel: User.User(modelClients),
@@ -233,6 +235,7 @@ const apolloServer = new ApolloServer({
       let keycloakUsersGroups = []
       let groupRoleProjectIds = []
       const keycloakGrant = req.kauth ? req.kauth.grant : null
+      let legacyGrant = req.legacyCredentials ? req.legacyCredentials : null
       if (keycloakGrant) {
         keycloakUsersGroups = await User.User(modelClients).getAllGroupsForUser(keycloakGrant.access_token.content.sub);
         serviceAccount = await keycloakGrantManager.obtainFromClientCredentials();
@@ -284,6 +287,7 @@ const apolloServer = new ApolloServer({
         hasPermission,
         keycloakGrant,
         requestCache,
+        legacyGrant,
         userActivityLogger: (message, meta) => {
           let defaultMeta = {
             user: req.kauth

diff --git a/services/api/src/resolvers.js b/services/api/src/resolvers.js
@@ -317,6 +317,13 @@ const resolvers = {
     MAINTAINER: 'maintainer',
     OWNER: 'owner'
   },
+  DeploymentSourceType: {
+    API: 'api',
+    WEBHOOK: 'webhook'
+  },
+  TaskSourceType: {
+    API: 'api',
+  },
   ProjectOrderType: {
     NAME: 'name',
     CREATED: 'created'

diff --git a/services/api/src/resources/deployment/helpers.ts b/services/api/src/resources/deployment/helpers.ts
@@ -14,7 +14,21 @@ export const Helpers = (sqlClientPool: Pool) => {
     return R.prop(0, rows);
   };
 
+  // getSourceUser can decode the keycloak or legacy grant into a username or issuer name
+  // this can then be stored against the deployment (or task) resource in the API when it is created
+  const getSourceUser =async (keycloakGrant, legacyGrant) => {
+    let sourceUser = "administrator"
+    if (keycloakGrant) {
+      sourceUser = keycloakGrant.access_token.content.email
+    }
+    if (legacyGrant) {
+      sourceUser = legacyGrant.iss
+    }
+    return sourceUser
+  }
+
   return {
+    getSourceUser,
     getDeploymentById,
     getDeploymentByDeploymentInput: async deploymentInput => {
       const notEmpty = R.complement(R.anyPass([R.isNil, R.isEmpty]));

diff --git a/services/api/src/resources/deployment/resolvers.ts b/services/api/src/resources/deployment/resolvers.ts
@@ -340,10 +340,12 @@ export const addDeployment: ResolverFn = async (
       priority,
       bulkId,
       bulkName,
-      buildStep
+      buildStep,
+      sourceUser,
+      sourceType,
     }
   },
-  { sqlClientPool, hasPermission, userActivityLogger }
+  { sqlClientPool, hasPermission, userActivityLogger, keycloakGrant, legacyGrant }
 ) => {
   const environment = await environmentHelpers(
     sqlClientPool
@@ -352,6 +354,12 @@ export const addDeployment: ResolverFn = async (
     project: environment.project
   });
 
+  if (!sourceUser) {
+      sourceUser = await Helpers(sqlClientPool).getSourceUser(keycloakGrant, legacyGrant)
+  }
+  if (!sourceType) {
+    sourceType = "API"
+  }
   const { insertId } = await query(
     sqlClientPool,
     Sql.insertDeployment({
@@ -366,7 +374,9 @@ export const addDeployment: ResolverFn = async (
       priority,
       bulkId,
       bulkName,
-      buildStep
+      buildStep,
+      sourceType,
+      sourceUser,
     })
   );
 
@@ -606,7 +616,7 @@ export const deployEnvironmentLatest: ResolverFn = async (
     returnData
     }
   },
-  { sqlClientPool, hasPermission, userActivityLogger }
+  { sqlClientPool, hasPermission, userActivityLogger, keycloakGrant, legacyGrant }
 ) => {
 
   try {
@@ -671,7 +681,7 @@ export const deployEnvironmentLatest: ResolverFn = async (
   }
 
   let buildName = generateBuildId();
-
+  const sourceUser = await Helpers(sqlClientPool).getSourceUser(keycloakGrant, legacyGrant)
   let deployData: {
     [key: string]: any;
   } = {
@@ -682,6 +692,8 @@ export const deployEnvironmentLatest: ResolverFn = async (
     bulkId: bulkId,
     bulkName: bulkName,
     buildVariables: buildVariables,
+    sourceType: "API",
+    sourceUser: sourceUser
   };
   let meta: {
     [key: string]: any;
@@ -808,7 +820,7 @@ export const deployEnvironmentBranch: ResolverFn = async (
     returnData
     }
   },
-  { sqlClientPool, hasPermission, userActivityLogger }
+  { sqlClientPool, hasPermission, userActivityLogger, keycloakGrant, legacyGrant }
 ) => {
   const project = await projectHelpers(sqlClientPool).getProjectByProjectInput(
     projectInput
@@ -825,6 +837,7 @@ export const deployEnvironmentBranch: ResolverFn = async (
   }
 
   let buildName = generateBuildId();
+  const sourceUser = await Helpers(sqlClientPool).getSourceUser(keycloakGrant, legacyGrant)
 
   const deployData = {
     type: 'branch',
@@ -836,6 +849,8 @@ export const deployEnvironmentBranch: ResolverFn = async (
     bulkId: bulkId,
     bulkName: bulkName,
     buildVariables: buildVariables,
+    sourceType: "API",
+    sourceUser: sourceUser
   };
 
   const meta = {
@@ -912,7 +927,7 @@ export const deployEnvironmentPullrequest: ResolverFn = async (
       returnData
     }
   },
-  { sqlClientPool, hasPermission, userActivityLogger }
+  { sqlClientPool, hasPermission, userActivityLogger, keycloakGrant, legacyGrant }
 ) => {
   const branchName = `pr-${number}`;
   const project = await projectHelpers(sqlClientPool).getProjectByProjectInput(
@@ -931,6 +946,7 @@ export const deployEnvironmentPullrequest: ResolverFn = async (
 
   let buildName = generateBuildId();
 
+  const sourceUser = await Helpers(sqlClientPool).getSourceUser(keycloakGrant, legacyGrant)
   const deployData = {
     type: 'pullrequest',
     projectName: project.name,
@@ -946,6 +962,8 @@ export const deployEnvironmentPullrequest: ResolverFn = async (
     bulkId: bulkId,
     bulkName: bulkName,
     buildVariables: buildVariables,
+    sourceType: "API",
+    sourceUser: sourceUser
   };
 
   const meta = {
@@ -1018,7 +1036,7 @@ export const deployEnvironmentPromote: ResolverFn = async (
       returnData
     }
   },
-  { sqlClientPool, hasPermission, userActivityLogger }
+  { sqlClientPool, hasPermission, userActivityLogger, keycloakGrant, legacyGrant }
 ) => {
   const destProject = await projectHelpers(
     sqlClientPool
@@ -1056,6 +1074,7 @@ export const deployEnvironmentPromote: ResolverFn = async (
 
   let buildName = generateBuildId();
 
+  const sourceUser = await Helpers(sqlClientPool).getSourceUser(keycloakGrant, legacyGrant)
   const deployData = {
     type: 'promote',
     projectName: destProject.name,
@@ -1066,6 +1085,8 @@ export const deployEnvironmentPromote: ResolverFn = async (
     bulkId: bulkId,
     bulkName: bulkName,
     buildVariables: buildVariables,
+    sourceType: "API",
+    sourceUser: sourceUser
   };
 
   const meta = {
@@ -1129,7 +1150,7 @@ export const deployEnvironmentPromote: ResolverFn = async (
 export const switchActiveStandby: ResolverFn = async (
   root,
   { input: { project: projectInput } },
-  { sqlClientPool, hasPermission }
+  { sqlClientPool, hasPermission, keycloakGrant, legacyGrant }
 ) => {
   const project = await projectHelpers(sqlClientPool).getProjectByProjectInput(
     projectInput
@@ -1227,6 +1248,8 @@ export const switchActiveStandby: ResolverFn = async (
   };
 
   // try it now
+  const sourceUser = await Helpers(sqlClientPool).getSourceUser(keycloakGrant, legacyGrant)
+  const sourceType = "API"
   try {
     // add a task into the environment
     var date = new Date();
@@ -1242,7 +1265,9 @@ export const switchActiveStandby: ResolverFn = async (
       null,
       '',
       '',
-      false
+      false,
+      sourceUser,
+      sourceType,
     );
     data.task.id = sourceTaskData.addTask.id.toString();
 

diff --git a/services/api/src/resources/deployment/sql.ts b/services/api/src/resources/deployment/sql.ts
@@ -23,6 +23,8 @@ export const Sql = {
     bulkId,
     bulkName,
     buildStep,
+    sourceType,
+    sourceUser,
   }: {
     id: number,
     name: string,
@@ -36,6 +38,8 @@ export const Sql = {
     bulkId: string,
     bulkName: string,
     buildStep: string,
+    sourceType?: string,
+    sourceUser?: string,
   }) =>
     knex('deployment')
       .insert({
@@ -51,6 +55,8 @@ export const Sql = {
         bulkId,
         bulkName,
         buildStep,
+        sourceType,
+        sourceUser,
       })
       .toString(),
   deleteDeployment: (id: number) =>