feat: add github account integration

opengovern · Nov 15, 2024 · e4af319 · e4af319
1 parent 6dbb098
commit e4af319
Show file tree

Hide file tree

Showing 10 changed files with 449 additions and 1 deletion.
diff --git a/go.mod b/go.mod
@@ -21,6 +21,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/organizations v1.27.3
 	github.com/aws/aws-sdk-go-v2/service/sts v1.30.5
 	github.com/axiomhq/hyperloglog v0.0.0-20230201085229-3ddf4bad03dc
+	github.com/bradleyfalzon/ghinstallation v1.1.1
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/dexidp/dex/api/v2 v2.2.0
 	github.com/envoyproxy/go-control-plane v0.13.0
@@ -31,6 +32,7 @@ require (
 	github.com/gogo/googleapis v1.4.1
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/golang/protobuf v1.5.4
+	github.com/google/go-github/v55 v55.0.0
 	github.com/google/uuid v1.6.0
 	github.com/haoel/downsampling v0.0.0-20221012062717-1132fe8afe24
 	github.com/hashicorp/vault/api v1.14.0
@@ -62,6 +64,7 @@ require (
 	golang.org/x/crypto v0.27.0
 	golang.org/x/mod v0.17.0
 	golang.org/x/net v0.29.0
+	golang.org/x/oauth2 v0.22.0
 	golang.org/x/time v0.6.0
 	google.golang.org/api v0.169.0
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142
@@ -123,6 +126,7 @@ require (
 	github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgraph-io/ristretto v0.1.1 // indirect
+	github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
 	github.com/dgryski/go-metro v0.0.0-20180109044635-280f6062b5bc // indirect
 	github.com/docker/cli v26.0.0+incompatible // indirect
 	github.com/docker/docker v27.1.1+incompatible // indirect
@@ -168,6 +172,8 @@ require (
 	github.com/golang/mock v1.6.0 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-github/v29 v29.0.2 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
@@ -293,7 +299,6 @@ require (
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect
-	golang.org/x/oauth2 v0.22.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.25.0 // indirect
 	golang.org/x/term v0.24.0 // indirect

diff --git a/go.sum b/go.sum
@@ -326,6 +326,8 @@ github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1U
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/bradleyfalzon/ghinstallation v1.1.1 h1:pmBXkxgM1WeF8QYvDLT5kuQiHMcmf+X015GI0KM/E3I=
+github.com/bradleyfalzon/ghinstallation v1.1.1/go.mod h1:vyCmHTciHx/uuyN82Zc3rXN3X2KTK8nUTCrTMwAhcug=
 github.com/btubbs/datetime v0.1.1 h1:KuV+F9tyq/hEnezmKZNGk8dzqMVsId6EpFVrQCfA3To=
 github.com/btubbs/datetime v0.1.1/go.mod h1:n2BZ/2ltnRzNiz27aE3wUb2onNttQdC+WFxAoks5jJM=
 github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=
@@ -400,6 +402,7 @@ github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0
 github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5jsE0PPFzRiKjtcdw=
 github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8=
 github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
 github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y=
@@ -638,6 +641,13 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-github/v29 v29.0.2 h1:opYN6Wc7DOz7Ku3Oh4l7prmkOMwEcQxpFtxdU8N8Pts=
+github.com/google/go-github/v29 v29.0.2/go.mod h1:CHKiKKPHJ0REzfwc14QMklvtHwCveD0PxlMjLlzAM5E=
+github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg=
+github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

diff --git a/services/integration/integration-type/github-account/configs/credentials.go b/services/integration/integration-type/github-account/configs/credentials.go
@@ -0,0 +1,9 @@
+package configs
+
+type IntegrationCredentials struct {
+	Token          string `json:"token"`
+	BaseURL        string `json:"base_url"`
+	AppId          string `json:"app_id"`
+	InstallationId string `json:"installation_id"`
+	PrivateKeyPath string `json:"private_key_path"`
+}
diff --git a/services/integration/integration-type/github-account/configs/general.go b/services/integration/integration-type/github-account/configs/general.go
@@ -0,0 +1,7 @@
+package configs
+
+import "github.com/opengovern/og-util/pkg/integration"
+
+const (
+	IntegrationTypeGithubAccount = integration.Type("github_account") // example: aws_cloud, azure_subscription
+)
diff --git a/services/integration/integration-type/github-account/configs/nats.go b/services/integration/integration-type/github-account/configs/nats.go
@@ -0,0 +1,9 @@
+package configs
+
+const (
+	StreamName           = "og_describer_github"
+	JobQueueTopic        = "og_describer_github_job_queue"
+	ConsumerGroup        = "describer-github"
+	JobQueueTopicManuals = "og_describer_github_manuals_job_queue"
+	ConsumerGroupManuals = "describer-github-manuals"
+)
diff --git a/services/integration/integration-type/github-account/configs/resource_types_list.go b/services/integration/integration-type/github-account/configs/resource_types_list.go
@@ -0,0 +1,93 @@
+package configs
+
+var TablesToResourceTypes = map[string]string{
+	"github_actions_artifact":                "Github/Actions/Artifact",
+	"github_actions_repository_runner":       "Github/Actions/Repository/Runner",
+	"github_actions_repository_secret":       "Github/Actions/Repository/Secret",
+	"github_actions_repository_workflow_run": "Github/Actions/Repository/Workflow_run",
+	"github_audit_log":                       "Github/AuditLog",
+	"github_blob":                            "Github/Blob",
+	"github_branch":                          "Github/Branch",
+	"github_branch_protection":               "Github/Branch/Protection",
+	"github_commit":                          "Github/Commit",
+	"github_community_profile":               "Github/CommunityProfile",
+	"github_my_gist":                         "Github/Gist",
+	"github_gitignore":                       "Github/Gitignore",
+	"github_my_issue":                        "Github/Issue",
+	"github_issue_comment":                   "Github/Issue/Comment",
+	"github_license":                         "Github/License",
+	"github_my_organization":                 "Github/Organization",
+	"github_organization_collaborators":      "Github/Organization/Collaborator",
+	"github_organization_dependabot_alert":   "Github/Organization/DependabotAlert",
+	"github_organization_external_identity":  "Github/Organization/ExternalIdentity",
+	"github_organization_member":             "Github/Organization/Member",
+	"github_pull_request":                    "Github/PullRequest",
+	"github_my_repository":                   "Github/Repository",
+	"github_repository_collaborator":         "Github/Repository/Collaborator",
+	"github_repository_dependabot_alert":     "Github/Repository/DependabotAlert",
+	"github_repository_deployment":           "Github/Repository/Deployment",
+	"github_repository_environment":          "Github/Repository/Environment",
+	"github_repository_ruleset":              "Github/Repository/Ruleset",
+	"github_repository_sbom":                 "Github/Repository/SBOM",
+	"github_repository_vulnerability_alert":  "Github/Repository/VulnerabilityAlert",
+	"github_search_code":                     "Github/Search/Code",
+	"github_search_commit":                   "Github/Search/Commit",
+	"github_search_issue":                    "Github/Search/Issue",
+	"github_my_star":                         "Github/Star",
+	"github_stargazer":                       "Github/Stargazer",
+	"github_tag":                             "Github/Tag",
+	"github_my_team":                         "Github/Team",
+	"github_team_member":                     "Github/Team/Member",
+	"github_team_repository":                 "Github/Team/Repository",
+	"github_traffic_view_daily":              "Github/Traffic/View/Daily",
+	"github_traffic_view_weekly":             "Github/Traffic/View/Weekly",
+	"github_tree":                            "Github/Tree",
+	"github_user":                            "GithubUser",
+	"github_workflow":                        "GithubWorkflow",
+}
+
+var ResourceTypesList = []string{
+	"Github/Actions/Artifact",
+	"Github/Actions/Repository/Runner",
+	"Github/Actions/Repository/Secret",
+	"Github/Actions/Repository/Workflow_run",
+	"Github/AuditLog",
+	"Github/Blob",
+	"Github/Branch",
+	"Github/Branch/Protection",
+	"Github/Commit",
+	"Github/CommunityProfile",
+	"Github/Gist",
+	"Github/Gitignore",
+	"Github/Issue",
+	"Github/Issue/Comment",
+	"Github/License",
+	"Github/Organization",
+	"Github/Organization/Collaborator",
+	"Github/Organization/DependabotAlert",
+	"Github/Organization/ExternalIdentity",
+	"Github/Organization/Member",
+	"Github/PullRequest",
+	"Github/Repository",
+	"Github/Repository/Collaborator",
+	"Github/Repository/DependabotAlert",
+	"Github/Repository/Deployment",
+	"Github/Repository/Environment",
+	"Github/Repository/Ruleset",
+	"Github/Repository/SBOM",
+	"Github/Repository/VulnerabilityAlert",
+	"Github/Search/Code",
+	"Github/Search/Commit",
+	"Github/Search/Issue",
+	"Github/Star",
+	"Github/Stargazer",
+	"Github/Tag",
+	"Github/Team",
+	"Github/Team/Member",
+	"Github/Team/Repository",
+	"Github/Traffic/View/Daily",
+	"Github/Traffic/View/Weekly",
+	"Github/Tree",
+	"GithubUser",
+	"GithubWorkflow",
+}
diff --git a/...ces/integration/integration-type/github-account/discovery/github_integration_discovery.go b/...ces/integration/integration-type/github-account/discovery/github_integration_discovery.go
@@ -0,0 +1,46 @@
+package discovery
+
+import (
+	"context"
+	"github.com/opengovern/opengovernance/services/integration/integration-type/github-account/healthcheck"
+	"strconv"
+)
+
+// Config represents the JSON input configuration
+type Config struct {
+	Token          string `json:"token"`
+	BaseURL        string `json:"base_url"`
+	AppId          string `json:"app_id"`
+	InstallationId string `json:"installation_id"`
+	PrivateKeyPath string `json:"private_key_path"`
+}
+
+type Account struct {
+	ID        string `json:"id"`
+	Name      string `json:"name"`
+	Type      string `json:"type"`
+	IsHealthy bool   `json:"isHealthy"`
+}
+
+func GithubIntegrationDiscovery(config Config) ([]Account, error) {
+	isHealthy, client, err := healthcheck.GithubIntegrationHealthcheck(healthcheck.Config{
+		Token:          config.Token,
+		BaseURL:        config.BaseURL,
+		AppId:          config.AppId,
+		InstallationId: config.InstallationId,
+		PrivateKeyPath: config.PrivateKeyPath,
+	})
+	if err != nil {
+		return nil, err
+	}
+	account, _, err := client.Users.Get(context.Background(), "")
+	if err != nil {
+		return nil, err
+	}
+	return []Account{{
+		ID:        strconv.Itoa(int(*account.ID)),
+		Name:      *account.Login,
+		Type:      *account.Type,
+		IsHealthy: isHealthy,
+	}}, nil
+}
diff --git a/services/integration/integration-type/github-account/github_account.go b/services/integration/integration-type/github-account/github_account.go
@@ -0,0 +1,88 @@
+package github_account
+
+import (
+	"encoding/json"
+	"github.com/jackc/pgtype"
+	githubDescriberLocal "github.com/opengovern/opengovernance/services/integration/integration-type/github-account/configs"
+	"github.com/opengovern/opengovernance/services/integration/integration-type/github-account/discovery"
+	"github.com/opengovern/opengovernance/services/integration/integration-type/github-account/healthcheck"
+	"github.com/opengovern/opengovernance/services/integration/integration-type/interfaces"
+	"github.com/opengovern/opengovernance/services/integration/models"
+)
+
+type GithubAccountIntegration struct{}
+
+func (i *GithubAccountIntegration) GetConfiguration() interfaces.IntegrationConfiguration {
+	return interfaces.IntegrationConfiguration{
+		NatsScheduledJobsTopic: githubDescriberLocal.JobQueueTopic,
+		NatsManualJobsTopic:    githubDescriberLocal.JobQueueTopicManuals,
+		NatsStreamName:         githubDescriberLocal.StreamName,
+
+		UISpecFileName: "github-account.json",
+	}
+}
+
+func (i *GithubAccountIntegration) HealthCheck(jsonData []byte, providerId string, labels map[string]string, annotations map[string]string) (bool, error) {
+	var credentials githubDescriberLocal.IntegrationCredentials
+	err := json.Unmarshal(jsonData, &credentials)
+	if err != nil {
+		return false, err
+	}
+
+	isHealthy, _, err := healthcheck.GithubIntegrationHealthcheck(healthcheck.Config{
+		Token:          credentials.Token,
+		BaseURL:        credentials.BaseURL,
+		AppId:          credentials.AppId,
+		InstallationId: credentials.InstallationId,
+		PrivateKeyPath: credentials.PrivateKeyPath,
+	})
+	return isHealthy, err
+}
+
+func (i *GithubAccountIntegration) DiscoverIntegrations(jsonData []byte) ([]models.Integration, error) {
+	var credentials githubDescriberLocal.IntegrationCredentials
+	err := json.Unmarshal(jsonData, &credentials)
+	if err != nil {
+		return nil, err
+	}
+	var integrations []models.Integration
+	accounts, err := discovery.GithubIntegrationDiscovery(discovery.Config{
+		Token:          credentials.Token,
+		BaseURL:        credentials.BaseURL,
+		AppId:          credentials.AppId,
+		InstallationId: credentials.InstallationId,
+		PrivateKeyPath: credentials.PrivateKeyPath,
+	})
+	for _, a := range accounts {
+		labels := map[string]string{
+			"AccountType": a.Type,
+		}
+		labelsJsonData, err := json.Marshal(labels)
+		if err != nil {
+			return nil, err
+		}
+		integrationLabelsJsonb := pgtype.JSONB{}
+		err = integrationLabelsJsonb.Set(labelsJsonData)
+		if err != nil {
+			return nil, err
+		}
+		integrations = append(integrations, models.Integration{
+			ProviderID: a.ID,
+			Name:       a.Name,
+			Labels:     integrationLabelsJsonb,
+		})
+	}
+	return integrations, nil
+}
+
+func (i *GithubAccountIntegration) GetResourceTypesByLabels(map[string]string) ([]string, error) {
+	return githubDescriberLocal.ResourceTypesList, nil
+}
+
+func (i *GithubAccountIntegration) GetResourceTypeFromTableName(tableName string) string {
+	if v, ok := githubDescriberLocal.TablesToResourceTypes[tableName]; ok {
+		return v
+	}
+
+	return ""
+}