iam group updates && UserApiKeyClient updates

paviliondev · Nov 29, 2024 · 7f9e6a9 · 7f9e6a9
1 parent b004019
commit 7f9e6a9
Show file tree

Hide file tree

Showing 7 changed files with 50 additions and 17 deletions.
diff --git a/app/models/subscription_server/user_resource.rb b/app/models/subscription_server/user_resource.rb
@@ -9,14 +9,16 @@ def iam_ready?
       iam_user_name.present? && iam_access_key_id.present? && iam_secret_access_key.present?
     end
 
-    def create_iam_user(iam)
+    def create_iam_user(iam_group)
       key = aws.create_user(
         user_name: self.user.username,
-        group_name: iam[:group]
+        group_name: iam_group
       )
+
       if key
         result = self.update(
           iam_user_name: key[:user_name],
+          iam_group: iam_group,
           iam_access_key_id: key[:access_key_id],
           iam_secret_access_key: key[:secret_access_key],
           iam_key_updated_at: Time.now
@@ -60,15 +62,19 @@ def self.list(user_id, subscriptions)
           resource_name: resource_name
         )
 
-        if resource[:iam]
+        if resource[:iam].present? && resource[:iam][subscription.product_id].present?
+          iam_group = resource[:iam][subscription.product_id]
+
           if !user_resource.iam_user_name
-            user_resource.create_iam_user(resource[:iam])
+            user_resource.create_iam_user(iam_group)
           elsif !user_resource.iam_access_key_id
             user_resource.rotate_iam_key
           end
+
           if user_resource.iam_key_updated_at < 1.week.ago
             user_resource.rotate_iam_key
           end
+
           next unless user_resource.iam_ready?
         end
 

diff --git a/db/migrate/20241128141330_add_iam_group_to_subscription_server_user_resources.rb b/db/migrate/20241128141330_add_iam_group_to_subscription_server_user_resources.rb
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+class AddIamGroupToSubscriptionServerUserResources < ActiveRecord::Migration[7.2]
+  def change
+    add_column :subscription_server_user_resources, :iam_group, :string
+  end
+end
diff --git a/...ription_server/extensions/user_api_key.rb → ..._server/extensions/user_api_key_client.rb b/...ription_server/extensions/user_api_key.rb → ..._server/extensions/user_api_key_client.rb
@@ -1,14 +1,14 @@
 # frozen_string_literal: true
 
-module SubscriptionServer::Extensions::UserApiKey
+module SubscriptionServer::Extensions::UserApiKeyClient
   def invalid_auth_redirect_for_subscriptions?(auth_redirect, request)
     ## Allow any auth redirect if the scope is only user subscriptions scope.
     return false if request.params[:scopes] == SubscriptionServer::UserSubscriptions::SCOPE
 
-    invalid_auth_redirect?(auth_redirect, true)
+    invalid_auth_redirect?(auth_redirect, perform_check: true)
   end
 
-  def invalid_auth_redirect?(auth_redirect, perform_check = false)
+  def invalid_auth_redirect?(auth_redirect, client: nil, perform_check: false)
     return false unless perform_check
     super(auth_redirect)
   end

diff --git a/lib/subscription_server/extensions/user_api_keys_controller.rb b/lib/subscription_server/extensions/user_api_keys_controller.rb
@@ -3,7 +3,7 @@
 module SubscriptionServer::Extensions::UserApiKeysController
   def create
     if params.key?(:auth_redirect)
-      raise Discourse::InvalidAccess if UserApiKey.invalid_auth_redirect_for_subscriptions?(params[:auth_redirect], request)
+      raise Discourse::InvalidAccess if UserApiKeyClient.invalid_auth_redirect_for_subscriptions?(params[:auth_redirect], request)
     end
     super
   end

diff --git a/lib/subscription_server/subscription.rb b/lib/subscription_server/subscription.rb
@@ -37,10 +37,16 @@ def self.subscription_map
 
           if domain_limit
             result[resource][:domain_limits] ||= []
-            result[resource][:domain_limits] << { product_id: product_id, domain_limit: domain_limit.to_i }
+            result[resource][:domain_limits] << {
+              product_id: product_id,
+              domain_limit: domain_limit.to_i
+            }
           end
 
-          result[resource][:iam] = { group: iam_group } if iam_group
+          if iam_group
+            result[resource][:iam] ||= {}
+            result[resource][:iam][product_id] = iam_group
+          end
         end
 
         result

diff --git a/plugin.rb b/plugin.rb
@@ -26,7 +26,7 @@
     ../lib/subscription_server/message.rb
     ../lib/subscription_server/providers/stripe.rb
     ../lib/subscription_server/user_subscriptions.rb
-    ../lib/subscription_server/extensions/user_api_key.rb
+    ../lib/subscription_server/extensions/user_api_key_client.rb
     ../lib/subscription_server/extensions/user_api_keys_controller.rb
     ../lib/subscription_server/aws.rb
     ../config/routes.rb
@@ -43,7 +43,7 @@
     load File.expand_path(path, __FILE__)
   end
 
-  UserApiKey.singleton_class.prepend SubscriptionServer::Extensions::UserApiKey
+  UserApiKeyClient.singleton_class.prepend SubscriptionServer::Extensions::UserApiKeyClient
   UserApiKeysController.prepend SubscriptionServer::Extensions::UserApiKeysController
 
   add_user_api_key_scope(:user_subscription,

diff --git a/spec/models/subscription_server/user_resource_spec.rb b/spec/models/subscription_server/user_resource_spec.rb
@@ -1,11 +1,12 @@
 # frozen_string_literal: true
 
 describe SubscriptionServer::UserResource do
-  let!(:user) { Fabricate(:user) }
+  let!(:user1) { Fabricate(:user) }
+  let!(:user2) { Fabricate(:user) }
 
   describe "#list" do
     context "with a resource with iam" do
-      let(:subscription) {
+      let(:subscription1) {
         SubscriptionServer::Subscription.new(
           resource: 'discourse-events',
           product_id: "prod_CBTNpi3fqWWkq0",
@@ -14,21 +15,35 @@
           price_name: "yearly"
         )
       }
+      let(:subscription2) {
+        SubscriptionServer::Subscription.new(
+          resource: 'discourse-events',
+          product_id: "prod_CBTNpi3fqWWkq1",
+          product_name: "Community Subscription",
+          price_id: "1234568",
+          price_name: "yearly"
+        )
+      }
 
       before do
         SiteSetting.subscription_server_iam_access_key = "12345"
         SiteSetting.subscription_server_iam_secret_access_key = "23l42l3nk423o2"
-        SiteSetting.subscription_server_subscriptions = "discourse-events:business:stripe:prod_CBTNpi3fqWWkq0:1:discourse_events"
+        SiteSetting.subscription_server_subscriptions = "discourse-events:business:stripe:prod_CBTNpi3fqWWkq0:1:discourse_events_business|discourse-events:community:stripe:prod_CBTNpi3fqWWkq1:1:discourse_events_community"
       end
 
       it "returns the right user resources" do
-        result = described_class.list(user.id, [subscription])
+        result = described_class.list(user1.id, [subscription1])
         expect(result[0]).to be_present
         expect(result[0].resource_name).to eq("discourse-events")
+        expect(result[0].iam_group).to eq('discourse_events_business')
         expect(result[0].iam_user_name).to be_present
         expect(result[0].iam_access_key_id).to be_present
         expect(result[0].iam_secret_access_key).to be_present
         expect(result[0].iam_key_updated_at).to be_present
+
+        result = described_class.list(user2.id, [subscription2])
+        expect(result[0]).to be_present
+        expect(result[0].iam_group).to eq('discourse_events_community')
       end
     end
 
@@ -50,7 +65,7 @@
       end
 
       it "returns the right user resources" do
-        result = described_class.list(user.id, [subscription])
+        result = described_class.list(user1.id, [subscription])
         expect(result[0]).to be_present
         expect(result[0].resource_name).to eq("discourse-custom-wizard")
         expect(result[0].iam_user_name).not_to be_present