♻ : create runner api

rename user gaia-backend to gaia-runner
create a specific route for all runner apis

src/main/java/io/gaia_app/config/security/StateApiSecurityConfig.java → src/main/java/io/gaia_app/config/security/RunnerApiSecurityConfig.java

@@ -15,25 +15,25 @@
 import java.util.UUID;
 
 @Configuration
-@Order(69)
-public class StateApiSecurityConfig extends WebSecurityConfigurerAdapter {
+@Order(1)
+public class RunnerApiSecurityConfig extends WebSecurityConfigurerAdapter {
 
     private PasswordEncoder bCrypt;
 
-    private static final Log logger = LogFactory.getLog(StateApiSecurityConfig.class);
+    private static final Log logger = LogFactory.getLog(RunnerApiSecurityConfig.class);
 
     @Autowired
-    public StateApiSecurityConfig(PasswordEncoder bCrypt) {
+    public RunnerApiSecurityConfig(PasswordEncoder bCrypt) {
         this.bCrypt = bCrypt;
     }
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
+            .antMatcher("/api/runner/**")
                 .csrf().disable()
-                .antMatcher("/api/state/**")
                 .authorizeRequests()
-                    .anyRequest().hasAnyRole("STATE", "USER")
+                    .anyRequest().hasAnyRole("RUNNER", "USER")
                 .and()
                 .httpBasic();
     }
@@ -45,22 +45,22 @@ public void configure(AuthenticationManagerBuilder auth) throws Exception {
         // configure default backend user
         auth
                 .inMemoryAuthentication()
-                .withUser(properties().getUsername()).password(bCrypt.encode(properties().getPassword())).authorities("ROLE_STATE");
+                .withUser(properties().getUsername()).password(bCrypt.encode(properties().getPassword())).authorities("ROLE_RUNNER");
     }
 
     @Bean
-    @ConfigurationProperties(prefix = "gaia.state.api")
-    public StateApiSecurityProperties properties(){
-        return new StateApiSecurityProperties("gaia-backend", UUID.randomUUID().toString());
+    @ConfigurationProperties(prefix = "gaia.runner.api")
+    public RunnerApiSecurityProperties properties(){
+        return new RunnerApiSecurityProperties("gaia-runner", UUID.randomUUID().toString());
     }
 
-    public static class StateApiSecurityProperties {
+    public static class RunnerApiSecurityProperties {
 
         private String password;
 
         private String username;
 
-        public StateApiSecurityProperties(String username, String password) {
+        public RunnerApiSecurityProperties(String username, String password) {
             this.username = username;
             this.password = password;
         }
@@ -73,6 +73,10 @@ public String getPassword() {
             return password;
         }
 
+        public void setPassword(String password) {
+            this.password = password;
+        }
+
     }
 
 }

src/main/java/io/gaia_app/runner/StackCommandBuilder.java

@@ -1,7 +1,7 @@
 package io.gaia_app.runner;
 
 import com.github.mustachejava.Mustache;
-import io.gaia_app.config.security.StateApiSecurityConfig;
+import io.gaia_app.config.security.RunnerApiSecurityConfig;
 import io.gaia_app.modules.bo.TerraformModule;
 import io.gaia_app.registries.RegistryOAuth2Provider;
 import io.gaia_app.settings.bo.Settings;
@@ -28,16 +28,16 @@
 public class StackCommandBuilder {
 
     private Settings settings;
-    private StateApiSecurityConfig.StateApiSecurityProperties stateApiSecurityProperties;
+    private RunnerApiSecurityConfig.RunnerApiSecurityProperties runnerApiSecurityProperties;
     private Mustache terraformMustache;
     private List<RegistryOAuth2Provider> registryOAuth2Providers;
 
     @Autowired
-    StackCommandBuilder(Settings settings, Mustache terraformMustache, List<RegistryOAuth2Provider> registryOAuth2Providers, StateApiSecurityConfig.StateApiSecurityProperties stateApiSecurityProperties) {
+    StackCommandBuilder(Settings settings, Mustache terraformMustache, List<RegistryOAuth2Provider> registryOAuth2Providers, RunnerApiSecurityConfig.RunnerApiSecurityProperties runnerApiSecurityProperties) {
         this.settings = settings;
         this.terraformMustache = terraformMustache;
         this.registryOAuth2Providers = registryOAuth2Providers;
-        this.stateApiSecurityProperties = stateApiSecurityProperties;
+        this.runnerApiSecurityProperties = runnerApiSecurityProperties;
     }
 
     /**
@@ -60,8 +60,8 @@ private String buildScript(Job job, Stack stack, TerraformModule module,
                                BiFunction<Stack, TerraformModule, String> command) {
         var script = new TerraformScript()
                 .setExternalUrl(settings.getExternalUrl())
-                .setStateApiUser(stateApiSecurityProperties.getUsername())
-                .setStateApiPassword(stateApiSecurityProperties.getPassword())
+                .setStateApiUser(runnerApiSecurityProperties.getUsername())
+                .setStateApiPassword(runnerApiSecurityProperties.getPassword())
                 .setStackId(stack.getId())
                 .setGitRepositoryUrl(evalGitRepositoryUrl(module))
                 .setTerraformImage(job.getTerraformImage().image());

src/main/java/io/gaia_app/stacks/controller/TerraformStateController.java

@@ -19,15 +19,15 @@ public TerraformStateController(StateService stateService) {
         this.stateService = stateService;
     }
 
-    @GetMapping("/api/state/{id}")
+    @GetMapping({"/api/state/{id}", "/api/runner/state/{id}"})
     public Map<String, Object> getState(@PathVariable String id){
         return stateService.findById(id)
                 .orElseThrow(
                         () -> new ResponseStatusException(HttpStatus.NOT_FOUND))
                 .getValue();
     }
 
-    @PostMapping("/api/state/{id}")
+    @PostMapping({"/api/state/{id}", "/api/runner/state/{id}"})
     public void postState(@PathVariable String id, @RequestBody Map<String, Object> body){
         var terraformState = new TerraformState();
         terraformState.setId(id);

src/main/java/io/gaia_app/teams/controller/UserControllerAdvice.java

@@ -25,7 +25,7 @@ public User user(Authentication authentication) {
         if (authentication == null) {
             return null;
         }
-        if ("gaia-backend".equals(authentication.getName())) {
+        if ("gaia-runner".equals(authentication.getName())) {
             return null;
         }
         return userRepository.findById(authentication.getName()).orElseThrow();
@@ -38,7 +38,7 @@ public Team userTeam(Authentication authentication, @ModelAttribute User user) {
             return null;
         }
         // in case of state access only
-        if ("gaia-backend".equals(authentication.getName())) {
+        if ("gaia-runner".equals(authentication.getName())) {
             return null;
         }
         return user.getTeam();

src/main/resources/mustache/terraform.mustache

@@ -13,7 +13,7 @@ cd module
 echo '[gaia] generating backend configuration'
 echo 'terraform {
     backend "http" {
-        address = "{{externalUrl}}/api/state/{{stackId}}"
+        address = "{{externalUrl}}/api/runner/state/{{stackId}}"
         username = "{{stateApiUser}}"
         password = "{{stateApiPassword}}"
     }

src/test/java/io/gaia_app/config/security/StateApiSecurityConfigIT.java → src/test/java/io/gaia_app/config/security/RunnerApiSecurityConfigIT.java

@@ -15,40 +15,48 @@
 
 @SpringBootTest
 @AutoConfigureMockMvc
-public class StateApiSecurityConfigIT extends SharedMongoContainerTest {
+class RunnerApiSecurityConfigIT extends SharedMongoContainerTest {
 
     @Autowired
-    private StateApiSecurityConfig.StateApiSecurityProperties props;
+    private RunnerApiSecurityConfig.RunnerApiSecurityProperties props;
 
     @Autowired
     private MockMvc mockMvc;
 
     @Test
     void gaiaBackend_shouldHaveAccessToStateApi() throws Exception {
-        mockMvc.perform(get("/api/state/test").with(httpBasic(props.getUsername(), props.getPassword())))
-                .andExpect(authenticated().withUsername("gaia-backend").withRoles("STATE"));
+        mockMvc.perform(get("/api/runner/state/test").with(httpBasic(props.getUsername(), props.getPassword())))
+                .andExpect(authenticated().withUsername("gaia-runner").withRoles("RUNNER"));
     }
 
     @Test
     void gaiaBackend_shouldHaveAccessToStateApiWithPost() throws Exception {
-        mockMvc.perform(post("/api/state/test")
+        mockMvc.perform(post("/api/runner/state/test")
             .content("{}")
             .contentType("application/json")
             .with(httpBasic(props.getUsername(), props.getPassword())))
-            .andExpect(authenticated().withUsername("gaia-backend").withRoles("STATE"));
+            .andExpect(authenticated().withUsername("gaia-runner").withRoles("RUNNER"));
+    }
+
+    @Test
+    void gaiaBackend_shouldHaveAccessToTfVars() throws Exception {
+        mockMvc.perform(get("/api/runner/stacks/test/tfvars")
+            .with(httpBasic(props.getUsername(), props.getPassword())))
+            .andExpect(authenticated().withUsername("gaia-runner").withRoles("RUNNER"));
     }
 
     @Test
     void gaiaBackend_shouldNotHaveAccessToOtherApis() throws Exception {
-        mockMvc.perform(get("/api/modules/test").with(httpBasic(props.getUsername(), props.getPassword())))
+        mockMvc.perform(get("/api/modules/test")
+            .with(httpBasic(props.getUsername(), props.getPassword())))
                 .andExpect(unauthenticated());
     }
 
     @Test
     void gaiaBackend_shouldNotHaveAccessToScreens() throws Exception {
-        mockMvc.perform(get("/modules/test").with(httpBasic(props.getUsername(), props.getPassword())))
+        mockMvc.perform(get("/modules/test")
+            .with(httpBasic(props.getUsername(), props.getPassword())))
                 .andExpect(unauthenticated());
     }
 
-
 }

src/test/java/io/gaia_app/runner/StackCommandBuilderTest.java

@@ -1,7 +1,7 @@
 package io.gaia_app.runner;
 
 import com.github.mustachejava.DefaultMustacheFactory;
-import io.gaia_app.config.security.StateApiSecurityConfig;
+import io.gaia_app.config.security.RunnerApiSecurityConfig;
 import io.gaia_app.modules.bo.TerraformModule;
 import io.gaia_app.modules.bo.Variable;
 import io.gaia_app.registries.RegistryOAuth2Provider;