Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-30 20:33:54 -05:00
Code Issues Activity

refactor(cli): add server connection application to the admin tenant (#4397)

Browse source 
* refactor(cli): refactor the cloud service application seed process

refactor the cloud service application seed process

* fix(cli): seed service application for the default tenant in OSS as well

seed service application for the default tenant in OSS as well
This commit is contained in:
simeng-li 2023-08-28 13:48:22 +08:00 committed by GitHub
parent bb43810bbc
commit 2d111bd39b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 65 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
packages/cli/src/commands/database/seed/cloud.ts
View file

@ -1,9 +1,18 @@
import { adminConsoleApplicationId, adminTenantId, defaultTenantId } from '@logto/schemas'; import {
adminConsoleApplicationId,
adminTenantId,
defaultTenantId,
createTenantMachineToMachineApplication,
createAdminTenantApplicationRole,
createCloudConnectionConfig,
AdminTenantRole,
} from '@logto/schemas';
import { GlobalValues } from '@logto/shared'; import { GlobalValues } from '@logto/shared';
import { appendPath } from '@silverhand/essentials'; import { appendPath } from '@silverhand/essentials';
import type { CommonQueryMethods } from 'slonik'; import type { CommonQueryMethods } from 'slonik';
import { sql } from 'slonik'; import { sql } from 'slonik';
import { insertInto } from '../../../database.js';
import { consoleLog } from '../../../utils.js'; import { consoleLog } from '../../../utils.js';
/** /**
@ -40,3 +49,46 @@ export const appendAdminConsoleRedirectUris = async (pool: CommonQueryMethods) =
consoleLog.succeed('Appended initial Redirect URIs to Admin Console:', redirectUris.map(String)); consoleLog.succeed('Appended initial Redirect URIs to Admin Console:', redirectUris.map(String));
}; };
/**
* Create Cloud Service M2M application for the tenant.
*
* This is a built-in M2M application for the tenant to communicate with the cloud service.
* - default
* - admin
*/
export const seedTenantCloudServiceApplication = async (
pool: CommonQueryMethods,
tenantId: string
) => {
// Create Cloud Service M2M application
const cloudServiceApplication = createTenantMachineToMachineApplication(tenantId);
await pool.query(insertInto(cloudServiceApplication, 'applications'));
// Assign tenantApplicationRole to Cloud Service M2M application
const { id: tenantApplicationRoleId } = await pool.one<{ id: string }>(sql`
select id from roles
where name = ${AdminTenantRole.TenantApplication}
and tenant_id = ${adminTenantId}
`);
await pool.query(
insertInto(
createAdminTenantApplicationRole(cloudServiceApplication.id, tenantApplicationRoleId),
'applications_roles'
)
);
// Create Cloud Service M2M application logto_config
await pool.query(
insertInto(
createCloudConnectionConfig(
tenantId,
cloudServiceApplication.id,
cloudServiceApplication.secret
),
'logto_configs'
)
);
consoleLog.succeed('Cloud Service Application successfully created for:', tenantId);
};

39
packages/cli/src/commands/database/seed/tables.ts
View file

@ -3,7 +3,6 @@ import path from 'node:path';
import { import {
createDefaultAdminConsoleConfig, createDefaultAdminConsoleConfig,
createCloudConnectionConfig,
defaultTenantId, defaultTenantId,
adminTenantId, adminTenantId,
defaultManagementApi, defaultManagementApi,
@ -14,8 +13,6 @@ import {
createDefaultAdminConsoleApplication, createDefaultAdminConsoleApplication,
createCloudApi, createCloudApi,
createTenantApplicationRole, createTenantApplicationRole,
createTenantMachineToMachineApplication,
createAdminTenantApplicationRole,
CloudScope, CloudScope,
} from '@logto/schemas'; } from '@logto/schemas';
import { Tenants } from '@logto/schemas/models'; import { Tenants } from '@logto/schemas/models';
@ -28,7 +25,7 @@ import { getDatabaseName } from '../../../queries/database.js';
import { updateDatabaseTimestamp } from '../../../queries/system.js'; import { updateDatabaseTimestamp } from '../../../queries/system.js';
import { consoleLog, getPathInModule } from '../../../utils.js'; import { consoleLog, getPathInModule } from '../../../utils.js';
import { appendAdminConsoleRedirectUris } from './cloud.js'; import { appendAdminConsoleRedirectUris, seedTenantCloudServiceApplication } from './cloud.js';
import { seedOidcConfigs } from './oidc-config.js'; import { seedOidcConfigs } from './oidc-config.js';
import { assignScopesToRole, createTenant, seedAdminData } from './tenant.js'; import { assignScopesToRole, createTenant, seedAdminData } from './tenant.js';
@ -134,8 +131,10 @@ export const seedTables = async (
await seedAdminData(connection, createMeApiInAdminTenant()); await seedAdminData(connection, createMeApiInAdminTenant());
const [cloudData, ...cloudAdditionalScopes] = createCloudApi(); const [cloudData, ...cloudAdditionalScopes] = createCloudApi();
const applicationRole = createTenantApplicationRole();
await seedAdminData(connection, cloudData, ...cloudAdditionalScopes); await seedAdminData(connection, cloudData, ...cloudAdditionalScopes);
// Create tenant application role
const applicationRole = createTenantApplicationRole();
await connection.query(insertInto(applicationRole, 'roles')); await connection.query(insertInto(applicationRole, 'roles'));
await assignScopesToRole( await assignScopesToRole(
connection, connection,
@ -146,16 +145,6 @@ export const seedTables = async (
.map(({ id }) => id) .map(({ id }) => id)
); );
// Add M2M app for default tenant
const defaultTenantApplication = createTenantMachineToMachineApplication(defaultTenantId);
await connection.query(insertInto(defaultTenantApplication, 'applications'));
await connection.query(
insertInto(
createAdminTenantApplicationRole(defaultTenantApplication.id, applicationRole.id),
'applications_roles'
)
);
// Assign all cloud API scopes to role `admin:admin` // Assign all cloud API scopes to role `admin:admin`
await assignScopesToRole( await assignScopesToRole(
connection, connection,
@ -164,22 +153,15 @@ export const seedTables = async (
...cloudAdditionalScopes.map(({ id }) => id) ...cloudAdditionalScopes.map(({ id }) => id)
); );
// FIXME: @wangsijie should not create tenant Cloud Service application in the OSS DB.
await seedTenantCloudServiceApplication(connection, defaultTenantId);
await Promise.all([ await Promise.all([
connection.query(insertInto(createDefaultAdminConsoleConfig(defaultTenantId), 'logto_configs')), connection.query(insertInto(createDefaultAdminConsoleConfig(defaultTenantId), 'logto_configs')),
connection.query( connection.query(insertInto(createDefaultAdminConsoleConfig(adminTenantId), 'logto_configs')),
insertInto(
createCloudConnectionConfig(
defaultTenantId,
defaultTenantApplication.id,
defaultTenantApplication.secret
),
'logto_configs'
)
),
connection.query( connection.query(
insertInto(createDefaultSignInExperience(defaultTenantId, isCloud), 'sign_in_experiences') insertInto(createDefaultSignInExperience(defaultTenantId, isCloud), 'sign_in_experiences')
), ),
connection.query(insertInto(createDefaultAdminConsoleConfig(adminTenantId), 'logto_configs')),
connection.query(insertInto(createAdminTenantSignInExperience(), 'sign_in_experiences')), connection.query(insertInto(createAdminTenantSignInExperience(), 'sign_in_experiences')),
connection.query(insertInto(createDefaultAdminConsoleApplication(), 'applications')), connection.query(insertInto(createDefaultAdminConsoleApplication(), 'applications')),
updateDatabaseTimestamp(connection, latestTimestamp), updateDatabaseTimestamp(connection, latestTimestamp),
@ -189,5 +171,8 @@ export const seedTables = async (
}; };
export const seedCloud = async (connection: DatabaseTransactionConnection) => { export const seedCloud = async (connection: DatabaseTransactionConnection) => {
await appendAdminConsoleRedirectUris(connection); await Promise.all([
appendAdminConsoleRedirectUris(connection),
seedTenantCloudServiceApplication(connection, adminTenantId),
]);
}; };