Merge branch 'main' into sdk-for-4.3

spectrocloud · Jul 1, 2024 · ae17d1a · ae17d1a
2 parents dea98af + e41c4ac
commit ae17d1a
Show file tree

Hide file tree

Showing 84 changed files with 3,375 additions and 5,082 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,27 +1,38 @@
+name: CI
 on:
   push:
   workflow_dispatch:
 
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   build-with-coverage:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+
       - name: Unshallow
         run: git fetch --prune --unshallow
+
       - name: Configure git for private modules
         env:
           TOKEN: ${{ secrets.SPECTRO_TOKEN }}
           USER: ${{ secrets.SPECTRO_USER }}
         run: git config --global url."https://${USER}:${TOKEN}@github.com".insteadOf "https://github.com"
+
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.21
+          go-version-file: go.mod
+
       - name: Vet
         run: make vet
+
       - name: Lint
         run: make lint
+
       - name: Test
         run: make test
diff --git a/.github/workflows/gitleaks.yml → ...hub/workflows/gitleaks-pr-validation.yaml b/.github/workflows/gitleaks.yml → ...hub/workflows/gitleaks-pr-validation.yaml
@@ -1,22 +1,19 @@
-name: GitLeaks
+name: GitLeaksPRValidation
+on: [pull_request]
 
-on:
-  pull_request:
-    branches:
-    - main
-  workflow_dispatch: {}
+concurrency:
+  group: gitleaks-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
-  gitleaks-scan:
+  gitleaks-pr-scan:
     runs-on: ubuntu-latest
     container:
-      image: gcr.io/spectro-common-dev/fayasa/bulwark:latest
+      image: gcr.io/spectro-dev-public/bulwark/gitleaks:latest
       env:
         REPO: ${{ github.event.repository.name }}
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      credentials:
-        username: _json_key
-        password: ${{ secrets.GCR_SPCD_JSON_KEY }}
+        GITLEAKS_CONFIG: /workspace/config.toml
     steps:
 
       - name: run-bulwark-gitleaks-scan
@@ -36,4 +33,4 @@ jobs:
             exit 1
           else 
             echo "GitLeaks validation check passed"
-          fi
+          fi
diff --git a/.github/workflows/golicense-pr-validation.yaml b/.github/workflows/golicense-pr-validation.yaml
@@ -0,0 +1,26 @@
+name: GoLicensesPRValidation
+on: [pull_request]
+
+concurrency:
+  group: go-licenses-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  go-licenses-pr-scan:
+    runs-on: ubuntu-latest
+    container:
+      image: gcr.io/spectro-images-public/golang:1.22-alpine
+    steps:
+      - name: install-go-licenses
+        run: GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest
+
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: set-github-access
+        run: |
+          /usr/bin/git config --global --add url."https://${{ secrets.GH_TOKEN }}:x-oauth-basic@github".insteadOf https://github
+          /usr/bin/git config --global --add url."https://${{ secrets.GH_TOKEN }}:x-oauth-basic@github".insteadOf git@github
+
+      - name: go-licenses-scan
+        run: go-licenses check --ignore github.com/spectrocloud ./...
diff --git a/.github/workflows/gosec-pr-validation.yaml b/.github/workflows/gosec-pr-validation.yaml
@@ -0,0 +1,38 @@
+name: GoSecPRValidation
+on: [pull_request]
+
+concurrency:
+  group: gosec-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  gosec-pr-scan:
+    runs-on: ubuntu-latest
+    container:
+      image: gcr.io/spectro-dev-public/bulwark/gosec:latest
+      env:
+        REPO: ${{ github.event.repository.name }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: gosec-scan
+        shell: sh
+        env:
+          BRANCH: ${{ github.head_ref || github.ref_name }}
+          GO111MODULE: on
+        run: /workspace/bulwark -name CodeSASTGoSec -verbose -target $REPO -tags "branch:$BRANCH,rules:-G101"
+
+      - name: check-result
+        shell: sh
+        run: |
+          resultPath=$REPO-result.json
+          issues=$(cat $resultPath | jq -r '.Stats.found')
+          echo "Found ${issues} issues"
+          echo "Issues by Rule ID"
+          jq -r '.Issues | group_by (.rule_id)[] | {rule: .[0].rule_id, count: length}' $resultPath
+          if [ "$issues" -gt 0 ]; then
+            echo "GoSec SAST scan failed with below findings..."
+            cat $resultPath
+            exit 1
+          else 
+            echo "GoSec SAST scan passed"
+          fi
diff --git a/.github/workflows/govulncheck-pr-validation.yaml b/.github/workflows/govulncheck-pr-validation.yaml
@@ -0,0 +1,28 @@
+name: GoVulnCheckPRValidation
+on: [pull_request]
+
+concurrency:
+  group: govulncheck-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  govulncheck-pr-scan:
+    runs-on: security-runner
+    container:
+      image: gcr.io/spectro-images-public/golang:1.22-alpine
+    steps:
+      - name: install-govulncheck
+        run: GOBIN=/usr/local/bin go install golang.org/x/vuln/cmd/govulncheck@latest
+
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: set-github-access
+        run: |
+          /usr/bin/git config --global --add url."https://${{ secrets.GH_TOKEN }}:x-oauth-basic@github".insteadOf https://github
+          /usr/bin/git config --global --add url."https://${{ secrets.GH_TOKEN }}:x-oauth-basic@github".insteadOf git@github
+
+      - name: govulncheck-scan
+        run: |
+          go version
+          govulncheck -mode source ./...
diff --git a/CHANGELOG b/CHANGELOG
@@ -0,0 +1,4 @@
+Version 4.5.0
+Tue May  7 19:34:22 UTC 2024
+ Initial Release
+
diff --git a/client/account.go b/client/account.go
@@ -1,48 +1,34 @@
 package client
 
 import (
-	"errors"
 	"fmt"
 
-	"github.com/spectrocloud/hapi/apiutil/transport"
-	"github.com/spectrocloud/hapi/models"
-	clusterC "github.com/spectrocloud/hapi/spectrocluster/client/v1"
+	clientV1 "github.com/spectrocloud/palette-api-go/client/v1"
+	"github.com/spectrocloud/palette-api-go/models"
+	"github.com/spectrocloud/palette-sdk-go/client/apiutil"
 )
 
-func (h *V1Client) ListCloudAccounts(scope string) ([]*models.V1CloudAccountSummary, error) {
-	var params *clusterC.V1CloudAccountsListSummaryParams
-	switch scope {
-	case "project":
-		params = clusterC.NewV1CloudAccountsListSummaryParams().WithContext(h.Ctx)
-	case "tenant":
-		params = clusterC.NewV1CloudAccountsListSummaryParams()
-
-	}
-	var limit int64 = 0
-	params.Limit = &limit
-	resp, err := h.GetClusterClient().V1CloudAccountsListSummary(params)
-
-	var e *transport.TransportError
-	if errors.As(err, &e) && e.HttpCode == 404 {
+func (h *V1Client) ListCloudAccounts() ([]*models.V1CloudAccountSummary, error) {
+	params := clientV1.NewV1CloudAccountsListSummaryParamsWithContext(h.ctx).
+		WithLimit(apiutil.Ptr(int64(0)))
+	resp, err := h.Client.V1CloudAccountsListSummary(params)
+	if apiutil.Is404(err) {
 		return nil, nil
 	} else if err != nil {
 		return nil, err
 	}
-
 	return resp.Payload.Items, nil
 }
 
-func (h *V1Client) GetCloudAccount(scope, id string) (*models.V1CloudAccountSummary, error) {
-	accounts, err := h.ListCloudAccounts(scope)
+func (h *V1Client) GetCloudAccount(uid string) (*models.V1CloudAccountSummary, error) {
+	accounts, err := h.ListCloudAccounts()
 	if err != nil {
 		return nil, err
 	}
-
 	for _, account := range accounts {
-		if account.Metadata.UID == id {
+		if account.Metadata.UID == uid {
 			return account, nil
 		}
 	}
-
-	return nil, fmt.Errorf("account not found with id %s", id)
+	return nil, fmt.Errorf("account not found with uid %s", uid)
 }
diff --git a/client/account_aws.go b/client/account_aws.go
@@ -1,12 +1,9 @@
 package client
 
 import (
-	"errors"
-
-	"github.com/spectrocloud/hapi/apiutil/transport"
-	cloudC "github.com/spectrocloud/hapi/cloud/client/v1"
-	"github.com/spectrocloud/hapi/models"
-	clusterC "github.com/spectrocloud/hapi/spectrocluster/client/v1"
+	clientV1 "github.com/spectrocloud/palette-api-go/client/v1"
+	"github.com/spectrocloud/palette-api-go/models"
+	"github.com/spectrocloud/palette-sdk-go/client/apiutil"
 )
 
 func toV1AwsCloudAccount(account *models.V1AwsAccount) *models.V1AwsCloudAccount {
@@ -20,99 +17,70 @@ func toV1AwsCloudAccount(account *models.V1AwsAccount) *models.V1AwsCloudAccount
 	}
 }
 
-func (h *V1Client) CreateCloudAccountAws(account *models.V1AwsAccount, AccountContext string) (string, error) {
-	// validate account
-	if err := validateCloudAccountAws(account, h); err != nil {
+func (h *V1Client) CreateCloudAccountAws(account *models.V1AwsAccount) (string, error) {
+	if err := h.validateCloudAccountAws(account); err != nil {
 		return "", err
 	}
+	params := clientV1.NewV1CloudAccountsAwsCreateParamsWithContext(h.ctx).
+		WithBody(account)
 
-	var params *clusterC.V1CloudAccountsAwsCreateParams
-	switch AccountContext {
-	case "project":
-		params = clusterC.NewV1CloudAccountsAwsCreateParamsWithContext(h.Ctx).WithBody(account)
-	case "tenant":
-		params = clusterC.NewV1CloudAccountsAwsCreateParams().WithBody(account)
-	}
-
-	success, err := h.GetClusterClient().V1CloudAccountsAwsCreate(params)
+	resp, err := h.Client.V1CloudAccountsAwsCreate(params)
 	if err != nil {
 		return "", err
 	}
-
-	return *success.Payload.UID, nil
+	return *resp.Payload.UID, nil
 }
 
-func validateCloudAccountAws(account *models.V1AwsAccount, h *V1Client) error {
+func (h *V1Client) validateCloudAccountAws(account *models.V1AwsAccount) error {
 	// check PCG
 	if err := h.CheckPCG(account.Metadata.Annotations[OverlordUID]); err != nil {
 		return err
 	}
 
 	// validate account
-	paramsValidate := cloudC.NewV1AwsAccountValidateParams()
-	paramsValidate = paramsValidate.WithAwsCloudAccount(toV1AwsCloudAccount(account))
-	_, err := h.GetCloudClient().V1AwsAccountValidate(paramsValidate)
-	if err != nil {
-		return err
-	}
+	params := clientV1.NewV1AwsAccountValidateParamsWithContext(h.ctx).
+		WithAwsCloudAccount(toV1AwsCloudAccount(account))
 
-	return nil
+	_, err := h.Client.V1AwsAccountValidate(params)
+	return err
 }
 
 func (h *V1Client) UpdateCloudAccountAws(account *models.V1AwsAccount) error {
-	// validate account
-	if err := validateCloudAccountAws(account, h); err != nil {
+	if err := h.validateCloudAccountAws(account); err != nil {
 		return err
 	}
-
-	uid := account.Metadata.UID
-	params := clusterC.NewV1CloudAccountsAwsUpdateParamsWithContext(h.Ctx).WithUID(uid).WithBody(account)
-	_, err := h.GetClusterClient().V1CloudAccountsAwsUpdate(params)
+	params := clientV1.NewV1CloudAccountsAwsUpdateParamsWithContext(h.ctx).
+		WithUID(account.Metadata.UID).
+		WithBody(account)
+	_, err := h.Client.V1CloudAccountsAwsUpdate(params)
 	return err
 }
 
-func (h *V1Client) DeleteCloudAccountAws(uid, AccountContext string) error {
-	var params *clusterC.V1CloudAccountsAwsDeleteParams
-	switch AccountContext {
-	case "project":
-		params = clusterC.NewV1CloudAccountsAwsDeleteParamsWithContext(h.Ctx).WithUID(uid)
-	case "tenant":
-		params = clusterC.NewV1CloudAccountsAwsDeleteParams().WithUID(uid)
-	}
-	_, err := h.GetClusterClient().V1CloudAccountsAwsDelete(params)
+func (h *V1Client) DeleteCloudAccountAws(uid string) error {
+	params := clientV1.NewV1CloudAccountsAwsDeleteParamsWithContext(h.ctx).
+		WithUID(uid)
+	_, err := h.Client.V1CloudAccountsAwsDelete(params)
 	return err
 }
 
-func (h *V1Client) GetCloudAccountAws(uid, AccountContext string) (*models.V1AwsAccount, error) {
-	var params *clusterC.V1CloudAccountsAwsGetParams
-	switch AccountContext {
-	case "project":
-		params = clusterC.NewV1CloudAccountsAwsGetParamsWithContext(h.Ctx).WithUID(uid)
-	case "tenant":
-		params = clusterC.NewV1CloudAccountsAwsGetParams().WithUID(uid)
-	}
-	success, err := h.GetClusterClient().V1CloudAccountsAwsGet(params)
-
-	var e *transport.TransportError
-	if errors.As(err, &e) && e.HttpCode == 404 {
+func (h *V1Client) GetCloudAccountAws(uid string) (*models.V1AwsAccount, error) {
+	params := clientV1.NewV1CloudAccountsAwsGetParamsWithContext(h.ctx).
+		WithUID(uid)
+	resp, err := h.Client.V1CloudAccountsAwsGet(params)
+	if apiutil.Is404(err) {
 		return nil, nil
 	} else if err != nil {
 		return nil, err
 	}
-
-	return success.Payload, nil
+	return resp.Payload, nil
 }
 
 func (h *V1Client) GetCloudAccountsAws() ([]*models.V1AwsAccount, error) {
-	limit := int64(0)
-	params := clusterC.NewV1CloudAccountsAwsListParamsWithContext(h.Ctx).WithLimit(&limit)
-	response, err := h.GetClusterClient().V1CloudAccountsAwsList(params)
+	params := clientV1.NewV1CloudAccountsAwsListParamsWithContext(h.ctx).
+		WithLimit(apiutil.Ptr(int64(0)))
+	resp, err := h.Client.V1CloudAccountsAwsList(params)
 	if err != nil {
 		return nil, err
 	}
-
-	accounts := make([]*models.V1AwsAccount, len(response.Payload.Items))
-	copy(accounts, response.Payload.Items)
-
-	return accounts, nil
+	return resp.Payload.Items, nil
 }