From f4f865e72d0105fb5b82b34dcbf2eb41eff8bb7b Mon Sep 17 00:00:00 2001 From: Andrew Farries Date: Thu, 9 Jun 2022 15:29:06 +0000 Subject: [PATCH 1/3] Configure server to use stripe secret --- .werft/jobs/build/helm/values.payment.yaml | 4 ++-- .werft/jobs/build/installer/installer.ts | 3 ++- .../server/ee/src/user/stripe-service.ts | 4 ++-- .../ee/src/workspace/gitpod-server-impl.ts | 2 +- components/server/src/config.ts | 18 ++++++++++-------- .../pkg/components/server/configmap.go | 2 +- .../pkg/components/server/deployment.go | 4 ++-- .../installer/pkg/components/server/types.go | 1 + 8 files changed, 21 insertions(+), 17 deletions(-) diff --git a/.werft/jobs/build/helm/values.payment.yaml b/.werft/jobs/build/helm/values.payment.yaml index 2793cf8ab99de2..9ef4746ca98190 100644 --- a/.werft/jobs/build/helm/values.payment.yaml +++ b/.werft/jobs/build/helm/values.payment.yaml @@ -15,7 +15,7 @@ components: secretName: chargebee-config - name: stripe-config secret: - secretName: stripe-config + secretName: stripe-api-keys paymentEndpoint: - disabled: false \ No newline at end of file + disabled: false diff --git a/.werft/jobs/build/installer/installer.ts b/.werft/jobs/build/installer/installer.ts index 98cd2849eff820..b5af4bde1a03f1 100644 --- a/.werft/jobs/build/installer/installer.ts +++ b/.werft/jobs/build/installer/installer.ts @@ -81,8 +81,9 @@ export class Installer { if (this.options.withPayment) { // let installer know that there is a chargbee config exec(`yq w -i ${this.options.installerConfigPath} experimental.webapp.server.chargebeeSecret chargebee-config`, { slice: slice }); + // let installer know that there is a stripe config - exec(`yq w -i ${this.options.installerConfigPath} experimental.webapp.server.stripeSecret stripe-config`, { slice: slice }); + exec(`yq w -i ${this.options.installerConfigPath} experimental.webapp.server.stripeSecret stripe-api-keys`, { slice: slice }); } } catch (err) { diff --git a/components/server/ee/src/user/stripe-service.ts b/components/server/ee/src/user/stripe-service.ts index d172ae15736901..b3b8dea37057a9 100644 --- a/components/server/ee/src/user/stripe-service.ts +++ b/components/server/ee/src/user/stripe-service.ts @@ -17,10 +17,10 @@ export class StripeService { protected getStripe(): Stripe { if (!this._stripe) { - if (!this.config.stripeSettings?.secretKey) { + if (!this.config.stripeSecrets?.secretKey) { throw new Error("Stripe is not properly configured"); } - this._stripe = new Stripe(this.config.stripeSettings.secretKey, { apiVersion: "2020-08-27" }); + this._stripe = new Stripe(this.config.stripeSecrets.secretKey, { apiVersion: "2020-08-27" }); } return this._stripe; } diff --git a/components/server/ee/src/workspace/gitpod-server-impl.ts b/components/server/ee/src/workspace/gitpod-server-impl.ts index 905328e977d1d9..a858e356e8d621 100644 --- a/components/server/ee/src/workspace/gitpod-server-impl.ts +++ b/components/server/ee/src/workspace/gitpod-server-impl.ts @@ -1851,7 +1851,7 @@ export class GitpodServerEEImpl extends GitpodServerImpl { async getStripePublishableKey(ctx: TraceContext): Promise { const user = this.checkAndBlockUser("getStripePublishableKey"); await this.ensureIsUsageBasedFeatureFlagEnabled(user); - const publishableKey = this.config.stripeSettings?.publishableKey; + const publishableKey = this.config.stripeSecrets?.publishableKey; if (!publishableKey) { throw new ResponseError( ErrorCodes.INTERNAL_SERVER_ERROR, diff --git a/components/server/src/config.ts b/components/server/src/config.ts index 1870c539bc6b90..bcb69f86b3ad22 100644 --- a/components/server/src/config.ts +++ b/components/server/src/config.ts @@ -20,12 +20,12 @@ import { filePathTelepresenceAware } from "@gitpod/gitpod-protocol/lib/env"; export const Config = Symbol("Config"); export type Config = Omit< ConfigSerialized, - "blockedRepositories" | "hostUrl" | "chargebeeProviderOptionsFile" | "stripeSettingsFile" | "licenseFile" + "blockedRepositories" | "hostUrl" | "chargebeeProviderOptionsFile" | "stripeSecretsFile" | "licenseFile" > & { hostUrl: GitpodHostUrl; workspaceDefaults: WorkspaceDefaults; chargebeeProviderOptions?: ChargebeeProviderOptions; - stripeSettings?: { publishableKey: string; secretKey: string }; + stripeSecrets?: { publishableKey: string; secretKey: string }; builtinAuthProvidersConfigured: boolean; blockedRepositories: { urlRegExp: RegExp; blockUser: boolean }[]; inactivityPeriodForRepos?: number; @@ -151,7 +151,7 @@ export interface ConfigSerialized { * Payment related options */ chargebeeProviderOptionsFile?: string; - stripeSettingsFile?: string; + stripeSecretsFile?: string; enablePayment?: boolean; /** @@ -215,12 +215,14 @@ export namespace ConfigFile { const chargebeeProviderOptions = readOptionsFromFile( filePathTelepresenceAware(config.chargebeeProviderOptionsFile || ""), ); - let stripeSettings: { publishableKey: string; secretKey: string } | undefined; - if (config.enablePayment && config.stripeSettingsFile) { + let stripeSecrets: { publishableKey: string; secretKey: string } | undefined; + if (config.enablePayment && config.stripeSecretsFile) { try { - stripeSettings = JSON.parse(fs.readFileSync(filePathTelepresenceAware(config.stripeSettingsFile), "utf-8")); + stripeSecrets = JSON.parse( + fs.readFileSync(filePathTelepresenceAware(config.stripeSecretsFile), "utf-8"), + ); } catch (error) { - console.error("Could not load Stripe settings", error); + console.error("Could not load Stripe secrets", error); } } let license = config.license; @@ -249,7 +251,7 @@ export namespace ConfigFile { authProviderConfigs, builtinAuthProvidersConfigured, chargebeeProviderOptions, - stripeSettings, + stripeSecrets, license, workspaceGarbageCollection: { ...config.workspaceGarbageCollection, diff --git a/install/installer/pkg/components/server/configmap.go b/install/installer/pkg/components/server/configmap.go index cc134d52f9fc46..c27b32e08a07d6 100644 --- a/install/installer/pkg/components/server/configmap.go +++ b/install/installer/pkg/components/server/configmap.go @@ -218,7 +218,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { VSXRegistryUrl: fmt.Sprintf("https://open-vsx.%s", ctx.Config.Domain), // todo(sje): or "https://{{ .Values.vsxRegistry.host | default "open-vsx.org" }}" if not using OpenVSX proxy EnablePayment: chargebeeSecret != "" || stripeSecret != "", ChargebeeProviderOptionsFile: fmt.Sprintf("%s/providerOptions", chargebeeMountPath), - StripeSettingsFile: fmt.Sprintf("%s/settings", stripeMountPath), + StripeSecretsFile: fmt.Sprintf("%s/apikeys", stripeMountPath), InsecureNoDomain: false, PrebuildLimiter: map[string]int{ // default limit for all cloneURLs diff --git a/install/installer/pkg/components/server/deployment.go b/install/installer/pkg/components/server/deployment.go index a2a0e11f73bbf9..1e8bb59675987c 100644 --- a/install/installer/pkg/components/server/deployment.go +++ b/install/installer/pkg/components/server/deployment.go @@ -194,7 +194,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { volumes = append(volumes, corev1.Volume{ - Name: "stripe-config", + Name: "stripe-secret", VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: stripeSecret, @@ -203,7 +203,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { }) volumeMounts = append(volumeMounts, corev1.VolumeMount{ - Name: "stripe-config", + Name: "stripe-secret", MountPath: stripeMountPath, ReadOnly: true, }) diff --git a/install/installer/pkg/components/server/types.go b/install/installer/pkg/components/server/types.go index 2a6757b7365f8f..b24880f7a092d2 100644 --- a/install/installer/pkg/components/server/types.go +++ b/install/installer/pkg/components/server/types.go @@ -33,6 +33,7 @@ type ConfigSerialized struct { VSXRegistryUrl string `json:"vsxRegistryUrl"` ChargebeeProviderOptionsFile string `json:"chargebeeProviderOptionsFile"` StripeSettingsFile string `json:"stripeSettingsFile"` + StripeSecretsFile string `json:"stripeSecretsFile"` EnablePayment bool `json:"enablePayment"` WorkspaceHeartbeat WorkspaceHeartbeat `json:"workspaceHeartbeat"` From 3deb771100da27d18d0cf75174dc7dba5bec7e71 Mon Sep 17 00:00:00 2001 From: Andrew Farries Date: Thu, 9 Jun 2022 15:29:21 +0000 Subject: [PATCH 2/3] Remove stripe config secret This now comes into clusters via GCP Secret Manager and terraform. --- .werft/jobs/build/payment/stripe-config-secret.yaml | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 .werft/jobs/build/payment/stripe-config-secret.yaml diff --git a/.werft/jobs/build/payment/stripe-config-secret.yaml b/.werft/jobs/build/payment/stripe-config-secret.yaml deleted file mode 100644 index 99d0599812211f..00000000000000 --- a/.werft/jobs/build/payment/stripe-config-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - settings: eyJwdWJsaXNoYWJsZUtleSI6InBrX3Rlc3RfNTFLeHVyN0dhZFJYbTUwbzNJNXJKQTNvbnkxdGNmdTNkM0NOd3BUWFR6QURkWTJISmlvRk1XTGdTa2M1d2h0UkZRam85UG5kM3pYYUdlcktQcXRmN0REQ3kwMFhBb01kbjZhIiwic2VjcmV0S2V5Ijoic2tfdGVzdF81MUt4dXI3R2FkUlhtNTBvM0NtVFJWc1Q2Q0xqd0VlSlhsWWtmdjZHajREQm42aVlVeDJQWUlUNDhjVlI5dlNUS0s1b2hwQTVCdWdycU5NUU9WVzN0NVJIODAwS011T3lEZ1QifQo= -kind: Secret -metadata: - name: stripe-config - namespace: ${NAMESPACE} -type: Opaque From 7da5eab26a80b3a98ab3269ae3a49528919d5811 Mon Sep 17 00:00:00 2001 From: Andrew Farries Date: Mon, 13 Jun 2022 14:46:27 +0000 Subject: [PATCH 3/3] Remove stripeSettingsFile from server config --- install/installer/pkg/components/server/types.go | 1 - 1 file changed, 1 deletion(-) diff --git a/install/installer/pkg/components/server/types.go b/install/installer/pkg/components/server/types.go index b24880f7a092d2..80709b6d5d7768 100644 --- a/install/installer/pkg/components/server/types.go +++ b/install/installer/pkg/components/server/types.go @@ -32,7 +32,6 @@ type ConfigSerialized struct { ImageBuilderAddr string `json:"imageBuilderAddr"` VSXRegistryUrl string `json:"vsxRegistryUrl"` ChargebeeProviderOptionsFile string `json:"chargebeeProviderOptionsFile"` - StripeSettingsFile string `json:"stripeSettingsFile"` StripeSecretsFile string `json:"stripeSecretsFile"` EnablePayment bool `json:"enablePayment"`