Open bobbyiliev opened 6 months ago
On further investigation, the Frontegg Mock service from the Materialize repository is only handling the initial authentication and does not really have any of the endpoints that we need like for the SSO configuration, creating app passwords, groups and etc.
So this is not going to be an option for the moment.
But the implementation works as follows:
test-certs:
container_name: test-certs
image: materialize/test-certs:v0.86.1
volumes:
- test-certs:/secrets
frontegg-mock:
container_name: frontegg-mock
image: materialize/frontegg-mock:v0.86.1
command: >
--listen-addr 0.0.0.0:3002
--tenant-id 1b2a3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d
--users '{"u1": {"client": "1b2a3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d", "password": "7e8f9a0b-1c2d-3e4f-5a6b-7c8d9e0f1a2b"}}'
--roles '{"u1": ["users", "admin"], "u2": ["users"]}'
--encoding-key-file /secrets/frontegg-mock.key
ports:
- "3002:3002"
volumes:
- test-certs:/secrets
depends_on:
- test-certs
volumes:
test-certs:
Yeah, if anything, the materialize repo should be using the mock you've created here, Bobby, since it's way more complete!
With the work that @alex-hunt-materialize is now doing for the Frontegg mock service in the main repo we could reconsider deprecating the Go mock: https://github.com/MaterializeInc/materialize/pull/25601/files
However, there are still quite a bit of endpoints that would need to be shipped over. Currently, the provider utilizes the following endpoints for the various resources:
/identity/resources/auth/v1/api-token" => handleTokenRequest
/identity/resources/users/api-tokens/v1" => handleAppPasswords
/identity/resources/users/v1/" => handleUserRequest
/identity/resources/users/v2" => handleUserRequest
/identity/resources/roles/v2" => handleRolesRequest
/frontegg/team/resources/sso/v1/configurations" => handleSSOConfigRequest
/frontegg/team/resources/sso/v1/configurations/" => handleSSOConfigAndDomainRequest
/frontegg/identity/resources/groups/v1" => handleSCIMGroupsRequest
/frontegg/directory/resources/v1/configurations/scim2" => handleSCIM2ConfigurationsRequest
/frontegg/directory/resources/v1/configurations/scim2/" => handleSCIMConfigurationByID
And I will need to introduce a few more once I start working on the Groups resources as per #430.
I'm happy to try and work on shipping some of those endpoints from the Go mock to the Rust mock. I'll chat with @chaas to see how we should prioritize this work.
Notion epic
Link: https://www.notion.so/Improve-the-Frontegg-Mock-Service-07f33ae8d54746a08583e1b6ec488e99 Product brief: Status: In progress Prioritization: Estimated delivery date: 2024-08-30
Product outcome: use shared infrastructure for frontegg authentication in testing for the database and our integrations, such as the terraform and pulumi providers. This ensures consistent and robust testing, and minimizes the overhead of making changes across multiple different testing frameworks in different languages.
Work involved: At the moment we are using a custom Frontegg mock service that is getting hard to maintain. We shoul switch to the mock service that the Materialize repository is using. This involves adding some additional endpoints to the Materialize repository's Rust Frontegg mock service.
The following endpoints need to be supported:
Approach: add these endpoints and cutover the endpoints incrementally.
Design doc: https://github.com/MaterializeInc/terraform-provider-materialize/blob/main/docs/developer/frontegg-mock-2024-07-30.md