Skip to content

Commit

Permalink
GCP integration - add new auth method support (#229)
Browse files Browse the repository at this point in the history
  • Loading branch information
anosek-an authored Nov 14, 2024
1 parent 0584d43 commit 84ee8bb
Show file tree
Hide file tree
Showing 4 changed files with 105 additions and 2 deletions.
17 changes: 17 additions & 0 deletions integration/model_gcp_auth_method.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
/*
* Integrations API
*
* APIs for creating, retrieving, updating, and deleting SignalFx integrations to the systems you use.<br> An integration provides SignalFx with information from the external system that you're connecting to. You'll need to retrieve this information from the external system before you use the API. Each external system is different, so to see a summary of its requirements and procedures, view its request body description. # Authentication To create, update, delete, or validate an integration, you need to authenticate your request using a session token associated with a SignalFx administrator. To **retrieve** an integration, your session token doesn't need to be associated with an administrator. You can also retrieve integrations using an org token.<br> In the web UI, session tokens are known as <strong>user access</strong> tokens, and org tokens are known as <strong>access tokens</strong>. <br> To learn more about authentication tokens, see the topic [Authentication Tokens](https://developers.signalfx.com/administration/access_tokens_overview.html) in the Developers Guide. # Supported service types SignalFx offers integrations for the following:<br> * Data collection from other monitoring systems such as AWS CloudWatch * Authentication using your existing Single Sign-On (**SSO**) system * Sending alerts using your preferred messaging, chat, or incident management service <br> To use one of these integrations, you first register it with SignalFx. After that, you configure the integration to communicate between the system you're using and SignalFx. ## Data collection SignalFx integrations APIs support data collection for the following services:<br> * Amazon Web Services (**AWS**) * Google Cloud Platform (**GCP**) * Microsoft Azure * NewRelic ## Authentication using SSO SignalFx integration APIs support SAML-based SSO integrations for the following services:<br> * Microsoft Active Directory Federation Services (**ADFS**) * Bitium * Okta * OneLogin * PingOne ## Alerts using message, chat, or incident management services SignalFx integration APIs support alert notifications using the following services: <br> * BigPanda * Office 365 * Opsgenie * PagerDuty * ServiceNow * Slack * VictorOps * Webhook * xMatters<br> **NOTE:** You can't create Office 365 integrations using the API, and your ability to update them in a **PUT** request is limited, but you can retrieve their data or delete them. To create an Office 365 integration, use the the web UI. <br> # Viewing request body documentation The *request* body format for the following operations depends on the type of integration you use:<br> * POST `/integration` * PUT `/integration/{id}`<br> The *response* body format for the following operations also depends on the type of integration you use:<br> * GET `/integration` * GET `/integration/{id}` <br> To see the request or response body format for an integration: <br> 1. Find the endpoint and method. 2. For a request body, find the section *REQUEST BODY SCHEMA*. For a response body, find the section *RESPONSE SCHEMA*. 3. Scroll down to the `type` property. 4. At the end of the description for `type`, find the dropdown box that contains the integration type. By default, it's set to *AWSCloudWatch*. 5. To see a complete list of integrations, click the down arrow. A list with a vertical scroll bar appears. 6. Select the integration type from the list. The request body properties for this integration type now appear.
*
* API version: 3.3.1
* Generated by: OpenAPI Generator (https://openapi-generator.tech)
*/

package integration

type GCPAuthMethod string

const (
SERVICE_ACCOUNT_KEY GCPAuthMethod = "SERVICE_ACCOUNT_KEY"
WORKLOAD_IDENTITY_FEDERATION GCPAuthMethod = "WORKLOAD_IDENTITY_FEDERATION"
)
7 changes: 5 additions & 2 deletions integration/model_gcp_integration.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,12 @@ type GCPIntegration struct {
// Array of GCP services that you want SignalFx to monitor. SignalFx only supports certain services, and if you specify an unsupported one, you receive an API error. The supported services are: <br> * appengine * bigquery * bigtable * cloudfunctions * cloudiot * cloudsql * cloudtasks * compute * container * dataflow * datastore * firebasedatabase * firebasehosting * interconnect * loadbalancing * logging * ml * monitoring * pubsub * router * serviceruntime * spanner * storage * vpn
Services []GcpService `json:"services,omitempty"`
// A list of additional GCP service domain names that you want to monitor using Observability Cloud. Use this list to specify services that Observability Cloud doesn't support. If you specify an invalid name, the system responds to your API request with an HTTP response code <i>400</i>.
CustomMetricTypeDomains []string `json:"customMetricTypeDomains,omitempty"`
CustomMetricTypeDomains []string `json:"customMetricTypeDomains,omitempty"`
AuthMethod GCPAuthMethod `json:"authMethod,omitempty"`
// List of GCP project that you want SignalFx to monitor, in the form of a JSON array of objects
ProjectServiceKeys []*GCPProject `json:"projectServiceKeys,omitempty"`
ProjectServiceKeys []*GCPProject `json:"projectServiceKeys,omitempty"`
WifConfigs []*GCPProjectWIFConfig `json:"workloadIdentityFederationConfigs,omitempty"`
WifSplunkIdentity map[string]string `json:"wifSplunkIdentity,omitempty"`
// When this value is set to true Observability Cloud will force usage of a quota from the project where metrics are stored. For this to work the service account provided for the project needs to be provided with serviceusage.services.use permission or Service Usage Consumer role in this project. When set to false default quota settings are used.
UseMetricSourceProjectForQuota bool `json:"useMetricSourceProjectForQuota,omitempty"`
// List of custom metadata keys that you want SignalFx to collect for Compute Engine Instances, in the form of a JSON array. Refer to Google's GCP documentation to find out the names you want to include.
Expand Down
65 changes: 65 additions & 0 deletions integration/model_gcp_integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,71 @@ func TestMarshalGCPIntegrationWithPollRateMs(t *testing.T) {
assert.Equal(t, `{"enabled":false,"type":"","pollRate":90000}`, string(payload), "payload does not match")
}

func TestMarshalGCPIntegrationWithSAKeyConfig(t *testing.T) {
payload, err := json.Marshal(GCPIntegration{
ProjectServiceKeys: []*GCPProject{
{
ProjectId: "prj-id-123",
ProjectKey: "{\"some\":\"key\"}",
},
},
})

assert.NoError(t, err, "Unexpected error marshalling integration")
assert.Equal(t, `{"enabled":false,"type":"","projectServiceKeys":[{"projectId":"prj-id-123","projectKey":"{\"some\":\"key\"}"}]}`, string(payload), "payload does not match")
}

func TestMarshalGCPIntegrationWithWIFConfig(t *testing.T) {
payload, err := json.Marshal(GCPIntegration{
AuthMethod: WORKLOAD_IDENTITY_FEDERATION,
WifConfigs: []*GCPProjectWIFConfig{
{
ProjectId: "prj-id-123",
WIFConfig: "{\"some\":\"config\"}",
},
},
})

assert.NoError(t, err, "Unexpected error marshalling integration")
assert.Equal(t, `{"enabled":false,"type":"","authMethod":"WORKLOAD_IDENTITY_FEDERATION","workloadIdentityFederationConfigs":[{"projectId":"prj-id-123","wifConfig":"{\"some\":\"config\"}"}]}`, string(payload), "payload does not match")
}

func TestUnMarshalGCPIntegrationWithWIFConfig(t *testing.T) {
GCP := GCPIntegration{}
err := json.Unmarshal([]byte(`{"authMethod":"WORKLOAD_IDENTITY_FEDERATION","wifSplunkIdentity":{"account_id": "123", "aws_role_arn": "arn:aws:sts::123:assumed-role/splunk-o11y"},"workloadIdentityFederationConfigs":[{"projectId":"prj-id-123","wifConfig":"{\"some\":\"config\"}"}]}`), &GCP)

expectedSplunkIdentity := map[string]string{
"account_id": "123",
"aws_role_arn": "arn:aws:sts::123:assumed-role/splunk-o11y",
}
expectedConfigs := []*GCPProjectWIFConfig{
{
ProjectId: "prj-id-123",
WIFConfig: "{\"some\":\"config\"}",
},
}
expectedAuthMethod := WORKLOAD_IDENTITY_FEDERATION

assert.NoError(t, err, "Unexpected error marshalling integration")
assert.EqualValues(t, expectedConfigs, GCP.WifConfigs, "WifConfigs do not match")
assert.EqualValues(t, expectedSplunkIdentity, GCP.WifSplunkIdentity, "WifSplunkIdentity does not match")
assert.EqualValues(t, expectedAuthMethod, GCP.AuthMethod, "AuthMethod does not match")
}

func TestUnMarshalGCPIntegrationWithSAKeysHidden(t *testing.T) {
GCP := GCPIntegration{}
err := json.Unmarshal([]byte(`{"projectServiceKeys":[{"projectId":"prj-id-123"}]}`), &GCP)

expectedConfigs := []*GCPProject{
{
ProjectId: "prj-id-123",
},
}

assert.NoError(t, err, "Unexpected error marshalling integration")
assert.EqualValues(t, expectedConfigs, GCP.ProjectServiceKeys, "ProjectServiceKeys do not match")
}

func TestUnmarshalGCPIntegrationWithPollRate(t *testing.T) {
GCP := GCPIntegration{}
err := json.Unmarshal([]byte(`{"pollRate":60000}`), &GCP)
Expand Down
18 changes: 18 additions & 0 deletions integration/model_gcp_project_wif_config.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
/*
* Integrations API
*
* APIs for creating, retrieving, updating, and deleting SignalFx integrations to the systems you use.<br> An integration provides SignalFx with information from the external system that you're connecting to. You'll need to retrieve this information from the external system before you use the API. Each external system is different, so to see a summary of its requirements and procedures, view its request body description. # Authentication To create, update, delete, or validate an integration, you need to authenticate your request using a session token associated with a SignalFx administrator. To **retrieve** an integration, your session token doesn't need to be associated with an administrator. You can also retrieve integrations using an org token.<br> In the web UI, session tokens are known as <strong>user access</strong> tokens, and org tokens are known as <strong>access tokens</strong>. <br> To learn more about authentication tokens, see the topic [Authentication Tokens](https://developers.signalfx.com/administration/access_tokens_overview.html) in the Developers Guide. # Supported service types SignalFx offers integrations for the following:<br> * Data collection from other monitoring systems such as AWS CloudWatch * Authentication using your existing Single Sign-On (**SSO**) system * Sending alerts using your preferred messaging, chat, or incident management service <br> To use one of these integrations, you first register it with SignalFx. After that, you configure the integration to communicate between the system you're using and SignalFx. ## Data collection SignalFx integrations APIs support data collection for the following services:<br> * Amazon Web Services (**AWS**) * Google Cloud Platform (**GCP**) * Microsoft Azure * NewRelic ## Authentication using SSO SignalFx integration APIs support SAML-based SSO integrations for the following services:<br> * Microsoft Active Directory Federation Services (**ADFS**) * Bitium * Okta * OneLogin * PingOne ## Alerts using message, chat, or incident management services SignalFx integration APIs support alert notifications using the following services: <br> * BigPanda * Office 365 * Opsgenie * PagerDuty * ServiceNow * Slack * VictorOps * Webhook * xMatters<br> **NOTE:** You can't create Office 365 integrations using the API, and your ability to update them in a **PUT** request is limited, but you can retrieve their data or delete them. To create an Office 365 integration, use the the web UI. <br> # Viewing request body documentation The *request* body format for the following operations depends on the type of integration you use:<br> * POST `/integration` * PUT `/integration/{id}`<br> The *response* body format for the following operations also depends on the type of integration you use:<br> * GET `/integration` * GET `/integration/{id}` <br> To see the request or response body format for an integration: <br> 1. Find the endpoint and method. 2. For a request body, find the section *REQUEST BODY SCHEMA*. For a response body, find the section *RESPONSE SCHEMA*. 3. Scroll down to the `type` property. 4. At the end of the description for `type`, find the dropdown box that contains the integration type. By default, it's set to *AWSCloudWatch*. 5. To see a complete list of integrations, click the down arrow. A list with a vertical scroll bar appears. 6. Select the integration type from the list. The request body properties for this integration type now appear.
*
* API version: 3.3.1
* Generated by: OpenAPI Generator (https://openapi-generator.tech)
*/

package integration

// Properties of a GCP project, in the form of a JSON object. Contains the GCP project ID and Workload Identity Federation configuration file for a GCP project that you want SignalFx to monitor.
type GCPProjectWIFConfig struct {
// GCP project ID you specified when you created your GCP project
ProjectId string `json:"projectId,omitempty"`
// Workload Identity Federation configuration file generated for the project. This property is a JSON string; you must properly escape special characters before you send it to SignalFx.
WIFConfig string `json:"wifConfig,omitempty"`
}

0 comments on commit 84ee8bb

Please sign in to comment.