Merge pull request #41 from platform-mesh/feat/fix-the-kubeconfig-download-content

Fix the kubeconfig download content

Author: gkrajniak

package-lock.json

@@ -36,7 +36,7 @@
     "@nestjs/core": ">=10.0.0",
     "@nestjs/platform-express": ">=10.0.0",
     "@nestjs/serve-static": ">=4.0.0",
-    "@openmfp/portal-server-lib": ">=0.157.0",
+    "@openmfp/portal-server-lib": ">=0.160.1",
     "axios": ">=1.7.7",
     "cookie-parser": ">=1.4.7",
     "express": ">=4.21.1",
@@ -48,7 +48,7 @@
     "@nestjs/axios": ">=3.0.0",
     "@nestjs/common": ">=10.0.0",
     "@nestjs/serve-static": ">=4.0.0",
-    "@openmfp/portal-server-lib": ">=0.159.0",
+    "@openmfp/portal-server-lib": ">=0.160.1",
     "axios": ">=1.7.7",
     "express": ">=4.21.1",
     "rxjs": ">=7.8.1"

package.json

@@ -1,4 +1,5 @@
 import { PMAuthConfigProvider } from './auth-config-provider.js';
+import { getDomainAndOrganization } from './utils/domain.js';
 import { HttpException } from '@nestjs/common';
 import {
   DiscoveryService,
@@ -53,6 +54,7 @@ describe('PMAuthConfigProvider', () => {
       oauthTokenUrl: 'token',
       clientId: 'cid',
       clientSecret: 'secret',
+      oidcIssuerUrl: 'issuer',
     };
     envAuthConfigService.getAuthConfig.mockResolvedValue(expected);
 
@@ -74,6 +76,7 @@ describe('PMAuthConfigProvider', () => {
     discoveryService.getOIDC.mockResolvedValue({
       authorization_endpoint: 'authUrl',
       token_endpoint: 'tokenUrl',
+      issuer: 'issuer',
     });
 
     const result = await provider.getAuthConfig(req);
@@ -98,7 +101,7 @@ describe('PMAuthConfigProvider', () => {
 
   it('getDomain should return organization and baseDomain', () => {
     const req = { hostname: 'foo.example.com' } as Request;
-    const result = provider.getDomain(req);
+    const result = getDomainAndOrganization(req);
     expect(result).toEqual({
       organization: 'foo',
       baseDomain: 'example.com',
@@ -107,7 +110,7 @@ describe('PMAuthConfigProvider', () => {
 
   it('getDomain should return clientId if hostname equals baseDomain', () => {
     const req = { hostname: 'example.com' } as Request;
-    const result = provider.getDomain(req);
+    const result = getDomainAndOrganization(req);
     expect(result).toEqual({
       organization: 'client123',
       baseDomain: 'example.com',

src/portal-options/auth-config-provider.spec.ts

@@ -55,20 +55,11 @@ export class PMAuthConfigProvider implements AuthConfigService {
     return {
       idpName: clientId,
       baseDomain,
-      oauthServerUrl,
       clientId,
       clientSecret,
+      oauthServerUrl,
       oauthTokenUrl,
-    };
-  }
-
-  getDomain(request: Request): { organization?: string; baseDomain?: string } {
-    const subDomain = request.hostname.split('.')[0];
-    const clientId = process.env['OIDC_CLIENT_ID_DEFAULT'];
-    const baseDomain = process.env['BASE_DOMAINS_DEFAULT'];
-    return {
-      organization: request.hostname === baseDomain ? clientId : subDomain,
-      baseDomain,
+      oidcIssuerUrl: oidc?.issuer,
     };
   }
 
@@ -83,11 +74,10 @@ export class PMAuthConfigProvider implements AuthConfigService {
       });
       const secretData = res.data;
 
-      const clientSecret = Buffer.from(
+      return Buffer.from(
         secretData['attribute.client_secret'],
         'base64',
       ).toString('utf-8');
-      return clientSecret;
     } catch (err) {
       console.error(
         `Failed to fetch secret ${secretName}:`,

src/portal-options/auth-config-provider.ts

@@ -1,8 +1,10 @@
 export * from './account-entity-context-provider.service.js';
-export * from './openmfp-portal-context.service.js';
-export * from './openmfp-request-context-provider.js';
+export * from './pm-portal-context.service.js';
+export * from './pm-request-context-provider.js';
 export * from './auth-config-provider.js';
 export * from './service-providers/content-configuration-service-providers.service.js';
 export * from './service-providers/kubernetes-service-providers.service.js';
 export * from './auth-callback-provider.js';
+
+export * from './services/kcp-k8s.service.js';
 export * from './services/iam-graphql.service.js';

src/portal-options/index.ts

@@ -1,5 +1,6 @@
-import { PMAuthConfigProvider } from './auth-config-provider.js';
-import { OpenmfpPortalContextService } from './openmfp-portal-context.service.js';
+import { PMPortalContextService } from './pm-portal-context.service.js';
+import { KcpKubernetesService } from './services/kcp-k8s.service.js';
+import { getDomainAndOrganization } from './utils/domain.js';
 import { Test, TestingModule } from '@nestjs/testing';
 import { Request } from 'express';
 import { mock } from 'jest-mock-extended';
@@ -21,27 +22,32 @@ jest.mock('@kubernetes/client-node', () => {
   return { KubeConfig, CustomObjectsApi };
 });
 
-describe('OpenmfpPortalContextService', () => {
-  let service: OpenmfpPortalContextService;
-  let pmAuthConfigProviderMock: jest.Mocked<PMAuthConfigProvider>;
+jest.mock('./utils/domain.js', () => ({
+  getDomainAndOrganization: jest.fn(),
+}));
+
+describe('PMPortalContextService', () => {
+  let service: PMPortalContextService;
+  let kcpKubernetesServiceMock: jest.Mocked<KcpKubernetesService>;
+  const mockedGetDomainAndOrganization = jest.mocked(getDomainAndOrganization);
   let mockRequest: any;
 
   beforeEach(async () => {
-    pmAuthConfigProviderMock = mock();
+    kcpKubernetesServiceMock = mock();
+
+    mockedGetDomainAndOrganization.mockReturnValue({
+      baseDomain: 'example.com',
+      organization: 'test-org',
+    });
 
     const module: TestingModule = await Test.createTestingModule({
       providers: [
-        OpenmfpPortalContextService,
-        {
-          provide: PMAuthConfigProvider,
-          useValue: pmAuthConfigProviderMock,
-        },
+        PMPortalContextService,
+        { provide: KcpKubernetesService, useValue: kcpKubernetesServiceMock },
       ],
     }).compile();
 
-    service = module.get<OpenmfpPortalContextService>(
-      OpenmfpPortalContextService,
-    );
+    service = module.get<PMPortalContextService>(PMPortalContextService);
     mockRequest = {
       hostname: 'test.example.com',
     };
@@ -57,12 +63,19 @@ describe('OpenmfpPortalContextService', () => {
     expect(service).toBeDefined();
   });
 
-  it('should return empty context when no environment variables match prefix', async () => {
-    pmAuthConfigProviderMock.getDomain.mockReturnValue({
-      baseDomain: 'example.com',
-      organization: 'test-org',
+  it('should return context with kcp workspace url', async () => {
+    kcpKubernetesServiceMock.getKcpWorkspaceUrl.mockReturnValue(
+      new URL('https://k8s.example.com/clusters/root:orgs:test-org'),
+    );
+
+    const result = await service.getContextValues(mockRequest as Request);
+
+    expect(result).toEqual({
+      kcpWorkspaceUrl: 'https://k8s.example.com/clusters/root:orgs:test-org',
     });
+  });
 
+  it('should return empty context when no environment variables match prefix', async () => {
     const result = await service.getContextValues(mockRequest as Request);
 
     expect(result).toEqual({});
@@ -74,7 +87,7 @@ describe('OpenmfpPortalContextService', () => {
     process.env.OTHER_ENV_VAR = 'should-be-ignored';
 
     try {
-      pmAuthConfigProviderMock.getDomain.mockReturnValue({
+      mockedGetDomainAndOrganization.mockReturnValue({
         baseDomain: 'example.com',
         organization: 'test-org',
       });
@@ -97,7 +110,7 @@ describe('OpenmfpPortalContextService', () => {
     process.env.OPENMFP_PORTAL_CONTEXT_MULTIPLE_SNAKE_CASE_KEYS = 'value2';
 
     try {
-      pmAuthConfigProviderMock.getDomain.mockReturnValue({
+      mockedGetDomainAndOrganization.mockReturnValue({
         baseDomain: 'example.com',
         organization: 'test-org',
       });
@@ -119,7 +132,7 @@ describe('OpenmfpPortalContextService', () => {
       'https://${org-subdomain}api.example.com/${org-name}/graphql';
 
     try {
-      pmAuthConfigProviderMock.getDomain.mockReturnValue({
+      mockedGetDomainAndOrganization.mockReturnValue({
         baseDomain: 'example.com',
         organization: 'test-org',
       });
@@ -141,7 +154,7 @@ describe('OpenmfpPortalContextService', () => {
       'https://${org-subdomain}api.example.com/${org-name}/graphql';
 
     try {
-      pmAuthConfigProviderMock.getDomain.mockReturnValue({
+      mockedGetDomainAndOrganization.mockReturnValue({
         baseDomain: 'example.com',
         organization: 'test-org',
       });
@@ -164,7 +177,7 @@ describe('OpenmfpPortalContextService', () => {
     process.env.OPENMFP_PORTAL_CONTEXT_VALID_KEY = 'valid-value';
 
     try {
-      pmAuthConfigProviderMock.getDomain.mockReturnValue({
+      mockedGetDomainAndOrganization.mockReturnValue({
         baseDomain: 'example.com',
         organization: 'test-org',
       });
@@ -185,11 +198,6 @@ describe('OpenmfpPortalContextService', () => {
     process.env.OPENMFP_PORTAL_CONTEXT_OTHER_KEY = 'value';
 
     try {
-      pmAuthConfigProviderMock.getDomain.mockReturnValue({
-        baseDomain: 'example.com',
-        organization: 'test-org',
-      });
-
       const result = await service.getContextValues(mockRequest as Request);
 
       expect(result).toEqual({

src/portal-options/openmfp-portal-context.service.spec.ts renamed to src/portal-options/pm-portal-context.service.spec.ts

@@ -1,14 +1,15 @@
-import { PMAuthConfigProvider } from './auth-config-provider.js';
+import { KcpKubernetesService } from './services/kcp-k8s.service.js';
+import { getDomainAndOrganization } from './utils/domain.js';
 import { Injectable } from '@nestjs/common';
 import { PortalContextProvider } from '@openmfp/portal-server-lib';
 import type { Request } from 'express';
 import process from 'node:process';
 
 @Injectable()
-export class OpenmfpPortalContextService implements PortalContextProvider {
+export class PMPortalContextService implements PortalContextProvider {
   private readonly openmfpPortalContext = 'OPENMFP_PORTAL_CONTEXT_';
 
-  constructor(private authConfigProvider: PMAuthConfigProvider) {}
+  constructor(private kcpKubernetesService: KcpKubernetesService) {}
 
   getContextValues(request: Request): Promise<Record<string, any>> {
     const portalContext: Record<string, any> = {};
@@ -25,14 +26,24 @@ export class OpenmfpPortalContextService implements PortalContextProvider {
     });
 
     this.processGraphQLGatewayApiUrl(request, portalContext);
+    this.addKcpWorkspaceUrl(request, portalContext);
     return Promise.resolve(portalContext);
   }
 
+  private addKcpWorkspaceUrl(request, portalContext) {
+    const { organization } = getDomainAndOrganization(request);
+    const account = request.query?.['core_platform-mesh_io_account'];
+
+    portalContext.kcpWorkspaceUrl = this.kcpKubernetesService
+      .getKcpWorkspaceUrl(organization, account)
+      ?.toString();
+  }
+
   private processGraphQLGatewayApiUrl(
     request: Request,
     portalContext: Record<string, any>,
   ): void {
-    const org = this.authConfigProvider.getDomain(request);
+    const org = getDomainAndOrganization(request);
     const subDomain =
       request.hostname === org.baseDomain ? '' : `${org.organization}.`;
     portalContext.crdGatewayApiUrl = portalContext.crdGatewayApiUrl

src/portal-options/openmfp-portal-context.service.ts renamed to src/portal-options/pm-portal-context.service.ts

@@ -1,6 +1,6 @@
-import { PMAuthConfigProvider } from './auth-config-provider.js';
-import { OpenmfpPortalContextService } from './openmfp-portal-context.service.js';
-import { RequestContextProviderImpl } from './openmfp-request-context-provider.js';
+import { PMPortalContextService } from './pm-portal-context.service.js';
+import { PMRequestContextProvider } from './pm-request-context-provider.js';
+import { getDomainAndOrganization } from './utils/domain.js';
 import type { Request } from 'express';
 import { mock } from 'jest-mock-extended';
 
@@ -21,28 +21,29 @@ jest.mock('@kubernetes/client-node', () => {
   return { KubeConfig, CustomObjectsApi };
 });
 
-describe('RequestContextProviderImpl', () => {
-  let provider: RequestContextProviderImpl;
-  const pmAuthConfigProviderMock = mock<PMAuthConfigProvider>();
-  const portalContext = mock<OpenmfpPortalContextService>();
+jest.mock('./utils/domain.js', () => ({
+  getDomainAndOrganization: jest.fn(),
+}));
+
+describe('PMRequestContextProvider', () => {
+  let provider: PMRequestContextProvider;
+  const portalContextService = mock<PMPortalContextService>();
+  const mockedGetDomainAndOrganization = jest.mocked(getDomainAndOrganization);
 
   beforeEach(() => {
     jest.resetAllMocks();
-    (
-      pmAuthConfigProviderMock.getDomain as unknown as jest.Mock
-    ).mockReturnValue({
+    mockedGetDomainAndOrganization.mockReturnValue({
       organization: 'org1',
       baseDomain: 'org1.example.com',
     });
-    (portalContext.getContextValues as unknown as jest.Mock).mockResolvedValue({
+    (
+      portalContextService.getContextValues as unknown as jest.Mock
+    ).mockResolvedValue({
       crdGatewayApiUrl: 'http://gateway/graphql',
       other: 'x',
     });
 
-    provider = new RequestContextProviderImpl(
-      pmAuthConfigProviderMock,
-      portalContext,
-    );
+    provider = new PMRequestContextProvider(portalContextService);
   });
 
   it('should merge request query, portal context and organization from envService', async () => {
@@ -61,7 +62,7 @@ describe('RequestContextProviderImpl', () => {
       organization: 'org1',
     });
 
-    expect(pmAuthConfigProviderMock.getDomain).toHaveBeenCalledWith(req);
-    expect(portalContext.getContextValues).toHaveBeenCalledWith(req);
+    expect(mockedGetDomainAndOrganization).toHaveBeenCalledWith(req);
+    expect(portalContextService.getContextValues).toHaveBeenCalledWith(req);
   });
 });

src/portal-options/openmfp-request-context-provider.spec.ts renamed to src/portal-options/pm-request-context-provider.spec.ts

@@ -1,5 +1,5 @@
-import { PMAuthConfigProvider } from './auth-config-provider.js';
-import { OpenmfpPortalContextService } from './openmfp-portal-context.service.js';
+import { PMPortalContextService } from './pm-portal-context.service.js';
+import { getDomainAndOrganization } from './utils/domain.js';
 import { Injectable } from '@nestjs/common';
 import { RequestContextProvider } from '@openmfp/portal-server-lib';
 import type { Request } from 'express';
@@ -12,17 +12,14 @@ export interface RequestContext extends Record<string, any> {
 }
 
 @Injectable()
-export class RequestContextProviderImpl implements RequestContextProvider {
-  constructor(
-    private authConfigProvider: PMAuthConfigProvider,
-    private openmfpPortalContextService: OpenmfpPortalContextService,
-  ) {}
+export class PMRequestContextProvider implements RequestContextProvider {
+  constructor(private pmPortalContextService: PMPortalContextService) {}
 
   async getContextValues(request: Request): Promise<RequestContext> {
-    const domainData = this.authConfigProvider.getDomain(request);
+    const domainData = getDomainAndOrganization(request);
     return {
       ...request.query,
-      ...(await this.openmfpPortalContextService.getContextValues(request)),
+      ...(await this.pmPortalContextService.getContextValues(request)),
       organization: domainData.organization,
       isSubDomain: request.hostname !== domainData.baseDomain,
     };

src/portal-options/openmfp-request-context-provider.ts renamed to src/portal-options/pm-request-context-provider.ts

@@ -1,4 +1,4 @@
-import { RequestContext } from '../openmfp-request-context-provider.js';
+import { RequestContext } from '../pm-request-context-provider.js';
 import { ContentConfigurationServiceProvidersService } from './content-configuration-service-providers.service.js';
 import { welcomeNodeConfig } from './models/welcome-node-config.js';
 import { GraphQLClient } from 'graphql-request';