Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Domain-wide delegation for Google Calendar and Google Meet #16622

Open
wants to merge 101 commits into
base: main
Choose a base branch
from
Open

feat: Domain-wide delegation for Google Calendar and Google Meet #16622

wants to merge 101 commits into from
+4,768 −746

Conversation

hariombalhara
Copy link
Member

@hariombalhara hariombalhara commented Sep 13, 2024
edited
Loading

What does this PR do?

Demo - https://www.loom.com/share/1f9e7c79697847a8bb37490e9873fb26

For feature details refer to README

Detailed Changes

  • getCalendar now requires value of type CredentialForCalendarService which needs an explicit value for delegatedTo. It makes it clear to CalendarService how that Credential should be used.
    • For regular credentials,delegatedTo=null.
    • For DWD credentials, delegatedTo={ serviceAccountKey: { client_email: string; private_key: string; client_id: string;}}
  • google-calendar/CalendarService now supports impersonating a user using the ServiceAccount and thus is capable of taking actions on any of the organization member's behalf on the Google Calendar.

Calendar Cache support is part of #18619

Release Plan

  1. Read the document(domain-wide-delegation.md) and acknowledge it.
  2. Deploy:
    1. Follow "Setting up Domain-Wide Delegation for Google Calendar API" in domain-wide-delegation.md to create Service Account and create a workspace.
    2. Merge PR(without Calendar Cache Support) and then deploy.
  3. Enable for i.cal.com:
    1. Disable Calendar Cache for i.cal.com
    2. Enable teamFeature "domain-wide-delegation" for i.cal.com organization
    3. Create DWD for i.cal.com first and enable it.
    4. Wait for 1-2 days and keep monitoring the errors in Sentry and Axiom.
  4. Merge & Deploy the Calendar Cache support(with DWD) PR
    1. Enable Calendar Cache back for i.cal.com
    2. Observe the errors in Sentry and Axiom.
  5. Enable for a big customer:
    1. Wait for a week and keep monitoring the errors in Sentry and Axiom.
  6. Use delegatedCredentialsFirst instead of delegatedCredentialsLast in EventManager.ts
    - Observe errors in Sentry and Axiom.

Automated Tests

  • Slots Availability - getSchedule.test.ts

  • Google Calendar Service - Calendar.test.ts

  • DomainWideDelegation utiltiies and repository - server.test.ts and domainWideDelegation.test.ts

  • Updating/Setting destinationCalendar - setDestinationCalendar.handler.test.ts

  • Doing a booking - domain-wide-delegation.test.ts

  • Fixes CAL-4610

Screenshot 2024-12-02 at 2 06 02 PM

Possible errors when enabling DWD
image

Mandatory Tasks (DO NOT REMOVE)

  • I have self-reviewed the code (A decent size PR without self-review might be rejected).
  • N/A I have added a Docs issue here if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
  • I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

@github-actions GitHub Actions
Copy link
Contributor

Hey there and thank you for opening this pull request! 👋🏼

We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted.

Details:

No release type found in pull request title "Add endpoints for testing the flow". Add a prefix to indicate what kind of release this pull request corresponds to. For reference, see https://www.conventionalcommits.org/

Available types:
 - feat: A new feature
 - fix: A bug fix
 - docs: Documentation only changes
 - style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
 - refactor: A code change that neither fixes a bug nor adds a feature
 - perf: A code change that improves performance
 - test: Adding missing tests or correcting existing tests
 - build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
 - ci: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
 - chore: Other changes that don't modify src or test files
 - revert: Reverts a previous commit

@github-actions github-actions bot added the ❗️ migrations contains migration files label Sep 13, 2024
@keithwillcode keithwillcode added core area: core, team members only enterprise area: enterprise, audit log, organisation, SAML, SSO labels Sep 13, 2024
@hariombalhara hariombalhara changed the title Add endpoints for testing the flow feat: Domain-wide delegation for Google Calendar and Google Meet Sep 13, 2024
@keithwillcode keithwillcode added this to the v4.6 milestone Sep 15, 2024
@hariombalhara hariombalhara force-pushed the domain-wide-delegation-google-calendar branch from 1700348 to 151c3be Compare September 18, 2024 14:19
@vercel Vercel
Copy link

vercel bot commented Sep 18, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Skipped Deployments
Name Status Preview Comments Updated (UTC)
cal ⬜️ Ignored (Inspect) Visit Preview Jan 21, 2025 9:23am
calcom-web-canary ⬜️ Ignored (Inspect) Visit Preview Jan 21, 2025 9:23am

@hariombalhara hariombalhara force-pushed the domain-wide-delegation-google-calendar branch 3 times, most recently from e123b08 to 6c94a0c Compare September 19, 2024 10:00
@hariombalhara hariombalhara force-pushed the domain-wide-delegation-google-calendar branch from 6c94a0c to 02529ca Compare September 19, 2024 11:08
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 19, 2024
edited
Loading

E2E results are ready!

@hariombalhara hariombalhara force-pushed the domain-wide-delegation-google-calendar branch from 02529ca to ddade88 Compare September 20, 2024 06:56
@hariombalhara hariombalhara force-pushed the domain-wide-delegation-google-calendar branch from 1ef9b76 to 60a930c Compare January 16, 2025 12:18
@ThyMinimalDev
Copy link
Contributor

everything seems fine in this pr regarding compatibility with platform atoms

@keithwillcode keithwillcode modified the milestones: v4.9, v5.0 Jan 16, 2025
hariombalhara
hariombalhara commented Jan 16, 2025
View reviewed changes
packages/features/ee/organizations/pages/settings/domainWideDelegation.tsx
@@ -90,6 +90,7 @@ function DelegationListItemActions({
{
id: "delete",
label: t("delete"),
disabled: true,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not allow deletion of DWD as of now. We would enable it later.

packages/features/ee/payments/api/webhook.ts
const metadata = eventTypeMetaDataSchemaWithTypedApps.parse(eventType?.metadata);
const eventManager = new EventManager(user, metadata?.apps);
const eventManager = new EventManager({ ...user, credentials: allCredentials }, metadata?.apps);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to provide DWD credentials here as well.

apps/api/v1/pages/api/destination-calendars/[id]/_patch.ts
@@ -185,7 +185,7 @@ async function verifyCredentialsAndGetId({
currentCredentialId: number | null;
}) {
if (parsedBody.integration && parsedBody.externalId) {
const calendarCredentials = getCalendarCredentials(userCredentials);
const calendarCredentials = getCalendarCredentialsWithoutDwd(userCredentials);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No support for DWD in v1

packages/trpc/server/routers/viewer/domainWideDelegation/add.handler.ts
const domainWideDelegationRepository = await DomainWideDelegation.init(user.id, organizationId);

const createdDelegation = await domainWideDelegationRepository.create({
const createdDelegation = await DomainWideDelegationRepository.create({
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed the need of feature repository for DWD as we already have DWD toggle on organization level

packages/lib/server/repository/user.ts
userLevelSelectedCalendars: TCalendar[];
};

export function withSelectedCalendars<
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move in its own module

apps/api/v2/src/ee/calendars/services/calendars.service.ts
@@ -39,6 +39,16 @@ export class CalendarsService {
private readonly selectedCalendarsRepository: SelectedCalendarsRepository
) {}

private buildNonDwdCredentials<TCredential>(credentials: TCredential[]) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couldn't import from domainWideDelegation due to build issues. So, created a local copy here.

apps/web/components/apps/InstallAppButtonChild.tsx
disabled={shouldDisableInstallation}
color="primary"
size="base"
{...props}>
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was causing props.disabled to override the disabled property above that in turn caused Install button to be not disabled.

@hariombalhara hariombalhara force-pushed the domain-wide-delegation-google-calendar branch from cfa7d7b to d9425a3 Compare January 17, 2025 07:12
@hariombalhara hariombalhara force-pushed the domain-wide-delegation-google-calendar branch from d9425a3 to bfd156b Compare January 17, 2025 07:17
@hariombalhara hariombalhara force-pushed the domain-wide-delegation-google-calendar branch from bfd156b to 0d0ca15 Compare January 17, 2025 08:10
Udit-takkar
Udit-takkar reviewed Jan 17, 2025
View reviewed changes
Copy link
Contributor

@Udit-takkar Udit-takkar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Tested few scenarios and seems to be working fine.

@ThyMinimalDev ThyMinimalDev self-requested a review January 17, 2025 15:41
@ThyMinimalDev
Copy link
Contributor

will fully review on monday

@hariombalhara hariombalhara force-pushed the domain-wide-delegation-google-calendar branch from bb194f7 to 4079e31 Compare January 20, 2025 12:17
@hariombalhara
Copy link
Member Author

We need to encrypt the serviceAccountKey as suggsted by Keith. I will start with the implementation and we can merge only after that, should be quick though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Udit-takkar Udit-takkar Udit-takkar left review comments

@ThyMinimalDev ThyMinimalDev Awaiting requested review from ThyMinimalDev

At least 1 approving review is required to merge this pull request.

Assignees

@Udit-takkar Udit-takkar

Labels
app-store area: app store, apps, calendar integrations, google calendar, outlook, lark, apple calendar calendar-apps area: calendar, google calendar, outlook, lark, microsoft 365, apple calendar core area: core, team members only enterprise area: enterprise, audit log, organisation, SAML, SSO ✨ feature New feature or request High priority Created by Linear-GitHub Sync platform Anything related to our platform plan ready-for-e2e
Projects
None yet
Milestone
v5.0
Development

Successfully merging this pull request may close these issues.
6 participants
@hariombalhara @Udit-takkar @ThyMinimalDev @keithwillcode @CarinaWolli @alishaz-polymath