From 7483d07bb8f490aee4d4ae61bfbcb53adf0a8a15 Mon Sep 17 00:00:00 2001 From: Johannes Tandler Date: Fri, 26 Apr 2024 08:35:51 +0200 Subject: [PATCH 1/2] Add option to verify calendar access --- cmd/ic-assignment/main.go | 9 ++++++++ pkg/icassigner/verify.go | 48 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 pkg/icassigner/verify.go diff --git a/cmd/ic-assignment/main.go b/cmd/ic-assignment/main.go index f4b03a8..38ee232 100644 --- a/cmd/ic-assignment/main.go +++ b/cmd/ic-assignment/main.go @@ -69,6 +69,15 @@ func main() { Config: cfg, } + onlyVerify := githubaction.GetInputOrDefault("verify", "false") == "true" + if onlyVerify { + log.Println("Running verification of calendar access only") + + action.Verify(ctx) + + return + } + err = action.Run(ctx, actionCtx, dryRun) if err != nil { log.Fatalf("Unable to run action: %v", err) diff --git a/pkg/icassigner/verify.go b/pkg/icassigner/verify.go new file mode 100644 index 0000000..9b1cd9f --- /dev/null +++ b/pkg/icassigner/verify.go @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: Apache-2.0 +// +// Copyright 2024 Grafana Labs +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package icassigner + +import ( + "context" + "log" + "strings" + + githubaction "github.com/grafana/escalation-scheduler/pkg/github-action" +) + +// Verify the calendar access of everyone defined in the configuration. +// +// All members of whom calendars can't be accessed are set as "inaccessibleMembers" output +func (a *Action) Verify(ctx context.Context) { + inaccessibleMembers := []string{} + + for _, team := range a.Config.Teams { + for _, m := range team.Members { + + _, err := checkAvailability(m) + if err != nil { + log.Printf("Unable to check availability of %q, due %v\n", m.Name, err) + inaccessibleMembers = append(inaccessibleMembers, m.Name) + } else { + log.Printf("Able to check availability of %q\n", m.Name) + } + + } + } + + githubaction.SetOutput("inaccessibleMembers", strings.Join(inaccessibleMembers, ", ")) +} From 543dbf198fb0c1fde5e935e2b0eefa5cc9e5c231 Mon Sep 17 00:00:00 2001 From: Tomas Pica Date: Wed, 6 Nov 2024 12:14:05 +0100 Subject: [PATCH 2/2] Add verify_test.go for easy local gcal testing --- .../testdata/gcal-service-account.json | 13 ++++ pkg/icassigner/verify.go | 4 +- pkg/icassigner/verify_test.go | 68 +++++++++++++++++++ 3 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 pkg/icassigner/testdata/gcal-service-account.json create mode 100644 pkg/icassigner/verify_test.go diff --git a/pkg/icassigner/testdata/gcal-service-account.json b/pkg/icassigner/testdata/gcal-service-account.json new file mode 100644 index 0000000..9128396 --- /dev/null +++ b/pkg/icassigner/testdata/gcal-service-account.json @@ -0,0 +1,13 @@ +{ + "type": "service_account", + "project_id": "", + "private_key_id": "", + "private_key": "", + "client_email": "", + "client_id": "", + "auth_uri": "", + "token_uri": "", + "auth_provider_x509_cert_url": "", + "client_x509_cert_url": "", + "universe_domain": "googleapis.com" +} diff --git a/pkg/icassigner/verify.go b/pkg/icassigner/verify.go index 9b1cd9f..b3312b0 100644 --- a/pkg/icassigner/verify.go +++ b/pkg/icassigner/verify.go @@ -27,7 +27,7 @@ import ( // Verify the calendar access of everyone defined in the configuration. // // All members of whom calendars can't be accessed are set as "inaccessibleMembers" output -func (a *Action) Verify(ctx context.Context) { +func (a *Action) Verify(ctx context.Context) []string { inaccessibleMembers := []string{} for _, team := range a.Config.Teams { @@ -45,4 +45,6 @@ func (a *Action) Verify(ctx context.Context) { } githubaction.SetOutput("inaccessibleMembers", strings.Join(inaccessibleMembers, ", ")) + + return inaccessibleMembers } diff --git a/pkg/icassigner/verify_test.go b/pkg/icassigner/verify_test.go new file mode 100644 index 0000000..0543345 --- /dev/null +++ b/pkg/icassigner/verify_test.go @@ -0,0 +1,68 @@ +// SPDX-License-Identifier: Apache-2.0 +// +// Copyright 2024 Grafana Labs +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package icassigner + +import ( + "context" + "io" + "os" + "testing" +) + +// TestVerify tests the Verify function +// You can use this to verify accessibility to members calendar locally. To do so: +// 1. Put the service account JSON secret in testdata/gcal-service-account.json +// 2. Add the members to the Config +// 3. Adjust your expectations and run the test +func TestVerify(t *testing.T) { + loadServiceAccountToEnv(t) + + cfg := Config{ + Teams: map[string]TeamConfig{ + "team1": { + Members: []MemberConfig{ + { + Name: "test", + GoogleCalendar: "test@grafana.com", + Output: "test", + }, + }, + }, + }, + } + + action := Action{ + Config: cfg, + } + + im := action.Verify(context.TODO()) + if len(im) != 1 { + t.Fatalf("Expected 1 inaccessible members, got %d", len(im)) + } +} + +func loadServiceAccountToEnv(t *testing.T) { + reader, err := os.Open("testdata/gcal-service-account.json") + if err != nil { + t.Fatalf("Unable to open service account JSON secret, due %v", err) + } + value, err := io.ReadAll(reader) + if err != nil { + t.Fatalf("Unable to read service account JSON secret, due %v", err) + } + os.Setenv("INPUT_GCAL-SERVICE-ACOUNT-KEY", string(value)) +}