feat(front): project service accounts

Author: skipi

front/assets/js/people/add_to_project.js

@@ -21,6 +21,7 @@ export var AddToProject = {
     if(modal){
       var addPeopleToProjectBtn = document.getElementById("add_people_to_project");
       var addGroupsToProjectBtn = document.getElementById("add_group_to_project");
+      var addServiceAccountsToProjectBtn = document.getElementById("add_service_accounts_to_project");
       var cancelModalBtn = document.getElementById("cancel_btn");
 
       if(addPeopleToProjectBtn){
@@ -37,6 +38,13 @@ export var AddToProject = {
         }
       }
 
+      if(addServiceAccountsToProjectBtn){
+        addServiceAccountsToProjectBtn.onclick = () => {
+          modal.style.display = "block";
+          this.initProjectNonMembersFilter("service_account")
+        }
+      }
+
       cancelModalBtn.onclick = () => {
         this.selectedUserIds = []
         document.getElementById('users').innerHTML = ''
@@ -137,9 +145,11 @@ export var AddToProject = {
           let assets_path = document.querySelector("meta[name='assets-path']").getAttribute("content")
 
           return `<span ${props}>
-            ${result.has_avatar
-              ? `<img src="${result.avatar}" class="ba b--black-50 br-100 mr2" width="32">`
-              : `<img src="${assets_path}/images/org-${result.name.charAt(0).toLowerCase()}.svg" class="bg-washed-gray w2 h2 br-100 mr2 ba b--black-50"></div>`
+            ${result.subject_type === "service_account"
+              ? `<div class="dib w2 h2 br-100 mr2 ba b--black-50 tc bg-light-gray"><span class="material-symbols-outlined f6 gray" style="line-height: 2;">smart_toy</span></div>`
+              : result.has_avatar
+                ? `<img src="${result.avatar}" class="ba b--black-50 br-100 mr2" width="32">`
+                : `<img src="${assets_path}/images/org-${result.name.charAt(0).toLowerCase()}.svg" class="bg-washed-gray w2 h2 br-100 mr2 ba b--black-50"></div>`
             }
             <span>${escapeHtml(result.name)}</span>
             </span>`
@@ -180,9 +190,11 @@ export var AddToProject = {
     `
     <div id="${user.id}" class="flex items-center justify-between bg-white shadow-1 mv1 mh1 ph3 pv2 br3">
       <div class="flex items-center">
-        ${user.has_avatar
-          ? `<img src="${user.avatar}" class="w2 h2 br-100 mr2 ba b--black-50">`
-          : `<img src="${assets_path}/images/org-${user.name.charAt(0).toLowerCase()}.svg" class="bg-washed-gray w2 h2 br-100 mr2 ba b--black-50">`
+        ${user.subject_type === "service_account"
+          ? `<div class="w2 h2 br-100 mr2 ba b--black-50 flex items-center justify-center bg-light-gray"><span class="material-symbols-outlined f6 gray">smart_toy</span></div>`
+          : user.has_avatar
+            ? `<img src="${user.avatar}" class="w2 h2 br-100 mr2 ba b--black-50">`
+            : `<img src="${assets_path}/images/org-${user.name.charAt(0).toLowerCase()}.svg" class="bg-washed-gray w2 h2 br-100 mr2 ba b--black-50">`
         }
         <div class="flex items-center">
           <div class="b">${escapeHtml(user.name)}</div>

front/lib/front/clients/service_account.ex

@@ -3,7 +3,7 @@ defmodule Front.Clients.ServiceAccount do
 
   alias InternalApi.ServiceAccount.{
     CreateRequest,
-    DeleteRequest,
+    DestroyRequest,
     DescribeRequest,
     ListRequest,
     RegenerateTokenRequest,
@@ -92,7 +92,7 @@ defmodule Front.Clients.ServiceAccount do
 
   @impl Front.ServiceAccount.Behaviour
   def delete(service_account_id) do
-    %DeleteRequest{
+    %DestroyRequest{
       service_account_id: service_account_id
     }
     |> grpc_call(:delete)

front/lib/front/rbac/members.ex

@@ -112,7 +112,13 @@ defmodule Front.RBAC.Members do
     alias InternalApi.RBAC.SubjectType, as: Type
 
     member_type =
-      if opts[:member_type] == "group", do: Type.value(:GROUP), else: Type.value(:USER)
+      opts[:member_type]
+      |> case do
+        "group" -> Type.value(:GROUP)
+        "service_account" -> Type.value(:SERVICE_ACCOUNT)
+        # assume user if not specified
+        _ -> Type.value(:USER)
+      end
 
     req =
       build_list_members_request(org_id, project_id,

front/lib/front/service_account.ex

@@ -13,6 +13,32 @@ defmodule Front.ServiceAccount do
                 page_token :: String.t() | nil
               ) :: {:ok, {[Front.Models.ServiceAccount.t()], String.t() | nil}} | {:error, any}
 
+    @callback list_for_project(
+                org_id :: String.t(),
+                project_id :: String.t(),
+                page_size :: integer(),
+                page_token :: String.t() | nil
+              ) :: {:ok, {[Front.Models.ServiceAccount.t()], String.t() | nil}} | {:error, any}
+
+    @callback list_available_for_project(
+                org_id :: String.t(),
+                project_id :: String.t(),
+                page_size :: integer(),
+                page_token :: String.t() | nil
+              ) :: {:ok, {[Front.Models.ServiceAccount.t()], String.t() | nil}} | {:error, any}
+
+    @callback assign_to_project(
+                service_account_id :: String.t(),
+                project_id :: String.t(),
+                creator_id :: String.t()
+              ) :: {:ok, Front.Models.ServiceAccount.t()} | {:error, any}
+
+    @callback unassign_from_project(
+                service_account_id :: String.t(),
+                project_id :: String.t(),
+                creator_id :: String.t()
+              ) :: {:ok, Front.Models.ServiceAccount.t()} | {:error, any}
+
     @callback describe(service_account_id :: String.t()) ::
                 {:ok, Front.Models.ServiceAccount.t()} | {:error, any}
 

front/lib/front_web/controllers/people_controller.ex

@@ -356,9 +356,18 @@ defmodule FrontWeb.PeopleController do
           member_type: "user"
         )
 
+      fetch_service_accounts =
+        async_fetch_members(org_id, project_id,
+          username: username,
+          role_id: role_id,
+          page_no: page_no,
+          member_type: "service_account"
+        )
+
       conn = conn |> assign_permissions(project_id)
       {:ok, {:ok, {members, total_pages}}} = Async.await(fetch_members)
       {:ok, {:ok, {groups, _total_pages}}} = Async.await(fetch_groups)
+      {:ok, {:ok, {service_accounts, _total_pages}}} = Async.await(fetch_service_accounts)
       {:ok, {:ok, all_roles}} = Async.await(fetch_roles)
 
       conn
@@ -367,6 +376,7 @@ defmodule FrontWeb.PeopleController do
       |> render("members/members_list.html",
         members: members,
         groups: groups,
+        service_accounts: service_accounts,
         roles: all_roles,
         groups: groups,
         org_scope?: project_id == "",

front/lib/front_web/templates/people/members/__metadata.html.eex

@@ -1,20 +1,24 @@
 <div class="f6 gray flex items-center">
-    <%= if @member.github_login do %>
-      <svg class="mh1" width="16" height="16" xmlns="http://www.w3.org/2000/svg">
-        <path d="M8 0A8 8 0 005.47 15.59c.4.075.546-.172.546-.385 0-.19-.007-.693-.01-1.36-2.226.483-2.695-1.073-2.695-1.073-.364-.924-.889-1.17-.889-1.17-.726-.496.055-.486.055-.486.803.056 1.225.824 1.225.824.714 1.223 1.873.87 2.329.665.073-.517.28-.87.508-1.07-1.777-.201-3.644-.888-3.644-3.953 0-.873.311-1.588.823-2.147-.082-.202-.357-1.016.079-2.117 0 0 .671-.215 2.2.82A7.662 7.662 0 018 3.868a7.67 7.67 0 012.003.27c1.527-1.035 2.198-.82 2.198-.82.436 1.101.162 1.915.08 2.117.513.559.822 1.274.822 2.147 0 3.073-1.87 3.75-3.652 3.947.286.247.542.736.542 1.482 0 1.07-.01 1.932-.01 2.194 0 .215.145.463.55.385A8 8 0 008 0" fill-rule="evenodd"/>
-      </svg>
-      <a href="https://github.com/<%= @member.github_login%>/">@<%= @member.github_login%></a>
-    <% end %>
-    <%= if @member.bitbucket_login do %>
-      <svg class="mh1" height="16" width="16" xmlns="http://www.w3.org/2000/svg">
-        <path d="M.75 1.032a.5.5 0 00-.5.58l2.123 12.886a.68.68 0 00.664.567H13.22a.5.5 0 00.5-.42l2.122-13.03a.5.5 0 00-.5-.58zm8.938 9.313h-3.25l-.88-4.598h4.917z" fill-rule="evenodd"/>
-      </svg>
-      <a href="https://bitbucket.org/<%= @member.bitbucket_login%>/">@<%= @member.bitbucket_login%></a>
-    <% end %>
-    <%= if @member.gitlab_login do %>
-      <svg width="16px" height="16px" xmlns="http://www.w3.org/2000/svg" fill="#000000" viewBox="0 0 32 32">
-        <path d="M 8.382813 1.972656 L 4.078125 13.453125 L 3.835938 14.105469 L 1.796875 19.542969 L 16 29.875 L 30.203125 19.542969 L 28.164063 14.105469 L 23.613281 1.972656 L 19.882813 13.453125 L 12.117188 13.453125 Z M 8.25 8.027344 L 10.015625 13.453125 L 6.214844 13.453125 Z M 23.75 8.027344 L 25.785156 13.453125 L 21.984375 13.453125 Z M 5.464844 15.453125 L 10.664063 15.453125 L 14.09375 26.015625 L 4.203125 18.820313 Z M 12.765625 15.453125 L 19.234375 15.453125 L 16 25.402344 Z M 21.335938 15.453125 L 26.53125 15.453125 L 27.796875 18.820313 L 17.902344 26.015625 Z" />
-      </svg>
-      <a href="https://gitlab.com/<%= @member.gitlab_login%>/">@<%= @member.gitlab_login%></a>
+    <%= if @member.subject_type == "service_account" do %>
+      <span class="mh1"><%= @member.name %></span>
+    <% else %>
+      <%= if @member.github_login do %>
+        <svg class="mh1" width="16" height="16" xmlns="http://www.w3.org/2000/svg">
+          <path d="M8 0A8 8 0 005.47 15.59c.4.075.546-.172.546-.385 0-.19-.007-.693-.01-1.36-2.226.483-2.695-1.073-2.695-1.073-.364-.924-.889-1.17-.889-1.17-.726-.496.055-.486.055-.486.803.056 1.225.824 1.225.824.714 1.223 1.873.87 2.329.665.073-.517.28-.87.508-1.07-1.777-.201-3.644-.888-3.644-3.953 0-.873.311-1.588.823-2.147-.082-.202-.357-1.016.079-2.117 0 0 .671-.215 2.2.82A7.662 7.662 0 018 3.868a7.67 7.67 0 012.003.27c1.527-1.035 2.198-.82 2.198-.82.436 1.101.162 1.915.08 2.117.513.559.822 1.274.822 2.147 0 3.073-1.87 3.75-3.652 3.947.286.247.542.736.542 1.482 0 1.07-.01 1.932-.01 2.194 0 .215.145.463.55.385A8 8 0 008 0" fill-rule="evenodd"/>
+        </svg>
+        <a href="https://github.com/<%= @member.github_login%>/">@<%= @member.github_login%></a>
+      <% end %>
+      <%= if @member.bitbucket_login do %>
+        <svg class="mh1" height="16" width="16" xmlns="http://www.w3.org/2000/svg">
+          <path d="M.75 1.032a.5.5 0 00-.5.58l2.123 12.886a.68.68 0 00.664.567H13.22a.5.5 0 00.5-.42l2.122-13.03a.5.5 0 00-.5-.58zm8.938 9.313h-3.25l-.88-4.598h4.917z" fill-rule="evenodd"/>
+        </svg>
+        <a href="https://bitbucket.org/<%= @member.bitbucket_login%>/">@<%= @member.bitbucket_login%></a>
+      <% end %>
+      <%= if @member.gitlab_login do %>
+        <svg width="16px" height="16px" xmlns="http://www.w3.org/2000/svg" fill="#000000" viewBox="0 0 32 32">
+          <path d="M 8.382813 1.972656 L 4.078125 13.453125 L 3.835938 14.105469 L 1.796875 19.542969 L 16 29.875 L 30.203125 19.542969 L 28.164063 14.105469 L 23.613281 1.972656 L 19.882813 13.453125 L 12.117188 13.453125 Z M 8.25 8.027344 L 10.015625 13.453125 L 6.214844 13.453125 Z M 23.75 8.027344 L 25.785156 13.453125 L 21.984375 13.453125 Z M 5.464844 15.453125 L 10.664063 15.453125 L 14.09375 26.015625 L 4.203125 18.820313 Z M 12.765625 15.453125 L 19.234375 15.453125 L 16 25.402344 Z M 21.335938 15.453125 L 26.53125 15.453125 L 27.796875 18.820313 L 17.902344 26.015625 Z" />
+        </svg>
+        <a href="https://gitlab.com/<%= @member.gitlab_login%>/">@<%= @member.gitlab_login%></a>
+      <% end %>
     <% end %>
 </div>

front/lib/front_web/templates/people/members/_add_service_account_button.html.eex

@@ -0,0 +1,12 @@
+<%= if show_people_management_buttons?(@conn, @org_scope?, @permissions) do %>
+  <div>
+    <div class="flex-m">
+      <div>
+        <button id="add_service_accounts_to_project" class="btn btn-primary flex items-center">
+          <span class="material-symbols-outlined mr2">smart_toy</span>
+          Add service accounts
+        </button>
+      </div>
+    </div>
+  </div>
+<% end %>

front/lib/front_web/templates/people/members/_member.html.eex

@@ -6,14 +6,17 @@
       <div>
         <div class="flex items-center">
           <span class="ml1 b">
-            <%= if !@is_group? do %>
-              <%= link @member.name, to: people_path(@conn, :show, @member.id), class: "link black" %>
-            <% else %>
-              <%= if @permissions["organization.people.manage"] do %>
-                <span class="black pointer" style="cursor: pointer;" name="modify-group-btn" group_id="<%= @member.id %>"><%= @member.name %></span>
-              <% else %>
+            <%= cond do %>
+              <% Map.get(assigns, :is_service_account?) -> %>
                 <span class="black"><%= @member.name %></span>
-              <% end %>
+              <% @is_group? -> %>
+                <%= if @permissions["organization.people.manage"] do %>
+                  <span class="black pointer" style="cursor: pointer;" name="modify-group-btn" group_id="<%= @member.id %>"><%= @member.name %></span>
+                <% else %>
+                  <span class="black"><%= @member.name %></span>
+                <% end %>
+              <% true -> %>
+                <%= link @member.name, to: people_path(@conn, :show, @member.id), class: "link black" %>
             <% end %>
           </span>
           <%= render "members/__role_labels.html", role_bindings: @member.subject_role_bindings %>
@@ -34,13 +37,18 @@
               <%= render "members/__change_role_btn.html", member: @member, roles: @roles, permissions: @permissions %>
             <% end %>
           <% end %>
-          <%= if @is_group? and @org_scope? do %>
-            <%= render "members/__modify_group_button.html", group: @member, permissions: @permissions %>
-            <%= render "members/__delete_group_button.html", group: @member, conn: @conn, permissions: @permissions %>
-          <% else %>
-            <%= if @org_scope? || !Front.ce_roles?() || "Member" in member_role_names do %>
-              <%= render "members/__remove_member_btn.html", member: @member %>
-            <% end %>
+          <%= cond do %>
+            <% @is_group? and @org_scope? -> %>
+              <%= render "members/__modify_group_button.html", group: @member, permissions: @permissions %>
+              <%= render "members/__delete_group_button.html", group: @member, conn: @conn, permissions: @permissions %>
+            <% Map.get(assigns, :is_service_account?) -> %>
+              <%= if @org_scope? || !Front.ce_roles?() || "Member" in member_role_names do %>
+                <%= render "members/__remove_member_btn.html", member: @member %>
+              <% end %>
+            <% true -> %>
+              <%= if @org_scope? || !Front.ce_roles?() || "Member" in member_role_names do %>
+                <%= render "members/__remove_member_btn.html", member: @member %>
+              <% end %>
           <% end %>
 
         </div>

front/lib/front_web/templates/people/members/members_list.html.eex

@@ -43,4 +43,27 @@
       <% end) %>
     </div>
   </div>
+
+  <%= if FeatureProvider.feature_enabled?(:service_accounts, param: @conn.assigns[:organization_id]) && 
+         Map.has_key?(assigns, :service_accounts) do %>
+    <div class="bb b--black-075 w-100-l mt4 br3 shadow-3 bg-white">
+      <div class="flex items-center justify-between pa3 bb bw1 b--black-075 br3 br--top ">
+        <div>
+          <div class="flex items-center">
+            <span class="material-symbols-outlined pr2">smart_toy</span>
+            <div class="b">Service Accounts</div>
+          </div>
+        </div>
+        <%= if !@org_scope? && show_people_management_buttons?(@conn, @org_scope?, @permissions) do %>
+          <%= render "members/_add_service_account_button.html", conn: @conn, org_scope?: @org_scope?, permissions: @permissions %>
+        <% end %>
+      </div>
+
+      <div id="service_accounts">
+        <%= @service_accounts |> Enum.map(fn (service_account) -> %>
+          <%= render "members/_member.html", is_group?: false, is_service_account?: true, member: service_account, roles: @roles, org_scope?: @org_scope?, conn: @conn, permissions: @permissions %>
+        <% end) %>
+      </div>
+    </div>
+  <% end %>
 <% end %>

front/lib/front_web/views/people_view.ex

@@ -218,18 +218,30 @@ defmodule FrontWeb.PeopleView do
   defp map_role_to_colour(_), do: "cyan"
 
   def construct_member_avatar(member) do
-    avatar_url =
-      if member.has_avatar do
-        member.avatar
-      else
-        first_letter = member.name |> String.first() |> String.downcase()
-        "#{assets_path()}/images/org-#{first_letter}.svg"
-      end
-
-    """
-      <img src="#{avatar_url}" class="w2 h2 br-100 mr2 ba b--black-50">
-    """
-    |> raw()
+    # Check if this is a service account
+    is_service_account = member.subject_type == "service_account"
+    
+    if is_service_account do
+      """
+        <div class="w2 h2 br-100 mr2 ba b--black-50 flex items-center justify-center bg-light-gray">
+          <span class="material-symbols-outlined f6 gray">smart_toy</span>
+        </div>
+      """
+      |> raw()
+    else
+      avatar_url =
+        if member.has_avatar do
+          member.avatar
+        else
+          first_letter = member.name |> String.first() |> String.downcase()
+          "#{assets_path()}/images/org-#{first_letter}.svg"
+        end
+
+      """
+        <img src="#{avatar_url}" class="w2 h2 br-100 mr2 ba b--black-50">
+      """
+      |> raw()
+    end
   end
 
   def build_roles(member, roles) do