Initial commit

.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    allow:
+      - dependency-name: "github.com/conductorone/baton-sdk"

.github/workflows/capabilities.yaml

@@ -0,0 +1,34 @@
+name: Generate connector capabilities
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  calculate-capabilities:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.RELENG_GITHUB_TOKEN }}
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Build
+        run: go build -o connector ./cmd/baton-vgs
+
+      - name: Run and save output
+        run: ./connector capabilities > baton_capabilities.json
+
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v9
+        with:
+          default_author: github_actions
+          message: 'Updating baton capabilities.'
+          add: 'baton_capabilities.json'

.github/workflows/ci.yaml

@@ -0,0 +1,104 @@
+name: ci
+on: pull_request
+jobs:
+  go-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.22.x
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Run linters
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: latest
+          args: --timeout=3m
+  go-test:
+    strategy:
+      matrix:
+        go-version: [1.22.x]
+        platform: [ubuntu-latest]
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Install Go
+        if: success()
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: go tests
+        run: go test -v -covermode=count -json ./... > test.json
+      - name: annotate go tests
+        if: always()
+        uses: guyarb/[email protected]
+        with:
+          test-results: test.json
+
+  test:
+    runs-on: ubuntu-latest
+    # Define any services needed for the test suite (or delete this section)
+    # services:
+    #   postgres:
+    #     image: postgres:16
+    #     ports:
+    #       - "5432:5432"
+    #     env:
+    #       POSTGRES_PASSWORD: secretpassword
+    env:
+      BATON_LOG_LEVEL: debug
+      # Add any environment variables needed to run baton-baton-vgs
+      # BATON_BASE_URL: 'http://localhost:8080'
+      # BATON_ACCESS_TOKEN: 'secret_token'
+      # The following parameters are passed to grant/revoke commands
+      # Change these to the correct IDs for your test data
+      CONNECTOR_GRANT: 'grant:entitlement:group:1234:member:user:9876'
+      CONNECTOR_ENTITLEMENT: 'entitlement:group:1234:member'
+      CONNECTOR_PRINCIPAL: 'user:9876'
+      CONNECTOR_PRINCIPAL_TYPE: 'user'
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.22.x
+      - name: Checkout code
+        uses: actions/checkout@v3
+      # Install any dependencies here (or delete this)
+      # - name: Install postgres client
+      #   run: sudo apt install postgresql-client
+      # Run any fixture setup here (or delete this)
+      # - name: Import sql into postgres
+      #   run: psql -h localhost --user postgres -f environment.sql
+      #   env:
+      #     PGPASSWORD: secretpassword
+      - name: Build baton-baton-vgs
+        run: go build ./cmd/baton-baton-vgs
+      - name: Run baton-baton-vgs
+        run: ./baton-baton-vgs
+
+      - name: Install baton
+        run: ./scripts/get-baton.sh && mv baton /usr/local/bin
+
+      - name: Check for grant before revoking
+
+        run:
+          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
+
+
+      - name: Revoke grants
+        run: ./baton-baton-vgs --revoke-grant="${{ env.CONNECTOR_GRANT }}"
+
+      - name: Check grant was revoked
+        ./baton-baton-vgs && baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"
+
+      - name: Grant entitlement
+        # Change the grant arguments to the correct IDs for your test data
+        run: ./baton-baton-vgs --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" --grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"
+
+      - name: Check grant was re-granted
+
+        run:
+          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
+

.github/workflows/main.yaml

@@ -0,0 +1,41 @@
+name: main ci
+on:
+  push:
+    branches:
+      - main
+jobs:
+  go-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.22.x
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Run linters
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: latest
+          args: --timeout=3m
+  go-test:
+    strategy:
+      matrix:
+        go-version: [ 1.22.x ]
+        platform: [ ubuntu-latest ]
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Install Go
+        if: success()
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: go tests
+        run: go test -v -covermode=count -json ./... > test.json
+      - name: annotate go tests
+        if: always()
+        uses: guyarb/[email protected]
+        with:
+          test-results: test.json

.github/workflows/release.yaml

@@ -0,0 +1,60 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  goreleaser:
+    runs-on: macos-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.22.x
+      - name: Set up Gon
+        run: brew tap mitchellh/gon && brew install mitchellh/gon/gon
+      - name: Import Keychain Certs
+        uses: apple-actions/import-codesign-certs@v1
+        with:
+          p12-file-base64: ${{ secrets.APPLE_SIGNING_KEY_P12 }}
+          p12-password: ${{ secrets.APPLE_SIGNING_KEY_P12_PASSWORD }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELENG_GITHUB_TOKEN }}
+          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+  goreleaser-docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.22.x
+      - name: Docker Login
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.RELENG_GITHUB_TOKEN }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          version: latest
+          args: release --clean -f .goreleaser.docker.yaml
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELENG_GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,17 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+*.c1z
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+dist/

.golangci.yml

@@ -0,0 +1,107 @@
+linters-settings:
+  exhaustive:
+    default-signifies-exhaustive: true
+
+  gocritic:
+    # The list of supported checkers can be find in https://go-critic.github.io/overview.
+    settings:
+      underef:
+        # Whether to skip (*x).method() calls where x is a pointer receiver.
+        skipRecvDeref: false
+
+  govet:
+    enable-all: true
+    disable:
+      - fieldalignment # too strict
+      - shadow # complains too much about shadowing errors. All research points to this being fine.
+
+  nakedret:
+    max-func-lines: 0
+
+  nolintlint:
+    allow-no-explanation: [ forbidigo, tracecheck, gomnd, gochecknoinits, makezero ]
+    require-explanation: true
+    require-specific: true
+
+  revive:
+    ignore-generated-header: true
+    severity: error
+    rules:
+      - name: atomic
+      - name: line-length-limit
+        arguments: [ 200 ]
+      # These are functions that we use without checking the errors often. Most of these can't return an error even
+      # though they implement an interface that can.
+      - name: unhandled-error
+        arguments:
+          - fmt.Printf
+          - fmt.Println
+          - fmt.Fprintf
+          - fmt.Fprintln
+          - os.Stderr.Sync
+          - sb.WriteString
+          - buf.WriteString
+          - hasher.Write
+          - os.Setenv
+          - os.RemoveAll
+      - name: var-naming
+        arguments: [["ID", "URL", "HTTP", "API"], []]
+
+  tenv:
+    all: true
+
+  varcheck:
+    exported-fields: false # this appears to improperly detect exported variables as unused when they are used from a package with the same name
+
+
+linters:
+  disable-all: true
+  enable:
+    - deadcode # Finds unused code
+    - errcheck # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - gosimple # Linter for Go source code that specializes in simplifying a code
+    - govet # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign # Detects when assignments to existing variables are not used
+    - staticcheck # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - typecheck # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unused # Checks Go code for unused constants, variables, functions and types
+    - varcheck # Finds unused global variables and constants
+    - asasalint # Check for pass []any as any in variadic func(...any)
+    - asciicheck # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bidichk # Checks for dangerous unicode character sequences
+    - bodyclose # checks whether HTTP response body is closed successfully
+    - durationcheck # check for two durations multiplied together
+    - errorlint # errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
+    - execinquery # execinquery is a linter about query string checker in Query function which reads your Go src files and warning it finds
+    - exhaustive # check exhaustiveness of enum switch statements
+    - exportloopref # checks for pointers to enclosing loop variables
+    - forbidigo # Forbids identifiers
+    - gochecknoinits # Checks that no init functions are present in Go code
+    - goconst # Finds repeated strings that could be replaced by a constant
+    - gocritic # Provides diagnostics that check for bugs, performance and style issues.
+    - godot # Check if comments end in a period
+    - goimports # In addition to fixing imports, goimports also formats your code in the same style as gofmt.
+    - gomoddirectives # Manage the use of 'replace', 'retract', and 'excludes' directives in go.mod.
+    - goprintffuncname # Checks that printf-like functions are named with f at the end
+    - gosec # Inspects source code for security problems
+    - nakedret # Finds naked returns in functions greater than a specified function length
+    - nilerr # Finds the code that returns nil even if it checks that the error is not nil.
+    - noctx # noctx finds sending http request without context.Context
+    - nolintlint # Reports ill-formed or insufficient nolint directives
+    - nonamedreturns # Reports all named returns
+    - nosprintfhostport # Checks for misuse of Sprintf to construct a host with port in a URL.
+    - predeclared # find code that shadows one of Go's predeclared identifiers
+    - revive # Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.
+    - tenv # tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17
+    - tparallel # tparallel detects inappropriate usage of t.Parallel() method in your Go test codes
+    - unconvert # Remove unnecessary type conversions
+    - usestdlibvars # detect the possibility to use variables/constants from the Go standard library
+    - whitespace # Tool for detection of leading and trailing whitespace
+
+issues:
+  max-same-issues: 50
+
+  exclude-rules:
+    # Don't require TODO comments to end in a period
+    - source: "(TODO)"
+      linters: [ godot ]

.gon-amd64.json

@@ -0,0 +1,14 @@
+{
+  "source": ["./dist/macos-amd64_darwin_amd64_v1/baton-vgs"],
+  "bundle_id": "com.conductorone.baton-vgs",
+  "apple_id": {
+    "username" : "[email protected]",
+    "password":  "@env:AC_PASSWORD"
+  },
+  "sign": {
+    "application_identity": "Developer ID Application: Justin Gallardo (858DKH55XL)"
+  },
+  "zip" :{
+    "output_path":  "./dist/baton-vgs-darwin-amd64.signed.zip"
+  }
+}