Adding resources to baton-vgs

.github/workflows/ci.yaml

@@ -39,66 +39,51 @@ jobs:
 
   test:
     runs-on: ubuntu-latest
-    # Define any services needed for the test suite (or delete this section)
-    # services:
-    #   postgres:
-    #     image: postgres:16
-    #     ports:
-    #       - "5432:5432"
-    #     env:
-    #       POSTGRES_PASSWORD: secretpassword
     env:
       BATON_LOG_LEVEL: debug
-      # Add any environment variables needed to run baton-baton-vgs
-      # BATON_BASE_URL: 'http://localhost:8080'
-      # BATON_ACCESS_TOKEN: 'secret_token'
-      # The following parameters are passed to grant/revoke commands
       # Change these to the correct IDs for your test data
-      CONNECTOR_GRANT: 'grant:entitlement:group:1234:member:user:9876'
-      CONNECTOR_ENTITLEMENT: 'entitlement:group:1234:member'
-      CONNECTOR_PRINCIPAL: 'user:9876'
-      CONNECTOR_PRINCIPAL_TYPE: 'user'
+      CONNECTOR_GRANT: ''
+      CONNECTOR_ENTITLEMENT: ''
+      CONNECTOR_PRINCIPAL: ''
+      CONNECTOR_PRINCIPAL_TYPE: ''
+      VGS_VAULT: 'tnturck9vro'
     steps:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
           go-version: 1.22.x
       - name: Checkout code
         uses: actions/checkout@v3
-      # Install any dependencies here (or delete this)
-      # - name: Install postgres client
-      #   run: sudo apt install postgresql-client
-      # Run any fixture setup here (or delete this)
-      # - name: Import sql into postgres
-      #   run: psql -h localhost --user postgres -f environment.sql
-      #   env:
-      #     PGPASSWORD: secretpassword
-      - name: Build baton-baton-vgs
-        run: go build ./cmd/baton-baton-vgs
-      - name: Run baton-baton-vgs
-        run: ./baton-baton-vgs
-
+      - name: Build baton-vgs
+        run: go build ./cmd/baton-vgs
+      # - name: Run baton-vgs
+      #   run: ./baton-vgs --vault ${{ env.VGS_VAULT }} 
       - name: Install baton
         run: ./scripts/get-baton.sh && mv baton /usr/local/bin
-
+      - name: Get baton resources
+        run: baton resources
       - name: Check for grant before revoking
-
-        run:
-          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
-
-
+        if: env.CONNECTOR_ENTITLEMENT != '' && env.CONNECTOR_PRINCIPAL != ''
+        run: |
+          ./baton-vgs --vault ${{ env.VGS_VAULT }} 
+          baton grants --entitlement ${{ env.CONNECTOR_ENTITLEMENT }} --output-format=json | jq -e ".grants | any(.principal.id.resource ==\"${{ env.CONNECTOR_PRINCIPAL }}\")"
       - name: Revoke grants
-        run: ./baton-baton-vgs --revoke-grant="${{ env.CONNECTOR_GRANT }}"
-
+        if: env.CONNECTOR_GRANT != ''
+        run: |
+          ./baton-vgs --vault ${{ env.VGS_VAULT }}  
+          ./baton-vgs --vault ${{ env.VGS_VAULT }} --revoke-grant ${{ env.CONNECTOR_GRANT }}
       - name: Check grant was revoked
-        ./baton-baton-vgs && baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"
-
+        if: env.CONNECTOR_ENTITLEMENT != '' && env.CONNECTOR_PRINCIPAL != ''
+        run: |
+           ./baton-vgs --vault ${{ env.VGS_VAULT }}
+           baton grants --entitlement ${{ env.CONNECTOR_ENTITLEMENT }} --output-format=json | jq -e ".grants | any(.principal.id.resource !=\"${{ env.CONNECTOR_PRINCIPAL }}\")"
       - name: Grant entitlement
-        # Change the grant arguments to the correct IDs for your test data
-        run: ./baton-baton-vgs --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" --grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"
-
+        if: env.CONNECTOR_ENTITLEMENT != '' && env.CONNECTOR_PRINCIPAL != '' && env.CONNECTOR_PRINCIPAL_TYPE != ''
+        run: | 
+          ./baton-vgs --vault ${{ env.VGS_VAULT }} 
+          ./baton-vgs --vault ${{ env.VGS_VAULT }} --grant-entitlement ${{ env.CONNECTOR_ENTITLEMENT }} --grant-principal ${{ env.CONNECTOR_PRINCIPAL }} --grant-principal-type ${{ env.CONNECTOR_PRINCIPAL_TYPE }}
       - name: Check grant was re-granted
-
-        run:
-          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
-
+        if: env.CONNECTOR_ENTITLEMENT != '' && env.CONNECTOR_PRINCIPAL != ''
+        run: |
+          ./baton-vgs --vault ${{ env.VGS_VAULT }} 
+          baton grants --entitlement ${{ env.CONNECTOR_ENTITLEMENT }} --output-format=json | jq -e ".grants | any(.principal.id.resource ==\"${{ env.CONNECTOR_PRINCIPAL }}\")"

README.md

@@ -1,3 +1,83 @@
-# baton-vgs
-Welcome to your new connector! To start out, you will want to update the dependencies.
-Do this by running `make update-deps`.
+# `baton-vgs` [![Go Reference](https://pkg.go.dev/badge/github.com/conductorone/baton-vgs.svg)](https://pkg.go.dev/github.com/conductorone/baton-vgs) ![main ci](https://github.com/conductorone/baton-vgs/actions/workflows/main.yaml/badge.svg)
+
+`baton-vgs` is a connector for Very Good Security built using the [Baton SDK](https://github.com/conductorone/baton-sdk). It communicates with the Very Good Security API to sync data about users and access groups in your Very Good Security organization.
+Check out [Baton](https://github.com/conductorone/baton) to learn more about the project in general.
+
+# Getting Started
+
+## Prerequisites
+
+- Access to the Very Good Security dashboard.
+- API key. To get the API key log in to the Very Good Security dashboard and go to User Profile -> API Tokens -> View button of Global API Key
+- Email - email used to login to Very Good Security dashboard.
+- Account ID
+
+## brew
+
+```
+brew install conductorone/baton/baton conductorone/baton/baton-vgs
+
+BATON_ACCOUNT_ID=cloudflareAccountId BATON_API_KEY=cloudflareApiKey BATON_EMAIL=yourEmail baton-vgs
+baton resources
+```
+
+## docker
+
+```
+docker run --rm -v $(pwd):/out -e BATON_ACCOUNT_ID=cloudflareAccountId BATON_API_KEY=cloudflareApiKey BATON_EMAIL=yourEmail ghcr.io/conductorone/baton-vgs:latest -f "/out/sync.c1z"
+docker run --rm -v $(pwd):/out ghcr.io/conductorone/baton:latest -f "/out/sync.c1z" resources
+```
+
+## source
+
+```
+go install github.com/conductorone/baton/cmd/baton@main
+go install github.com/conductorone/baton-vgs/cmd/baton-vgs@main
+
+BATON_ACCOUNT_ID=cloudflareAccountId BATON_API_KEY=cloudflareApiKey BATON_EMAIL=yourEmail baton-vgs
+baton resources
+```
+
+# Data Model
+
+`baton-vgs` will pull down information about the following Very Good Security resources:
+
+- Users
+- Access Groups
+
+# Contributing, Support and Issues
+
+We started Baton because we were tired of taking screenshots and manually building spreadsheets. We welcome contributions, and ideas, no matter how small -- our goal is to make identity and permissions sprawl less painful for everyone. If you have questions, problems, or ideas: Please open a Github Issue!
+
+See [CONTRIBUTING.md](https://github.com/ConductorOne/baton/blob/main/CONTRIBUTING.md) for more details.
+
+# `baton-vgs` Command Line Usage
+
+```
+baton-vgs
+
+Usage:
+  baton-cloudflare-zero-trust [flags]
+  baton-cloudflare-zero-trust [command]
+
+Available Commands:
+  capabilities       Get connector capabilities
+  completion         Generate the autocompletion script for the specified shell
+  help               Help about any command
+
+Flags:
+      --account-id string      Cloudflare account ID ($BATON_ACCOUNT_ID)
+      --api-key string         Cloudflare API key ($BATON_API_KEY)
+      --api-token string       Cloudflare API token ($BATON_API_TOKEN)
+      --client-id string       The client ID used to authenticate with ConductorOne ($BATON_CLIENT_ID)
+      --client-secret string   The client secret used to authenticate with ConductorOne ($BATON_CLIENT_SECRET)
+      --email string           Cloudflare account email ($BATON_EMAIL)
+  -f, --file string            The path to the c1z file to sync with ($BATON_FILE) (default "sync.c1z")
+  -h, --help                   help for baton-cloudflare-zero-trust
+      --log-format string      The output format for logs: json, console ($BATON_LOG_FORMAT) (default "json")
+      --log-level string       The log level: debug, info, warn, error ($BATON_LOG_LEVEL) (default "info")
+  -p, --provisioning           This must be set in order for provisioning actions to be enabled. ($BATON_PROVISIONING)
+  -v, --version                version for baton-cloudflare-zero-trust
+
+Use "baton-cloudflare-zero-trust [command] --help" for more information about a command.
+```

cmd/baton-vgs/config.go

@@ -2,16 +2,40 @@ package main
 
 import (
 	"context"
+	"errors"
 
 	"github.com/conductorone/baton-sdk/pkg/cli"
+	"github.com/spf13/cobra"
 )
 
 // config defines the external configuration required for the connector to run.
 type config struct {
 	cli.BaseConfig `mapstructure:",squash"` // Puts the base config options in the same place as the connector options
+	Vault          string                   `mapstructure:"vault"`
+	ClientId       string                   `mapstructure:"clientid"`
+	ClientSecret   string                   `mapstructure:"clientsecret"`
 }
 
 // validateConfig is run after the configuration is loaded, and should return an error if it isn't valid.
 func validateConfig(ctx context.Context, cfg *config) error {
+	if cfg.Vault == "" {
+		return errors.New("vault is required")
+	}
+
+	if cfg.ClientId == "" {
+		return errors.New("clientid is required")
+	}
+
+	if cfg.ClientSecret == "" {
+		return errors.New("clientsecret is required")
+	}
+
 	return nil
 }
+
+// cmdFlags sets the cmdFlags required for the connector.
+func cmdFlags(cmd *cobra.Command) {
+	cmd.PersistentFlags().String("vault", "", "The VGS client id. ($BATON_VAULT)")
+	cmd.PersistentFlags().String("clientid", "", "The VGS client id. ($BATON_CLIENT_ID)")
+	cmd.PersistentFlags().String("clientsecret", "", "The VGS client secret. ($BATON_CLIENT_SECRET)")
+}

cmd/baton-vgs/main.go

@@ -27,6 +27,7 @@ func main() {
 	}
 
 	cmd.Version = version
+	cmdFlags(cmd)
 
 	err = cmd.Execute()
 	if err != nil {
@@ -38,7 +39,7 @@ func main() {
 func getConnector(ctx context.Context, cfg *config) (types.ConnectorServer, error) {
 	l := ctxzap.Extract(ctx)
 
-	cb, err := connector.New(ctx)
+	cb, err := connector.New(ctx, cfg.ClientId, cfg.ClientSecret)
 	if err != nil {
 		l.Error("error creating connector", zap.Error(err))
 		return nil, err

docker-compose.yaml

@@ -0,0 +1,16 @@
+version: '3'
+services:
+  cli:
+    image: quay.io/verygoodsecurity/vgs-cli:${VERSION:-latest}
+    stdin_open: true
+    tty: true
+    # environment:
+    #   VGS_CLIENT_ID: ""
+    #   VGS_CLIENT_SECRET: ""
+    entrypoint: bash
+    env_file:
+      - .env
+    ports:
+      - "127.0.0.1:7745:7745"
+      - "127.0.0.1:8390:8390"
+      - "127.0.0.1:9056:9056"

go.mod

@@ -5,6 +5,7 @@ go 1.22.1
 require (
 	github.com/conductorone/baton-sdk v0.1.28
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
+	github.com/spf13/cobra v1.8.0
 	go.uber.org/zap v1.27.0
 )
 
@@ -60,7 +61,6 @@ require (
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/spf13/viper v1.17.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect