Add Github device auth flow to the UI

weaveworks-gitops-poc · Sep 16, 2021 · 8f6cf3a · 8f6cf3a
1 parent ee12fdf
commit 8f6cf3a
Show file tree

Hide file tree

Showing 42 changed files with 2,633 additions and 279 deletions.
diff --git a/api/applications/applications.proto b/api/applications/applications.proto
@@ -51,7 +51,7 @@ service Applications {
     */
     rpc ListCommits(ListCommitsRequest) returns (ListCommitsResponse) {
         option (google.api.http) = {
-            get : "/v1/applications/{name}/commits"
+            get : "/v1/applications/{name}/commits",
         };
     }
     /**
@@ -76,6 +76,29 @@ service Applications {
             body: "*"
         };
     };
+
+    /** 
+    * GetGithubDeviceCode retrieves a temporary device code for Github authentication.
+    * This code is used to start the Github device-flow.
+    */
+    rpc GetGithubDeviceCode(GetGithubDeviceCodeRequest) returns (GetGithubDeviceCodeResponse) {
+        option (google.api.http) = {
+            get : "/v1/applications/auth_providers/github"
+        };
+    }
+
+    /**
+    * GetGithubAuthStatus gets the status of the Github device flow authentication requests.
+    * Once the user has completed the Github device flow, an access token will be returned.
+    * This token will expired in 15 minutes, after which the user will need to complete the flow again
+    * to do Git Provider operations.
+    */
+    rpc GetGithubAuthStatus(GetGithubAuthStatusRequest) returns (GetGithubAuthStatusResponse) {
+        option (google.api.http) = {
+            post : "/v1/applications/auth_providers/github/status"
+            body: "*"
+        };
+    }
 }
 
 // This object represents a single condition for a Kubernetes object.
@@ -189,3 +212,24 @@ message GetChildObjectsReq {
 message GetChildObjectsRes {
     repeated UnstructuredObject objects = 1;
 }
+
+
+message GetGithubDeviceCodeRequest {
+
+}
+
+message GetGithubDeviceCodeResponse {
+    string userCode      = 1; // The Github Device Flow code that will be shown to the user
+    string deviceCode    = 2; // A code that uniquely identifies a device
+    string validationURI = 3; // The URI that the user will visit to complete the flow
+    int32  interval      = 4; // How often the client should retry the request
+}
+
+message GetGithubAuthStatusRequest {
+    string deviceCode = 1; // The deviceCode returned from a GetGithubDeviceCodeResponse
+}
+
+message GetGithubAuthStatusResponse {
+    string accessToken = 1; // An access token that can be used to interact with the Weave GitOps API.
+    string error       = 2; // An error message.
+}
diff --git a/api/applications/applications.swagger.json b/api/applications/applications.swagger.json
@@ -48,6 +48,62 @@
         ]
       }
     },
+    "/v1/applications/auth_providers/github": {
+      "get": {
+        "summary": "GetGithubDeviceCode retrieves a temporary device code for Github authentication.\nThis code is used to start the Github device-flow.",
+        "operationId": "Applications_GetGithubDeviceCode",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1GetGithubDeviceCodeResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/rpcStatus"
+            }
+          }
+        },
+        "tags": [
+          "Applications"
+        ]
+      }
+    },
+    "/v1/applications/auth_providers/github/status": {
+      "post": {
+        "summary": "GetGithubAuthStatus gets the status of the Github device flow authentication requests.\nOnce the user has completed the Github device flow, an access token will be returned.\nThis token will expired in 15 minutes, after which the user will need to complete the flow again\nto do Git Provider operations.",
+        "operationId": "Applications_GetGithubAuthStatus",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1GetGithubAuthStatusResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/rpcStatus"
+            }
+          }
+        },
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/v1GetGithubAuthStatusRequest"
+            }
+          }
+        ],
+        "tags": [
+          "Applications"
+        ]
+      }
+    },
     "/v1/applications/child_objects": {
       "post": {
         "summary": "GetChildObjects returns the children of a given object, specified by a GroupVersionKind.\nNot all Kubernets objects have children. For example, a Deployment has a child ReplicaSet, but a Service has no child objects.",
@@ -425,6 +481,43 @@
         }
       }
     },
+    "v1GetGithubAuthStatusRequest": {
+      "type": "object",
+      "properties": {
+        "deviceCode": {
+          "type": "string"
+        }
+      }
+    },
+    "v1GetGithubAuthStatusResponse": {
+      "type": "object",
+      "properties": {
+        "accessToken": {
+          "type": "string"
+        },
+        "error": {
+          "type": "string"
+        }
+      }
+    },
+    "v1GetGithubDeviceCodeResponse": {
+      "type": "object",
+      "properties": {
+        "userCode": {
+          "type": "string"
+        },
+        "deviceCode": {
+          "type": "string"
+        },
+        "validationURI": {
+          "type": "string"
+        },
+        "interval": {
+          "type": "integer",
+          "format": "int32"
+        }
+      }
+    },
     "v1GetReconciledObjectsRes": {
       "type": "object",
       "properties": {