Merge pull request #216 from nitrictech/feature/gcp-api-fixes

jyecusch · web-flow · commit 7b3461e826f2 · 2021-10-20T10:24:25.000+11:00
Gcp API deployment fixes
diff --git a/packages/plugins/gcp/src/resources/api.test.ts b/packages/plugins/gcp/src/resources/api.test.ts
@@ -0,0 +1,170 @@
+// Copyright 2021, Nitric Technologies Pty Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as pulumi from '@pulumi/pulumi';
+import { NitricComputeCloudRun, NitricApiGcpApiGateway } from '.';
+
+const outputToPromise = async <T>(output: pulumi.Output<T> | undefined): Promise<T | undefined> => {
+	if (!output) {
+		return undefined;
+	}
+
+	return await new Promise<T>((res) => {
+		output.apply((t) => {
+			res(t);
+		});
+	});
+};
+
+describe('NitricApiGcpApiGateway', () => {
+	// Setup pulumi mocks
+	beforeAll(() => {
+		pulumi.runtime.setMocks({
+			newResource: function ({ name, type, inputs }): { id: string; state: any } {
+				switch (type) {
+					case 'gcp:apigateway/api:Api':
+						return {
+							id: 'mock-api-id',
+							state: {
+								...inputs,
+								// outputs...
+								name: inputs.name || name + '-sg',
+								apiId: 'mock-api-id',
+							},
+						};
+					case 'gcp:apigateway/apiConfig:ApiConfig':
+						return {
+							id: 'mock-config-id',
+							state: {
+								...inputs,
+								// outputs ...
+								name: inputs.name || name + '-sg',
+							},
+						};
+					case 'gcp:apigateway/gateway:Gateway':
+						return {
+							id: 'mock-gateway-id',
+							state: {
+								...inputs,
+								// outputs ...
+								name: inputs.name || name + '-sg',
+								defaultHostName: 'example.com',
+							},
+						};
+					case 'gcp:serviceAccount/account:Account':
+						return {
+							id: 'mock-account-id',
+							state: {
+								...inputs,
+								// outputs ...
+								name: inputs.name || name + '-sg',
+								email: 'service.account@example.com',
+							},
+						};
+					default:
+						return {
+							id: inputs.name + '_id',
+							state: {
+								...inputs,
+							},
+						};
+				}
+			},
+			call: function ({ inputs }) {
+				return inputs;
+			},
+		});
+	});
+
+	describe('When creating a new GcpApiGateway resource', () => {
+		let api: NitricApiGcpApiGateway | null = null;
+		beforeAll(() => {
+			// Create the new Api Gateway resource
+			api = new NitricApiGcpApiGateway('my-gateway', {
+				api: {
+					swagger: '2.0',
+					info: {
+						title: 'test-api',
+						version: '2.0',
+					},
+					paths: {
+						'/example/': {
+							get: {
+								operationId: 'getExample',
+								'x-nitric-target': {
+									name: 'test-service',
+									type: 'function',
+								},
+								description: 'Retrieve an existing example',
+								responses: {
+									'200': {
+										description: 'Successful response',
+									},
+								},
+							},
+						},
+					},
+				},
+				services: [
+					{
+						name: 'test-service',
+						url: pulumi.output('https://example.com'),
+						cloudrun: {
+							name: 'test',
+							location: 'us-central-1',
+						} as unknown,
+					} as NitricComputeCloudRun,
+				],
+			});
+		});
+
+		// Assert its state
+		it('should create a new Api', async () => {
+			expect(api?.api).toBeDefined();
+			await expect(outputToPromise(api?.api.name)).resolves.toEqual('my-gateway-sg');
+		});
+
+		it('should create a new api config', async () => {
+			expect(api?.config).toBeDefined();
+			await expect(outputToPromise(api?.config.name)).resolves.toEqual('my-gateway-config-sg');
+
+			// asset config has correct parent api
+			await expect(outputToPromise(api?.config.api)).resolves.toEqual('mock-api-id');
+		});
+
+		it('should create a new gateway', async () => {
+			expect(api?.gateway).toBeDefined();
+			await expect(outputToPromise(api?.gateway.name)).resolves.toEqual('my-gateway-gateway-sg');
+
+			// Assert gateway has correct config
+			const configId = await outputToPromise(api?.config.id);
+			await expect(outputToPromise(api?.gateway.apiConfig)).resolves.toEqual(configId);
+		});
+
+		it('should create a new Iam account', async () => {
+			expect(api?.invoker).toBeDefined();
+			await expect(outputToPromise(api?.invoker.name)).resolves.toEqual('my-gateway-acct-sg');
+			await expect(outputToPromise(api?.invoker.email)).resolves.toEqual('service.account@example.com');
+		});
+
+		it('should create iam members for the invoker account for each provided service', async () => {
+			expect(api?.memberships).toHaveLength(1);
+
+			// Assert service account wired up correctly
+			await expect(outputToPromise(api?.memberships[0].member)).resolves.toEqual(
+				'serviceAccount:service.account@example.com',
+			);
+		});
+	});
+});
diff --git a/packages/plugins/gcp/src/resources/api.ts b/packages/plugins/gcp/src/resources/api.ts
@@ -43,6 +43,12 @@ export class NitricApiGcpApiGateway extends pulumi.ComponentResource {
 	public readonly hostname: pulumi.Output<string>;
 	public readonly url: pulumi.Output<string>;
 
+	public readonly api: gcp.apigateway.Api;
+	public readonly config: gcp.apigateway.ApiConfig;
+	public readonly gateway: gcp.apigateway.Gateway;
+	public readonly invoker: gcp.serviceaccount.Account;
+	public readonly memberships: gcp.cloudrun.IamMember[];
+
 	constructor(name: string, args: NitricApiGcpApiGatewayArgs, opts?: pulumi.ComponentResourceOptions) {
 		super('nitric:api:GcpApiGateway', name, {}, opts);
 		const { api, services } = args;
@@ -54,7 +60,7 @@ export class NitricApiGcpApiGateway extends pulumi.ComponentResource {
 		const targetServices = Object.keys(api.paths).reduce((svcs, path) => {
 			const p = api.paths[path] as OpenAPIV2.PathItemObject<NitricAPITarget>;
 
-			const services = Object.keys(path)
+			const s = Object.keys(p)
 				.filter((k) => METHOD_KEYS.includes(k as method))
 				.reduce((acc, method) => {
 					const pathTarget = p[method as method]?.[constants.OAI_NITRIC_TARGET_EXT];
@@ -67,7 +73,7 @@ export class NitricApiGcpApiGateway extends pulumi.ComponentResource {
 					return acc;
 				}, svcs);
 
-			return svcs;
+			return s;
 		}, [] as NitricComputeCloudRun[]);
 
 		// Replace Nitric API Extensions with google api gateway extensions
@@ -131,7 +137,7 @@ export class NitricApiGcpApiGateway extends pulumi.ComponentResource {
 			return Buffer.from(JSON.stringify(transformedApi)).toString('base64');
 		});
 
-		const deployedApi = new gcp.apigateway.Api(
+		this.api = new gcp.apigateway.Api(
 			name,
 			{
 				apiId: name,
@@ -140,7 +146,7 @@ export class NitricApiGcpApiGateway extends pulumi.ComponentResource {
 		);
 
 		// Create a new IAM account for invoking
-		const apiInvoker = new gcp.serviceaccount.Account(
+		this.invoker = new gcp.serviceaccount.Account(
 			`${name}-acct`,
 			{
 				// Limit to 30 characters for service account name
@@ -151,13 +157,13 @@ export class NitricApiGcpApiGateway extends pulumi.ComponentResource {
 		);
 
 		// Bind that IAM account as a member of all available service targets
-		targetServices.map((svc) => {
-			new gcp.cloudrun.IamMember(
-				`${name}-acct-binding`,
+		this.memberships = targetServices.map((svc) => {
+			return new gcp.cloudrun.IamMember(
+				`${name}-${svc.name}-binding`,
 				{
 					service: svc.cloudrun.name,
 					location: svc.cloudrun.location,
-					member: pulumi.interpolate`serviceAccount:${apiInvoker.email}`,
+					member: pulumi.interpolate`serviceAccount:${this.invoker.email}`,
 					role: 'roles/run.invoker',
 				},
 				defaultResourceOptions,
@@ -167,10 +173,10 @@ export class NitricApiGcpApiGateway extends pulumi.ComponentResource {
 		// Now we need to create the document provided and interpolate the deployed service targets
 		// i.e. their Urls...
 		// Deploy the config
-		const deployedConfig = new gcp.apigateway.ApiConfig(
+		this.config = new gcp.apigateway.ApiConfig(
 			`${name}-config`,
 			{
-				api: deployedApi.apiId,
+				api: this.api.apiId,
 				displayName: `${name}-config`,
 				apiConfigId: `${name}-config`,
 				openapiDocuments: [
@@ -184,31 +190,36 @@ export class NitricApiGcpApiGateway extends pulumi.ComponentResource {
 				gatewayConfig: {
 					backendConfig: {
 						// Add the service account for the invoker here...
-						googleServiceAccount: apiInvoker.email,
+						googleServiceAccount: this.invoker.email,
 					},
 				},
 			},
 			defaultResourceOptions,
 		);
 
 		// Deploy the gateway
-		const gateway = new gcp.apigateway.Gateway(
+		this.gateway = new gcp.apigateway.Gateway(
 			`${name}-gateway`,
 			{
 				displayName: `${name}-gateway`,
 				gatewayId: `${name}-gateway`,
-				apiConfig: deployedConfig.id,
+				apiConfig: this.config.id,
 			},
 			defaultResourceOptions,
 		);
 
-		this.hostname = gateway.defaultHostname;
-		this.url = gateway.defaultHostname.apply((n) => `https://${n}`);
+		this.hostname = this.gateway.defaultHostname;
+		this.url = this.gateway.defaultHostname.apply((n) => `https://${n}`);
 
 		this.registerOutputs({
 			name: this.name,
 			hostname: this.hostname,
 			url: this.url,
+			api: this.api,
+			invoker: this.invoker,
+			memberships: this.memberships,
+			config: this.config,
+			gateway: this.gateway,
 		});
 	}
 
