add public-viewer support to MemberClusterService

pkg/application/service/services.go

@@ -38,7 +38,7 @@ type VerificationService interface {
 }
 
 type MemberClusterService interface {
-	GetClusterAccess(userID, username, workspace, proxyPluginName string) (*access.ClusterAccess, error)
+	GetClusterAccess(userID, username, workspace, proxyPluginName string, publicViewerEnabled bool) (*access.ClusterAccess, error)
 }
 
 type Services interface {

pkg/proxy/proxy.go

@@ -272,7 +272,7 @@ func (p *Proxy) processRequest(ctx echo.Context) (string, *access.ClusterAccess,
 	}
 
 	ctx.Set(context.WorkspaceKey, workspaceName) // set workspace context for logging
-	cluster, err := p.app.MemberClusterService().GetClusterAccess(userID, username, workspaceName, proxyPluginName)
+	cluster, err := p.app.MemberClusterService().GetClusterAccess(userID, username, workspaceName, proxyPluginName, false)
 	if err != nil {
 		return "", nil, crterrors.NewInternalError(errs.New("unable to get target cluster"), err.Error())
 	}

pkg/proxy/service/cluster_service.go

@@ -11,6 +11,7 @@ import (
 	servicecontext "github.com/codeready-toolchain/registration-service/pkg/application/service/context"
 	"github.com/codeready-toolchain/registration-service/pkg/log"
 	"github.com/codeready-toolchain/registration-service/pkg/proxy/access"
+	"github.com/codeready-toolchain/registration-service/pkg/signup"
 	"github.com/codeready-toolchain/toolchain-common/pkg/cluster"
 
 	routev1 "github.com/openshift/api/route/v1"
@@ -40,21 +41,21 @@ func NewMemberClusterService(context servicecontext.ServiceContext, options ...O
 	return si
 }
 
-func (s *ServiceImpl) GetClusterAccess(userID, username, workspace, proxyPluginName string) (*access.ClusterAccess, error) {
-	signup, err := s.Services().SignupService().GetSignupFromInformer(nil, userID, username, false) // don't check for usersignup complete status, since it might cause the proxy blocking the request and returning an error when quick transitions from ready to provisioning are happening.
-	if err != nil {
-		return nil, err
-	}
-	// if signup has the CompliantUsername set it means that MUR was created and useraccount is provisioned
-	if signup == nil || signup.CompliantUsername == "" {
-		cause := errs.New("user is not provisioned (yet)")
-		log.Error(nil, cause, fmt.Sprintf("signup object: %+v", signup))
-		return nil, cause
-	}
-
+func (s *ServiceImpl) GetClusterAccess(userID, username, workspace, proxyPluginName string, publicViewerEnabled bool) (*access.ClusterAccess, error) {
 	// if workspace is not provided then return the default space access
 	if workspace == "" {
-		return s.accessForCluster(signup.APIEndpoint, signup.ClusterName, signup.CompliantUsername, proxyPluginName)
+		return s.getClusterAccessForDefaultWorkspace(userID, username, proxyPluginName)
+	}
+
+	return s.getSpaceAccess(userID, username, workspace, proxyPluginName, publicViewerEnabled)
+}
+
+// getSpaceAccess retrieves space access for an user
+func (s *ServiceImpl) getSpaceAccess(userID, username, workspace, proxyPluginName string, publicViewerEnabled bool) (*access.ClusterAccess, error) {
+	// retrieve the user's complaint name
+	complaintUserName, err := s.getUserSignupComplaintName(userID, username, publicViewerEnabled)
+	if err != nil {
+		return nil, err
 	}
 
 	// look up space
@@ -65,7 +66,52 @@ func (s *ServiceImpl) GetClusterAccess(userID, username, workspace, proxyPluginN
 		return nil, fmt.Errorf("the requested space is not available")
 	}
 
-	return s.accessForSpace(space, signup.CompliantUsername, proxyPluginName)
+	return s.accessForSpace(space, complaintUserName, proxyPluginName)
+}
+
+func (s *ServiceImpl) getUserSignupComplaintName(userID, username string, publicViewerEnabled bool) (string, error) {
+	// if PublicViewer is enabled and the requested user is the PublicViewer, than no lookup is required
+	if publicViewerEnabled && username == toolchainv1alpha1.KubesawAuthenticatedUsername {
+		return username, nil
+	}
+
+	// retrieve the UserSignup from cache
+	userSignup, err := s.getSignupFromInformerForProvisionedUser(userID, username)
+	if err != nil {
+		return "", err
+	}
+
+	return userSignup.CompliantUsername, nil
+}
+
+// getClusterAccessForDefaultWorkspace retrieves the cluster for the user's default workspace
+func (s *ServiceImpl) getClusterAccessForDefaultWorkspace(userID, username, proxyPluginName string) (*access.ClusterAccess, error) {
+	// retrieve the UserSignup from cache
+	userSignup, err := s.getSignupFromInformerForProvisionedUser(userID, username)
+	if err != nil {
+		return nil, err
+	}
+
+	// retrieve user's access for cluster
+	return s.accessForCluster(userSignup.APIEndpoint, userSignup.ClusterName, userSignup.CompliantUsername, proxyPluginName)
+}
+
+func (s *ServiceImpl) getSignupFromInformerForProvisionedUser(userID, username string) (*signup.Signup, error) {
+	// don't check for usersignup complete status, since it might cause the proxy blocking the request
+	// and returning an error when quick transitions from ready to provisioning are happening.
+	userSignup, err := s.Services().SignupService().GetSignupFromInformer(nil, userID, username, false)
+	if err != nil {
+		return nil, err
+	}
+
+	// if signup has the CompliantUsername set it means that MUR was created and useraccount is provisioned
+	if userSignup == nil || userSignup.CompliantUsername == "" {
+		cause := errs.New("user is not provisioned (yet)")
+		log.Error(nil, cause, fmt.Sprintf("signup object: %+v", userSignup))
+		return nil, cause
+	}
+
+	return userSignup, nil
 }
 
 func (s *ServiceImpl) accessForSpace(space *toolchainv1alpha1.Space, username, proxyPluginName string) (*access.ClusterAccess, error) {