[iam] Add Get OIDC Client Config RPC

easyCZ · roboquat · commit 17c1def31ac0 · 2023-01-06T09:06:45.000+01:00
diff --git a/components/iam/pkg/apiv1/oidc_config.go b/components/iam/pkg/apiv1/oidc_config.go
@@ -6,6 +6,7 @@ package apiv1
 
 import (
 	"context"
+	"errors"
 
 	goidc "github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gitpod-io/gitpod/common-go/log"
@@ -52,13 +53,37 @@ func (s *OIDCClientConfigService) CreateClientConfig(ctx context.Context, req *v
 	}
 
 	return &v1.CreateClientConfigResponse{
-		Config: &v1.OIDCClientConfig{
-			Id: created.ID.String(),
-			// TODO: Populate remainder of fields
-		},
+		Config: oidcClientConfigToProto(created),
 	}, nil
 }
 
+func (s *OIDCClientConfigService) GetClientConfig(ctx context.Context, req *v1.GetClientConfigRequest) (*v1.GetClientConfigResponse, error) {
+	id, err := validateOIDCSpecID(req.GetId())
+	if err != nil {
+		return nil, err
+	}
+
+	oidcConfig, err := db.GetOIDCClientConfig(ctx, s.dbConn, id)
+	if err != nil {
+		if errors.Is(err, db.ErrorNotFound) {
+			return nil, status.Errorf(codes.NotFound, "no oidc config with ID: %s exists", id.String())
+		}
+	}
+
+	return &v1.GetClientConfigResponse{
+		Config: oidcClientConfigToProto(oidcConfig),
+	}, nil
+}
+
+func validateOIDCSpecID(id string) (uuid.UUID, error) {
+	parsed, err := uuid.Parse(id)
+	if err != nil {
+		return uuid.Nil, status.Errorf(codes.InvalidArgument, "invalid oidc spec ID, must be a UUID")
+	}
+
+	return parsed, nil
+}
+
 func toDBSpec(oauth2Config *v1.OAuth2Config, oidcConfig *v1.OIDCConfig) db.OIDCSpec {
 	return db.OIDCSpec{
 		ClientID:     oauth2Config.GetClientId(),
@@ -67,3 +92,10 @@ func toDBSpec(oauth2Config *v1.OAuth2Config, oidcConfig *v1.OIDCConfig) db.OIDCS
 		Scopes:       append([]string{goidc.ScopeOpenID, "profile", "email"}, oauth2Config.GetScopesSupported()...),
 	}
 }
+
+func oidcClientConfigToProto(cfg db.OIDCClientConfig) *v1.OIDCClientConfig {
+	return &v1.OIDCClientConfig{
+		Id: cfg.ID.String(),
+		// TODO: Populate remainder of fields
+	}
+}
diff --git a/components/iam/pkg/apiv1/oidc_config_test.go b/components/iam/pkg/apiv1/oidc_config_test.go
@@ -53,6 +53,55 @@ func TestOIDCClientConfig_Create(t *testing.T) {
 	require.Equal(t, toDBSpec(config.Oauth2Config, config.OidcConfig), decrypted)
 }
 
+func TestOIDCClientConfig_Get(t *testing.T) {
+
+	t.Run("invalid id returns invalid argument", func(t *testing.T) {
+		client, _ := setupOIDCClientConfigService(t)
+
+		_, err := client.GetClientConfig(context.Background(), &v1.GetClientConfigRequest{
+			Id: "not-uuid",
+		})
+		require.Error(t, err)
+		require.Equal(t, codes.InvalidArgument, status.Code(err))
+	})
+
+	t.Run("no client config with ID returns not found", func(t *testing.T) {
+		client, _ := setupOIDCClientConfigService(t)
+
+		_, err := client.GetClientConfig(context.Background(), &v1.GetClientConfigRequest{
+			Id: uuid.New().String(),
+		})
+		require.Error(t, err)
+		require.Equal(t, codes.NotFound, status.Code(err))
+	})
+
+	t.Run("retrieves a config by ID", func(t *testing.T) {
+		client, dbConn := setupOIDCClientConfigService(t)
+
+		config := db.OIDCSpec{
+			ClientID:     "some-client-id",
+			ClientSecret: "some-client-secret",
+		}
+
+		encrypted, err := db.EncryptJSON(dbtest.CipherSet(t), config)
+		require.NoError(t, err)
+
+		created := dbtest.CreateOIDCClientConfigs(t, dbConn,
+			dbtest.NewOIDCClientConfig(t, db.OIDCClientConfig{
+				Data: encrypted,
+			}),
+		)[0]
+
+		response, err := client.GetClientConfig(context.Background(), &v1.GetClientConfigRequest{
+			Id: created.ID.String(),
+		})
+		require.NoError(t, err)
+		require.Equal(t, codes.OK, status.Code(err))
+		require.Equal(t, oidcClientConfigToProto(created), response.Config)
+	})
+
+}
+
 func setupOIDCClientConfigService(t *testing.T) (v1.OIDCServiceClient, *gorm.DB) {
 	t.Helper()
 
