From 744a8c71392a976d64a8f4bf5b7e945c9b72b6ee Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Thu, 21 Nov 2024 08:14:58 +0100 Subject: [PATCH] feat: [#1] Okta policy integration test --- .github/dependabot.yml | 15 ++++++++ .github/workflows/docker.yml | 21 ++++++++++ .github/workflows/golang.yml | 36 ++++++++++++++++++ .../workflows/gomod-go-version-updater.yml | 14 +++++++ .github/workflows/mcvs-pr-validation.yml | 19 ++++++++++ .gitignore | 1 + Dockerfile | 34 +++++++++++++++++ README.md | 23 ++++++++++- Taskfile.yml | 11 ++++++ cmd/mcvs-integrationtest-services/main.go | 38 +++++++++++++++++++ go.mod | 17 +++++++++ go.sum | 31 +++++++++++++++ 12 files changed, 259 insertions(+), 1 deletion(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/docker.yml create mode 100644 .github/workflows/golang.yml create mode 100644 .github/workflows/gomod-go-version-updater.yml create mode 100644 .github/workflows/mcvs-pr-validation.yml create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 Taskfile.yml create mode 100644 cmd/mcvs-integrationtest-services/main.go create mode 100644 go.mod create mode 100644 go.sum diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..52c2d59 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +--- +version: 2 +updates: + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "daily" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..a97613c --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,21 @@ +--- +name: Docker +"on": + # required by gomod-go-version-updater to trigger this action once pr has + # been reviewed + pull_request_review: + types: [submitted] + push: +permissions: + contents: read + packages: write +jobs: + mcvs-docker-action: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v4.2.2 + # yamllint disable rule:line-length + - uses: schubergphilis/mcvs-docker-action@91-trivy-dbs-from-ecr-prevent-rate-limiting + with: + dockle-accept-key: curl,HOME,libcrypto3,libssl3,PATH + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml new file mode 100644 index 0000000..67ebcd5 --- /dev/null +++ b/.github/workflows/golang.yml @@ -0,0 +1,36 @@ +--- +name: Golang +"on": + # required by gomod-go-version-updater to trigger this action once pr has + # been reviewed + pull_request_review: + types: [submitted] + push: +permissions: + contents: read + packages: read +jobs: + mcvs-golang-action: + strategy: + matrix: + testing-type: + - component + - coverage + - integration + - lint + - security-golang-modules + - security-grype + - security-trivy + - unit + runs-on: ubuntu-22.04 + env: + TASK_X_REMOTE_TASKFILES: 1 + steps: + - uses: actions/checkout@v4.2.2 + - uses: schubergphilis/mcvs-golang-action@v0.13.0 + with: + code-coverage-expected: 0.0 + golang-unit-tests-exclusions: |- + \(cmd\/mcvs-integrationtest-services\) + testing-type: ${{ matrix.testing-type }} + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/gomod-go-version-updater.yml b/.github/workflows/gomod-go-version-updater.yml new file mode 100644 index 0000000..b5297af --- /dev/null +++ b/.github/workflows/gomod-go-version-updater.yml @@ -0,0 +1,14 @@ +--- +name: gomod-go-version-updater-action +"on": + schedule: + - cron: "42 6 * * *" +permissions: + contents: write + pull-requests: write + repository-projects: write +jobs: + gomod-go-version-updater-action: + runs-on: ubuntu-22.04 + steps: + - uses: schubergphilis/gomod-go-version-updater-action@v0.1.5 diff --git a/.github/workflows/mcvs-pr-validation.yml b/.github/workflows/mcvs-pr-validation.yml new file mode 100644 index 0000000..1c89389 --- /dev/null +++ b/.github/workflows/mcvs-pr-validation.yml @@ -0,0 +1,19 @@ +--- +name: MCVS-PR-validation-action +"on": + pull_request: + types: + - edited + - opened + - reopened + - synchronize + workflow_call: +permissions: + contents: read + pull-requests: read +jobs: + MCVS-PR-validation-action: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4.2.2 + - uses: schubergphilis/mcvs-pr-validation-action@v0.2.0 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..722d5e7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.vscode diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..aaab0cf --- /dev/null +++ b/Dockerfile @@ -0,0 +1,34 @@ +FROM golang:1.23.3-alpine AS builder +ENV USERNAME=mcvs-integrationtest-services +ENV HOME=/home/${USERNAME} +RUN adduser -D -g '' ${USERNAME} +COPY . /go/${USERNAME}/ +WORKDIR /go/${USERNAME}/cmd/${USERNAME} +RUN apk add --no-cache \ + curl=~8 \ + git=~2 && \ + CGO_ENABLED=0 go build -buildvcs=false && \ + find ${HOME}/ -mindepth 1 -delete && \ + chown 1000 -R ${HOME} && \ + chmod 0700 -R ${HOME} + +FROM alpine:3.20.3 +ENV USERNAME=mcvs-integrationtest-services +ENV HOME=/home/${USERNAME} +ENV PATH=${HOME}/bin:${PATH} +COPY --from=builder /etc/passwd /etc/passwd +COPY --from=builder /go/${USERNAME}/cmd/${USERNAME}/${USERNAME} /usr/local/bin/${USERNAME} +COPY --from=builder /home/${USERNAME} ${HOME}/ +RUN apk update && \ + apk upgrade && \ + apk add --no-cache \ + curl=~8 \ + libcrypto3=~3 \ + libssl3=~3 && \ + chown 1000 -R ${HOME} && \ + chmod 0700 -R ${HOME} && \ + rm -rf /var/cache/apk/* +VOLUME ["/tmp","/home/${USERNAME}"] +USER ${USERNAME} +EXPOSE 1323 +ENTRYPOINT ["mcvs-integrationtest-services"] diff --git a/README.md b/README.md index 504ba31..64c119e 100644 --- a/README.md +++ b/README.md @@ -1 +1,22 @@ -# mcvs-integrationtest-services \ No newline at end of file +# mcvs-integrationtest-services + +## Build + +```zsh +docker build -t mcvs-integrationtest-services . +``` + +## Run + +```zsh +docker run -p 9999:1323 -it mcvs-integrationtest-services +``` + +## Test + +```zsh +curl \ + -X POST http://localhost:9999/authorization/users \ + -H "Content-Type: application/json" \ + -d '{"action":"listLabels","email":"something@example.com","facility":"a","group":"a","name":"someName"}' +``` diff --git a/Taskfile.yml b/Taskfile.yml new file mode 100644 index 0000000..d03297d --- /dev/null +++ b/Taskfile.yml @@ -0,0 +1,11 @@ +--- +version: 3 + +vars: + REMOTE_URL: https://raw.githubusercontent.com + REMOTE_URL_REF: v0.13.0 + REMOTE_URL_REPO: schubergphilis/mcvs-golang-action + +includes: + remote: >- + {{.REMOTE_URL}}/{{.REMOTE_URL_REPO}}/{{.REMOTE_URL_REF}}/Taskfile.yml diff --git a/cmd/mcvs-integrationtest-services/main.go b/cmd/mcvs-integrationtest-services/main.go new file mode 100644 index 0000000..ec61ab3 --- /dev/null +++ b/cmd/mcvs-integrationtest-services/main.go @@ -0,0 +1,38 @@ +package main + +import ( + "net/http" + + "github.com/labstack/echo/v4" +) + +type User struct { + Action string `json:"action"` + Email string `json:"email"` + Facility string `json:"facility"` + Group string `json:"group"` + Name string `json:"name"` +} + +func main() { + e := echo.New() + + e.GET("/", func(c echo.Context) error { + return c.String(http.StatusOK, "Hello, Okta!") + }) + + e.POST("/authorization/users", func(c echo.Context) error { + u := new(User) + if err := c.Bind(u); err != nil { + return err + } + + if u.Facility == u.Group { + return c.JSON(http.StatusOK, "allowed") + } + + return c.JSON(http.StatusUnauthorized, "denied") + }) + + e.Logger.Fatal(e.Start(":1323")) +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..aaa1e74 --- /dev/null +++ b/go.mod @@ -0,0 +1,17 @@ +module schubergphilis/mcvs-integrationtest-services + +go 1.23.3 + +require github.com/labstack/echo/v4 v4.12.0 + +require ( + github.com/labstack/gommon v0.4.2 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/valyala/bytebufferpool v1.0.0 // indirect + github.com/valyala/fasttemplate v1.2.2 // indirect + golang.org/x/crypto v0.22.0 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/text v0.14.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..527b9c0 --- /dev/null +++ b/go.sum @@ -0,0 +1,31 @@ +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0= +github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM= +github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= +github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= +github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= +github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo= +github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=