[#12] WIP: Add SSO support

Fixes #12

REMOVE HTTPS CERT WORKAROUND BEFORE MERGE TO MASTER! MCC instance
with SSO enabled for testing currently has invalid cert chain,
so this is needed as a temporary workaround during development.

SEE '// DEBUG' COMMENTS for what still needs refactoring.

Done:
- Renamed existing `AuthProvider` to `BasicAuthProvider`. This
  provider will fail with an error notification if it's used
  with an MCC instance that requires SSO auth.
- Added new `SsoAuthProvider` for handling all things SSO. This
  provider will fail with an error notification if it's used with
  an MCC instance that does not support Keycloak SSO auth.
- Moved a few effects out of View.js and into useClusterLoder.js hook
  to cut down on module size.
- Added 'SSO support' section to README with instructions on how
  to configure the MCC instance's Keycloak Client to work with the
  extension since it relies on `lens://` protocol handler requests.
- Added new util.js method to make console logging more helpful
  and consistent, replaced all existing `console` calls with new
  `logger` calls.
- `AuthClient` now supports both Basic auth and SSO auth.
- Auto-refreshing tokens under SSO works.
- Possible to activate a cluster without having to re-query for
  the list of clusters that was already loaded (if any).
- Renamed ClustersProvider to ClusterDataProvider to make it
  more different from ClusterActionsProvider when we use
  it throughout the code (we had `clustersActions` and
  `clusterActions` objects; now we have `clusterDataActions`
  and `clusterActions` with less chance of a mistake).
- Fixed a bug in eventBus.ts where an exception thrown in an
  event handler would cause the event bus to infinitely call
  that handler in a loop.
- Added 'Refresh' feature where once clusters are loaded, the
  'Sign in' button changes to 'Refresh' and clicking it uses
  existing creds to reload/refresh the cluster list without
  going through full auth again (if creds are still valid).
- Added ability to filter clusters to a list of specified
  namespaces via the 'add clusters' extension event.

Author: stefcameron

README.md

@@ -80,9 +80,14 @@ The `prepublishOnly` script will automatically produce a production build in the
 
 ## Help
 
-### SSO not supported
+### SSO support
 
-Mirantis Container Cloud instances that use third-party SSO authentication (e.g. Google OAuth) are __not supported__ at this time. We plan on adding support [soon](https://github.com/Mirantis/lens-extension-cc/issues/12).
+Mirantis Container Cloud instances that use third-party SSO authentication via __Keycloak__ are supported.
+
+Since the integration leverages the `lens://` URL protocol handling feature for extensions, __Lens 4.1__ is required, and the __Keycloak Client__ of the instance must be configured as follows:
+
+-   Allow requests from the `"*"` origin. This is because the internal Electron browser used by the Lens App uses a random port. Therefore, the originating URL cannot be predicted.
+-   Allow the following redirect URI: `lens://extensions/@mirantis/lens-extension-cc/oauth/code`
 
 ### Management clusters not selected by default
 

src/cc/ClusterList.js

@@ -26,6 +26,7 @@ const CheckList = styled.div(function () {
 
 export const ClusterList = function ({
   clusters,
+  onlyNamespaces,
   selectedClusters,
   onSelection,
   onSelectAll,
@@ -80,6 +81,9 @@ export const ClusterList = function ({
   return (
     <Section className="lecc-ClusterList">
       <h3>{strings.clusterList.title()}</h3>
+      {onlyNamespaces && (
+        <p>{strings.clusterList.onlyNamespaces(onlyNamespaces)}</p>
+      )}
       <CheckList>
         {clusters.sort(compareClusters).map((
           cluster // list ALL clusters
@@ -113,6 +117,7 @@ export const ClusterList = function ({
 
 ClusterList.propTypes = {
   clusters: propTypes.arrayOf(propTypes.instanceOf(Cluster)), // ALL clusters, even non-ready ones
+  onlyNamespaces: propTypes.arrayOf(propTypes.string), // optional list of namespace IDs to which the list is restricted
   selectedClusters: propTypes.arrayOf(propTypes.instanceOf(Cluster)),
   onSelection: propTypes.func, // ({ cluster: Cluster, selected: boolean }) => void
   onSelectAll: propTypes.func, // ({ selected: boolean }) => void

src/cc/Login.js

@@ -1,9 +1,15 @@
-import { useState, useEffect } from 'react';
-import propTypes from 'prop-types';
+import { useState, useEffect, useCallback } from 'react';
 import styled from '@emotion/styled';
 import { Component } from '@k8slens/extensions';
 import { layout } from './styles';
 import { Section } from './Section';
+import { useExtState } from './store/ExtStateProvider';
+import { useConfig } from './store/ConfigProvider';
+import { useBasicAuth } from './store/BasicAuthProvider';
+import { useSsoAuth } from './store/SsoAuthProvider';
+import { useClusterData } from './store/ClusterDataProvider';
+import { useClusterLoadingState } from './hooks/useClusterLoadingState';
+import { normalizeUrl } from './netUtil';
 import * as strings from '../strings';
 
 const urlClassName = 'lecc-Login--url';
@@ -29,22 +35,95 @@ const Field = styled.div(function () {
   };
 });
 
-export const Login = function ({ loading, disabled, onLogin, ...props }) {
+const Message = styled.div(function () {
+  return {
+    display: 'flex',
+
+    p: {
+      marginTop: 2,
+      marginLeft: 3,
+    },
+  };
+});
+
+export const Login = function () {
   //
   // STATE
   //
 
-  const [cloudUrl, setCloudUrl] = useState(props.cloudUrl || '');
-  const [username, setUsername] = useState(props.username || '');
-  const [password, setPassword] = useState(props.password || '');
-  const [valid, setValid] = useState(false);
+  const {
+    state: {
+      authAccess,
+      prefs: { cloudUrl },
+    },
+    actions: extActions,
+  } = useExtState();
+
+  const {
+    state: {
+      loading: configLoading,
+      loaded: configLoaded,
+      error: configError,
+      config,
+    },
+    actions: configActions,
+  } = useConfig();
+
+  const {
+    state: { loading: basicAuthLoading },
+    actions: basicAuthActions,
+  } = useBasicAuth();
+
+  const {
+    state: { loading: ssoAuthLoading },
+    actions: ssoAuthActions,
+  } = useSsoAuth();
+
+  const {
+    state: { loaded: clusterDataLoaded, error: clusterDataError },
+    actions: clusterDataActions,
+  } = useClusterData();
+
+  // NOTE: while this does include the individual flags above, it may include
+  //  others we don't need to know details about here, but still need to be
+  //  responsive to
+  const loading = useClusterLoadingState();
+
+  const [url, setUrl] = useState(cloudUrl || '');
+  const [username, setUsername] = useState(authAccess.username || '');
+  const [password, setPassword] = useState(authAccess.password || '');
+  const [basicValid, setBasicValid] = useState(false); // if basic auth fields are valid
+
+  // {boolean} true if user has clicked the Access button; false otherwise
+  const [accessClicked, setAccessClicked] = useState(false);
+
+  const usesSso = !!config?.keycloakLogin;
 
   //
   // EVENTS
   //
 
+  const startLogin = useCallback(
+    function () {
+      authAccess.resetCredentials();
+      authAccess.resetTokens();
+      authAccess.usesSso = usesSso;
+
+      if (!usesSso) {
+        authAccess.username = username;
+        authAccess.password = password;
+      }
+
+      // capture changes to auth details so far, and trigger basic or SSO login in
+      //  useClusterLoader() effect (because this will result in an updated authAccess
+      //  object that has the right configuration per updates above)
+      extActions.setAuthAccess(authAccess);
+    },
+    [authAccess, extActions, usesSso, username, password]
+  );
+
   const handleUrlChange = function (value) {
-    setCloudUrl(value);
+    setUrl(value);
   };
 
   const handleUsernameChange = function (value) {
@@ -55,8 +134,52 @@ export const Login = function ({ loading, disabled, onLogin, ...props }) {
     setPassword(value);
   };
 
-  const handleClustersClick = function () {
-    onLogin({ cloudUrl, username, password });
+  const handleAccessClick = function () {
+    const normUrl = normalizeUrl(url);
+    setUrl(normUrl); // update to actual URL we'll use
+    setAccessClicked(true);
+
+    basicAuthActions.reset();
+    ssoAuthActions.reset();
+    clusterDataActions.reset();
+
+    // we're accessing a different instance, so nothing we may have already will
+    //  work there
+    setUsername('');
+    setPassword('');
+    authAccess.resetCredentials();
+    authAccess.resetTokens();
+    extActions.setAuthAccess(authAccess);
+
+    // save URL as `cloudUrl` in preferences since the user claims it's valid
+    extActions.setCloudUrl(normUrl);
+
+    // NOTE: if the config loads successfully and we see that the instance is
+    //  set for SSO auth, our effect() below that checks for `configLoaded`
+    //  will auto-trigger onLogin(), which will then trigger SSO auth
+    configActions.load(normUrl); // implicit reset of current config, if any
+  };
+
+  const handleLoginClick = function () {
+    if (
+      clusterDataLoaded &&
+      !clusterDataError &&
+      url === cloudUrl &&
+      authAccess.isValid() &&
+      username === authAccess.username &&
+      (authAccess.usesSso || password === authAccess.password)
+    ) {
+      // DEBUG TODO: test this use case under SSO
+      // just do a cluster data refresh instead of going through auth again
+      clusterDataActions.load({ cloudUrl, config, authAccess });
+    } else {
+      // no cluster data, or something auth-related has changed: do a full
+      //  re-auth and cluster reload
+      basicAuthActions.reset();
+      ssoAuthActions.reset();
+      clusterDataActions.reset();
+      startLogin();
+    }
   };
 
   //
@@ -65,9 +188,45 @@ export const Login = function ({ loading, disabled, onLogin, ...props }) {
 
   useEffect(
     function () {
-      setValid(!!(cloudUrl && username && password));
+      setBasicValid(!!(url && username && password));
+    },
+    [username, password, url]
+  );
+
+  // on load, if we already have an instance URL but haven't yet loaded the config,
+  //  load it immediately so we can show the username/password fields right away
+  //  and save the user a 'click & wait' if the instance uses basic auth
+  useEffect(
+    function () {
+      if (cloudUrl && !configLoading && !configLoaded) {
+        configActions.load(cloudUrl);
+      }
+    },
+    [cloudUrl, configLoading, configLoaded, configActions]
+  );
+
+  useEffect(
+    function () {
+      if (configLoaded && !configError && accessClicked) {
+        setAccessClicked(false);
+
+        // start the SSO login process if the instance uses SSO since the user has
+        //  clicked on the Access button indicating intent to take action
+        if (usesSso) {
+          startLogin();
+        }
+      }
     },
-    [username, password, cloudUrl]
+    [
+      configLoaded,
+      configError,
+      config,
+      url,
+      extActions,
+      startLogin,
+      accessClicked,
+      usesSso,
+    ]
   );
 
   //
@@ -85,54 +244,74 @@ export const Login = function ({ loading, disabled, onLogin, ...props }) {
           theme="round-black" // borders on all sides, rounded corners
           id="lecc-login-url"
           disabled={loading}
-          value={cloudUrl}
+          value={url}
           onChange={handleUrlChange}
         />
       </Field>
-      <Field>
-        <label htmlFor="lecc-login-username">
-          {strings.login.username.label()}
-        </label>
-        <Component.Input
-          type="text"
-          theme="round-black" // borders on all sides, rounded corners
-          id="lecc-login-username"
-          disabled={loading}
-          value={username}
-          onChange={handleUsernameChange}
-        />
-      </Field>
-      <Field>
-        <label htmlFor="lecc-login-password">
-          {strings.login.password.label()}
-        </label>
-        <Component.Input
-          type="password"
-          theme="round-black" // borders on all sides, rounded corners
-          id="lecc-login-password"
-          disabled={loading}
-          value={password}
-          onChange={handlePasswordChange}
-        />
-      </Field>
-      <div>
-        <Component.Button
-          primary
-          disabled={loading || disabled || !valid}
-          label={strings.login.action.label()}
-          waiting={loading}
-          onClick={handleClustersClick}
-        />
-      </div>
+      {(!configLoaded || configError || url !== cloudUrl || usesSso) && (
+        <div>
+          <Component.Button
+            primary
+            disabled={loading}
+            label={strings.login.action.access()}
+            waiting={configLoading}
+            onClick={handleAccessClick}
+          />
+        </div>
+      )}
+      {configLoaded && !configError && url === cloudUrl && !usesSso && (
+        <>
+          <Message>
+            <Component.Icon material="info" />
+            <p>{strings.login.basic.message()}</p>
+          </Message>
+          <Field>
+            <label htmlFor="lecc-login-username">
+              {strings.login.username.label()}
+            </label>
+            <Component.Input
+              type="text"
+              theme="round-black" // borders on all sides, rounded corners
+              id="lecc-login-username"
+              disabled={loading}
+              value={username}
+              onChange={handleUsernameChange}
+            />
+          </Field>
+          <Field>
+            <label htmlFor="lecc-login-password">
+              {strings.login.password.label()}
+            </label>
+            <Component.Input
+              type="password"
+              theme="round-black" // borders on all sides, rounded corners
+              id="lecc-login-password"
+              disabled={loading}
+              value={password}
+              onChange={handlePasswordChange}
+            />
+          </Field>
+          <div>
+            <Component.Button
+              primary
+              disabled={loading || !basicValid}
+              label={
+                clusterDataLoaded && !clusterDataError
+                  ? strings.login.action.refresh()
+                  : strings.login.action.login()
+              }
+              waiting={basicAuthLoading}
+              onClick={handleLoginClick}
+            />
+          </div>
+        </>
+      )}
+      {ssoAuthLoading && (
+        <Message>
+          <Component.Icon material="info" />
+          <p>{strings.login.sso.message()}</p>
+        </Message>
+      )}
     </Section>
   );
 };
-
-Login.propTypes = {
-  onLogin: propTypes.func.isRequired,
-  loading: propTypes.bool, // if data fetch related to login is taking place
-  disabled: propTypes.bool, // if login should be disabled entirely
-  cloudUrl: propTypes.string,
-  username: propTypes.string,
-  password: propTypes.string,
-};