Skip to content

Commit

Permalink
add backend graphql call for updating cert details
Browse files Browse the repository at this point in the history
  • Loading branch information
@ikethecoder
ikethecoder committed May 12, 2023
1 parent 40d84e6 commit 3c3703c
Show file tree
Hide file tree
Showing 2 changed files with 81 additions and 4 deletions.
79 changes: 77 additions & 2 deletions src/lists/extensions/CredentialRegenerate.ts → src/lists/extensions/ServiceAccess.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,21 +5,96 @@ import {
lookupCredentialReferenceByServiceAccess,
} from '../../services/keystone';
import { EnforcementPoint } from '../../authz/enforcement';
import { KeycloakClientService } from '../../services/keycloak';
import {
ClientAuthenticator,
KeycloakClientService,
} from '../../services/keycloak';
import {
CredentialReference,
NewCredential,
} from '../../services/workflow/types';
import { getEnvironmentContext } from '../../services/workflow/get-namespaces';
import { replaceApiKey } from '../../services/workflow/kong-api-key-replace';
import { strict as assert } from 'assert';

const typeCredentialReferenceUpdateInput = `
input CredentialReferenceUpdateInput {
clientCertificate: String,
jwksUrl: String
}
`;

module.exports = {
extensions: [
(keystone: any) => {
keystone.extendGraphQLSchema({
types: [],
types: [typeCredentialReferenceUpdateInput],
queries: [],
mutations: [
{
schema:
'updateServiceAccessCredential(id: ID!, controls: CredentialReferenceUpdateInput): AccessRequest',
resolver: async (
item: any,
args: any,
context: any,
info: any,
{ query, access }: any
) => {
const serviceAccess = await lookupCredentialReferenceByServiceAccess(
context,
args.id
);

const flow = serviceAccess.productEnvironment.flow;
const clientAuthenticator =
serviceAccess.productEnvironment?.credentialIssuer
?.clientAuthenticator;

assert.strictEqual(
flow === 'client-credentials' &&
clientAuthenticator === ClientAuthenticator.ClientJWTwithJWKS,
true,
'Unsupported authenticator type'
);

const noauthContext = keystone.createContext({
skipAccessControl: true,
});
const envCtx = await getEnvironmentContext(
noauthContext,
serviceAccess.productEnvironment.id,
{},
false
);

const kcClientService = new KeycloakClientService(
envCtx.issuerEnvConfig.issuerUrl
);
await kcClientService.login(
envCtx.issuerEnvConfig.clientId,
envCtx.issuerEnvConfig.clientSecret
);

const client = await kcClientService.findByClientId(
serviceAccess.consumer.customId
);

const newCredential = {
flow: serviceAccess.productEnvironment.flow,
clientId: serviceAccess.consumer.customId,
issuer: envCtx.openid.issuer,
tokenEndpoint: envCtx.openid.token_endpoint,
} as NewCredential;

//TODO: Perform actual update
//await kcClientService.uploadCertificate(client.id, publicKey);

return {
credential: JSON.stringify(newCredential),
};
},
},
{
schema: 'regenerateCredentials(id: ID!): AccessRequest',
resolver: async (
Expand Down
6 changes: 4 additions & 2 deletions src/server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,11 +172,11 @@ for (const _list of [
'ConsumerGroups',
'ConsumerProducts',
'ConsumerScopesAndRoles',
'CredentialRegenerate',
'CredentialIssuerExt',
'Namespace',
'NamespaceActivity',
'OrganizationPolicy',
'ServiceAccess',
'ServiceAccount',
'UMAPolicy',
'UMAResourceSet',
Expand Down Expand Up @@ -295,7 +295,9 @@ const configureExpress = (app: any) => {
app.put('/feed/:entity', (req: any, res: any) => {
const context = keystone.createContext({
skipAccessControl: true,
authentication: { item: { name: 'Feeder Bot' } },
authentication: {
item: { name: 'Feeder Bot', namespace: req.body?.namespace },
},
});
putFeedWorker(context, req, res).catch((err: any) => {
console.log(err);
Expand Down

0 comments on commit 3c3703c

Please sign in to comment.