Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge to main #4

Closed
wants to merge 10 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions .github/config/MODULE.MD
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_github"></a> [github](#requirement\_github) | >=6.2 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_github"></a> [github](#provider\_github) | 6.3.1 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_keyfactor_github_test_environment_12_3_0_kc"></a> [keyfactor\_github\_test\_environment\_12\_3\_0\_kc](#module\_keyfactor\_github\_test\_environment\_12\_3\_0\_kc) | git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
| <a name="module_keyfactor_github_test_environment_ad_10_5_0"></a> [keyfactor\_github\_test\_environment\_ad\_10\_5\_0](#module\_keyfactor\_github\_test\_environment\_ad\_10\_5\_0) | git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |

## Resources

| Name | Type |
|------|------|
| [github_repository.repo](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_keyfactor_auth_token_url_12_3_0_KC"></a> [keyfactor\_auth\_token\_url\_12\_3\_0\_KC](#input\_keyfactor\_auth\_token\_url\_12\_3\_0\_KC) | The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token | `string` | `"https://int-oidc-lab.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"` | no |
| <a name="input_keyfactor_client_id_12_3_0"></a> [keyfactor\_client\_id\_12\_3\_0](#input\_keyfactor\_client\_id\_12\_3\_0) | The client ID to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
| <a name="input_keyfactor_client_secret_12_3_0"></a> [keyfactor\_client\_secret\_12\_3\_0](#input\_keyfactor\_client\_secret\_12\_3\_0) | The client secret to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
| <a name="input_keyfactor_hostname_10_5_0"></a> [keyfactor\_hostname\_10\_5\_0](#input\_keyfactor\_hostname\_10\_5\_0) | The hostname of the Keyfactor instance | `string` | `"integrations1050-lab.kfdelivery.com"` | no |
| <a name="input_keyfactor_hostname_12_3_0_KC"></a> [keyfactor\_hostname\_12\_3\_0\_KC](#input\_keyfactor\_hostname\_12\_3\_0\_KC) | The hostname of the Keyfactor instance | `string` | `"int-oidc-lab.eastus2.cloudapp.azure.com"` | no |
| <a name="input_keyfactor_password_10_5_0"></a> [keyfactor\_password\_10\_5\_0](#input\_keyfactor\_password\_10\_5\_0) | The password to authenticate with the Keyfactor instance | `string` | n/a | yes |
| <a name="input_keyfactor_username_10_5_0"></a> [keyfactor\_username\_10\_5\_0](#input\_keyfactor\_username\_10\_5\_0) | The username to authenticate with the Keyfactor instance | `string` | n/a | yes |

## Outputs

No outputs.
26 changes: 26 additions & 0 deletions .github/config/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
.DEFAULT_GOAL := help

##@ Utility
help: ## Display this help
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)

deps: ## Install deps for macos
@brew install pre-commit tflint terraform terraform-docs

docs: ## Run terraform-docs to update module docs.
@terraform-docs markdown . > MODULE.MD
@terraform-docs markdown table --output-file README.md --output-mode inject .

lint: ## Run tflint
@tflint

validate: ## Run terraform validate
@terraform init --upgrade
@terraform validate

precommit/add: ## Install pre-commit hook
@pre-commit install

precommit/remove: ## Uninstall pre-commit hook
@pre-commit uninstall

91 changes: 91 additions & 0 deletions .github/config/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
# GitHub Test Environment Setup

This code sets up GitHub environments for testing against Keyfactor Command instances that are configured to use
Active Directory or Keycloak for authentication.

## Requirements

1. Terraform >= 1.0
2. GitHub Provider >= 6.2
3. Keyfactor Command instance(s) configured to use Active Directory or Keycloak for authentication
4. AD or Keycloak credentials for authenticating to the Keyfactor Command instance(s)
5. A GitHub token with access and permissions to the repository where the environments will be created

## Adding a new environment

Modify the `environments.tf` file to include the new environment module. The module should be named appropriately.
Example:

### Active Directory Environment

```hcl
module "keyfactor_github_test_environment_ad_10_5_0" {
source = "git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"

gh_environment_name = "KFC_10_5_0" # Keyfactor Command 10.5.0 environment using Active Directory(/Basic Auth)
gh_repo_name = data.github_repository.repo.name
keyfactor_hostname = var.keyfactor_hostname_10_5_0
keyfactor_username = var.keyfactor_username_AD
keyfactor_password = var.keyfactor_password_AD
}
```

### oAuth Client Environment

```hcl
module "keyfactor_github_test_environment_12_3_0_kc" {
source = "git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-kc.git?ref=main"

gh_environment_name = "KFC_12_3_0_KC" # Keyfactor Command 12.3.0 environment using Keycloak
gh_repo_name = data.github_repository.repo.name
keyfactor_hostname = var.keyfactor_hostname_12_3_0_OAUTH
keyfactor_auth_token_url = var.keyfactor_auth_token_url
keyfactor_client_id = var.keyfactor_client_id
keyfactor_client_secret = var.keyfactor_client_secret
keyfactor_tls_skip_verify = true
}
```

<!-- BEGIN_TF_DOCS -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_github"></a> [github](#requirement\_github) | >=6.2 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_github"></a> [github](#provider\_github) | 6.3.1 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_keyfactor_github_test_environment_12_3_0_kc"></a> [keyfactor\_github\_test\_environment\_12\_3\_0\_kc](#module\_keyfactor\_github\_test\_environment\_12\_3\_0\_kc) | git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
| <a name="module_keyfactor_github_test_environment_ad_10_5_0"></a> [keyfactor\_github\_test\_environment\_ad\_10\_5\_0](#module\_keyfactor\_github\_test\_environment\_ad\_10\_5\_0) | git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |

## Resources

| Name | Type |
|------|------|
| [github_repository.repo](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_keyfactor_auth_token_url_12_3_0_KC"></a> [keyfactor\_auth\_token\_url\_12\_3\_0\_KC](#input\_keyfactor\_auth\_token\_url\_12\_3\_0\_KC) | The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token | `string` | `"https://int-oidc-lab.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"` | no |
| <a name="input_keyfactor_client_id_12_3_0"></a> [keyfactor\_client\_id\_12\_3\_0](#input\_keyfactor\_client\_id\_12\_3\_0) | The client ID to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
| <a name="input_keyfactor_client_secret_12_3_0"></a> [keyfactor\_client\_secret\_12\_3\_0](#input\_keyfactor\_client\_secret\_12\_3\_0) | The client secret to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
| <a name="input_keyfactor_hostname_10_5_0"></a> [keyfactor\_hostname\_10\_5\_0](#input\_keyfactor\_hostname\_10\_5\_0) | The hostname of the Keyfactor instance | `string` | `"integrations1050-lab.kfdelivery.com"` | no |
| <a name="input_keyfactor_hostname_12_3_0_KC"></a> [keyfactor\_hostname\_12\_3\_0\_KC](#input\_keyfactor\_hostname\_12\_3\_0\_KC) | The hostname of the Keyfactor instance | `string` | `"int-oidc-lab.eastus2.cloudapp.azure.com"` | no |
| <a name="input_keyfactor_password_10_5_0"></a> [keyfactor\_password\_10\_5\_0](#input\_keyfactor\_password\_10\_5\_0) | The password to authenticate with the Keyfactor instance | `string` | n/a | yes |
| <a name="input_keyfactor_username_10_5_0"></a> [keyfactor\_username\_10\_5\_0](#input\_keyfactor\_username\_10\_5\_0) | The username to authenticate with the Keyfactor instance | `string` | n/a | yes |

## Outputs

No outputs.
<!-- END_TF_DOCS -->
35 changes: 35 additions & 0 deletions .github/config/environments.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
module "keyfactor_github_test_environment_ad_10_5_0" {
source = "git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"

gh_environment_name = "KFC_10_5_0"
gh_repo_name = data.github_repository.repo.name
keyfactor_hostname = var.keyfactor_hostname_10_5_0
keyfactor_username = var.keyfactor_username_10_5_0
keyfactor_password = var.keyfactor_password_10_5_0
keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
}

# module "keyfactor_github_test_environment_11_5_0_kc" {
# source = "git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-kc.git?ref=main"
#
# gh_environment_name = "KFC_11_5_0_KC"
# gh_repo_name = data.github_repository.repo.name
# keyfactor_hostname = var.keyfactor_hostname_11_5_0_KC
# keyfactor_client_id = var.keyfactor_client_id_11_5_0
# keyfactor_client_secret = var.keyfactor_client_secret_11_5_0
# keyfactor_auth_hostname = var.keyfactor_auth_hostname_11_5_0_KC
# keyfactor_tls_skip_verify = true
# }

module "keyfactor_github_test_environment_12_3_0_kc" {
source = "git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"

gh_environment_name = "KFC_12_3_0_KC"
gh_repo_name = data.github_repository.repo.name
keyfactor_hostname = var.keyfactor_hostname_12_3_0_KC
keyfactor_auth_token_url = var.keyfactor_auth_token_url_12_3_0_KC
keyfactor_client_id = var.keyfactor_client_id_12_3_0
keyfactor_client_secret = var.keyfactor_client_secret_12_3_0
keyfactor_tls_skip_verify = true
keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
}
20 changes: 20 additions & 0 deletions .github/config/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
required_version = ">= 1.0"
required_providers {
github = {
source = "integrations/github"
version = ">=6.2"
}
}
backend "azurerm" {
resource_group_name = "integrations-infra"
storage_account_name = "integrationstfstate"
container_name = "tfstate"
key = "github/repos/keyfactor-auth-client-go.tfstate"
}
}

provider "github" {
# Configuration options
owner = "Keyfactor"
}
3 changes: 3 additions & 0 deletions .github/config/repo.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
data "github_repository" "repo" {
name = "keyfactor-auth-client-go"
}
38 changes: 38 additions & 0 deletions .github/config/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
variable "keyfactor_hostname_10_5_0" {
description = "The hostname of the Keyfactor instance"
type = string
default = "integrations1050-lab.kfdelivery.com"
}

variable "keyfactor_username_10_5_0" {
description = "The username to authenticate with the Keyfactor instance"
type = string
}

variable "keyfactor_password_10_5_0" {
description = "The password to authenticate with the Keyfactor instance"
type = string
}

variable "keyfactor_client_id_12_3_0" {
description = "The client ID to authenticate with the Keyfactor instance using Keycloak client credentials"
type = string
}

variable "keyfactor_client_secret_12_3_0" {
description = "The client secret to authenticate with the Keyfactor instance using Keycloak client credentials"
type = string
}

variable "keyfactor_hostname_12_3_0_KC" {
description = "The hostname of the Keyfactor instance"
type = string
default = "int-oidc-lab.eastus2.cloudapp.azure.com"
}

variable "keyfactor_auth_token_url_12_3_0_KC" {
description = "The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token"
type = string
default = "https://int-oidc-lab.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"
}

12 changes: 12 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# See GitHub's documentation for more information on this file:
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "daily"
49 changes: 49 additions & 0 deletions .github/workflows/go_tests.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Go Test Workflow

on:
push:
workflow_dispatch:

jobs:
test:
name: Run tests
runs-on: kf-auth-client-runner-set
strategy:
matrix:
environment: [ "KFC_10_5_0", "KFC_12_3_0_KC"]
environment: ${{ matrix.environment }}
steps:
- name: Check out code
uses: actions/checkout@v3

- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.22

- name: Get Public IP
run: curl -s https://api.ipify.org

- name: Validate lab cert is present
run: |
cat lib/certs/int-oidc-lab.eastus2.cloudapp.azure.com.pem

- name: Run tests
run: |
if [ -n "${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }}" ]; then
mkdir -p ~/.keyfactor
echo "${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }}" | base64 --decode > ~/.keyfactor/command_config.json
fi
go test -v -cover ./auth_providers/...
env:
KEYFACTOR_PASSWORD: ${{ secrets.KEYFACTOR_PASSWORD }}
KEYFACTOR_USERNAME: ${{ secrets.KEYFACTOR_USERNAME }}
KEYFACTOR_AUTH_CONFIG_B64: ${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }}
KEYFACTOR_AUTH_CLIENT_ID: ${{ secrets.KEYFACTOR_AUTH_CLIENT_ID }}
KEYFACTOR_AUTH_CLIENT_SECRET: ${{ secrets.KEYFACTOR_AUTH_CLIENT_SECRET }}
KEYFACTOR_AUTH_TOKEN_URL: ${{ vars.KEYFACTOR_AUTH_TOKEN_URL }}
KEYFACTOR_HOSTNAME: ${{ vars.KEYFACTOR_HOSTNAME }}
KEYFACTOR_AUTH_HOSTNAME: ${{ vars.KEYFACTOR_AUTH_HOSTNAME }}
KEYFACTOR_SKIP_VERIFY: ${{ vars.KEYFACTOR_SKIP_VERIFY }}
TEST_KEYFACTOR_AD_AUTH: ${{ vars.TEST_KEYFACTOR_AD_AUTH }}
TEST_KEYFACTOR_KC_AUTH: ${{ vars.TEST_KEYFACTOR_KC_AUTH }}
20 changes: 20 additions & 0 deletions .github/workflows/keyfactor-starter-workflow.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Keyfactor Bootstrap Workflow

on:
workflow_dispatch:
pull_request:
types: [ opened, closed, synchronize, edited, reopened ]
push:
create:
branches:
- 'release-*.*'

jobs:
call-starter-workflow:
uses: keyfactor/actions/.github/workflows/starter.yml@v3
secrets:
token: ${{ secrets.V2BUILDTOKEN}}
APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
scan_token: ${{ secrets.SAST_TOKEN }}
Loading
Loading