Add plugin resource handling in tctl (#42223)

Author: smallinsky

api/gen/proto/go/teleport/plugins/v1/plugin_service.pb.go

@@ -68,6 +68,12 @@ message GetPluginRequest {
   bool with_secrets = 2;
 }
 
+// UpdatePluginRequest is a request to update a plugin instance.
+message UpdatePluginRequest {
+  // Plugin is the plugin object to update.
+  types.PluginV1 plugin = 1;
+}
+
 // ListPluginsRequest is a paginated request to list all plugin instances.
 message ListPluginsRequest {
   // PageSize is the maximum number of plugins to return in a single response.
@@ -180,6 +186,9 @@ service PluginService {
   // GetPlugin returns a plugin instance by name.
   rpc GetPlugin(GetPluginRequest) returns (types.PluginV1);
 
+  // UpdatePlugin updates a plugin instance.
+  rpc UpdatePlugin(UpdatePluginRequest) returns (types.PluginV1);
+
   // DeletePlugin removes the specified plugin instance.
   rpc DeletePlugin(DeletePluginRequest) returns (google.protobuf.Empty);
 

api/gen/proto/go/teleport/plugins/v1/plugin_service_grpc.pb.go

@@ -72,6 +72,31 @@ func (s *PluginsService) DeletePlugin(ctx context.Context, name string) error {
 	return nil
 }
 
+// UpdatePlugin updates a plugin resource.
+func (s *PluginsService) UpdatePlugin(ctx context.Context, plugin types.Plugin) (types.Plugin, error) {
+	if err := services.CheckAndSetDefaults(plugin); err != nil {
+		return nil, trace.Wrap(err)
+	}
+	value, err := services.MarshalPlugin(plugin)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	item := backend.Item{
+		Key:      backend.Key(pluginsPrefix, plugin.GetName()),
+		Value:    value,
+		Expires:  plugin.Expiry(),
+		Revision: plugin.GetRevision(),
+	}
+	lease, err := s.backend.ConditionalUpdate(ctx, item)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	if err := types.SetRevision(plugin, lease.Revision); err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return plugin, nil
+}
+
 // DeleteAllPlugins implements service.Plugins
 func (s *PluginsService) DeleteAllPlugins(ctx context.Context) error {
 	startKey := backend.ExactKey(pluginsPrefix)

api/proto/teleport/plugins/v1/plugin_service.proto

@@ -32,6 +32,7 @@ import (
 // Plugins is the plugin service
 type Plugins interface {
 	CreatePlugin(ctx context.Context, plugin types.Plugin) error
+	UpdatePlugin(ctx context.Context, plugin types.Plugin) (types.Plugin, error)
 	DeleteAllPlugins(ctx context.Context) error
 	DeletePlugin(ctx context.Context, name string) error
 	GetPlugin(ctx context.Context, name string, withSecrets bool) (types.Plugin, error)

lib/services/local/plugins.go

@@ -235,6 +235,8 @@ func ParseShortcut(in string) (string, error) {
 		return types.KindVnetConfig, nil
 	case types.KindAccessRequest, types.KindAccessRequest + "s", "accessrequest", "accessrequests":
 		return types.KindAccessRequest, nil
+	case types.KindPlugin, types.KindPlugin + "s":
+		return types.KindPlugin, nil
 	}
 	return "", trace.BadParameter("unsupported resource: %q - resources should be expressed as 'type/name', for example 'connector/github'", in)
 }

lib/services/plugins.go

@@ -19,6 +19,7 @@
 package common
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 	"sort"
@@ -1524,3 +1525,128 @@ func (c *accessRequestCollection) writeText(w io.Writer, verbose bool) error {
 	_, err := t.AsBuffer().WriteTo(w)
 	return trace.Wrap(err)
 }
+
+type pluginCollection struct {
+	plugins []types.Plugin
+}
+
+type pluginResourceWrapper struct {
+	types.PluginV1
+}
+
+func (p *pluginResourceWrapper) UnmarshalJSON(data []byte) error {
+
+	const (
+		credOauth2AccessToken     = "oauth2_access_token"
+		credBearerToken           = "bearer_token"
+		credIdSecret              = "id_secret"
+		credStaticCredentialsRef  = "static_credentials_ref"
+		settingsSlackAccessPlugin = "slack_access_plugin"
+		settingsOpsgenie          = "opsgenie"
+		settingsOpenAI            = "openai"
+		settingsOkta              = "okta"
+		settingsJamf              = "jamf"
+		settingsPagerDuty         = "pager_duty"
+		settingsMattermost        = "mattermost"
+		settingsJira              = "jira"
+		settingsDiscord           = "discord"
+		settingsServiceNow        = "serviceNow"
+		settingsGitlab            = "gitlab"
+		settingsEntraID           = "entra_id"
+	)
+	type unknownPluginType struct {
+		Spec struct {
+			Settings map[string]json.RawMessage `json:"Settings"`
+		} `json:"spec"`
+		Credentials struct {
+			Credentials map[string]json.RawMessage `json:"Credentials"`
+		} `json:"credentials"`
+	}
+
+	var unknownPlugin unknownPluginType
+	if err := json.Unmarshal(data, &unknownPlugin); err != nil {
+		return err
+	}
+
+	if unknownPlugin.Spec.Settings == nil {
+		return trace.BadParameter("plugin settings are missing")
+	}
+	if len(unknownPlugin.Spec.Settings) != 1 {
+		return trace.BadParameter("unknown plugin settings count")
+	}
+
+	if len(unknownPlugin.Credentials.Credentials) == 1 {
+		p.PluginV1.Credentials = &types.PluginCredentialsV1{}
+		for k := range unknownPlugin.Credentials.Credentials {
+			switch k {
+			case credOauth2AccessToken:
+				p.PluginV1.Credentials.Credentials = &types.PluginCredentialsV1_Oauth2AccessToken{}
+			case credBearerToken:
+				p.PluginV1.Credentials.Credentials = &types.PluginCredentialsV1_BearerToken{}
+			case credIdSecret:
+				p.PluginV1.Credentials.Credentials = &types.PluginCredentialsV1_IdSecret{}
+			case credStaticCredentialsRef:
+				p.PluginV1.Credentials.Credentials = &types.PluginCredentialsV1_StaticCredentialsRef{}
+			default:
+				return trace.BadParameter("unsupported plugin credential type: %v", k)
+			}
+		}
+	}
+
+	for k := range unknownPlugin.Spec.Settings {
+
+		switch k {
+		case settingsSlackAccessPlugin:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_SlackAccessPlugin{}
+		case settingsOpsgenie:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_Opsgenie{}
+		case settingsOpenAI:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_Openai{}
+		case settingsOkta:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_Okta{}
+		case settingsJamf:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_Jamf{}
+		case settingsPagerDuty:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_PagerDuty{}
+		case settingsMattermost:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_Mattermost{}
+		case settingsJira:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_Jira{}
+		case settingsDiscord:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_Discord{}
+		case settingsServiceNow:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_ServiceNow{}
+		case settingsGitlab:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_Gitlab{}
+		case settingsEntraID:
+			p.PluginV1.Spec.Settings = &types.PluginSpecV1_EntraId{}
+		default:
+			return trace.BadParameter("unsupported plugin type: %v", k)
+		}
+	}
+
+	if err := json.Unmarshal(data, &p.PluginV1); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *pluginCollection) resources() []types.Resource {
+	r := make([]types.Resource, len(c.plugins))
+	for i, resource := range c.plugins {
+		r[i] = resource
+	}
+	return r
+}
+
+func (c *pluginCollection) writeText(w io.Writer, verbose bool) error {
+	t := asciitable.MakeTable([]string{"Name", "Status"})
+	for _, plugin := range c.plugins {
+		t.AddRow([]string{
+			plugin.GetName(),
+			plugin.GetStatus().GetCode().String(),
+		})
+	}
+	_, err := t.AsBuffer().WriteTo(w)
+	return trace.Wrap(err)
+}