Skip to content

Commit

Permalink
Merge branch 'main' into sdk-for-4.3
Browse files Browse the repository at this point in the history
  • Loading branch information
SivaanandM authored Jul 1, 2024
2 parents dbae34a + e41c4ac commit b623802
Show file tree
Hide file tree
Showing 84 changed files with 3,380 additions and 5,080 deletions.
13 changes: 12 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,27 +1,38 @@
name: CI
on:
push:
workflow_dispatch:

concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true

jobs:
build-with-coverage:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Unshallow
run: git fetch --prune --unshallow

- name: Configure git for private modules
env:
TOKEN: ${{ secrets.SPECTRO_TOKEN }}
USER: ${{ secrets.SPECTRO_USER }}
run: git config --global url."https://${USER}:${TOKEN}@github.com".insteadOf "https://github.com"

- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.21
go-version-file: go.mod

- name: Vet
run: make vet

- name: Lint
run: make lint

- name: Test
run: make test
Original file line number Diff line number Diff line change
@@ -1,22 +1,19 @@
name: GitLeaks
name: GitLeaksPRValidation
on: [pull_request]

on:
pull_request:
branches:
- main
workflow_dispatch: {}
concurrency:
group: gitleaks-${{ github.ref }}
cancel-in-progress: true

jobs:
gitleaks-scan:
gitleaks-pr-scan:
runs-on: ubuntu-latest
container:
image: gcr.io/spectro-common-dev/fayasa/bulwark:latest
image: gcr.io/spectro-dev-public/bulwark/gitleaks:latest
env:
REPO: ${{ github.event.repository.name }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
credentials:
username: _json_key
password: ${{ secrets.GCR_SPCD_JSON_KEY }}
GITLEAKS_CONFIG: /workspace/config.toml
steps:

- name: run-bulwark-gitleaks-scan
Expand All @@ -36,4 +33,4 @@ jobs:
exit 1
else
echo "GitLeaks validation check passed"
fi
fi
26 changes: 26 additions & 0 deletions .github/workflows/golicense-pr-validation.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: GoLicensesPRValidation
on: [pull_request]

concurrency:
group: go-licenses-${{ github.ref }}
cancel-in-progress: true

jobs:
go-licenses-pr-scan:
runs-on: ubuntu-latest
container:
image: gcr.io/spectro-images-public/golang:1.22-alpine
steps:
- name: install-go-licenses
run: GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest

- name: checkout
uses: actions/checkout@v3

- name: set-github-access
run: |
/usr/bin/git config --global --add url."https://${{ secrets.GH_TOKEN }}:x-oauth-basic@github".insteadOf https://github
/usr/bin/git config --global --add url."https://${{ secrets.GH_TOKEN }}:x-oauth-basic@github".insteadOf git@github
- name: go-licenses-scan
run: go-licenses check --ignore github.com/spectrocloud ./...
38 changes: 38 additions & 0 deletions .github/workflows/gosec-pr-validation.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: GoSecPRValidation
on: [pull_request]

concurrency:
group: gosec-${{ github.ref }}
cancel-in-progress: true

jobs:
gosec-pr-scan:
runs-on: ubuntu-latest
container:
image: gcr.io/spectro-dev-public/bulwark/gosec:latest
env:
REPO: ${{ github.event.repository.name }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: gosec-scan
shell: sh
env:
BRANCH: ${{ github.head_ref || github.ref_name }}
GO111MODULE: on
run: /workspace/bulwark -name CodeSASTGoSec -verbose -target $REPO -tags "branch:$BRANCH,rules:-G101"

- name: check-result
shell: sh
run: |
resultPath=$REPO-result.json
issues=$(cat $resultPath | jq -r '.Stats.found')
echo "Found ${issues} issues"
echo "Issues by Rule ID"
jq -r '.Issues | group_by (.rule_id)[] | {rule: .[0].rule_id, count: length}' $resultPath
if [ "$issues" -gt 0 ]; then
echo "GoSec SAST scan failed with below findings..."
cat $resultPath
exit 1
else
echo "GoSec SAST scan passed"
fi
28 changes: 28 additions & 0 deletions .github/workflows/govulncheck-pr-validation.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: GoVulnCheckPRValidation
on: [pull_request]

concurrency:
group: govulncheck-${{ github.ref }}
cancel-in-progress: true

jobs:
govulncheck-pr-scan:
runs-on: security-runner
container:
image: gcr.io/spectro-images-public/golang:1.22-alpine
steps:
- name: install-govulncheck
run: GOBIN=/usr/local/bin go install golang.org/x/vuln/cmd/govulncheck@latest

- name: checkout
uses: actions/checkout@v3

- name: set-github-access
run: |
/usr/bin/git config --global --add url."https://${{ secrets.GH_TOKEN }}:x-oauth-basic@github".insteadOf https://github
/usr/bin/git config --global --add url."https://${{ secrets.GH_TOKEN }}:x-oauth-basic@github".insteadOf git@github
- name: govulncheck-scan
run: |
go version
govulncheck -mode source ./...
4 changes: 4 additions & 0 deletions CHANGELOG
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Version 4.5.0
Tue May 7 19:34:22 UTC 2024
Initial Release

38 changes: 12 additions & 26 deletions client/account.go
Original file line number Diff line number Diff line change
@@ -1,48 +1,34 @@
package client

import (
"errors"
"fmt"

"github.com/spectrocloud/hapi/apiutil/transport"
"github.com/spectrocloud/hapi/models"
clusterC "github.com/spectrocloud/hapi/spectrocluster/client/v1"
clientV1 "github.com/spectrocloud/palette-api-go/client/v1"
"github.com/spectrocloud/palette-api-go/models"
"github.com/spectrocloud/palette-sdk-go/client/apiutil"
)

func (h *V1Client) ListCloudAccounts(scope string) ([]*models.V1CloudAccountSummary, error) {
var params *clusterC.V1CloudAccountsListSummaryParams
switch scope {
case "project":
params = clusterC.NewV1CloudAccountsListSummaryParams().WithContext(h.Ctx)
case "tenant":
params = clusterC.NewV1CloudAccountsListSummaryParams()

}
var limit int64 = 0
params.Limit = &limit
resp, err := h.GetClusterClient().V1CloudAccountsListSummary(params)

var e *transport.TransportError
if errors.As(err, &e) && e.HttpCode == 404 {
func (h *V1Client) ListCloudAccounts() ([]*models.V1CloudAccountSummary, error) {
params := clientV1.NewV1CloudAccountsListSummaryParamsWithContext(h.ctx).
WithLimit(apiutil.Ptr(int64(0)))
resp, err := h.Client.V1CloudAccountsListSummary(params)
if apiutil.Is404(err) {
return nil, nil
} else if err != nil {
return nil, err
}

return resp.Payload.Items, nil
}

func (h *V1Client) GetCloudAccount(scope, id string) (*models.V1CloudAccountSummary, error) {
accounts, err := h.ListCloudAccounts(scope)
func (h *V1Client) GetCloudAccount(uid string) (*models.V1CloudAccountSummary, error) {
accounts, err := h.ListCloudAccounts()
if err != nil {
return nil, err
}

for _, account := range accounts {
if account.Metadata.UID == id {
if account.Metadata.UID == uid {
return account, nil
}
}

return nil, fmt.Errorf("account not found with id %s", id)
return nil, fmt.Errorf("account not found with uid %s", uid)
}
98 changes: 33 additions & 65 deletions client/account_aws.go
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
package client

import (
"errors"

"github.com/spectrocloud/hapi/apiutil/transport"
cloudC "github.com/spectrocloud/hapi/cloud/client/v1"
"github.com/spectrocloud/hapi/models"
clusterC "github.com/spectrocloud/hapi/spectrocluster/client/v1"
clientV1 "github.com/spectrocloud/palette-api-go/client/v1"
"github.com/spectrocloud/palette-api-go/models"
"github.com/spectrocloud/palette-sdk-go/client/apiutil"
)

func toV1AwsCloudAccount(account *models.V1AwsAccount) *models.V1AwsCloudAccount {
Expand All @@ -20,99 +17,70 @@ func toV1AwsCloudAccount(account *models.V1AwsAccount) *models.V1AwsCloudAccount
}
}

func (h *V1Client) CreateCloudAccountAws(account *models.V1AwsAccount, AccountContext string) (string, error) {
// validate account
if err := validateCloudAccountAws(account, h); err != nil {
func (h *V1Client) CreateCloudAccountAws(account *models.V1AwsAccount) (string, error) {
if err := h.validateCloudAccountAws(account); err != nil {
return "", err
}
params := clientV1.NewV1CloudAccountsAwsCreateParamsWithContext(h.ctx).
WithBody(account)

var params *clusterC.V1CloudAccountsAwsCreateParams
switch AccountContext {
case "project":
params = clusterC.NewV1CloudAccountsAwsCreateParamsWithContext(h.Ctx).WithBody(account)
case "tenant":
params = clusterC.NewV1CloudAccountsAwsCreateParams().WithBody(account)
}

success, err := h.GetClusterClient().V1CloudAccountsAwsCreate(params)
resp, err := h.Client.V1CloudAccountsAwsCreate(params)
if err != nil {
return "", err
}

return *success.Payload.UID, nil
return *resp.Payload.UID, nil
}

func validateCloudAccountAws(account *models.V1AwsAccount, h *V1Client) error {
func (h *V1Client) validateCloudAccountAws(account *models.V1AwsAccount) error {
// check PCG
if err := h.CheckPCG(account.Metadata.Annotations[OverlordUID]); err != nil {
return err
}

// validate account
paramsValidate := cloudC.NewV1AwsAccountValidateParams()
paramsValidate = paramsValidate.WithAwsCloudAccount(toV1AwsCloudAccount(account))
_, err := h.GetCloudClient().V1AwsAccountValidate(paramsValidate)
if err != nil {
return err
}
params := clientV1.NewV1AwsAccountValidateParamsWithContext(h.ctx).
WithAwsCloudAccount(toV1AwsCloudAccount(account))

return nil
_, err := h.Client.V1AwsAccountValidate(params)
return err
}

func (h *V1Client) UpdateCloudAccountAws(account *models.V1AwsAccount) error {
// validate account
if err := validateCloudAccountAws(account, h); err != nil {
if err := h.validateCloudAccountAws(account); err != nil {
return err
}

uid := account.Metadata.UID
params := clusterC.NewV1CloudAccountsAwsUpdateParamsWithContext(h.Ctx).WithUID(uid).WithBody(account)
_, err := h.GetClusterClient().V1CloudAccountsAwsUpdate(params)
params := clientV1.NewV1CloudAccountsAwsUpdateParamsWithContext(h.ctx).
WithUID(account.Metadata.UID).
WithBody(account)
_, err := h.Client.V1CloudAccountsAwsUpdate(params)
return err
}

func (h *V1Client) DeleteCloudAccountAws(uid, AccountContext string) error {
var params *clusterC.V1CloudAccountsAwsDeleteParams
switch AccountContext {
case "project":
params = clusterC.NewV1CloudAccountsAwsDeleteParamsWithContext(h.Ctx).WithUID(uid)
case "tenant":
params = clusterC.NewV1CloudAccountsAwsDeleteParams().WithUID(uid)
}
_, err := h.GetClusterClient().V1CloudAccountsAwsDelete(params)
func (h *V1Client) DeleteCloudAccountAws(uid string) error {
params := clientV1.NewV1CloudAccountsAwsDeleteParamsWithContext(h.ctx).
WithUID(uid)
_, err := h.Client.V1CloudAccountsAwsDelete(params)
return err
}

func (h *V1Client) GetCloudAccountAws(uid, AccountContext string) (*models.V1AwsAccount, error) {
var params *clusterC.V1CloudAccountsAwsGetParams
switch AccountContext {
case "project":
params = clusterC.NewV1CloudAccountsAwsGetParamsWithContext(h.Ctx).WithUID(uid)
case "tenant":
params = clusterC.NewV1CloudAccountsAwsGetParams().WithUID(uid)
}
success, err := h.GetClusterClient().V1CloudAccountsAwsGet(params)

var e *transport.TransportError
if errors.As(err, &e) && e.HttpCode == 404 {
func (h *V1Client) GetCloudAccountAws(uid string) (*models.V1AwsAccount, error) {
params := clientV1.NewV1CloudAccountsAwsGetParamsWithContext(h.ctx).
WithUID(uid)
resp, err := h.Client.V1CloudAccountsAwsGet(params)
if apiutil.Is404(err) {
return nil, nil
} else if err != nil {
return nil, err
}

return success.Payload, nil
return resp.Payload, nil
}

func (h *V1Client) GetCloudAccountsAws() ([]*models.V1AwsAccount, error) {
limit := int64(0)
params := clusterC.NewV1CloudAccountsAwsListParamsWithContext(h.Ctx).WithLimit(&limit)
response, err := h.GetClusterClient().V1CloudAccountsAwsList(params)
params := clientV1.NewV1CloudAccountsAwsListParamsWithContext(h.ctx).
WithLimit(apiutil.Ptr(int64(0)))
resp, err := h.Client.V1CloudAccountsAwsList(params)
if err != nil {
return nil, err
}

accounts := make([]*models.V1AwsAccount, len(response.Payload.Items))
copy(accounts, response.Payload.Items)

return accounts, nil
return resp.Payload.Items, nil
}
Loading

0 comments on commit b623802

Please sign in to comment.