[Epic] Improve the Frontegg Mock Service

[bobbyiliev]

Notion epic

Link: https://www.notion.so/Improve-the-Frontegg-Mock-Service-07f33ae8d54746a08583e1b6ec488e99 Product brief: Status: In progress Prioritization: Estimated delivery date: 2024-08-30

Product outcome: use shared infrastructure for frontegg authentication in testing for the database and our integrations, such as the terraform and pulumi providers. This ensures consistent and robust testing, and minimizes the overhead of making changes across multiple different testing frameworks in different languages.

Work involved: At the moment we are using a custom Frontegg mock service that is getting hard to maintain. We shoul switch to the mock service that the Materialize repository is using. This involves adding some additional endpoints to the Materialize repository's Rust Frontegg mock service.

The following endpoints need to be supported:

• [x] /identity/resources/auth/v1/api-token" => handleTokenRequest
• [x] /identity/resources/users/api-tokens/v1" => handleAppPasswords
• [x] /identity/resources/users/v1/" => handleUserRequest
• [x] /identity/resources/users/v2" => handleUserRequest
• [x] /identity/resources/roles/v2" => handleRolesRequest
• [x] /frontegg/team/resources/sso/v1/configurations" => handleSSOConfigRequest
• [x] /frontegg/team/resources/sso/v1/configurations/" => handleSSOConfigAndDomainRequest
• [x] /frontegg/identity/resources/groups/v1" => handleSCIMGroupsRequest
• [x] /frontegg/directory/resources/v1/configurations/scim2" => handleSCIM2ConfigurationsRequest
• [x] /frontegg/directory/resources/v1/configurations/scim2/" => handleSCIMConfigurationByID
• [x] /frontegg/team/resources/members/v1 => handleUpdateUserRoles
• [x] /identity/resources/users/v3" (GET)
• [x] /identity/resources/users/api-tokens/v1" (GET)
• [x] /identity/resources/users/api-tokens/v1/{id}" (DELETE)
• [x] /identity/resources/tenants/api-tokens/v1" (GET, POST)
• [x] /identity/resources/tenants/api-tokens/v1/{id}" (DELETE)

Approach: add these endpoints and cutover the endpoints incrementally.

Design doc: https://github.com/MaterializeInc/terraform-provider-materialize/blob/main/docs/developer/frontegg-mock-2024-07-30.md

### Tasks
- [x] Transfer all endpoints from the Go mock service to the Rust mock
- [x] Switch the Terraform provider tests to use the Rust Frontegg mock service
- [x] Switch the Pulumi provider tess to use the Rust Frontegg mock service
- [ ] Refactor the Frontegg mock to be more modular instead of the one huge lib.rs file
- [ ] Separate 'Groups' from 'SCIM' endpoints and structs
- [ ] Add logging to the mock service for improved debugging capabilities
- [ ] Add tests for all endpoints

[bobbyiliev]

On further investigation, the Frontegg Mock service from the Materialize repository is only handling the initial authentication and does not really have any of the endpoints that we need like for the SSO configuration, creating app passwords, groups and etc.

So this is not going to be an option for the moment.

But the implementation works as follows:

  test-certs:
    container_name: test-certs
    image: materialize/test-certs:v0.86.1
    volumes:
      - test-certs:/secrets

  frontegg-mock:
    container_name: frontegg-mock
    image: materialize/frontegg-mock:v0.86.1
    command: >
      --listen-addr 0.0.0.0:3002
      --tenant-id 1b2a3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d
      --users '{"u1": {"client": "1b2a3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d", "password": "7e8f9a0b-1c2d-3e4f-5a6b-7c8d9e0f1a2b"}}'
      --roles '{"u1": ["users", "admin"], "u2": ["users"]}'
      --encoding-key-file /secrets/frontegg-mock.key
    ports:
      - "3002:3002"
    volumes:
      - test-certs:/secrets
    depends_on:
      - test-certs

volumes:
  test-certs:

[benesch]

Yeah, if anything, the materialize repo should be using the mock you've created here, Bobby, since it's way more complete!

[bobbyiliev]

With the work that @alex-hunt-materialize is now doing for the Frontegg mock service in the main repo we could reconsider deprecating the Go mock: https://github.com/MaterializeInc/materialize/pull/25601/files

However, there are still quite a bit of endpoints that would need to be shipped over. Currently, the provider utilizes the following endpoints for the various resources:

/identity/resources/auth/v1/api-token" => handleTokenRequest
/identity/resources/users/api-tokens/v1" => handleAppPasswords
/identity/resources/users/v1/" => handleUserRequest
/identity/resources/users/v2" => handleUserRequest
/identity/resources/roles/v2" => handleRolesRequest
/frontegg/team/resources/sso/v1/configurations" => handleSSOConfigRequest
/frontegg/team/resources/sso/v1/configurations/" => handleSSOConfigAndDomainRequest
/frontegg/identity/resources/groups/v1" => handleSCIMGroupsRequest
/frontegg/directory/resources/v1/configurations/scim2" => handleSCIM2ConfigurationsRequest
/frontegg/directory/resources/v1/configurations/scim2/" => handleSCIMConfigurationByID

And I will need to introduce a few more once I start working on the Groups resources as per #430.

I'm happy to try and work on shipping some of those endpoints from the Go mock to the Rust mock. I'll chat with @chaas to see how we should prioritize this work.