diff --git a/cmd/root.go b/cmd/root.go index 90810558..4d094d67 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -77,6 +77,7 @@ func Execute() { } } +// Handler for when executing as a lambda func Handler(ctx context.Context, event events.CodePipelineEvent) (string, error) { log.Debug(event) err := rootCmd.Execute() @@ -107,31 +108,31 @@ func Handler(ctx context.Context, event events.CodePipelineEvent) (string, error if cplErr != nil { log.Fatalf(errors.Wrap(err, "Failed to update CodePipeline jobID status").Error()) } - return "Failure", err - } else { - log.Info("Notifying CodePipeline and mark its job execution as Success") - jobID := event.CodePipelineJob.ID - if len(jobID) == 0 { - panic("CodePipeline Job ID is not set") - } - // mark the job as Success. - cplSuccess := &codepipeline.PutJobSuccessResultInput{ - JobId: aws.String(jobID), - } - _, cplErr := cpl.PutJobSuccessResult(cplSuccess) - if cplErr != nil { - log.Fatalf(errors.Wrap(err, "Failed to update CodePipeline jobID status").Error()) - } - return "Success", nil + return "Failure", err } - } else { - if err != nil { - log.Fatalf(errors.Wrap(err, "Notifying Lambda and mark this execution as Failure").Error()) - return "Failure", err - } else { - return "Success", nil + + log.Info("Notifying CodePipeline and mark its job execution as Success") + jobID := event.CodePipelineJob.ID + if len(jobID) == 0 { + panic("CodePipeline Job ID is not set") } + // mark the job as Success. + cplSuccess := &codepipeline.PutJobSuccessResultInput{ + JobId: aws.String(jobID), + } + _, cplErr := cpl.PutJobSuccessResult(cplSuccess) + if cplErr != nil { + log.Fatalf(errors.Wrap(err, "Failed to update CodePipeline jobID status").Error()) + } + + return "Success", nil + } + + if err != nil { + log.Fatalf(errors.Wrap(err, "Notifying Lambda and mark this execution as Failure").Error()) + return "Failure", err } + return "Success", nil } func init() { @@ -215,7 +216,7 @@ func configLambda() { } cfg.SCIMAccessToken = unwrap - unwrap, err = secrets.SCIMEndpointUrl(os.Getenv("SCIM_ENDPOINT")) + unwrap, err = secrets.SCIMEndpointURL(os.Getenv("SCIM_ENDPOINT")) if err != nil { log.Fatalf(errors.Wrap(err, "cannot read config: SCIM_ENDPOINT").Error()) } diff --git a/internal/aws/client.go b/internal/aws/client.go index 2c30ac9d..6674f61d 100644 --- a/internal/aws/client.go +++ b/internal/aws/client.go @@ -28,16 +28,20 @@ import ( ) var ( + // ErrUserNotFound ErrUserNotFound = errors.New("user not found") + // ErrGroupNotFound ErrGroupNotFound = errors.New("group not found") + // ErrUserNotSpecified ErrUserNotSpecified = errors.New("user not specified") ) -type ErrHttpNotOK struct { +// ErrHTTPNotOK +type ErrHTTPNotOK struct { StatusCode int } -func (e *ErrHttpNotOK) Error() string { +func (e *ErrHTTPNotOK) Error() string { return fmt.Sprintf("status of http response was %d", e.StatusCode) } @@ -62,7 +66,7 @@ type Client interface { } type client struct { - httpClient HttpClient + httpClient HTTPClient endpointURL *url.URL bearerToken string } @@ -70,7 +74,7 @@ type client struct { // NewClient creates a new client to talk with AWS SSO's SCIM endpoint. It // requires a http.Client{} as well as the URL and bearer token from the // console. If the URL is not parsable, an error will be thrown. -func NewClient(c HttpClient, config *Config) (Client, error) { +func NewClient(c HTTPClient, config *Config) (Client, error) { u, err := url.Parse(config.Endpoint) if err != nil { return nil, err @@ -118,7 +122,7 @@ func (c *client) sendRequestWithBody(method string, url string, body interface{} // If we get a non-2xx status code, raise that via an error if resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusNoContent { - err = &ErrHttpNotOK{resp.StatusCode} + err = &ErrHTTPNotOK{resp.StatusCode} } return diff --git a/internal/aws/client_test.go b/internal/aws/client_test.go index cd4ce933..02761513 100644 --- a/internal/aws/client_test.go +++ b/internal/aws/client_test.go @@ -72,7 +72,7 @@ func TestNewClient(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - x := mock.NewMockIHttpClient(ctrl) + x := mock.NewIHTTPClient(ctrl) c, err := NewClient(x, &Config{ Endpoint: ":foo", @@ -86,7 +86,7 @@ func TestSendRequestBadUrl(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - x := mock.NewMockIHttpClient(ctrl) + x := mock.NewIHTTPClient(ctrl) c, err := NewClient(x, &Config{ Endpoint: "https://scim.example.com/", @@ -104,7 +104,7 @@ func TestSendRequestBadStatusCode(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - x := mock.NewMockIHttpClient(ctrl) + x := mock.NewIHTTPClient(ctrl) c, err := NewClient(x, &Config{ Endpoint: "https://scim.example.com/", @@ -134,7 +134,7 @@ func TestSendRequestCheckAuthHeader(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - x := mock.NewMockIHttpClient(ctrl) + x := mock.NewIHTTPClient(ctrl) c, err := NewClient(x, &Config{ Endpoint: "https://scim.example.com/", @@ -169,7 +169,7 @@ func TestSendRequestWithBodyCheckHeaders(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - x := mock.NewMockIHttpClient(ctrl) + x := mock.NewIHTTPClient(ctrl) c, err := NewClient(x, &Config{ Endpoint: "https://scim.example.com/", @@ -206,7 +206,7 @@ func TestClient_FindUserByEmail(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - x := mock.NewMockIHttpClient(ctrl) + x := mock.NewIHTTPClient(ctrl) c, err := NewClient(x, &Config{ Endpoint: "https://scim.example.com/", @@ -282,7 +282,7 @@ func TestClient_FindGroupByDisplayName(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - x := mock.NewMockIHttpClient(ctrl) + x := mock.NewIHTTPClient(ctrl) c, err := NewClient(x, &Config{ Endpoint: "https://scim.example.com/", @@ -362,7 +362,7 @@ func TestClient_CreateUser(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - x := mock.NewMockIHttpClient(ctrl) + x := mock.NewIHTTPClient(ctrl) c, err := NewClient(x, &Config{ Endpoint: "https://scim.example.com/", @@ -407,7 +407,7 @@ func TestClient_UpdateUser(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - x := mock.NewMockIHttpClient(ctrl) + x := mock.NewIHTTPClient(ctrl) c, err := NewClient(x, &Config{ Endpoint: "https://scim.example.com/", diff --git a/internal/aws/http.go b/internal/aws/http.go index 3cb71312..df65396c 100644 --- a/internal/aws/http.go +++ b/internal/aws/http.go @@ -16,7 +16,7 @@ package aws import "net/http" -// HttpClient is a generic HTTP Do interface -type HttpClient interface { +// HTTPClient is a generic HTTP Do interface +type HTTPClient interface { Do(req *http.Request) (*http.Response, error) } diff --git a/internal/aws/mock/mock_http.go b/internal/aws/mock/mock_http.go index 06de41d5..d0774d04 100644 --- a/internal/aws/mock/mock_http.go +++ b/internal/aws/mock/mock_http.go @@ -21,31 +21,31 @@ import ( "github.com/golang/mock/gomock" ) -// MockIHttpClient is a mock of IHttpClient interface -type MockIHttpClient struct { +// IHTTPClient is a mock of IHTTPClient interface +type IHTTPClient struct { ctrl *gomock.Controller - recorder *MockIHttpClientMockRecorder + recorder *IHTTPClientMockRecorder } -// MockIHttpClientMockRecorder is the mock recorder for MockIHttpClient -type MockIHttpClientMockRecorder struct { - mock *MockIHttpClient +// IHTTPClientMockRecorder is the mock recorder for IHTTPClient +type IHTTPClientMockRecorder struct { + mock *IHTTPClient } -// NewMockIHttpClient creates a new mock instance -func NewMockIHttpClient(ctrl *gomock.Controller) *MockIHttpClient { - mock := &MockIHttpClient{ctrl: ctrl} - mock.recorder = &MockIHttpClientMockRecorder{mock} +// NewIHTTPClient creates a new mock instance +func NewIHTTPClient(ctrl *gomock.Controller) *IHTTPClient { + mock := &IHTTPClient{ctrl: ctrl} + mock.recorder = &IHTTPClientMockRecorder{mock} return mock } // EXPECT returns an object that allows the caller to indicate expected use -func (m *MockIHttpClient) EXPECT() *MockIHttpClientMockRecorder { +func (m *IHTTPClient) EXPECT() *IHTTPClientMockRecorder { return m.recorder } // Do mocks base method -func (m *MockIHttpClient) Do(req *http.Request) (*http.Response, error) { +func (m *IHTTPClient) Do(req *http.Request) (*http.Response, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "Do", req) ret0, _ := ret[0].(*http.Response) @@ -54,7 +54,7 @@ func (m *MockIHttpClient) Do(req *http.Request) (*http.Response, error) { } // Do indicates an expected call of Do -func (mr *MockIHttpClientMockRecorder) Do(req interface{}) *gomock.Call { +func (mr *IHTTPClientMockRecorder) Do(req interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Do", reflect.TypeOf((*MockIHttpClient)(nil).Do), req) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Do", reflect.TypeOf((*IHTTPClient)(nil).Do), req) } diff --git a/internal/config/secrets.go b/internal/config/secrets.go index 3b519d2c..e8ce2137 100644 --- a/internal/config/secrets.go +++ b/internal/config/secrets.go @@ -34,10 +34,10 @@ func (s *Secrets) SCIMAccessToken(secretArn string) (string, error) { return s.getSecret(secretArn) } -// SCIMEndpointUrl ... -func (s *Secrets) SCIMEndpointUrl(secretArn string) (string, error) { +// SCIMEndpointURL ... +func (s *Secrets) SCIMEndpointURL(secretArn string) (string, error) { if len([]rune(secretArn)) == 0 { - return s.getSecret("SSOSyncSCIMEndpointUrl") + return s.getSecret("SSOSyncSCIMEndpointURL") } return s.getSecret(secretArn) } @@ -58,7 +58,7 @@ func (s *Secrets) Region(secretArn string) (string, error) { return s.getSecret(secretArn) } -// Identity Store ID ... +// IdentityStoreID ... func (s *Secrets) IdentityStoreID(secretArn string) (string, error) { if len([]rune(secretArn)) == 0 { return s.getSecret("IdentityStoreID") diff --git a/internal/google/client.go b/internal/google/client.go index 606a7b37..448c5ceb 100644 --- a/internal/google/client.go +++ b/internal/google/client.go @@ -175,18 +175,17 @@ func (c *client) GetGroups(query string) ([]*admin.Group, error) { return nil }) return g, err - } else { + } - // The Google api doesn't support multi-part queries, but we do so we need to split into an array of query strings - queries := strings.Split(query, ",") + // The Google api doesn't support multi-part queries, but we do so we need to split into an array of query strings + queries := strings.Split(query, ",") - // Then call the api one query at a time, appending to our list - for _, subQuery := range queries { - err = c.service.Groups.List().Customer("my_customer").Query(subQuery).Pages(context.TODO(), func(groups *admin.Groups) error { - g = append(g, groups.Groups...) - return nil - }) - } + // Then call the api one query at a time, appending to our list + for _, subQuery := range queries { + err = c.service.Groups.List().Customer("my_customer").Query(subQuery).Pages(context.TODO(), func(groups *admin.Groups) error { + g = append(g, groups.Groups...) + return nil + }) } // Check we've got some users otherwise something is wrong. diff --git a/internal/sync.go b/internal/sync.go index a6968bbf..9d3a81d3 100644 --- a/internal/sync.go +++ b/internal/sync.go @@ -393,8 +393,8 @@ func (s *syncGSuite) SyncGroupsUsers(queryGroups string, queryUsers string) erro log.Info("creating user") _, err := s.aws.CreateUser(awsUser) if err != nil { - errHttp := new(aws.ErrHttpNotOK) - if errors.As(err, &errHttp) && errHttp.StatusCode == 409 { + errHTTP := new(aws.ErrHTTPNotOK) + if errors.As(err, &errHTTP) && errHTTP.StatusCode == 409 { log.WithField("user", awsUser.Username).Warn("user already exists") continue } @@ -805,10 +805,8 @@ func DoSync(ctx context.Context, cfg *config.Config) error { if err != nil { log.WithField("error", err).Warn("Problem performing test query against Identity Store") return err - } else { - log.WithField("Groups", response).Info("Test call for groups successful") - - } + } + log.WithField("Groups", response).Info("Test call for groups successful") // Initialize sync client with // 1. SCIM API client @@ -884,6 +882,8 @@ func (s *syncGSuite) GetGroups() ([]*aws.Group, error) { return awsGroups, nil } +// ListGroupsPagesCallbackFn +// Callback handler for paginated List of Groups func ListGroupsPagesCallbackFn(page *identitystore.ListGroupsOutput, lastPage bool) bool { // Loop through each Group returned for _, group := range page.Groups { @@ -916,6 +916,8 @@ func (s *syncGSuite) GetUsers() ([]*aws.User, error) { return awsUsers, nil } +// ListUsersPagesCallbackFn +// Callback handler for paginated List of Users func ListUsersPagesCallbackFn(page *identitystore.ListUsersOutput, lastPage bool) bool { // Loop through each User in ListUsersOutput and convert to native User object for _, user := range page.Users { @@ -924,6 +926,8 @@ func ListUsersPagesCallbackFn(page *identitystore.ListUsersOutput, lastPage bool return !lastPage } +// ConvertSdkUserObjToNative +// Convert SDK user to native user object func ConvertSdkUserObjToNative(user *identitystore.User) *aws.User { // Convert emails into native Email object userEmails := make([]aws.UserEmail, 0) @@ -968,6 +972,8 @@ func ConvertSdkUserObjToNative(user *identitystore.User) *aws.User { } } +// CreateUserIDtoUserObjMap +// Create User ID for user object map func CreateUserIDtoUserObjMap(awsUsers []*aws.User) map[string]*aws.User { awsUsersMap := make(map[string]*aws.User) @@ -978,6 +984,8 @@ func CreateUserIDtoUserObjMap(awsUsers []*aws.User) map[string]*aws.User { return awsUsersMap } +// ListGroupMembershipPagesCallbackFn +// Handler for Paginated Group Membership List var ListGroupMembershipPagesCallbackFn func(page *identitystore.ListGroupMembershipsOutput, lastPage bool) bool func (s *syncGSuite) GetGroupMembershipsLists(awsGroups []*aws.Group, awsUsersMap map[string]*aws.User) (map[string][]*aws.User, error) { @@ -986,8 +994,8 @@ func (s *syncGSuite) GetGroupMembershipsLists(awsGroups []*aws.Group, awsUsersMa ListGroupMembershipPagesCallbackFn = func(page *identitystore.ListGroupMembershipsOutput, lastPage bool) bool { for _, member := range page.GroupMemberships { // For every member in the group - userId := member.MemberId.UserId - user := awsUsersMap[*userId] + userID := member.MemberId.UserId + user := awsUsersMap[*userID] // Append new user onto existing list of users awsGroupsUsers[curGroup.DisplayName] = append(awsGroupsUsers[curGroup.DisplayName], user) @@ -1034,12 +1042,12 @@ func (s *syncGSuite) IsUserInGroup(user *aws.User, group *aws.Group) (*bool, err return isUserInGroup, nil } -func (s *syncGSuite) RemoveUserFromGroup(userId *string, groupId *string) error { - memberIdOutput, err := s.identityStoreClient.GetGroupMembershipId( +func (s *syncGSuite) RemoveUserFromGroup(userID *string, groupID *string) error { + memberIDOutput, err := s.identityStoreClient.GetGroupMembershipId( &identitystore.GetGroupMembershipIdInput{ IdentityStoreId: &s.cfg.IdentityStoreID, - GroupId: groupId, - MemberId: &identitystore.MemberId{UserId: userId}, + GroupId: groupID, + MemberId: &identitystore.MemberId{UserId: userID}, }, ) @@ -1047,12 +1055,12 @@ func (s *syncGSuite) RemoveUserFromGroup(userId *string, groupId *string) error return err } - memberId := memberIdOutput.MembershipId + memberID := memberIDOutput.MembershipId _, err = s.identityStoreClient.DeleteGroupMembership( &identitystore.DeleteGroupMembershipInput{ IdentityStoreId: &s.cfg.IdentityStoreID, - MembershipId: memberId, + MembershipId: memberID, }, ) diff --git a/internal/sync_test.go b/internal/sync_test.go index f76e32fc..9b2fa108 100644 --- a/internal/sync_test.go +++ b/internal/sync_test.go @@ -37,7 +37,7 @@ import ( func toJSON(stc interface{}) []byte { JSON, err := json.MarshalIndent(stc, "", " ") if err != nil { - log.Fatalf(err.Error()) + log.Fatal(err) } return JSON }