Skip to content

Add a Stripe settings secret to server #10308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
roboquat merged 1 commit into from
May 31, 2022
Merged

Add a Stripe settings secret to server #10308

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .werft/jobs/build/helm/values.payment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,16 @@ components:
- name: chargebee-config
mountPath: "/chargebee"
readOnly: true
- name: stripe-config
mountPath: "/stripe"
readOnly: true
volumes:
- name: chargebee-config
secret:
secretName: chargebee-config
- name: stripe-config
secret:
secretName: stripe-config

paymentEndpoint:
disabled: false
2 changes: 2 additions & 0 deletions .werft/jobs/build/installer/installer.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,8 @@ export class Installer {
if (this.options.withPayment) {
// let installer know that there is a chargbee config
exec(`yq w -i ${this.options.installerConfigPath} experimental.webapp.server.chargebeeSecret chargebee-config`, { slice: slice });
// let installer know that there is a stripe config
exec(`yq w -i ${this.options.installerConfigPath} experimental.webapp.server.stripeSecret stripe-config`, { slice: slice });
}

} catch (err) {
Expand Down
8 changes: 8 additions & 0 deletions .werft/jobs/build/payment/stripe-config-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
data:
settings: eyJwdWJsaXNoYWJsZUtleSI6InBrX3Rlc3RfNTFLeHVyN0dhZFJYbTUwbzNJNXJKQTNvbnkxdGNmdTNkM0NOd3BUWFR6QURkWTJISmlvRk1XTGdTa2M1d2h0UkZRam85UG5kM3pYYUdlcktQcXRmN0REQ3kwMFhBb01kbjZhIiwic2VjcmV0S2V5Ijoic2tfdGVzdF81MUt4dXI3R2FkUlhtNTBvM0NtVFJWc1Q2Q0xqd0VlSlhsWWtmdjZHajREQm42aVlVeDJQWUlUNDhjVlI5dlNUS0s1b2hwQTVCdWdycU5NUU9WVzN0NVJIODAwS011T3lEZ1QifQo=
Comment thread
jankeromnes marked this conversation as resolved.
kind: Secret
metadata:
name: stripe-config
namespace: ${NAMESPACE}
type: Opaque
9 changes: 8 additions & 1 deletion components/server/src/config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,12 @@ import { filePathTelepresenceAware } from "@gitpod/gitpod-protocol/lib/env";
export const Config = Symbol("Config");
export type Config = Omit<
ConfigSerialized,
"blockedRepositories" | "hostUrl" | "chargebeeProviderOptionsFile" | "licenseFile"
"blockedRepositories" | "hostUrl" | "chargebeeProviderOptionsFile" | "stripeSettingsFile" | "licenseFile"
> & {
hostUrl: GitpodHostUrl;
workspaceDefaults: WorkspaceDefaults;
chargebeeProviderOptions?: ChargebeeProviderOptions;
stripeSettings?: { publishableKey: string; secretKey: string };
builtinAuthProvidersConfigured: boolean;
blockedRepositories: { urlRegExp: RegExp; blockUser: boolean }[];
inactivityPeriodForRepos?: number;
Expand Down Expand Up @@ -150,6 +151,7 @@ export interface ConfigSerialized {
* Payment related options
*/
chargebeeProviderOptionsFile?: string;
stripeSettingsFile?: string;
enablePayment?: boolean;

/**
Expand Down Expand Up @@ -213,6 +215,10 @@ export namespace ConfigFile {
const chargebeeProviderOptions = readOptionsFromFile(
filePathTelepresenceAware(config.chargebeeProviderOptionsFile || ""),
);
let stripeSettings: { publishableKey: string; secretKey: string } | undefined;
if (config.enablePayment && config.stripeSettingsFile) {
stripeSettings = JSON.parse(fs.readFileSync(filePathTelepresenceAware(config.stripeSettingsFile), "utf-8"));
}
let license = config.license;
const licenseFile = config.licenseFile;
if (licenseFile) {
Expand All @@ -239,6 +245,7 @@ export namespace ConfigFile {
authProviderConfigs,
builtinAuthProvidersConfigured,
chargebeeProviderOptions,
stripeSettings,
license,
workspaceGarbageCollection: {
...config.workspaceGarbageCollection,
Expand Down
11 changes: 10 additions & 1 deletion install/installer/pkg/components/server/configmap.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,14 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
return nil
})

stripeSecret := ""
_ = ctx.WithExperimental(func(cfg *experimental.Config) error {
if cfg.WebApp != nil && cfg.WebApp.Server != nil {
stripeSecret = cfg.WebApp.Server.StripeSecret
}
return nil
})

disableWsGarbageCollection := false
_ = ctx.WithExperimental(func(cfg *experimental.Config) error {
if cfg.WebApp != nil && cfg.WebApp.Server != nil {
Expand Down Expand Up @@ -208,8 +216,9 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
ImageBuilderAddr: "image-builder-mk3:8080",
CodeSync: CodeSync{},
VSXRegistryUrl: fmt.Sprintf("https://open-vsx.%s", ctx.Config.Domain), // todo(sje): or "https://{{ .Values.vsxRegistry.host | default "open-vsx.org" }}" if not using OpenVSX proxy
EnablePayment: chargebeeSecret != "",
EnablePayment: chargebeeSecret != "" || stripeSecret != "",
Copy link
Copy Markdown
Member

@easyCZ easyCZ May 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why put this behind payment? Can we not enable this by default? I'm assuming the secret we have would only go into a test mode of stripe anyway so there's no risk enabling. This would also help remove yet another config option.

Copy link
Copy Markdown
Contributor Author

@jankeromnes jankeromnes May 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we want to enable anything Stripe-related in Self-Hosted, where payment is disabled.

Copy link
Copy Markdown
Member

@easyCZ easyCZ May 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense. However, currently the stripe config is in experimental mode and only configured for preview. That alone should be enough for it to not be deployed in self-hosted. Am I missing something?

Copy link
Copy Markdown
Contributor Author

@jankeromnes jankeromnes May 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is actually the other way around, right? I.e. we set EnablePayment to true if either the chargebeeSecret or the stripeSecret is set. 💭

Copy link
Copy Markdown
Member

@easyCZ easyCZ May 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, that makes more sense. Would it make sense to separate them then? We may want to keep Chargbee enabled, but disable Stripe.

Copy link
Copy Markdown
Member

@geropl geropl May 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the code makes sense as-is. "enablePayment" is a legacy field that we should aim to remove when we kill the chargbee integration. Until we're there, and especially in the context of this PR, it make sense to keep it.

Might make sense to try and remove it from the config surface altogether (and only keep it internall where it make sense) in a separate PR.

ChargebeeProviderOptionsFile: fmt.Sprintf("%s/providerOptions", chargebeeMountPath),
StripeSettingsFile: fmt.Sprintf("%s/settings", stripeMountPath),
InsecureNoDomain: false,
PrebuildLimiter: map[string]int{
// default limit for all cloneURLs
Expand Down
1 change: 1 addition & 0 deletions install/installer/pkg/components/server/constants.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ const (
authProviderFilePath = "/gitpod/auth-providers"
licenseFilePath = "/gitpod/license"
chargebeeMountPath = "/chargebee"
stripeMountPath = "/stripe"
githubAppCertSecret = "github-app-cert-secret"
PrometheusPort = 9500
PrometheusPortName = "metrics"
Expand Down
23 changes: 23 additions & 0 deletions install/installer/pkg/components/server/deployment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,29 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
return nil
})

_ = ctx.WithExperimental(func(cfg *experimental.Config) error {
if cfg.WebApp != nil && cfg.WebApp.Server != nil && cfg.WebApp.Server.StripeSecret != "" {
stripeSecret := cfg.WebApp.Server.StripeSecret

volumes = append(volumes,
corev1.Volume{
Name: "stripe-config",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: stripeSecret,
},
},
})

volumeMounts = append(volumeMounts, corev1.VolumeMount{
Name: "stripe-config",
Comment on lines +197 to +206
Copy link
Copy Markdown
Member

@easyCZ easyCZ May 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Name: "stripe-config",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: stripeSecret,
},
},
})
volumeMounts = append(volumeMounts, corev1.VolumeMount{
Name: "stripe-config",
stripeConfigVolumeName = "stripe-config"
// ...
Name: stripeConfigVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: stripeSecret,
},
},
})
volumeMounts = append(volumeMounts, corev1.VolumeMount{
Name: stripeConfigVolumeName,

Because they need to match, they should reference the same variable.

MountPath: stripeMountPath,
ReadOnly: true,
})
}
return nil
})

_ = ctx.WithExperimental(func(cfg *experimental.Config) error {
if cfg.WebApp != nil && cfg.WebApp.Server != nil && cfg.WebApp.Server.GithubApp != nil {
volumes = append(volumes,
Expand Down
1 change: 1 addition & 0 deletions install/installer/pkg/components/server/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ type ConfigSerialized struct {
ImageBuilderAddr string `json:"imageBuilderAddr"`
VSXRegistryUrl string `json:"vsxRegistryUrl"`
ChargebeeProviderOptionsFile string `json:"chargebeeProviderOptionsFile"`
StripeSettingsFile string `json:"stripeSettingsFile"`
EnablePayment bool `json:"enablePayment"`

WorkspaceHeartbeat WorkspaceHeartbeat `json:"workspaceHeartbeat"`
Expand Down
1 change: 1 addition & 0 deletions install/installer/pkg/config/v1/experimental/experimental.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,7 @@ type ServerConfig struct {
Session Session `json:"session"`
GithubApp *GithubApp `json:"githubApp"`
ChargebeeSecret string `json:"chargebeeSecret"`
StripeSecret string `json:"stripeSecret"`
DisableDynamicAuthProviderLogin bool `json:"disableDynamicAuthProviderLogin"`
EnableLocalApp *bool `json:"enableLocalApp"`
RunDbDeleter *bool `json:"runDbDeleter"`
Expand Down