feat(auto-onboarding): Allow auto-onboarding on organizations #951
Conversation
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
app/controlplane/internal/conf/controlplane/config/v1/conf.proto
Outdated
Show resolved
Hide resolved
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
migmartri
left a comment
migmartri
left a comment
There was a problem hiding this comment.
Some comments on code structuring and how to use what we already have.
Thanks!
app/controlplane/internal/conf/controlplane/config/v1/conf.proto
Outdated
Show resolved
Hide resolved
app/controlplane/internal/conf/controlplane/config/v1/conf.proto
Outdated
Show resolved
Hide resolved
migmartri
left a comment
migmartri
left a comment
There was a problem hiding this comment.
requesting changes per our conversation offline, thanks
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
|
All changes addressed:
|
migmartri
left a comment
migmartri
left a comment
There was a problem hiding this comment.
Thanks Javi, looks good in general!
app/controlplane/internal/conf/controlplane/config/v1/conf.proto
Outdated
Show resolved
Hide resolved
| // If the organization does not exist, it creates it. | ||
| func (uc *OrganizationUseCase) ensureOrganizationExists(ctx context.Context, spec *conf.OnboardingSpec) (*Organization, error) { | ||
| // Ensure the organization exists or create it if it doesn't | ||
| org, err := uc.FindByName(ctx, spec.GetName()) |
There was a problem hiding this comment.
why are you using the use-case here instead of the existing underlying repo? I'd say that this private method should use the private repo instead. It will also make error handling easier.
There was a problem hiding this comment.
Removed the method and used the repos instead.
app/controlplane/pkg/biz/user.go
Outdated
| return uc.userRepo.Delete(ctx, userUUID) | ||
| } | ||
|
|
||
| func (uc *UserUseCase) CreateByEmail(ctx context.Context, email string) (*User, error) { |
There was a problem hiding this comment.
I have mixed feelings of creating methods just for testing (same about findbyname), it feels upside down to me.
In fact I think in this case this is wrong and can be confusing, it's not trivial to know that createbyemail will not add auto-onboarding.
Personally, I've have passed an extra optional argument WithDisableAutoOnboarding or make it part of the the userUsecase struct`
There was a problem hiding this comment.
This additional methods were to ease the testing indeed since I didn't want to use the repos on the integration tests but well, seems we can do it as well.
I've added an optional parameter to the method to disable the auto onboarding. Please note that I didn't create a regular Builder with all Its options because I do believe it's too verbose for just one configuration.
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
javirln
left a comment
javirln
left a comment
There was a problem hiding this comment.
I've removed the methods FinByName and CreateByEmail, the dependencies on the private methods and reworked on the tests
app/controlplane/internal/conf/controlplane/config/v1/conf.proto
Outdated
Show resolved
Hide resolved
| // If the organization does not exist, it creates it. | ||
| func (uc *OrganizationUseCase) ensureOrganizationExists(ctx context.Context, spec *conf.OnboardingSpec) (*Organization, error) { | ||
| // Ensure the organization exists or create it if it doesn't | ||
| org, err := uc.FindByName(ctx, spec.GetName()) |
There was a problem hiding this comment.
Removed the method and used the repos instead.
app/controlplane/pkg/biz/user.go
Outdated
| return uc.userRepo.Delete(ctx, userUUID) | ||
| } | ||
|
|
||
| func (uc *UserUseCase) CreateByEmail(ctx context.Context, email string) (*User, error) { |
There was a problem hiding this comment.
This additional methods were to ease the testing indeed since I didn't want to use the repos on the integration tests but well, seems we can do it as well.
I've added an optional parameter to the method to disable the auto onboarding. Please note that I didn't create a regular Builder with all Its options because I do believe it's too verbose for just one configuration.
|
|
||
| // ensureOrganizationExists ensures that an organization specified by the onboarding configuration exists. | ||
| // If the organization does not exist, it creates it. | ||
| func (uc *OrganizationUseCase) ensureOrganizationExists(ctx context.Context, spec *conf.OnboardingSpec) (*Organization, error) { |
There was a problem hiding this comment.
Not a blocker but in general I prefer to make the arguments as scooped down as possible. For example instead of the whole spec, here I think you just need the name string, and in the other one you need the role.
There was a problem hiding this comment.
👍 I agree. It would be simpler to just pass the name of the org.
There was a problem hiding this comment.
I agree with you but in this case, we need the whole spec, the expected roles as well, so effectively what's being passed in the name of the orgs and the roles it should be applied.
|
|
||
| // ensureOrganizationExists ensures that an organization specified by the onboarding configuration exists. | ||
| // If the organization does not exist, it creates it. | ||
| func (uc *OrganizationUseCase) ensureOrganizationExists(ctx context.Context, spec *conf.OnboardingSpec) (*Organization, error) { |
There was a problem hiding this comment.
👍 I agree. It would be simpler to just pass the name of the org.
| // FindOrCreateByEmail finds or creates a user by email. By default, it will auto-onboard the user | ||
| // to the organizations defined in the configuration. If disableAutoOnboarding is set to true, it will | ||
| // skip the auto-onboarding process. | ||
| func (uc *UserUseCase) FindOrCreateByEmail(ctx context.Context, email string, disableAutoOnboarding ...bool) (*User, error) { |
There was a problem hiding this comment.
Why ...bool? How many bools are we expecting here?
There was a problem hiding this comment.
It's an optional parameter otherwise we would have to add that parameter to all occurrences.
| org, err := uc.orgRepo.FindByName(ctx, spec.GetName()) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("failed to find organization: %w", err) | ||
| } else if org == nil { |
There was a problem hiding this comment.
I might be wrong, but I remember we talked offline about about not creating orgs, and assume they existed previously.
There was a problem hiding this comment.
As far as I remember if it was because of the possible collisions it was solved on the DB. In any case we can always come back and remove it.
Maybe when we have #945 done.
There was a problem hiding this comment.
True, I'd do it in another smaller follow up PR
jiparis
left a comment
jiparis
left a comment
There was a problem hiding this comment.
Thanks! Just a couple of minor comments.
This patch introduces a new configuration option that enables a Chainloop instance to automatically onboard new users into predefined organizations with specific roles.
For example:
With this configuration, new and existing users will be automatically onboarded into the
read-only-demoandchainlooporganizations with the roles ofviewerandowner, respectively. When users log in to Chainloop for the first time, the server will:Refs #942