Remove saas codelab implementation (#45)

* Remove saas codelab implementation * remove project prefix log
doitintl · Jul 25, 2024 · d28ca8e · d28ca8e
1 parent 7b0eb8b
commit d28ca8e
Show file tree

Hide file tree

Showing 13 changed files with 15 additions and 85 deletions.
diff --git a/api/Account.py b/api/Account.py
@@ -4,40 +4,11 @@
 
 from config import settings
 
-# https://cloud.google.com/marketplace/docs/partners/integrated-saas/backend-integration#create-account
+
 def handle_account(account_msg: dict, procurement_api: ProcurementApi):
     """Handles incoming Pub/Sub messages about account resources."""
 
     account_id = account_msg["id"]
 
     account = procurement_api.get_account(account_id)
     logger.debug("got account", account=account)
-    ############################## IMPORTANT ##############################
-    ### In true integrations, Pub/Sub messages for new accounts should  ###
-    ### be ignored. Account approvals are granted as a one-off action   ###
-    ### during customer sign up. This codelab does not include the sign ###
-    ### up flow, so it chooses to approve accounts here instead.        ###
-    ### Production code for real, non-codelab services should never     ###
-    ### blindly approve these. The following should be done as a result ###
-    ### of a user signing up.                                           ###
-    #######################################################################
-    if account and settings.IS_CODELAB:
-        approval = None
-        for account_approval in account["approvals"]:
-            if account_approval["name"] == "signup":
-                approval = account_approval
-                break
-        logger.debug("found approval", approval=approval)
-
-        if approval:
-            if approval["state"] == "PENDING":
-                # See above note. Actual production integrations should not
-                # approve blindly when receiving a message.
-                logger.debug("approving account in procurementApi")
-                procurement_api.approve_account(account_id)
-
-            elif approval["state"] == "APPROVED":
-                logger.info("account is approved")
-        else:
-            logger.debug("no approval found")
-            # The account has been deleted
diff --git a/api/Entitlement.py b/api/Entitlement.py
@@ -91,7 +91,7 @@ def handle_entitlement(
     # Get the product name from the entitlement object
     product_name = entitlement["product"]
     logger.info("entitlement for", product_name=product_name)
-    # Get the first substring from a split using . as the separator. Should be safe for prod and Codelab
+    # Get the first substring from a split using . as the separator.
     product_name = product_name.split(".")[0]
     # Load DynaConf settings for the product
     product_settings = settings.from_env(product_name)

diff --git a/api/README.md b/api/README.md
@@ -38,5 +38,4 @@ auto_approve_entitlements = true
 - AUTO_APPROVE_ENTITLEMENTS - Causes the processor to automatically approve entitlement creation requests
 - SLACK_WEBHOOK - The slack hook to send event notifications to (new entitlement requests only)
 - EVENT_TOPIC - The topic to publish create/update/delete events on. This is the topic the ISV listens on to know when to create their infra
-- BACKEND_PROJECT - The project this backend runs in. Can be the same as the MARKETPLACE_PROJECT
-- IS_CODELAB - Internal. Flag to run in codelab mode. Enables approving accounts because codelab has no frontend integration
+- BACKEND_PROJECT - The project this backend runs in. Can be the same as the MARKETPLACE_PROJECT
diff --git a/api/config.py b/api/config.py
@@ -21,8 +21,6 @@
     Validator("slack_webhook", eq=None) | Validator("slack_webhook", is_type_of=str),
     # optional. If set, google pubsub will be used.
     Validator("event_topic", eq=None) | Validator("event_topic", is_type_of=str),
-    # not optional. If set, codelab mode is enabled.
-    Validator("is_codelab", must_exist=True, is_type_of=bool),
 )
 
 settings.validators.validate_all()
diff --git a/api/default_settings.toml b/api/default_settings.toml
@@ -6,4 +6,3 @@ slack_webhook = '@none None'       # Optional. The webhook URL to send Slack mes
 audience = 'api.dns_zone_name'
 
 [global] # global will override everything
-is_codelab = false
diff --git a/api/procurement_api.py b/api/procurement_api.py
@@ -11,9 +11,6 @@
 from config import settings
 
 PROCUREMENT_API = "cloudcommerceprocurement"
-PROJECT_PREFIX = "DEMO-" if settings["is_codelab"] else ""
-logger.info(f"project prefix", project_prefix=PROJECT_PREFIX)
-
 FIFTEEN_MINUTES = 900
 
 
@@ -30,10 +27,10 @@ def __init__(self, project_id):
 
     def get_account_id(self, name):
         # name is of format "providers/DEMO-project_id/accounts/12345"
-        return name[len(f"providers/{PROJECT_PREFIX}{self.project_id}/accounts/") :]
+        return name[len(f"providers/{self.project_id}/accounts/") :]
 
     def get_account_name(self, account_id):
-        return f"providers/{PROJECT_PREFIX}{self.project_id}/accounts/{account_id}"
+        return f"providers/{self.project_id}/accounts/{account_id}"
 
     @on_exception(expo, RateLimitException, max_tries=8)
     @limits(calls=15, period=FIFTEEN_MINUTES)
@@ -78,7 +75,7 @@ def reset_account(self, account_id):
 
     def _get_entitlement_name(self, entitlement_id):
         return (
-            f"providers/{PROJECT_PREFIX}{self.project_id}/entitlements/{entitlement_id}"
+            f"providers/{self.project_id}/entitlements/{entitlement_id}"
         )
 
     def get_entitlement_id(self, name):
@@ -149,7 +146,7 @@ def list_entitlements(self, state="ACTIVATION_REQUESTED", account_id=None):
             self.service.providers()
             .entitlements()
             .list(
-                parent=f"providers/{PROJECT_PREFIX}{self.project_id}",
+                parent=f"providers/{self.project_id}",
                 filter=f"state={state}{account_filter}",
             )
         )

diff --git a/docs/terraform/app_deploy/README.md b/docs/terraform/app_deploy/README.md
@@ -67,11 +67,4 @@ users need to be granted the `IAP-secured Web App User` role on the [IAP console
 |external_ip_name | your-project-id-public-ip | the name for the IP address used for the Load Balancer|
 |topic_name | topic-name-created-by-google | the name of the topic as defined in the Producer Portal (created by Google)|
 
-
-# iSaas Codelab vs Production
-|This terraform should be deployed once for the iSaaS Codelab (with the `TF_VAR_is_codelab|true`) | desc|
-It should be deployed separately for a production version of Doit-easily (with the `TF_VAR_is_codelab` omitted (`false`))
-
-
-
 [1]: ../setup/
diff --git a/docs/terraform/app_deploy/app.tf b/docs/terraform/app_deploy/app.tf
@@ -1,7 +1,7 @@
 #the doit-easily cloud run service
 resource "google_cloud_run_service" "doit_easily_cloudrun_service" {
   location = var.cloudrun_location
-  name     = "doit-easily${local.codelab_suffix}"
+  name     = "doit-easily"
   project = var.project_id
   template {
     spec {

diff --git a/docs/terraform/app_deploy/custom-settings.toml b/docs/terraform/app_deploy/custom-settings.toml
@@ -6,4 +6,4 @@ slack_webhook = '@none None'       # Optional. The webhook URL to send Slack mes
 audience = 'api.dns_zone_name'     # This should be set to match the configured DNS name
 
 [global] # global will override everything
-is_codelab = false
+
diff --git a/docs/terraform/app_deploy/pubsub.tf b/docs/terraform/app_deploy/pubsub.tf
@@ -1,7 +1,7 @@
 # the topic doit-easily publishes to (optional)
 resource "google_pubsub_topic" "event_topic" {
   count = var.event_topic_name != "" ? 1 : 0
-  name = "${var.event_topic_name}${local.codelab_suffix}"
+  name = "${var.event_topic_name}"
   project = var.project_id
 }
 
@@ -14,7 +14,7 @@ resource "google_pubsub_topic_iam_member" "event_topic_doit_easily_publisher" {
 
 #the subscription that get entitlement messages from Google
 resource "google_pubsub_subscription" "doit_easily_subscription" {
-  name     = "doit-easily${local.codelab_suffix}"
+  name     = "doit-easily"
   topic    = local.topic
   provider = google.prod_impersonation # get created as doit-easily SA, not the user running this terraform
   #  this must be deployed into the marketplace project

diff --git a/docs/terraform/app_deploy/variables.tf b/docs/terraform/app_deploy/variables.tf
@@ -11,10 +11,7 @@ variable "cloudrun_location" {
 variable "doit_easily_image" {
   description = "The image path of doit-easily to deploy"
 }
-variable "is_codelab" {
-  default = false
-  description = "Env variable for cloud run service. Flag to run in codelab mode. Enables approving accounts because codelab has no frontend integration"
-}
+
 variable "project_id" {
   description = "Env variable for cloud run service. The project id where your listing resides (and marketplace subscription)"
 }
@@ -89,9 +86,7 @@ variable "secret_version" {
 }
 
 locals {
-  demo_prefix = var.is_codelab ? "DEMO-" : ""
-  topic = "projects/cloudcommerceproc-prod/topics/${local.demo_prefix}${var.topic_name != "" ? var.topic_name : var.project_id}"
-  #  this module only handles a single installation, so either codelab SA or the one we created before....
-  service_account_email = var.is_codelab ? "saas-codelab@${var.project_id}.iam.gserviceaccount.com" : "doit-easily@${var.project_id}.iam.gserviceaccount.com"
-  codelab_suffix = var.is_codelab ? "-codelab" : ""
+  topic = "projects/cloudcommerceproc-prod/topics/${var.topic_name != "" ? var.topic_name : var.project_id}"
+  service_account_email = "doit-easily@${var.project_id}.iam.gserviceaccount.com"
+
 }
diff --git a/docs/terraform/setup/README.md b/docs/terraform/setup/README.md
@@ -6,6 +6,5 @@ Apply this Terraform once to create your project and service accounts required t
 
 Resources Created: 
 - GCP project
-- saas-codelab service account
 - doit-easily service account
 - IAM access for Google accounts
diff --git a/docs/terraform/setup/iam.tf b/docs/terraform/setup/iam.tf
@@ -53,24 +53,3 @@ resource "google_project_iam_member" "doit_easily_pubsub_editor" {
   project = var.project_id
   role    = "roles/pubsub.editor"
 }
-
-#the SA used for the saas-codelab
-resource "google_service_account" "saas_codelab_backend_integration_sa" {
-  account_id = "saas-codelab"
-  description = "Saas codelab backend integration"
-  project = var.project_id
-}
-
-#allowsaas-codelab to create tokens as itself (required for push pubsub subscription authentication)
-resource "google_service_account_iam_member" "saas_codelab_token_creator" {
-  member             = "serviceAccount:${google_service_account.saas_codelab_backend_integration_sa.email}"
-  role               = "roles/iam.serviceAccountTokenCreator"
-  service_account_id = google_service_account.saas_codelab_backend_integration_sa.id
-}
-
-#allow saas-codelab to use itself (required for push pubsub subscription authentication)
-resource "google_service_account_iam_member" "saas_codelab_sa_user" {
-  member             = "serviceAccount:${google_service_account.saas_codelab_backend_integration_sa.email}"
-  role               = "roles/iam.serviceAccountUser"
-  service_account_id = google_service_account.saas_codelab_backend_integration_sa.id
-}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -6,4 +6,3 @@ slack_webhook = '@none None' # Optional. The webhook URL to send Slack mes
		audience = 'api.dns_zone_name'

		[global] # global will override everything
		is_codelab = false
Original file line number	Diff line number	Diff line change
Expand Up		@@ -6,4 +6,4 @@ slack_webhook = '@none None' # Optional. The webhook URL to send Slack mes
		audience = 'api.dns_zone_name' # This should be set to match the configured DNS name

		[global] # global will override everything
		is_codelab = false