Skip to content

Commit

Permalink
Merge branch 'main' into mkdocs
Browse files Browse the repository at this point in the history
  • Loading branch information
tobybellwood committed Sep 15, 2023
2 parents 61d9db9 + 00679f9 commit afe0f8a
Show file tree
Hide file tree
Showing 11 changed files with 63 additions and 15 deletions.
9 changes: 6 additions & 3 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -1,15 +1,18 @@
<!--
**IMPORTANT: Please do not create a Pull Request without creating an issue first.**
Please provide enough information and context so that others can review your pull request:
**IMPORTANT: Please provide enough information and context so that others can review your pull request:**
-->

<!-- You can skip this if you're fixing a typo. -->
# Checklist
# General Checklist

- [ ] Affected Issues have been mentioned in the Closing issues section
- [ ] Documentation has been written/updated
- [ ] PR title is ready for inclusion in changelog

# Database Migrations

- [ ] If your PR contains a database migation, it **MUST** be the latest in date order alphabetically

Explain the **details** for making this change. What existing problem does the pull request solve?

<!--
Expand Down
3 changes: 3 additions & 0 deletions docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,9 @@ services:
- '8088:8080'
environment:
- [email protected]
# Uncomment for local new relic tracking
# - NEW_RELIC_LICENSE_KEY=
# - NEW_RELIC_APP_NAME=keycloak-local
volumes:
- "./services/keycloak/profile.properties:/opt/jboss/keycloak/standalone/configuration/profile.properties"
- "./services/keycloak/startup-scripts:/opt/jboss/startup-scripts"
Expand Down
1 change: 1 addition & 0 deletions services/api/src/resolvers.js
Original file line number Diff line number Diff line change
Expand Up @@ -535,6 +535,7 @@ const resolvers = {
userBySshFingerprint: getUserBySshFingerprint,
projectByGitUrl: getProjectByGitUrl,
projectByName: getProjectByName,
orgProjectByName: getProjectByName,
environmentsByKubernetes: getEnvironmentsByKubernetes,
groupByName: getGroupByName,
groupByNameAndOrganization: getGroupsByNameAndOrganizationId,
Expand Down
12 changes: 10 additions & 2 deletions services/api/src/resources/group/resolvers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -379,8 +379,16 @@ export const addGroup: ResolverFn = async (
});
await models.GroupModel.addProjectToGroup(null, group);

// if the user is not an admin, or an organization add, then add the user as an owner to the group
if (!adminScopes.projectViewAll && !input.organization && keycloakGrant) {
// if the user is not an admin, then add the user as an owner to the group
let userAlreadyHasAccess = false;
if (adminScopes.projectViewAll) {
userAlreadyHasAccess = true
}
// if the group is created without the addOrgOwner boolean set to true, then do not add the user to the group as its owner
if (!input.addOrgOwner) {
userAlreadyHasAccess = true
}
if (!userAlreadyHasAccess && keycloakGrant) {
const user = await models.UserModel.loadUserById(
keycloakGrant.access_token.content.sub
);
Expand Down
6 changes: 4 additions & 2 deletions services/api/src/resources/organization/resolvers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -372,8 +372,8 @@ export const getUsersByOrganizationId: ResolverFn = async (
}
}
members.push(groupMembers[member].user)
exists = false
}
exists = false
}
}
return members.map(row => ({ ...row, organization: args.organization }));
Expand All @@ -385,7 +385,9 @@ export const getUserByEmailAndOrganizationId: ResolverFn = async (
{ email, organization},
{ sqlClientPool, models, hasPermission },
) => {
await hasPermission('organization', 'viewUser', organization);
await hasPermission('organization', 'viewUser', {
organization: organization
});

try {
const user = await models.UserModel.loadUserByUsername(email);
Expand Down
5 changes: 4 additions & 1 deletion services/api/src/resources/project/resolvers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,10 @@ export const addProject = async (
await hasPermission('organization', 'addProject', {
organization: input.organization
});
userAlreadyHasAccess = true
// if the project is created without the addOrgOwner boolean set to true, then do not add the user to the project as its owner
if (!input.addOrgOwner) {
userAlreadyHasAccess = true
}
// check the project quota before adding the project
const organization = await organizationHelpers(sqlClientPool).getOrganizationById(input.organization);
const projects = await organizationHelpers(sqlClientPool).getProjectsByOrganizationId(input.organization);
Expand Down
8 changes: 4 additions & 4 deletions services/api/src/resources/task/resolvers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -497,7 +497,7 @@ export const taskDrushArchiveDump: ResolverFn = async (
project: envPerm.project
});

const command = String.raw`file="/tmp/$LAGOON_PROJECT-$LAGOON_GIT_SAFE_BRANCH-$(date --iso-8601=seconds).tar" && drush ard --destination=$file && \
const command = String.raw`file="/tmp/$LAGOON_PROJECT-$LAGOON_GIT_SAFE_BRANCH-$(date --iso-8601=seconds).tar" && if drush ard --destination=$file; then echo "drush ard complete"; else exit $?; fi && \
TOKEN="$(ssh -p `+"${LAGOON_CONFIG_TOKEN_PORT:-$TASK_SSH_PORT}"+` -t lagoon@`+"${LAGOON_CONFIG_TOKEN_HOST:-$TASK_SSH_HOST}"+` token)" && curl -sS "`+"${LAGOON_CONFIG_API_HOST:-$TASK_API_HOST}"+`"/graphql \
-H "Authorization: Bearer $TOKEN" \
-F operations='{ "query": "mutation ($task: Int!, $files: [Upload!]!) { uploadFilesForTask(input:{task:$task, files:$files}) { id files { filename } } }", "variables": { "task": '"$TASK_DATA_ID"', "files": [null] } }' \
Expand Down Expand Up @@ -546,7 +546,7 @@ export const taskDrushSqlDump: ResolverFn = async (
});

const command = String.raw`file="/tmp/$LAGOON_PROJECT-$LAGOON_GIT_SAFE_BRANCH-$(date --iso-8601=seconds).sql" && DRUSH_MAJOR_VERSION=$(drush status --fields=drush-version | awk '{ print $4 }' | grep -oE '^s*[0-9]+') && \
if [[ $DRUSH_MAJOR_VERSION -ge 9 ]]; then drush sql-dump --extra-dump=--no-tablespaces --result-file=$file --gzip; else drush sql-dump --extra=--no-tablespaces --result-file=$file --gzip; fi && \
if [[ $DRUSH_MAJOR_VERSION -ge 9 ]]; then if drush sql-dump --extra-dump=--no-tablespaces --result-file=$file --gzip; then echo "drush sql-dump complete"; else exit $?; fi; else if drush sql-dump --extra=--no-tablespaces --result-file=$file --gzip; then echo "drush sql-dump complete"; else exit $?; fi; fi && \
TOKEN="$(ssh -p `+"${LAGOON_CONFIG_TOKEN_PORT:-$TASK_SSH_PORT}"+` -t lagoon@`+"${LAGOON_CONFIG_TOKEN_HOST:-$TASK_SSH_HOST}"+` token)" && curl -sS "`+"${LAGOON_CONFIG_API_HOST:-$TASK_API_HOST}"+`"/graphql \
-H "Authorization: Bearer $TOKEN" \
-F operations='{ "query": "mutation ($task: Int!, $files: [Upload!]!) { uploadFilesForTask(input:{task:$task, files:$files}) { id files { filename } } }", "variables": { "task": '"$TASK_DATA_ID"', "files": [null] } }' \
Expand Down Expand Up @@ -597,9 +597,9 @@ export const taskDrushCacheClear: ResolverFn = async (
const command =
'drupal_version=$(drush status drupal-version --format=list) && \
if [ ${drupal_version%.*} == "7" ]; then \
drush cc all; \
if drush cc all; then echo "drush cc all complete"; else exit $?; fi; \
elif [ ${drupal_version%.*.*} -ge "8" ] ; then \
drush cr; \
if drush cr; then echo "drush cr complete"; else exit $?; fi; \
else \
echo "could not clear cache for found Drupal Version ${drupal_version}"; \
exit 1; \
Expand Down
12 changes: 10 additions & 2 deletions services/api/src/resources/user/resolvers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -233,9 +233,15 @@ export const addUserToOrganization: ResolverFn = async (
owner: false,
}
if (owner) {
await hasPermission('organization', 'addOwner', {
organization: organization
});
updateUser.owner = true
} else {
await hasPermission('organization', 'addViewer', {
organization: organization
});
}
await hasPermission('organization', 'addViewer')
await models.UserModel.updateUser(updateUser);

userActivityLogger(`User added a user to organization '${organizationData.name}'`, {
Expand Down Expand Up @@ -272,7 +278,9 @@ export const removeUserFromOrganization: ResolverFn = async (
username: R.prop('email', userInput),
});

await hasPermission('organization', 'addOwner');
await hasPermission('organization', 'addOwner', {
organization: organization
});

await models.UserModel.updateUser({
id: user.id,
Expand Down
3 changes: 3 additions & 0 deletions services/api/src/typeDefs.js
Original file line number Diff line number Diff line change
Expand Up @@ -1267,6 +1267,7 @@ const typeDefs = gql`
Returns Project Object by a given name
"""
projectByName(name: String!): Project
orgProjectByName(name: String!): OrgProject
"""
Returns all Environment Objects for a specified Kubernetes matching given filter (all if no filter defined)
"""
Expand Down Expand Up @@ -1490,6 +1491,7 @@ const typeDefs = gql`
developmentBuildPriority: Int
deploymentsDisabled: Int
organization: Int
addOrgOwner: Boolean
buildImage: String
sharedBaasBucket: Boolean
}
Expand Down Expand Up @@ -2174,6 +2176,7 @@ const typeDefs = gql`
name: String!
parentGroup: GroupInput
organization: Int
addOrgOwner: Boolean
}
input UpdateGroupPatchInput {
Expand Down
7 changes: 6 additions & 1 deletion services/keycloak/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ ENV LAGOON_VERSION=$LAGOON_VERSION

USER root

RUN microdnf install -y nc jq \
RUN microdnf install -y nc jq unzip \
&& microdnf clean all \
&& rm -rf /var/cache/yum

Expand All @@ -40,6 +40,11 @@ RUN rm -f /bin/sh && ln -s /bin/bash /bin/sh
RUN architecture=$(case $(uname -m) in x86_64 | amd64) echo "amd64" ;; aarch64 | arm64 | armv8) echo "arm64" ;; *) echo "amd64" ;; esac) \
&& curl -sL https://github.com/krallin/tini/releases/download/v0.19.0/tini-${architecture} -o /sbin/tini && chmod a+x /sbin/tini

RUN cd /opt \
&& curl -O https://download.newrelic.com/newrelic/java-agent/newrelic-agent/current/newrelic-java.zip \
&& unzip newrelic-java.zip \
&& rm newrelic-java.zip

ENV TMPDIR=/tmp \
TMP=/tmp \
HOME=/home \
Expand Down
12 changes: 12 additions & 0 deletions services/keycloak/startup-scripts/10-newrelic.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash

if [ -v NEW_RELIC_LICENSE_KEY ]
then
echo "Enabling newrelic monitor"

cat << 'EOF' >> /opt/jboss/keycloak/bin/standalone.conf
JAVA_OPTS="$JAVA_OPTS -javaagent:/opt/newrelic/newrelic.jar"
EOF

fi

0 comments on commit afe0f8a

Please sign in to comment.