Merge pull request #55 from ruromero/feat/generic-scripts

feat!: make authentication generic and add scripts

Author: ruromero

README.md

@@ -51,60 +51,25 @@ This node currently supports the following operations:
 
 ## Credentials
 
-This node supports two OAuth2 credential types for authenticating with Red Hat Dependency Analytics:
+This node supports Client Credentials OAuth2 type for authenticating with Red Hat Dependency Analytics.
 
-### 1. Trustify (Authorization Code - User Authentication) OAuth2 API
+### RHTPA Client Credentials
 
-**Purpose:** User authentication flow where individual users authenticate through Red Hat SSO. This is ideal for interactive workflows where users need to authenticate themselves.
+- Use when connecting to RHTPA cloud services
+- Required parameters: (Provided by the RHTPA team upon request)
+  - Client ID
+  - Client Secret
 
-**Configuration:**
-- **Authorization URL:** `https://sso.example.com/auth/realms/trustify/protocol/openid-connect/auth`
-- **Access Token URL:** `https://sso.example.com/auth/realms/trustify/protocol/openid-connect/token`
-- **Grant Type:** `authorizationCode`
-- **Authentication:** `header`
+### Trustify Client Credentials
 
-### 2. Trustify Client Credentials (Machine-to-Machine) OAuth2 API
-
-**Purpose:** Machine-to-machine authentication using client credentials. This is ideal for automated workflows, CI/CD pipelines, and server-to-server communication where no user interaction is required.
-
-**Configuration:**
-- **Access Token URL:** `https://sso.example.com/auth/realms/trustify/protocol/openid-connect/token`
-- **Grant Type:** `clientCredentials`
-- **Authentication:** `header`
-
-### Environment Variables
-
-Both credential types support the following environment variables for configuration:
-
-| Environment Variable | Description | Default Value |
-|---------------------|-------------|---------------|
-| `TRUSTIFY_SSO_URL` | Base SSO URL (suffixed with `/protocol/openid-connect/auth` and `/protocol/openid-connect/token`) | `https://sso.example.com/auth/realms/trustify` |
-| `TRUSTIFY_CLIENT_ID` | OAuth2 client ID | Empty string |
-| `TRUSTIFY_CLIENT_SECRET` | OAuth2 client secret | Empty string |
-| `TRUSTIFY_SCOPE` | OAuth2 scopes (space-separated) | `openid` |
-
-**Note:** When `TRUSTIFY_SSO_URL` is defined, it automatically generates:
-- Authorization URL: `${TRUSTIFY_SSO_URL}/protocol/openid-connect/auth`
-- Access Token URL: `${TRUSTIFY_SSO_URL}/protocol/openid-connect/token`
-
-### Environment Variable Behavior
-
-- **When defined:** The corresponding credential field becomes hidden in the n8n UI and uses the environment variable value
-- **When not defined:** The credential field is visible in the n8n UI and can be configured manually
-
-### Choosing Between Credential Types
-
-- **Use Authorization Code OAuth2** when:
-  - Users need to authenticate individually
-  - Interactive workflows requiring user consent
-  - Personal or user-specific data access
-
-- **Use Client Credentials OAuth2** when:
-  - Automated workflows and CI/CD pipelines
-  - Server-to-server communication
-  - No user interaction required
-  - Service account authentication
+- Use when connecting to:
+  - On premise Trustify instance
+  - Local development
+- It requires that in your SSO provider a confidential client exists
+  - The Trustify instance accepts this client id
+  - The Trustify instance can map the client or scope to the necessary permissions
 
+For more information refer to the [Trustify - OIDC Docs](https://github.com/guacsec/trustify/blob/main/docs/oidc.md)
 
 ## Compatibility
 

credentials/RHTPAClientCredsOAuth2Api.credentials.ts

@@ -0,0 +1,56 @@
+import { ICredentialType, INodeProperties } from 'n8n-workflow';
+
+export class RHTPAClientCredsOAuth2Api implements ICredentialType {
+  name = 'rhtpaClientCredsOAuth2Api';
+  displayName = 'Red Hat Trusted Profile Analyzer (Client Credentials) OAuth2 API';
+  documentationUrl = 'https://access.redhat.com/products/red-hat-trusted-profile-analyzer';
+  extends = ['oAuth2Api'];
+  properties: INodeProperties[] = [
+    {
+      displayName: 'Access Token URL',
+      name: 'accessTokenUrl',
+      type: 'hidden' as const,
+      default: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token',
+      description: 'URL for exchanging credentials for access token',
+      required: true,
+    },
+    {
+      displayName: 'Client ID',
+      name: 'clientId',
+      type: 'string' as const,
+      default: '',
+      description: 'OAuth2 client ID',
+      required: true,
+    },
+    {
+      displayName: 'Client Secret',
+      name: 'clientSecret',
+      type: 'string' as const,
+      default: '',
+      description: 'OAuth2 client secret',
+      required: true,
+      typeOptions: { password: true },
+    },
+    {
+      displayName: 'Scope',
+      name: 'scope',
+      type: 'hidden' as const,
+      default: 'openid',
+      description: 'OAuth2 scopes to request (space-separated)',
+      required: true,
+      placeholder: 'e.g. openid',
+    },
+    {
+      displayName: 'Grant Type',
+      name: 'grantType',
+      type: 'hidden' as const,
+      default: 'clientCredentials',
+    },
+    {
+      displayName: 'Authentication',
+      name: 'authentication',
+      type: 'hidden' as const,
+      default: 'header',
+    },
+  ];
+}

credentials/TrustifyAuthCodeOAuth2Api.credentials.ts

@@ -2,43 +2,41 @@ import { ICredentialType, INodeProperties } from 'n8n-workflow';
 
 export class TrustifyClientCredsOAuth2Api implements ICredentialType {
   name = 'trustifyClientCredsOAuth2Api';
-  displayName = 'Trustify Client Credentials (Machine-to-Machine) OAuth2 API';
+  displayName = 'Trustify (Client Credentials) OAuth2 API';
   documentationUrl = 'https://access.redhat.com/products/red-hat-trusted-profile-analyzer';
   extends = ['oAuth2Api'];
   properties: INodeProperties[] = [
     {
       displayName: 'Access Token URL',
       name: 'accessTokenUrl',
-      type: process.env['TRUSTIFY_SSO_URL'] ? ('hidden' as const) : ('string' as const),
-      default: process.env['TRUSTIFY_SSO_URL']
-        ? `${process.env['TRUSTIFY_SSO_URL']}/protocol/openid-connect/token`
-        : 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token',
+      type: 'string' as const,
+      default: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token',
       description: 'URL for exchanging credentials for access token',
       required: true,
     },
     {
       displayName: 'Client ID',
       name: 'clientId',
-      type: process.env['TRUSTIFY_CLIENT_ID'] ? ('hidden' as const) : ('string' as const),
-      default: process.env['TRUSTIFY_CLIENT_ID'] ?? '',
+      type: 'string' as const,
+      default: '',
       description: 'OAuth2 client ID',
       required: true,
     },
     {
       displayName: 'Client Secret',
       name: 'clientSecret',
-      type: process.env['TRUSTIFY_CLIENT_SECRET'] ? ('hidden' as const) : ('string' as const),
-      default: process.env['TRUSTIFY_CLIENT_SECRET'] ?? '',
+      type: 'string' as const,
+      default: '',
       description: 'OAuth2 client secret',
       required: true,
       typeOptions: { password: true },
     },
     {
       displayName: 'Scope',
       name: 'scope',
-      type: process.env['TRUSTIFY_SCOPE'] ? ('hidden' as const) : ('string' as const),
-      default: process.env['TRUSTIFY_SCOPE'] ?? 'openid',
-      description: 'Scopes to request (space-separated)',
+      type: 'string' as const,
+      default: 'openid',
+      description: 'OAuth2 scopes to request (space-separated)',
       required: true,
       placeholder: 'e.g. openid',
     },

credentials/TrustifyClientCredsOAuth2Api.credentials.ts

@@ -10,22 +10,22 @@ import {
 import { properties } from './descriptions';
 import { dispatch } from './actions';
 
-const trustifyCredentials: INodeCredentialDescription[] = [
+const credentials: INodeCredentialDescription[] = [
   {
     name: 'trustifyClientCredsOAuth2Api',
     required: true,
     displayOptions: {
       show: {
-        authMethod: ['clientCredentials'],
+        authMethod: ['trustifyClientCredentials'],
       },
     },
   },
   {
-    name: 'trustifyAuthCodeOAuth2Api',
+    name: 'rhtpaClientCredsOAuth2Api',
     required: true,
     displayOptions: {
       show: {
-        authMethod: ['authorizationCode'],
+        authMethod: ['rhtpaClientCredentials'],
       },
     },
   },
@@ -46,10 +46,9 @@ export class DependencyAnalytics implements INodeType {
     inputs: [NodeConnectionType.Main],
     outputs: [NodeConnectionType.Main],
     usableAsTool: true,
-    credentials: trustifyCredentials,
+    credentials: credentials,
     requestDefaults: {
-      // baseURL: 'https://server-tpa.apps.tpaqe-1.lab.eng.rdu2.redhat.com',
-      baseURL: process.env['TRUSTIFY_BASE_URL'] || 'https://rhtpa.stage.redhat.com/api/v2/',
+      baseURL: 'https://rhtpa.stage.redhat.com/api/v2/',
       headers: {
         Accept: 'application/json',
         'Content-Type': 'application/json',

nodes/DependencyAnalytics/DependencyAnalytics.node.ts

@@ -14,13 +14,20 @@ describe('Tests for common.properties.ts', () => {
     const authMethod = commonProperties.find((p) => p.name === 'authMethod');
     expect(authMethod).toBeDefined();
     expect(authMethod?.type).toBe('options');
+    expect(authMethod?.options).toHaveLength(2);
     expect(authMethod?.options).toEqual(
       expect.arrayContaining([
-        expect.objectContaining({ name: 'Authorization Code', value: 'authorizationCode' }),
-        expect.objectContaining({ name: 'Client Credentials', value: 'clientCredentials' }),
+        expect.objectContaining({
+          name: 'Trustify Client Credentials',
+          value: 'trustifyClientCredentials',
+        }),
+        expect.objectContaining({
+          name: 'RHTPA Client Credentials',
+          value: 'rhtpaClientCredentials',
+        }),
       ]),
     );
-    expect(authMethod?.default).toBe('authorizationCode');
+    expect(authMethod?.default).toBe('rhtpaClientCredentials');
   });
 
   test('It should include baseURL property with default and description', () => {

nodes/DependencyAnalytics/Properties.spec.ts

@@ -424,7 +424,11 @@ describe('Tests for http.ts', () => {
       getNodeParameter: jest.fn().mockReturnValue('https://api.foobar.com///'),
     };
     const result = getBase(mockCtx as any, 0);
-    expect(mockCtx.getNodeParameter).toHaveBeenCalledWith('baseURL', 0);
+    expect(mockCtx.getNodeParameter).toHaveBeenCalledWith(
+      'baseURL',
+      0,
+      'https://rhtpa.stage.devshift.net/api/v2/',
+    );
     expect(result).toBe('https://api.foobar.com');
   });
 
@@ -436,9 +440,9 @@ describe('Tests for http.ts', () => {
     expect(result).toBe('https://api.foobar.com');
   });
 
-  test('It should return `trustifyClientOAuth2Api`', () => {
+  test('It should return `trustifyClientCredsOAuth2Api`', () => {
     const mockCtx = {
-      getNodeParameter: jest.fn().mockReturnValue('clientCredentials'),
+      getNodeParameter: jest.fn().mockReturnValue('trustifyClientCredentials'),
     };
     const result = chooseCredential(mockCtx as any, 1);
     expect(result).toBe('trustifyClientCredsOAuth2Api');

nodes/DependencyAnalytics/Utils.spec.ts

@@ -6,20 +6,26 @@ export const commonProperties: INodeProperties[] = [
     name: 'authMethod',
     type: 'options',
     options: [
-      { name: 'Authorization Code', value: 'authorizationCode' },
-      { name: 'Client Credentials', value: 'clientCredentials' },
+      { name: 'Trustify Client Credentials', value: 'trustifyClientCredentials' },
+      { name: 'RHTPA Client Credentials', value: 'rhtpaClientCredentials' },
     ],
-    default: 'authorizationCode',
-    description: 'Choose how to authenticate to Trustify API',
+    default: 'rhtpaClientCredentials',
+    description: 'Choose how to authenticate to the API',
+    required: true,
   },
   {
     displayName: 'Base URL',
     name: 'baseURL',
     type: 'string',
     default: 'http://localhost:8080/api/v2/',
-    placeholder: 'e.g. https://your-trustify-instance.com/api/v2/',
+    placeholder: 'e.g. http://localhost:8080/api/v2/',
     description: 'The base URL for your Trustify API instance',
     required: true,
+    displayOptions: {
+      show: {
+        authMethod: ['trustifyClientCredentials'],
+      },
+    },
   },
   {
     displayName: 'Resource',