service account impersonation

maciaszczykm · maciaszczykm · commit 55cdf60e4745 · 2024-10-30T15:06:08.000+01:00
diff --git a/www/src/components/account/User.tsx b/www/src/components/account/User.tsx
@@ -10,7 +10,11 @@ import { Button, Span } from 'honorable'
 import { useContext, useMemo, useState } from 'react'
 
 import CurrentUserContext from '../../contexts/CurrentUserContext'
-import { Permission, useUpdateUserMutation } from '../../generated/graphql'
+import {
+  Permission,
+  useImpersonateServiceAccountMutation,
+  useUpdateUserMutation,
+} from '../../generated/graphql'
 import {
   fetchToken,
   setPreviousUserData,
@@ -25,6 +29,7 @@ import { EditServiceAccount } from './CreateServiceAccount'
 import { MoreMenu } from './MoreMenu'
 import { IMPERSONATE_SERVICE_ACCOUNT } from './queries'
 import { hasRbac } from './utils'
+import useImpersonatedServiceAccount from '../../hooks/useImpersonatedServiceAccount'
 
 export function UserInfo({
   user: { email, name, avatar },
@@ -185,21 +190,11 @@ export function User({ user, update }: any) {
 export function ServiceAccount({ user, update }: any) {
   const me = useContext(CurrentUserContext)
   const editable = canEdit(me, me.account) || hasRbac(me, Permission.Users)
-  const [mutation, { error }] = useMutation(IMPERSONATE_SERVICE_ACCOUNT, {
+  const [mutation, { error }] = useImpersonateServiceAccountMutation({
     variables: { id: user.id },
-    update: (
-      _cache,
-      {
-        data: {
-          impersonateServiceAccount: { jwt },
-        },
-      }
-    ) => {
-      setPreviousUserData({
-        me,
-        jwt: fetchToken(),
-      })
-      setToken(jwt)
+    update: (_cache, { data }) => {
+      setPreviousUserData({ me, jwt: fetchToken() })
+      setToken(data?.impersonateServiceAccount?.jwt)
       ;(window as Window).location = '/'
     },
   })
diff --git a/www/src/components/account/queries.ts b/www/src/components/account/queries.ts
@@ -177,14 +177,6 @@ export const AUDITS_Q = gql`
   ${AuditFragment}
 `
 
-export const IMPERSONATE_SERVICE_ACCOUNT = gql`
-  mutation Impersonate($id: ID) {
-    impersonateServiceAccount(id: $id) {
-      jwt
-    }
-  }
-`
-
 export const DNS_DOMAINS = gql`
   query Domains($cursor: String) {
     dnsDomains(after: $cursor, first: 50) {
diff --git a/www/src/generated/graphql.ts b/www/src/generated/graphql.ts
@@ -6156,6 +6156,7 @@ export type LoginMutationVariables = Exact<{
 export type LoginMutation = { __typename?: 'RootMutationType', login?: { __typename?: 'User', jwt?: string | null } | null };
 
 export type ImpersonateServiceAccountMutationVariables = Exact<{
+  id?: InputMaybe<Scalars['ID']['input']>;
   email?: InputMaybe<Scalars['String']['input']>;
 }>;
 
@@ -11362,8 +11363,8 @@ export type LoginMutationHookResult = ReturnType<typeof useLoginMutation>;
 export type LoginMutationResult = Apollo.MutationResult<LoginMutation>;
 export type LoginMutationOptions = Apollo.BaseMutationOptions<LoginMutation, LoginMutationVariables>;
 export const ImpersonateServiceAccountDocument = gql`
-    mutation ImpersonateServiceAccount($email: String) {
-  impersonateServiceAccount(email: $email) {
+    mutation ImpersonateServiceAccount($id: ID, $email: String) {
+  impersonateServiceAccount(id: $id, email: $email) {
     jwt
     email
   }
@@ -11384,6 +11385,7 @@ export type ImpersonateServiceAccountMutationFn = Apollo.MutationFunction<Impers
  * @example
  * const [impersonateServiceAccountMutation, { data, loading, error }] = useImpersonateServiceAccountMutation({
  *   variables: {
+ *      id: // value for 'id'
  *      email: // value for 'email'
  *   },
  * });
diff --git a/www/src/graph/users.graphql b/www/src/graph/users.graphql
@@ -251,8 +251,8 @@ mutation Login(
   }
 }
 
-mutation ImpersonateServiceAccount($email: String) {
-  impersonateServiceAccount(email: $email) {
+mutation ImpersonateServiceAccount($id: ID, $email: String) {
+  impersonateServiceAccount(id: $id, email: $email) {
     jwt
     email
   }
diff --git a/www/src/hooks/useImpersonatedServiceAccount.tsx b/www/src/hooks/useImpersonatedServiceAccount.tsx
@@ -5,16 +5,11 @@ import memoize from 'lodash/memoize'
 import { buildClient, client as defaultClient } from '../helpers/client'
 import { IMPERSONATE_SERVICE_ACCOUNT } from '../components/account/queries'
 import { fetchToken } from '../helpers/authentication'
+import { useImpersonateServiceAccountMutation } from '../generated/graphql'
 
 // Cache tokens with service account ID as keys.
 const getImpersonatedToken = memoize((id, mutation) =>
-  mutation().then(
-    ({
-      data: {
-        impersonateServiceAccount: { jwt },
-      },
-    }) => jwt
-  )
+  mutation().then(({ data }) => data?.impersonateServiceAccount?.jwt)
 )
 
 // Cache clients with impersonated service account tokens as keys.
@@ -26,7 +21,7 @@ export default function useImpersonatedServiceAccount(
 ) {
   const [client, setClient] = useState<ApolloClient<unknown> | undefined>()
   const [token, setToken] = useState<any | undefined>()
-  const [mutation, { error }] = useMutation(IMPERSONATE_SERVICE_ACCOUNT, {
+  const [mutation, { error }] = useImpersonateServiceAccountMutation({
     variables: { id },
   })
 

Original file line number	Diff line number	Diff line change
`@@ -251,8 +251,8 @@ mutation Login(`
`251`	`251`	`}`
`252`	`252`	`}`
`253`	`253`
`254`		`-mutation ImpersonateServiceAccount($email: String) {`
`255`		`- impersonateServiceAccount(email: $email) {`
	`254`	`+mutation ImpersonateServiceAccount($id: ID, $email: String) {`
	`255`	`+ impersonateServiceAccount(id: $id, email: $email) {`
`256`	`256`	`jwt`
`257`	`257`	`email`
`258`	`258`	`}`