Added changes required for dex setup for litmus 3.0.0-beta11 (#4163)

* Added changes required for dex setup

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* Moved dex-server to chaoscenter

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* resolved review comments

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* fixed imports

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

---------

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

chaoscenter/authentication/api/handlers/rest/dex_auth_handler.go

@@ -5,6 +5,8 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/google/uuid"
+
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/api/presenter"
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/entities"
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/services"
@@ -97,7 +99,7 @@ func DexCallback(userService services.ApplicationService) gin.HandlerFunc {
 			c.JSON(utils.ErrorStatusCodes[utils.ErrServerError], presenter.CreateErrorResponse(utils.ErrServerError))
 			return
 		}
-		createdAt := time.Now().Unix()
+		createdAt := time.Now().UnixMilli()
 
 		var userData = entities.User{
 			Name:     claims.Name,
@@ -122,6 +124,54 @@ func DexCallback(userService services.ApplicationService) gin.HandlerFunc {
 			c.JSON(utils.ErrorStatusCodes[utils.ErrServerError], presenter.CreateErrorResponse(utils.ErrServerError))
 			return
 		}
-		c.Redirect(http.StatusPermanentRedirect, "/login?jwtToken="+jwtToken)
+
+		var defaultProject string
+		ownerProjects, err := userService.GetOwnerProjectIDs(c, signedInUser.ID)
+
+		if len(ownerProjects) > 0 {
+			defaultProject = ownerProjects[0].ID
+		} else {
+			// Adding user as project owner in project's member list
+			newMember := &entities.Member{
+				UserID:     signedInUser.ID,
+				Role:       entities.RoleOwner,
+				Invitation: entities.AcceptedInvitation,
+				Username:   signedInUser.Username,
+				Name:       signedInUser.Name,
+				Email:      signedInUser.Email,
+				JoinedAt:   time.Now().UnixMilli(),
+			}
+			var members []*entities.Member
+			members = append(members, newMember)
+			state := "active"
+			newProject := &entities.Project{
+				ID:      uuid.Must(uuid.NewRandom()).String(),
+				Name:    signedInUser.Username + "-project",
+				Members: members,
+				State:   &state,
+				Audit: entities.Audit{
+					IsRemoved: false,
+					CreatedAt: time.Now().UnixMilli(),
+					CreatedBy: entities.UserDetailResponse{
+						Username: signedInUser.Username,
+						UserID:   signedInUser.ID,
+						Email:    signedInUser.Email,
+					},
+					UpdatedAt: time.Now().UnixMilli(),
+					UpdatedBy: entities.UserDetailResponse{
+						Username: signedInUser.Username,
+						UserID:   signedInUser.ID,
+						Email:    signedInUser.Email,
+					},
+				},
+			}
+			err := userService.CreateProject(newProject)
+			if err != nil {
+				return
+			}
+			defaultProject = newProject.ID
+		}
+
+		c.Redirect(http.StatusPermanentRedirect, "/login?jwtToken="+jwtToken+"&projectID="+defaultProject+"&projectRole="+string(entities.RoleOwner))
 	}
 }

chaoscenter/authentication/api/handlers/rest/project_handler.go

@@ -170,7 +170,7 @@ func ListInvitations(service services.ApplicationService) gin.HandlerFunc {
 				if member.Role == entities.RoleOwner {
 					inviteRes.ProjectOwner = *member
 				} else {
-					inviteRes.InvitationRole = member.Invitation
+					inviteRes.InvitationRole = member.Role
 				}
 			}
 			response = append(response, inviteRes)
@@ -221,7 +221,7 @@ func CreateProject(service services.ApplicationService) gin.HandlerFunc {
 			UserID:     user.ID,
 			Role:       entities.RoleOwner,
 			Invitation: entities.AcceptedInvitation,
-			JoinedAt:   time.Now().Unix(),
+			JoinedAt:   time.Now().UnixMilli(),
 		}
 		var members []*entities.Member
 		members = append(members, newMember)
@@ -233,13 +233,13 @@ func CreateProject(service services.ApplicationService) gin.HandlerFunc {
 			State:   &state,
 			Audit: entities.Audit{
 				IsRemoved: false,
-				CreatedAt: time.Now().Unix(),
+				CreatedAt: time.Now().UnixMilli(),
 				CreatedBy: entities.UserDetailResponse{
 					Username: user.Username,
 					UserID:   user.ID,
 					Email:    user.Email,
 				},
-				UpdatedAt: time.Now().Unix(),
+				UpdatedAt: time.Now().UnixMilli(),
 				UpdatedBy: entities.UserDetailResponse{
 					Username: user.Username,
 					UserID:   user.ID,
@@ -329,7 +329,7 @@ func SendInvitation(service services.ApplicationService) gin.HandlerFunc {
 			Name:       user.Name,
 			Email:      user.Email,
 			Invitation: entities.PendingInvitation,
-			JoinedAt:   time.Now().Unix(),
+			JoinedAt:   time.Now().UnixMilli(),
 		}
 
 		err = service.AddMember(member.ProjectID, newMember)

chaoscenter/authentication/api/handlers/rest/user_handlers.go

@@ -66,7 +66,7 @@ func CreateUser(service services.ApplicationService) gin.HandlerFunc {
 			}
 		}
 
-		createdAt := time.Now().Unix()
+		createdAt := time.Now().UnixMilli()
 		userRequest.CreatedAt = createdAt
 
 		userResponse, err := service.CreateUser(&userRequest)
@@ -228,25 +228,25 @@ func LoginUser(service services.ApplicationService) gin.HandlerFunc {
 				Username:   user.Username,
 				Name:       user.Name,
 				Email:      user.Email,
-				JoinedAt:   time.Now().Unix(),
+				JoinedAt:   time.Now().UnixMilli(),
 			}
 			var members []*entities.Member
 			members = append(members, newMember)
 			state := "active"
 			newProject := &entities.Project{
 				ID:      uuid.Must(uuid.NewRandom()).String(),
-				Name:    user.Username + "'s project",
+				Name:    user.Username + "-project",
 				Members: members,
 				State:   &state,
 				Audit: entities.Audit{
 					IsRemoved: false,
-					CreatedAt: time.Now().Unix(),
+					CreatedAt: time.Now().UnixMilli(),
 					CreatedBy: entities.UserDetailResponse{
 						Username: user.Username,
 						UserID:   user.ID,
 						Email:    user.Email,
 					},
-					UpdatedAt: time.Now().Unix(),
+					UpdatedAt: time.Now().UnixMilli(),
 					UpdatedBy: entities.UserDetailResponse{
 						Username: user.Username,
 						UserID:   user.ID,

chaoscenter/authentication/pkg/entities/project.go

@@ -60,7 +60,7 @@ type ListInvitationResponse struct {
 	ProjectID      string     `json:"projectID"`
 	ProjectName    string     `json:"projectName"`
 	ProjectOwner   Member     `json:"projectOwner"`
-	InvitationRole Invitation `json:"invitationRole"`
+	InvitationRole MemberRole `json:"invitationRole"`
 }
 
 // GetProjectOutput takes a Project struct as input and returns the graphQL model equivalent

chaoscenter/authentication/pkg/project/repository.go

@@ -244,7 +244,7 @@ func (r repository) UpdateInvite(projectID string, userID string, invitation ent
 		update = bson.D{
 			{"$set", bson.D{
 				{"members.$[elem].invitation", invitation},
-				{"members.$[elem].joined_at", time.Now().Unix()},
+				{"members.$[elem].joined_at", time.Now().UnixMilli()},
 			}}}
 	case entities.ExitedProject:
 		update = bson.D{

chaoscenter/authentication/pkg/services/session_service.go

@@ -30,7 +30,7 @@ func (a applicationService) RevokeToken(tokenString string) error {
 	revokedToken := &entities.RevokedToken{
 		Token:     tokenString,
 		ExpiresAt: int64(claims["exp"].(float64)),
-		CreatedAt: time.Now().Unix(),
+		CreatedAt: time.Now().UnixMilli(),
 	}
 	return a.revokedTokenRepository.RevokeToken(revokedToken)
 }
@@ -101,7 +101,7 @@ func (a applicationService) CreateApiToken(user *entities.User, request entities
 		Name:      request.Name,
 		Token:     tokenString,
 		ExpiresAt: expiresAt,
-		CreatedAt: time.Now().Unix(),
+		CreatedAt: time.Now().UnixMilli(),
 	}
 
 	if err = a.apiTokenRepository.CreateApiToken(apiToken); err != nil {

chaoscenter/dex-server/Dockerfile

@@ -0,0 +1,3 @@
+FROM ghcr.io/dexidp/dex:latest
+ENV DEX_FRONTEND_DIR=/srv/dex/web
+COPY --chown=root:root web /srv/dex/web

chaoscenter/dex-server/dex-deployment.yaml

@@ -0,0 +1,139 @@
+# ConfigMap for DexServer
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dex-server-admin-config
+  namespace: litmus
+data:
+  config.yaml: |
+    issuer: http://<Your Domain>:32000  # Replace your domain here
+
+    storage:
+      type: kubernetes
+      config:
+        inCluster: true
+
+    web:
+      http: 0.0.0.0:5556
+
+    staticClients:
+      - id: LitmusPortalAuthBackend
+        redirectURIs:
+          - '/auth/dex/callback'
+          - 'http://localhost:8080/auth/dex/callback' # Included for local testing purposes
+        name: 'LitmusPortalAuthBackend'
+        secret: ZXhhbXBsZS1hcHAtc2VjcmV0
+
+    oauth2:
+        skipApprovalScreen: true
+
+    connectors:
+      - type: google
+        id: google
+        name: Google
+        config:
+          clientID: # Add your Google Client ID here
+          clientSecret: # Add your Google Client Secret here
+          redirectURI: http://<Your Domain>:32000 # Replace your domain here
+
+      - type: github
+        id: github
+        name: GitHub
+        config:
+          clientID: # Add your GitHub Client ID here
+          clientSecret: # Add your GitHub Client Secret here
+          redirectURI: http://<Your Domain>:32000/callback  # Replace your domain here
+
+---
+# ClusterRole for DexServer
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: litmus-dex-server
+rules:
+  - apiGroups: [dex.coreos.com]
+    resources:
+      [
+        authcodes,
+        authrequests,
+        connectors,
+        devicerequests,
+        connectors,
+        devicerequests,
+        devicetokens,
+        oauth2clients,
+        offlinesessionses,
+        passwords,
+        refreshtokens,
+        signingkeies,
+      ]
+    verbs: [delete, deletecollection, get, list, patch, create, update, watch]
+---
+# ClusterRoleBinding for DexServer
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: litmus-dex-server-crb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: litmus-dex-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+---
+# Deployment for DexServer
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-dex-server
+  namespace: litmus
+  labels:
+    component: litmusportal-dex-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-dex-server
+  template:
+    metadata:
+      labels:
+        component: litmusportal-dex-server
+    spec:
+      serviceAccountName: litmus-server-account
+      containers:
+        - name: litmus-dex
+          imagePullPolicy: IfNotPresent
+          image: litmuschaos/litmusportal-dex-server:ci
+          command: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"]
+          ports:
+            - containerPort: 5556
+          volumeMounts:
+            - name: config
+              mountPath: /etc/dex/cfg
+      volumes:
+        - name: config
+          configMap:
+            name: dex-server-admin-config
+            items:
+              - key: config.yaml
+                path: config.yaml
+---
+# Exposed service for DexServer
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-dex-service
+  namespace: litmus
+spec:
+  type: NodePort
+  ports:
+    - name: dex-server
+      port: 80
+      protocol: TCP
+      targetPort: 5556
+      nodePort: 32000
+  selector:
+    component: litmusportal-dex-server