Don't load iam if resource doesn't require it

paviliondev · Oct 15, 2024 · 6900db5 · 6900db5
1 parent 12da6db
commit 6900db5
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 49 deletions.
diff --git a/app/models/subscription_server/user_resource.rb b/app/models/subscription_server/user_resource.rb
@@ -5,17 +5,17 @@ class UserResource < ActiveRecord::Base
 
     belongs_to :user
 
-    def ready?
+    def iam_ready?
       iam_user_name.present? && iam_access_key_id.present? && iam_secret_access_key.present?
     end
 
-    def create_iam_user(resource_name)
+    def create_iam_user(iam)
       key = aws.create_user(
         user_name: self.user.username,
-        group_name: self.class.resource_groups[resource_name]
+        group_name: iam[:group]
       )
       if key
-        self.update(
+        result = self.update(
           iam_user_name: key[:user_name],
           iam_access_key_id: key[:access_key_id],
           iam_secret_access_key: key[:secret_access_key],
@@ -47,41 +47,32 @@ def aws
       @aws ||= SubscriptionServer::AWS.new
     end
 
-    def self.resource_groups
-      @resource_groups ||= {
-        'discourse-events': 'discourse_events'
-      }.as_json
-    end
-
-    def self.resource_supported?(resource_name)
-      resource_groups[resource_name].present?
-    end
-
     def self.list(user_id, subscriptions)
       result = []
 
       subscriptions.each do |subscription|
         resource_name = subscription.resource
-        next unless resource_supported?(resource_name)
+        resource = SubscriptionServer::Subscription.subscription_map[resource_name]
+        next unless resource.present?
 
         user_resource = self.find_or_create_by(
           user_id: user_id,
           resource_name: resource_name
         )
 
-        if !user_resource.iam_user_name
-          user_resource.create_iam_user(resource_name)
-        elsif !user_resource.iam_access_key_id
-          user_resource.rotate_iam_key
-        end
-
-        if user_resource.iam_key_updated_at > 1.week.ago
-          user_resource.rotate_iam_key
+        if resource[:iam]
+          if !user_resource.iam_user_name
+            user_resource.create_iam_user(resource[:iam])
+          elsif !user_resource.iam_access_key_id
+            user_resource.rotate_iam_key
+          end
+          if user_resource.iam_key_updated_at > 1.week.ago
+            user_resource.rotate_iam_key
+          end
+          next unless user_resource.iam_ready?
         end
 
-        if user_resource.ready?
-          result << user_resource
-        end
+        result << user_resource.reload
       end
 
       result

diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
@@ -2,7 +2,7 @@ en:
   site_settings:
     subscription_server_enabled: Enable subscription server
     subscription_server_supplier_name: Supplier name, e.g. "Pavilion"
-    subscription_server_subscriptions: "List of supported subscriptions. resource:product_slug:provider:product_id:domain_limit e.g. discourse-custom-wizard:business:stripe:prod_Jyy6B9gyTJUURi:1"
+    subscription_server_subscriptions: "List of supported subscriptions. resource:product:provider:product_id:domain_limit:iam_group e.g. discourse-custom-wizard:business:stripe:prod_Jyy6B9gyTJUURi:1:custom_wizard"
     subscription_server_iam_access_key: IAM Administrator Access Key
     subscription_server_iam_secret_access_key: IAM Administrator Secret Access Key
     subscription_server_iam_region: IAM region

diff --git a/lib/subscription_server/subscription.rb b/lib/subscription_server/subscription.rb
@@ -27,6 +27,7 @@ def self.subscription_map
           provider = parts[2]
           product_id = parts[3]
           domain_limit = parts[4]
+          iam_group = parts[5]
 
           result[resource] ||= { provider: provider, products: [] }
           result[resource][:products] << {
@@ -38,6 +39,8 @@ def self.subscription_map
             result[resource][:domain_limits] ||= []
             result[resource][:domain_limits] << { product_id: product_id, domain_limit: domain_limit.to_i }
           end
+
+          result[resource][:iam] = { group: iam_group } if iam_group
         end
 
         result

diff --git a/spec/models/subscription_server/user_resource_spec.rb b/spec/models/subscription_server/user_resource_spec.rb
@@ -2,30 +2,62 @@
 
 describe SubscriptionServer::UserResource do
   let!(:user) { Fabricate(:user) }
-  let!(:subscription) {
-    SubscriptionServer::Subscription.new(
-      resource: 'discourse-events',
-      product_id: "prod_CBTNpi3fqWWkq0",
-      product_name: "Business Subscription",
-      price_id: "1234567",
-      price_name: "yearly"
-    )
-  }
-
-  before do
-    SiteSetting.subscription_server_iam_access_key = "12345"
-    SiteSetting.subscription_server_iam_secret_access_key = "23l42l3nk423o2"
-  end
 
   describe "#list" do
-    it "returns the right user resources" do
-      result = described_class.list(user.id, [subscription])
-      expect(result[0]).to be_present
-      expect(result[0].resource_name).to eq("discourse-events")
-      expect(result[0].iam_user_name).to be_present
-      expect(result[0].iam_access_key_id).to be_present
-      expect(result[0].iam_secret_access_key).to be_present
-      expect(result[0].iam_key_updated_at).to be_present
+    context "with a resource with iam" do
+      let(:subscription) {
+        SubscriptionServer::Subscription.new(
+          resource: 'discourse-events',
+          product_id: "prod_CBTNpi3fqWWkq0",
+          product_name: "Business Subscription",
+          price_id: "1234567",
+          price_name: "yearly"
+        )
+      }
+
+      before do
+        SiteSetting.subscription_server_iam_access_key = "12345"
+        SiteSetting.subscription_server_iam_secret_access_key = "23l42l3nk423o2"
+        SiteSetting.subscription_server_subscriptions = "discourse-events:business:stripe:prod_CBTNpi3fqWWkq0:1:discourse_events"
+      end
+
+      it "returns the right user resources" do
+        result = described_class.list(user.id, [subscription])
+        expect(result[0]).to be_present
+        expect(result[0].resource_name).to eq("discourse-events")
+        expect(result[0].iam_user_name).to be_present
+        expect(result[0].iam_access_key_id).to be_present
+        expect(result[0].iam_secret_access_key).to be_present
+        expect(result[0].iam_key_updated_at).to be_present
+      end
+    end
+
+    context "with a resource without iam" do
+      let(:subscription) {
+        SubscriptionServer::Subscription.new(
+          resource: 'discourse-custom-wizard',
+          product_id: "prod_CBTNpi3fqWWkq0",
+          product_name: "Business Subscription",
+          price_id: "1234567",
+          price_name: "yearly"
+        )
+      }
+
+      before do
+        SiteSetting.subscription_server_iam_access_key = "12345"
+        SiteSetting.subscription_server_iam_secret_access_key = "23l42l3nk423o2"
+        SiteSetting.subscription_server_subscriptions = "discourse-custom-wizard:business:stripe:prod_CBTNpi3fqWWkq0:1"
+      end
+
+      it "returns the right user resources" do
+        result = described_class.list(user.id, [subscription])
+        expect(result[0]).to be_present
+        expect(result[0].resource_name).to eq("discourse-custom-wizard")
+        expect(result[0].iam_user_name).not_to be_present
+        expect(result[0].iam_access_key_id).not_to be_present
+        expect(result[0].iam_secret_access_key).not_to be_present
+        expect(result[0].iam_key_updated_at).not_to be_present
+      end
     end
   end
 end