Revert "feat: add api to populate identity cluster relations in clust…

…er service" (#759)

* Revert "chore: update lock file (#757)"

This reverts commit b4265a0.

* Revert "feat: add api to populate identity cluster relations in cluster service (#756)"

This reverts commit f04c749.

application/service/services.go

@@ -64,7 +64,6 @@ type ClusterService interface {
 	Status(ctx context.Context, options ...rest.HTTPClientOption) (bool, error)
 	UnlinkIdentityFromCluster(ctx context.Context, identityID uuid.UUID, clusterURL string, options ...rest.HTTPClientOption) error
 	LinkIdentityToCluster(ctx context.Context, identityID uuid.UUID, clusterURL string, options ...rest.HTTPClientOption) error
-	LinkExistingIdentitiesToCluster(ctx context.Context, options ...rest.HTTPClientOption) error
 	Stop()
 }
 

authentication/account/repository/identity.go

@@ -16,7 +16,6 @@ import (
 	"github.com/fabric8-services/fabric8-auth/log"
 
 	"github.com/fabric8-services/fabric8-auth/authorization/token"
-	"github.com/fabric8-services/fabric8-auth/rest"
 	"github.com/goadesign/goa"
 	"github.com/jinzhu/gorm"
 	errs "github.com/pkg/errors"
@@ -136,7 +135,6 @@ type IdentityRepository interface {
 	AddMember(ctx context.Context, identityID uuid.UUID, memberID uuid.UUID) error
 	RemoveMember(ctx context.Context, memberOf uuid.UUID, memberID uuid.UUID) error
 	FlagPrivilegeCacheStaleForMembershipChange(ctx context.Context, memberID uuid.UUID, memberOf uuid.UUID) error
-	GetIdentitiesWithClusterURL(ctx context.Context) (map[uuid.UUID]string, error)
 }
 
 // TableName overrides the table name settings in Gorm to force a specific table name
@@ -187,23 +185,6 @@ func (m *GormIdentityRepository) LoadWithUser(ctx context.Context, id uuid.UUID)
 	return &identities[0], nil
 }
 
-func (m *GormIdentityRepository) GetIdentitiesWithClusterURL(ctx context.Context) (map[uuid.UUID]string, error) {
-	ic := make(map[uuid.UUID]string)
-	identities, err := m.Query(IdentityFilterByProviderType(DefaultIDP), IdentityWithUser())
-	if err != nil {
-		log.Error(ctx, map[string]interface{}{
-			"err": err,
-		}, "failed to load identity with default identity provider")
-		return ic, errs.WithStack(err)
-	}
-	for _, identity := range identities {
-		if identity.IsUser() && identity.User.Cluster != "" {
-			ic[identity.ID] = rest.AddTrailingSlashToURL(identity.User.Cluster)
-		}
-	}
-	return ic, nil
-}
-
 // CheckExists returns nil if the given ID exists otherwise returns an error
 func (m *GormIdentityRepository) CheckExists(ctx context.Context, id string) error {
 	defer goa.MeasureSince([]string{"goa", "db", "identity", "exists"}, time.Now())

authentication/account/repository/identity_blackbox_test.go

@@ -9,8 +9,6 @@ import (
 	testsupport "github.com/fabric8-services/fabric8-auth/test"
 
 	"fmt"
-	account "github.com/fabric8-services/fabric8-auth/authentication/account/repository"
-	"github.com/fabric8-services/fabric8-auth/rest"
 	"github.com/jinzhu/gorm"
 	"github.com/satori/go.uuid"
 	"github.com/stretchr/testify/assert"
@@ -131,32 +129,6 @@ func (s *IdentityRepositoryTestSuite) TestLoad() {
 	})
 }
 
-func (s *IdentityRepositoryTestSuite) TestIdentitiesWithClusterURL() {
-
-	s.T().Run("ok", func(t *testing.T) {
-		// given
-		// Create test user & identity
-		g := s.NewTestGraph(t)
-		identities := make([]account.Identity, 0)
-		for i := 0; i < 5; i++ {
-			user := g.CreateUser()
-			identities = append(identities, *user.Identity())
-		}
-
-		// when
-		identitiesWithClusterURL, err := s.Application.Identities().GetIdentitiesWithClusterURL(s.Ctx)
-		// then
-		require.NoError(t, err, "Could not load identity")
-		require.NotEmpty(t, identitiesWithClusterURL)
-
-		for i := 0; i < 5; i++ {
-			identity := identities[i]
-			require.Contains(t, identitiesWithClusterURL, identity.ID)
-			assert.Equal(t, identitiesWithClusterURL[identity.ID], rest.AddTrailingSlashToURL(identity.User.Cluster))
-		}
-	})
-}
-
 func (s *IdentityRepositoryTestSuite) TestIdentityExists() {
 
 	s.T().Run("identity exists", func(t *testing.T) {

authorization/token/token.go

@@ -20,7 +20,6 @@ const (
 	JenkinsIdler       = "fabric8-jenkins-idler"
 	JenkinsProxy       = "fabric8-jenkins-proxy"
 	OnlineRegistration = "online-registration"
-	Migration          = "migration"
 	RhChe              = "rh-che"
 	GeminiServer       = "fabric8-gemini-server"
 

cluster/service/cluster.go

@@ -165,67 +165,6 @@ func Start(ctx context.Context, factory service.ClusterCacheFactory, options ...
 	return clusterCache != nil && started == uint32(1), nil
 }
 
-func (s *clusterService) LinkExistingIdentitiesToCluster(ctx context.Context, options ...rest.HTTPClientOption) error {
-	identitiesWithClusters, err := s.Repositories().Identities().GetIdentitiesWithClusterURL(ctx)
-	if err != nil {
-		return errors.Wrapf(err, "failed to load existing identities with default IDP")
-	}
-
-	if _, err := s.linkIdentitiesToCluster(ctx, identitiesWithClusters, options...); err != nil {
-		return errors.Wrapf(err, "failed while linking existing identities to it's cluster url")
-	}
-	return nil
-}
-
-func (s *clusterService) linkIdentitiesToCluster(ctx context.Context, identitiesWithClusterURL map[uuid.UUID]string, options ...rest.HTTPClientOption) (chan error, error) {
-	signer := newJWTSASigner(ctx, s.config, options...)
-	client, err := signer.createSignedClient()
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed to create JWT signer for cluster service")
-	}
-
-	errs := make(chan error, len(identitiesWithClusterURL))
-	go func() {
-		defer close(errs)
-		log.Logger().Infof("linking identity to cluster url has been started. total_identities=%d", len(identitiesWithClusterURL))
-		count := 0
-		for id, u := range identitiesWithClusterURL {
-			if e := s.link(ctx, client, id, u); e != nil {
-				errs <- e
-				continue
-			}
-			count++
-		}
-		log.Logger().Infof("linking identity to cluster url has been completed. total_identities=%d, linked_identities=%d", len(identitiesWithClusterURL), count)
-	}()
-
-	return errs, nil
-}
-
-func (s *clusterService) link(ctx context.Context, cl *clusterclient.Client, identityID uuid.UUID, clusterURL string) error {
-	identityToClusterData := &clusterclient.LinkIdentityToClusterData{
-		ClusterURL: clusterURL,
-		IdentityID: identityID.String(),
-	}
-	res, err := cl.LinkIdentityToClusterClusters(goasupport.ForwardContextRequestID(ctx), clusterclient.LinkIdentityToClusterClustersPath(), identityToClusterData)
-	if err != nil {
-		return errors.Wrapf(err, "failed to link identity %s to cluster having url %s", identityID, clusterURL)
-	}
-	defer rest.CloseResponse(res)
-	bodyString := rest.ReadBody(res.Body) // To prevent FDs leaks
-	if res.StatusCode != http.StatusNoContent {
-		log.Error(ctx, map[string]interface{}{
-			"identity_id":            identityID,
-			"cluster_url":            clusterURL,
-			"response_status":        res.Status,
-			"response_body":          bodyString,
-			"link_cluster_migration": "true",
-		}, "unable to link identity to cluster in cluster management service")
-		return errors.Errorf("failed to link identity to cluster in cluster management service. Response status: %s. Response body: %s", res.Status, bodyString)
-	}
-	return nil
-}
-
 // Clusters converts the given cluster map to an array slice
 func Clusters(clusters map[string]cluster.Cluster) []cluster.Cluster {
 	cs := make([]cluster.Cluster, 0, len(clusters))

controller/clusters.go

@@ -7,9 +7,6 @@ import (
 
 	"github.com/fabric8-services/fabric8-common/httpsupport"
 
-	"github.com/fabric8-services/fabric8-auth/application"
-	"github.com/fabric8-services/fabric8-auth/authorization/token"
-	"github.com/fabric8-services/fabric8-auth/errors"
 	"github.com/goadesign/goa"
 )
 
@@ -21,14 +18,12 @@ type clusterConfiguration interface {
 type ClustersController struct {
 	*goa.Controller
 	config clusterConfiguration
-	app    application.Application
 }
 
 // NewClustersController creates a clusters controller.
-func NewClustersController(service *goa.Service, app application.Application, config clusterConfiguration) *ClustersController {
+func NewClustersController(service *goa.Service, config clusterConfiguration) *ClustersController {
 	return &ClustersController{
 		Controller: service.NewController("ClustersController"),
-		app:        app,
 		config:     config,
 	}
 }
@@ -44,19 +39,3 @@ func (c *ClustersController) Show(ctx *app.ShowClustersContext) error {
 	}
 	return nil
 }
-
-func (c *ClustersController) LinkExistingIdentitiesToCluster(ctx *app.LinkExistingIdentitiesToClusterClustersContext) error {
-	if !token.IsSpecificServiceAccount(ctx, token.Migration) {
-		log.Error(ctx, nil, "The service account is not authorized to link identities to cluster")
-		return jsonapi.JSONErrorResponse(ctx, errors.NewUnauthorizedError("account not authorized to link identities to cluster"))
-	}
-
-	if err := c.app.ClusterService().LinkExistingIdentitiesToCluster(ctx); err != nil {
-		log.Error(ctx, map[string]interface{}{
-			"error": err,
-		}, "error while linking existing identities to  it's cluster url")
-		return jsonapi.JSONErrorResponse(ctx, err)
-	}
-
-	return ctx.Accepted()
-}

controller/clusters_blackbox_test.go

@@ -4,65 +4,28 @@ import (
 	"testing"
 
 	"github.com/fabric8-services/fabric8-auth/app/test"
-	"github.com/fabric8-services/fabric8-auth/authentication/account/repository"
-	"github.com/fabric8-services/fabric8-auth/authorization/token"
 	. "github.com/fabric8-services/fabric8-auth/controller"
-	"github.com/fabric8-services/fabric8-auth/gormtestsupport"
-	testsupport "github.com/fabric8-services/fabric8-auth/test"
-	testservice "github.com/fabric8-services/fabric8-auth/test/service"
+	testsuite "github.com/fabric8-services/fabric8-auth/test/suite"
+
 	"github.com/goadesign/goa"
-	"github.com/satori/go.uuid"
 	"github.com/stretchr/testify/suite"
 )
 
-type ClustersControllerTestSuite struct {
-	gormtestsupport.DBTestSuite
-	clusterServiceMock *testservice.ClusterServiceMock
+type TestClustersREST struct {
+	testsuite.UnitTestSuite
 }
 
-func TestClusterController(t *testing.T) {
-	suite.Run(t, &ClustersControllerTestSuite{DBTestSuite: gormtestsupport.NewDBTestSuite()})
+func TestRunClustersREST(t *testing.T) {
+	suite.Run(t, &TestClustersREST{UnitTestSuite: testsuite.NewUnitTestSuite()})
 }
 
-func (s *ClustersControllerTestSuite) UnsecuredController() (*goa.Service, *ClustersController) {
+func (rest *TestClustersREST) UnsecuredController() (*goa.Service, *ClustersController) {
 	svc := goa.New("Cluster-Service")
-	return svc, NewClustersController(svc, s.Application, s.Configuration)
-}
-
-func (s *ClustersControllerTestSuite) SecuredController(identity *repository.Identity) (*goa.Service, *ClustersController) {
-	svc := testsupport.ServiceAsServiceAccountUser("Cluster-Service", *identity)
-	return svc, NewClustersController(svc, s.Application, s.Configuration)
+	return svc, NewClustersController(svc, rest.Config)
 }
 
-func (s *ClustersControllerTestSuite) TestShowForServiceAccountsFails() {
+func (rest *TestClustersREST) TestShowForServiceAccountsFails() {
 	// The controller should be available. It should fail because the is no cluster service available to proxy to.
-	service, controller := s.UnsecuredController()
-	test.ShowClustersBadGateway(s.T(), service.Context, service, controller)
-}
-
-func (s *ClustersControllerTestSuite) TestLinkExistingIdentitiesToCluster() {
-
-	s.T().Run("ok", func(t *testing.T) {
-		// given
-		sa := &repository.Identity{
-			Username: token.Migration,
-			ID:       uuid.NewV4(),
-		}
-		svc, ctrl := s.SecuredController(sa)
-
-		// when/then
-		test.LinkExistingIdentitiesToClusterClustersAccepted(t, svc.Context, svc, ctrl)
-	})
-
-	s.T().Run("unauthorized", func(t *testing.T) {
-		// given
-		sa := &repository.Identity{
-			Username: "unknown",
-			ID:       uuid.NewV4(),
-		}
-		svc, ctrl := s.SecuredController(sa)
-
-		// when/then
-		test.LinkExistingIdentitiesToClusterClustersUnauthorized(t, svc.Context, svc, ctrl)
-	})
+	service, controller := rest.UnsecuredController()
+	test.ShowClustersBadGateway(rest.T(), service.Context, service, controller)
 }