feat: [#1] Okta policy integration test

schubergphilis · Nov 21, 2024 · 744a8c7 · 744a8c7
1 parent ebb592f
commit 744a8c7
Show file tree

Hide file tree

Showing 12 changed files with 259 additions and 1 deletion.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,21 @@
+---
+name: Docker
+"on":
+  # required by gomod-go-version-updater to trigger this action once pr has
+  # been reviewed
+  pull_request_review:
+    types: [submitted]
+  push:
+permissions:
+  contents: read
+  packages: write
+jobs:
+  mcvs-docker-action:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/[email protected]
+      # yamllint disable rule:line-length
+      - uses: schubergphilis/mcvs-docker-action@91-trivy-dbs-from-ecr-prevent-rate-limiting
+        with:
+          dockle-accept-key: curl,HOME,libcrypto3,libssl3,PATH
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml
@@ -0,0 +1,36 @@
+---
+name: Golang
+"on":
+  # required by gomod-go-version-updater to trigger this action once pr has
+  # been reviewed
+  pull_request_review:
+    types: [submitted]
+  push:
+permissions:
+  contents: read
+  packages: read
+jobs:
+  mcvs-golang-action:
+    strategy:
+      matrix:
+        testing-type:
+          - component
+          - coverage
+          - integration
+          - lint
+          - security-golang-modules
+          - security-grype
+          - security-trivy
+          - unit
+    runs-on: ubuntu-22.04
+    env:
+      TASK_X_REMOTE_TASKFILES: 1
+    steps:
+      - uses: actions/[email protected]
+      - uses: schubergphilis/[email protected]
+        with:
+          code-coverage-expected: 0.0
+          golang-unit-tests-exclusions: |-
+            \(cmd\/mcvs-integrationtest-services\)
+          testing-type: ${{ matrix.testing-type }}
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/gomod-go-version-updater.yml b/.github/workflows/gomod-go-version-updater.yml
@@ -0,0 +1,14 @@
+---
+name: gomod-go-version-updater-action
+"on":
+  schedule:
+    - cron: "42 6 * * *"
+permissions:
+  contents: write
+  pull-requests: write
+  repository-projects: write
+jobs:
+  gomod-go-version-updater-action:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: schubergphilis/[email protected]
diff --git a/.github/workflows/mcvs-pr-validation.yml b/.github/workflows/mcvs-pr-validation.yml
@@ -0,0 +1,19 @@
+---
+name: MCVS-PR-validation-action
+"on":
+  pull_request:
+    types:
+      - edited
+      - opened
+      - reopened
+      - synchronize
+  workflow_call:
+permissions:
+  contents: read
+  pull-requests: read
+jobs:
+  MCVS-PR-validation-action:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/[email protected]
+      - uses: schubergphilis/[email protected]
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.vscode
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,34 @@
+FROM golang:1.23.3-alpine AS builder
+ENV USERNAME=mcvs-integrationtest-services
+ENV HOME=/home/${USERNAME}
+RUN adduser -D -g '' ${USERNAME}
+COPY . /go/${USERNAME}/
+WORKDIR /go/${USERNAME}/cmd/${USERNAME}
+RUN apk add --no-cache \
+        curl=~8 \
+        git=~2 && \
+    CGO_ENABLED=0 go build -buildvcs=false && \
+    find ${HOME}/ -mindepth 1 -delete && \
+    chown 1000 -R ${HOME} && \
+    chmod 0700 -R ${HOME}
+
+FROM alpine:3.20.3
+ENV USERNAME=mcvs-integrationtest-services
+ENV HOME=/home/${USERNAME}
+ENV PATH=${HOME}/bin:${PATH}
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /go/${USERNAME}/cmd/${USERNAME}/${USERNAME} /usr/local/bin/${USERNAME}
+COPY --from=builder /home/${USERNAME} ${HOME}/
+RUN apk update && \
+    apk upgrade && \
+    apk add --no-cache \
+        curl=~8 \
+        libcrypto3=~3 \
+        libssl3=~3 && \
+    chown 1000 -R ${HOME} && \
+    chmod 0700 -R ${HOME} && \
+    rm -rf /var/cache/apk/*
+VOLUME ["/tmp","/home/${USERNAME}"]
+USER ${USERNAME}
+EXPOSE 1323
+ENTRYPOINT ["mcvs-integrationtest-services"]
diff --git a/README.md b/README.md
@@ -1 +1,22 @@
-# mcvs-integrationtest-services
+# mcvs-integrationtest-services
+
+## Build
+
+```zsh
+docker build -t mcvs-integrationtest-services .
+```
+
+## Run
+
+```zsh
+docker run -p 9999:1323 -it mcvs-integrationtest-services
+```
+
+## Test
+
+```zsh
+curl \
+  -X POST http://localhost:9999/authorization/users \
+  -H "Content-Type: application/json" \
+  -d '{"action":"listLabels","email":"[email protected]","facility":"a","group":"a","name":"someName"}'
+```
diff --git a/Taskfile.yml b/Taskfile.yml
@@ -0,0 +1,11 @@
+---
+version: 3
+
+vars:
+  REMOTE_URL: https://raw.githubusercontent.com
+  REMOTE_URL_REF: v0.13.0
+  REMOTE_URL_REPO: schubergphilis/mcvs-golang-action
+
+includes:
+  remote: >-
+    {{.REMOTE_URL}}/{{.REMOTE_URL_REPO}}/{{.REMOTE_URL_REF}}/Taskfile.yml
diff --git a/cmd/mcvs-integrationtest-services/main.go b/cmd/mcvs-integrationtest-services/main.go
@@ -0,0 +1,38 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/labstack/echo/v4"
+)
+
+type User struct {
+	Action   string `json:"action"`
+	Email    string `json:"email"`
+	Facility string `json:"facility"`
+	Group    string `json:"group"`
+	Name     string `json:"name"`
+}
+
+func main() {
+	e := echo.New()
+
+	e.GET("/", func(c echo.Context) error {
+		return c.String(http.StatusOK, "Hello, Okta!")
+	})
+
+	e.POST("/authorization/users", func(c echo.Context) error {
+		u := new(User)
+		if err := c.Bind(u); err != nil {
+			return err
+		}
+
+		if u.Facility == u.Group {
+			return c.JSON(http.StatusOK, "allowed")
+		}
+
+		return c.JSON(http.StatusUnauthorized, "denied")
+	})
+
+	e.Logger.Fatal(e.Start(":1323"))
+}
diff --git a/go.mod b/go.mod
@@ -0,0 +1,17 @@
+module schubergphilis/mcvs-integrationtest-services
+
+go 1.23.3
+
+require github.com/labstack/echo/v4 v4.12.0
+
+require (
+	github.com/labstack/gommon v0.4.2 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/valyala/fasttemplate v1.2.2 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+)
diff --git a/go.sum b/go.sum
@@ -0,0 +1,31 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0=
+github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM=
+github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0=
+github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo=
+github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
+golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=