remove integration providers

Signed-off-by: Jan Richter <jrichter@redhat.com>

Author: jrichter1

docs/api/helpers/login-helper.md

@@ -46,9 +46,9 @@ async loginAsGithubUser(): Promise<void>
 Login using GitHub OAuth.
 
 **Required environment variables:**
-- `GH_USER_NAME`
-- `GH_USER_PASSWORD`
-- `GH_2FA_SECRET`
+- `VAULT_GH_USER_NAME`
+- `VAULT_GH_USER_PASSWORD`
+- `VAULT_GH_2FA_SECRET`
 
 ### `signOut()`
 

docs/guide/configuration/environment-variables.md

@@ -83,10 +83,10 @@ For GitHub integration:
 
 | Variable | Description | Required |
 |----------|-------------|----------|
-| `GITHUB_TOKEN` | GitHub personal access token | For API/auth |
-| `GH_USER_NAME` | GitHub username | For login |
-| `GH_USER_PASSWORD` | GitHub password | For login |
-| `GH_2FA_SECRET` | 2FA secret for OTP | For login |
+| `VAULT_GITHUB_USER_TOKEN` | GitHub personal access token | For API/auth |
+| `VAULT_GH_USER_NAME` | GitHub username | For login |
+| `VAULT_GH_USER_PASSWORD` | GitHub password | For login |
+| `VAULT_GH_2FA_SECRET` | 2FA secret for OTP | For login |
 
 ## Custom Variables
 

docs/guide/deployment/authentication.md

@@ -120,9 +120,9 @@ test.beforeAll(async ({ rhdh }) => {
 
 ## GitHub Authentication
 
-### Configuration
+Allows authentication using github OAuth application. 
 
-This will configure a github oauth application for authentication, as well as github integration and github org catalog provider:
+### Configuration
 
 ```typescript
 await rhdh.configure({ auth: "github" });
@@ -139,7 +139,6 @@ test.beforeEach(async ({ loginHelper }) => {
 });
 ```
 By default, test user credentials will be pulled from the global workspace in vault.
-If you want to override them, you need to set the following env variables: `GH_USER_ID`, `GH_USER_PASS`, `GH_2FA_SECRET`
 
 ::: warning
 GitHub authentication requires 2FA secret for automated logins. This is more complex to set up than guest or Keycloak auth.
@@ -172,12 +171,6 @@ Configuring github auth provider will populate the following variables from glob
 |----------|-------------|
 | `VAULT_GITHUB_OAUTH_OVERLAYS_APP_ID` | GitHub OAuth application ID |
 | `VAULT_GITHUB_OAUTH_OVERLAYS_APP_SECRET` | GitHub OAuth application client secret |
-| `VAULT_GITHUB_OVERLAYS_APP_ID` | GitHub integration application ID |
-| `VAULT_GITHUB_OVERLAYS_APP_CLIENT_ID` | GitHub integration application client ID |
-| `VAULT_GITHUB_OVERLAYS_APP_CLIENT_SECRET` | GitHub integration application client secret |
-| `VAULT_GITHUB_OVERLAYS_APP_PRIVATE_KEY` | GitHub integration application private key |
-| `VAULT_GITHUB_OVERLAYS_APP_WEBHOOK_URL` | GitHub integration application webhook URL |
-| `VAULT_GITHUB_OVERLAYS_APP_WEBHOOK_SECRET` | GitHub integration application webhook secret |
 | `VAULT_GITHUB_ORG` | GitHub test organization for the catalog provider |
 | `VAULT_GH_USER_ID` | GitHub test user |
 | `VAULT_GH_USER_PASS` | Password for GitHub test user |

docs/guide/helpers/login-helper.md

@@ -62,9 +62,9 @@ await loginHelper.loginAsGithubUser();
 ```
 
 Required environment variables:
-- `GH_USER_NAME` - GitHub username
-- `GH_USER_PASSWORD` - GitHub password
-- `GH_2FA_SECRET` - GitHub 2FA secret (for OTP generation)
+- `VAULT_GH_USER_NAME` - GitHub username
+- `VAULT_GH_USER_PASSWORD` - GitHub password
+- `VAULT_GH_2FA_SECRET` - GitHub 2FA secret (for OTP generation)
 
 ::: warning
 GitHub login requires 2FA secret for automated OTP generation. This is more complex to set up.
@@ -192,9 +192,9 @@ test("login flow", async ({ page, loginHelper }) => {
 
 | Variable | Description | Required |
 |----------|-------------|----------|
-| `GH_USER_NAME` | GitHub username | Yes |
-| `GH_USER_PASSWORD` | GitHub password | Yes |
-| `GH_2FA_SECRET` | 2FA secret for OTP | Yes |
+| `VAULT_GH_USER_NAME` | GitHub username | Yes |
+| `VAULT_GH_USER_PASSWORD` | GitHub password | Yes |
+| `VAULT_GH_2FA_SECRET` | 2FA secret for OTP | Yes |
 
 ## Troubleshooting
 

src/deployment/rhdh/config/auth/github/app-config.yaml

@@ -10,24 +10,8 @@ auth:
         callbackUrl: ${RHDH_BASE_URL}/api/auth/github/handler/frame
 signInPage: github
 catalog:
-  rules:
-    - allow: [User, Group]
-  providers:
-    github:
-      providerId:
-        organization: "${GITHUB_ORG}"
-    githubOrg:
-      id: production
-      githubUrl: ${GITHUB_URL}
-      orgs: ["${GITHUB_ORG}"]
-integrations:
-  github:
-    - host: github.com
-      apps:
-        - appId: ${GITHUB_APP_APP_ID}
-          clientId: ${GITHUB_APP_CLIENT_ID}
-          clientSecret: ${GITHUB_APP_CLIENT_SECRET}
-          webhookUrl: ${GITHUB_APP_WEBHOOK_URL}
-          webhookSecret: ${GITHUB_APP_WEBHOOK_SECRET}
-          privateKey: |
-            ${GITHUB_APP_PRIVATE_KEY}
+  locations:
+    - type: url
+      target: https://github.com/janus-qe/test-user-entity/blob/main/user.yaml
+      rules:
+        - allow: [User]

src/deployment/rhdh/config/auth/github/secrets.yaml

@@ -4,12 +4,6 @@ metadata:
   name: rhdh-secrets
 type: Opaque
 stringData:
-  GITHUB_APP_APP_ID: $VAULT_GITHUB_OVERLAYS_APP_ID
-  GITHUB_APP_CLIENT_ID: $VAULT_GITHUB_OVERLAYS_APP_CLIENT_ID
-  GITHUB_APP_CLIENT_SECRET: $VAULT_GITHUB_OVERLAYS_APP_CLIENT_SECRET
-  GITHUB_APP_PRIVATE_KEY: "${VAULT_GITHUB_OVERLAYS_APP_PRIVATE_KEY}"
-  GITHUB_APP_WEBHOOK_URL: $VAULT_GITHUB_OVERLAYS_APP_WEBHOOK_SECRET
-  GITHUB_APP_WEBHOOK_SECRET: $VAULT_GITHUB_OVERLAYS_APP_WEBHOOK_URL
   GITHUB_OAUTH_APP_ID: $VAULT_GITHUB_OAUTH_OVERLAYS_APP_ID
   GITHUB_OAUTH_APP_SECRET: $VAULT_GITHUB_OAUTH_OVERLAYS_APP_SECRET
   GITHUB_ORG: $VAULT_GITHUB_ORG

src/deployment/rhdh/constants.ts

@@ -1,5 +1,6 @@
 import path from "path";
 import type { AuthProvider } from "./types.js";
+import { MergeOptions } from "../../utils/merge-yamls.js";
 
 // Navigate from dist/deployment/rhdh/ to package root
 const PACKAGE_ROOT = path.resolve(import.meta.dirname, "../../..");
@@ -33,7 +34,12 @@ export const DEFAULT_CONFIG_PATHS = {
 
 export const AUTH_CONFIG_PATHS: Record<
   AuthProvider,
-  { appConfig: string; secrets: string; dynamicPlugins: string }
+  {
+    appConfig: string;
+    secrets: string;
+    dynamicPlugins: string;
+    mergeStrategy?: MergeOptions;
+  }
 > = {
   guest: {
     appConfig: path.join(
@@ -70,6 +76,7 @@ export const AUTH_CONFIG_PATHS: Record<
       PACKAGE_ROOT,
       "dist/deployment/rhdh/config/auth/github/dynamic-plugins.yaml",
     ),
+    mergeStrategy: { arrayMergeStrategy: { byKey: "target" } },
   },
 };
 

src/deployment/rhdh/deployment.ts

@@ -60,11 +60,14 @@ export class RHDHDeployment {
 
   private async _applyAppConfig(): Promise<void> {
     const authConfig = AUTH_CONFIG_PATHS[this.deploymentConfig.auth];
-    const appConfigYaml = await mergeYamlFilesIfExists([
-      DEFAULT_CONFIG_PATHS.appConfig,
-      authConfig.appConfig,
-      this.deploymentConfig.appConfig,
-    ]);
+    const appConfigYaml = await mergeYamlFilesIfExists(
+      [
+        DEFAULT_CONFIG_PATHS.appConfig,
+        authConfig.appConfig,
+        this.deploymentConfig.appConfig,
+      ],
+      authConfig.mergeStrategy,
+    );
     this._logBoxen("App Config", appConfigYaml);
 
     await this.k8sClient.applyConfigMapFromObject(

src/playwright/helpers/api-helper.ts

@@ -23,7 +23,7 @@ export class APIHelper {
       method: method,
       headers: {
         Accept: "application/vnd.github+json",
-        Authorization: `Bearer ${process.env.GH_RHDH_QE_USER_TOKEN || process.env.VAULT_GITHUB_USER_TOKEN}`,
+        Authorization: `Bearer ${process.env.VAULT_GITHUB_USER_TOKEN}`,
         "X-GitHub-Api-Version": this.githubAPIVersion,
       },
     };

src/playwright/helpers/common.ts

@@ -43,11 +43,17 @@ export class LoginHelper {
     await this.page.fill("#login_field", userid);
 
     switch (userid) {
-      case process.env.GH_USER_ID:
-        await this.page.fill("#password", process.env.GH_USER_PASS as string);
+      case process.env.VAULT_GH_USER_ID:
+        await this.page.fill(
+          "#password",
+          process.env.VAULT_GH_USER_PASS as string,
+        );
         break;
-      case process.env.GH_USER2_ID:
-        await this.page.fill("#password", process.env.GH_USER2_PASS as string);
+      case process.env.VAULT_GH_USER2_ID:
+        await this.page.fill(
+          "#password",
+          process.env.VAULT_GH_USER2_PASS as string,
+        );
         break;
       default:
         throw new Error("Invalid User ID");
@@ -95,14 +101,10 @@ export class LoginHelper {
     await this.page.waitForSelector("nav a", { timeout: 10_000 });
   }
 
-  async loginAsGithubUser(userid: string = process.env.GH_USER_ID as string) {
+  async loginAsGithubUser(
+    userid: string = process.env.VAULT_GH_USER_ID as string,
+  ) {
     // Load the defaults from vault if not set by the user
-    if (!userid) {
-      userid = process.env.VAULT_GH_USER_ID as string;
-      process.env.GH_USER_ID = userid;
-      process.env.GH_USER_PASS = process.env.VAULT_GH_USER_PASS;
-      process.env.GH_2FA_SECRET = process.env.VAULT_GH_2FA_SECRET;
-    }
     const sessionFileName = `authState_${userid}.json`;
 
     // Check if a session file for this specific user already exists
@@ -214,8 +216,9 @@ export class LoginHelper {
 
   getGitHub2FAOTP(userid: string): string {
     const secrets: { [key: string]: string | undefined } = {
-      [process.env.GH_USER_ID as string]: process.env.GH_2FA_SECRET,
-      [process.env.GH_USER2_ID as string]: process.env.GH_USER2_2FA_SECRET,
+      [process.env.VAULT_GH_USER_ID as string]: process.env.VAULT_GH_2FA_SECRET,
+      [process.env.VAULT_GH_USER2_ID as string]:
+        process.env.VAULT_GH_USER2_2FA_SECRET,
     };
 
     const secret = secrets[userid];