mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
feat(cli): setup logs pruner application for admin tenant
This commit is contained in:
parent
a0a19b13f9
commit
f8ae3588d2
2 changed files with 82 additions and 2 deletions
|
@ -6,8 +6,16 @@ import {
|
||||||
createAdminTenantApplicationRole,
|
createAdminTenantApplicationRole,
|
||||||
createCloudConnectionConfig,
|
createCloudConnectionConfig,
|
||||||
AdminTenantRole,
|
AdminTenantRole,
|
||||||
|
CloudScope,
|
||||||
|
cloudApiIndicator,
|
||||||
|
RoleType,
|
||||||
|
ApplicationType,
|
||||||
|
type CreateApplication,
|
||||||
|
type CreateRole,
|
||||||
|
type CreateScope,
|
||||||
|
type CreateApplicationsRole,
|
||||||
} from '@logto/schemas';
|
} from '@logto/schemas';
|
||||||
import { GlobalValues } from '@logto/shared';
|
import { GlobalValues, generateStandardId, generateStandardSecret } from '@logto/shared';
|
||||||
import { appendPath } from '@silverhand/essentials';
|
import { appendPath } from '@silverhand/essentials';
|
||||||
import type { CommonQueryMethods } from 'slonik';
|
import type { CommonQueryMethods } from 'slonik';
|
||||||
import { sql } from 'slonik';
|
import { sql } from 'slonik';
|
||||||
|
@ -15,6 +23,8 @@ import { sql } from 'slonik';
|
||||||
import { insertInto } from '../../../database.js';
|
import { insertInto } from '../../../database.js';
|
||||||
import { consoleLog } from '../../../utils.js';
|
import { consoleLog } from '../../../utils.js';
|
||||||
|
|
||||||
|
import { assignScopesToRole } from './tenant.js';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Append Redirect URIs for the default tenant callback in cloud Admin Console.
|
* Append Redirect URIs for the default tenant callback in cloud Admin Console.
|
||||||
* It reads the same env variables as core to construct the cloud `UrlSet`.
|
* It reads the same env variables as core to construct the cloud `UrlSet`.
|
||||||
|
@ -92,3 +102,68 @@ export const seedTenantCloudServiceApplication = async (
|
||||||
|
|
||||||
consoleLog.succeed('Cloud Service Application successfully created for:', tenantId);
|
consoleLog.succeed('Cloud Service Application successfully created for:', tenantId);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Setup Logs Pruner application for admin tenant
|
||||||
|
*/
|
||||||
|
export const setupLogsPrunerApplicationForAdminTenant = async (pool: CommonQueryMethods) => {
|
||||||
|
// Add CloudScope.PruneLogs scope to cloud api resource
|
||||||
|
const { id: cloudApiResourceId } = await pool.one<{ id: string }>(sql`
|
||||||
|
select id from resources
|
||||||
|
where indicator = ${cloudApiIndicator}
|
||||||
|
and tenant_id = ${adminTenantId}
|
||||||
|
`);
|
||||||
|
|
||||||
|
const pruneLogsScope: CreateScope = {
|
||||||
|
tenantId: adminTenantId,
|
||||||
|
id: generateStandardId(),
|
||||||
|
name: CloudScope.PruneLogs,
|
||||||
|
description:
|
||||||
|
'Allow pruning logs which are expired. This scope is only available to Logs Pruner M2M application.',
|
||||||
|
resourceId: cloudApiResourceId,
|
||||||
|
};
|
||||||
|
|
||||||
|
await pool.query(insertInto(pruneLogsScope, 'scopes'));
|
||||||
|
|
||||||
|
// Create logs pruner role
|
||||||
|
const logsPrunerRole: CreateRole = {
|
||||||
|
tenantId: adminTenantId,
|
||||||
|
id: generateStandardId(),
|
||||||
|
name: 'logs-pruner',
|
||||||
|
description: 'The role for the application that prunes logs which are expired.',
|
||||||
|
type: RoleType.MachineToMachine,
|
||||||
|
};
|
||||||
|
await pool.query(insertInto(logsPrunerRole, 'roles'));
|
||||||
|
|
||||||
|
// Assign CloudScope.PruneLogs to logsPruner role
|
||||||
|
await assignScopesToRole(pool, adminTenantId, logsPrunerRole.id, pruneLogsScope.id);
|
||||||
|
|
||||||
|
// Create Logs Pruner M2M application
|
||||||
|
const logsPrunerApplication: CreateApplication = {
|
||||||
|
tenantId: adminTenantId,
|
||||||
|
id: generateStandardId(),
|
||||||
|
name: 'Logs Pruner',
|
||||||
|
description: 'The application that prunes logs which are expired.',
|
||||||
|
type: ApplicationType.MachineToMachine,
|
||||||
|
secret: generateStandardSecret(),
|
||||||
|
oidcClientMetadata: {
|
||||||
|
redirectUris: [],
|
||||||
|
postLogoutRedirectUris: [],
|
||||||
|
},
|
||||||
|
customClientMetadata: {},
|
||||||
|
};
|
||||||
|
await pool.query(insertInto(logsPrunerApplication, 'applications'));
|
||||||
|
|
||||||
|
// Assign logs-pruner role to Logs Pruner application
|
||||||
|
const applicationRoleRelation: CreateApplicationsRole = {
|
||||||
|
id: generateStandardId(),
|
||||||
|
tenantId: adminTenantId,
|
||||||
|
applicationId: logsPrunerApplication.id,
|
||||||
|
roleId: logsPrunerRole.id,
|
||||||
|
};
|
||||||
|
await pool.query(insertInto(applicationRoleRelation, 'applications_roles'));
|
||||||
|
|
||||||
|
consoleLog.succeed(
|
||||||
|
'Logs Pruner machine-to-machine application successfully setup for admin tenant'
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
|
@ -38,7 +38,11 @@ import { getDatabaseName } from '../../../queries/database.js';
|
||||||
import { updateDatabaseTimestamp } from '../../../queries/system.js';
|
import { updateDatabaseTimestamp } from '../../../queries/system.js';
|
||||||
import { consoleLog, getPathInModule } from '../../../utils.js';
|
import { consoleLog, getPathInModule } from '../../../utils.js';
|
||||||
|
|
||||||
import { appendAdminConsoleRedirectUris, seedTenantCloudServiceApplication } from './cloud.js';
|
import {
|
||||||
|
appendAdminConsoleRedirectUris,
|
||||||
|
setupLogsPrunerApplicationForAdminTenant,
|
||||||
|
seedTenantCloudServiceApplication,
|
||||||
|
} from './cloud.js';
|
||||||
import { seedOidcConfigs } from './oidc-config.js';
|
import { seedOidcConfigs } from './oidc-config.js';
|
||||||
import { seedTenantOrganizations } from './tenant-organizations.js';
|
import { seedTenantOrganizations } from './tenant-organizations.js';
|
||||||
import {
|
import {
|
||||||
|
@ -198,6 +202,7 @@ export const seedCloud = async (connection: DatabaseTransactionConnection) => {
|
||||||
await Promise.all([
|
await Promise.all([
|
||||||
appendAdminConsoleRedirectUris(connection),
|
appendAdminConsoleRedirectUris(connection),
|
||||||
seedTenantCloudServiceApplication(connection, adminTenantId),
|
seedTenantCloudServiceApplication(connection, adminTenantId),
|
||||||
|
setupLogsPrunerApplicationForAdminTenant(connection),
|
||||||
]);
|
]);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue