Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: updated shield provider to support new shield version #180

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
2 changes: 1 addition & 1 deletion domain/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ type AppealConfig struct {
AllowActiveAccessExtensionIn string `json:"allow_active_access_extension_in" yaml:"allow_active_access_extension_in" validate:"required"`
}
type ProviderConfig struct {
Type string `json:"type" yaml:"type" validate:"required,oneof=google_bigquery metabase grafana tableau gcloud_iam noop gcs"`
Type string `json:"type" yaml:"type" validate:"required,oneof=google_bigquery metabase grafana tableau gcloud_iam noop gcs shield"`
URN string `json:"urn" yaml:"urn" validate:"required"`
AllowedAccountTypes []string `json:"allowed_account_types" yaml:"allowed_account_types" validate:"omitempty,min=1"`
Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"`
Expand Down
18 changes: 9 additions & 9 deletions mocks/ShieldClient.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

61 changes: 12 additions & 49 deletions plugins/providers/shield/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,34 +17,8 @@ import (
"github.com/mitchellh/mapstructure"
)

const (
groupsEndpoint = "/admin/v1beta1/groups"
projectsEndpoint = "/admin/v1beta1/projects"
organizationEndpoint = "/admin/v1beta1/organizations"
selfUserEndpoint = "admin/v1beta1/users/self"

groupsConst = "groups"
projectsConst = "projects"
organizationsConst = "organizations"
usersConst = "users"
userConst = "user"
)

type successAccess interface{}

type ShieldClient interface {
GetTeams(ctx context.Context) ([]*Team, error)
GetProjects(ctx context.Context) ([]*Project, error)
GetOrganizations(ctx context.Context) ([]*Organization, error)
GrantTeamAccess(ctx context.Context, team *Team, userId string, role string) error
RevokeTeamAccess(ctx context.Context, team *Team, userId string, role string) error
GrantProjectAccess(ctx context.Context, project *Project, userId string, role string) error
RevokeProjectAccess(ctx context.Context, project *Project, userId string, role string) error
GrantOrganizationAccess(ctx context.Context, organization *Organization, userId string, role string) error
RevokeOrganizationAccess(ctx context.Context, organization *Organization, userId string, role string) error
GetSelfUser(ctx context.Context, email string) (*User, error)
}

type client struct {
baseURL *url.URL

Expand All @@ -55,17 +29,6 @@ type client struct {
logger log.Logger
}

type HTTPClient interface {
Do(*http.Request) (*http.Response, error)
}

type ClientConfig struct {
Host string `validate:"required,url" mapstructure:"host"`
AuthHeader string `validate:"required" mapstructure:"auth_header"`
AuthEmail string `validate:"required" mapstructure:"auth_email"`
HTTPClient HTTPClient
}

func NewClient(config *ClientConfig, logger log.Logger) (*client, error) {
if err := validator.New().Struct(config); err != nil {
return nil, err
Expand Down Expand Up @@ -145,33 +108,33 @@ func (c *client) GetAdminsOfGivenResourceType(ctx context.Context, id string, re
return userEmails, err
}

func (c *client) GetTeams(ctx context.Context) ([]*Team, error) {
func (c *client) GetGroups(ctx context.Context) ([]*Group, error) {
req, err := c.newRequest(http.MethodGet, groupsEndpoint, nil, "")
if err != nil {
return nil, err
}

var teams []*Team
var groups []*Group
var response interface{}
if _, err := c.do(ctx, req, &response); err != nil {
return nil, err
}

if v, ok := response.(map[string]interface{}); ok && v[groupsConst] != nil {
err = mapstructure.Decode(v[groupsConst], &teams)
err = mapstructure.Decode(v[groupsConst], &groups)
}

for _, team := range teams {
admins, err := c.GetAdminsOfGivenResourceType(ctx, team.ID, groupsEndpoint)
for _, group := range groups {
admins, err := c.GetAdminsOfGivenResourceType(ctx, group.ID, groupsEndpoint)
if err != nil {
return nil, err
}
team.Admins = admins
group.Admins = admins
}

c.logger.Info(ctx, "Fetch teams from request", "total", len(teams), req.URL)
c.logger.Info(ctx, "Fetch groups from request", "total", len(groups), req.URL)

return teams, err
return groups, err
}

func (c *client) GetProjects(ctx context.Context) ([]*Project, error) {
Expand Down Expand Up @@ -233,7 +196,7 @@ func (c *client) GetOrganizations(ctx context.Context) ([]*Organization, error)
return organizations, err
}

func (c *client) GrantTeamAccess(ctx context.Context, resource *Team, userId string, role string) error {
func (c *client) GrantGroupAccess(ctx context.Context, resource *Group, userId string, role string) error {
body := make(map[string][]string)
body["userIds"] = append(body["userIds"], userId)

Expand All @@ -256,7 +219,7 @@ func (c *client) GrantTeamAccess(ctx context.Context, resource *Team, userId str
}
}

c.logger.Info(ctx, "Team access to the user,", "total users", len(users), req.URL)
c.logger.Info(ctx, "group access to the user,", "total users", len(users), req.URL)

return nil
}
Expand Down Expand Up @@ -316,7 +279,7 @@ func (c *client) GrantOrganizationAccess(ctx context.Context, resource *Organiza
return nil
}

func (c *client) RevokeTeamAccess(ctx context.Context, resource *Team, userId string, role string) error {
func (c *client) RevokeGroupAccess(ctx context.Context, resource *Group, userId string, role string) error {
endPoint := path.Join(groupsEndpoint, "/", resource.ID, "/", role, "/", userId)
req, err := c.newRequest(http.MethodDelete, endPoint, "", "")
if err != nil {
Expand All @@ -336,7 +299,7 @@ func (c *client) RevokeTeamAccess(ctx context.Context, resource *Team, userId st
}
}

c.logger.Info(ctx, "Remove access of the user from team,", "Users", userId, req.URL)
c.logger.Info(ctx, "Remove access of the user from group,", "Users", userId, req.URL)
return nil
}

Expand Down
Loading
Loading