Add template skeletons #967
Conversation
orenbm
force-pushed
the
add-template-skeletons
branch
from
8f618cd to
1b37d19
Compare
|
@orenbm it would be great if the connector plugin README referred to these templates for people who want to build a tcp or http connector I'm also interested in feedback from the team about the location of the templates, as it could appear to someone that they are actual connectors based on their current location. |
|
|
||
| test: | ||
| image: secretless-dev # this image is built in bin/build | ||
| command: go test -v ./test/template_connector |
There was a problem hiding this comment.
This current standard is to have a bash ./test file. Using go test would be an optional choice each connector integration folder could make.
Perhaps this would be a better standard, but it may not be flexible enough. In any case, that's a discussion we should have in the channel.
test/template_connector/start
Outdated
|
|
||
| ./stop | ||
|
|
||
| docker-compose up -d secretless |
There was a problem hiding this comment.
Add comment that they would add the other containers to start. Or maybe we just do docker-compose up to start them all?
There was a problem hiding this comment.
i have this comment after the line above:
# This is where you should prepare the container of the platform you are connecting to secretless
you think it's not clear enough?
There was a problem hiding this comment.
@orenbm I'd move the comment above
| _ "github.com/denisenkom/go-mssqldb" | ||
| ) | ||
|
|
||
| func TestTemplateConnector(t *testing.T) { |
| } | ||
| } | ||
|
|
||
| // NewConnector returns an http.Connector that decorates each incoming http |
There was a problem hiding this comment.
.......that decorates each incoming HTTP......
| @@ -16,6 +16,7 @@ type InternalPluginLookupFunc func() (plugin.AvailablePlugins, error) | |||
|
|
|||
| // GetInternalPluginsFunc returns currently available built-in plugins. | |||
| func GetInternalPluginsFunc() (plugin.AvailablePlugins, error) { | |||
| // New connectors should have an entry in the map below, according to their type (http/tcp) | |||
There was a problem hiding this comment.
we've been trying to standardize on HTTP and TCP when referring to them outside of a command that requires specific syntax.
test/template_connector/start
Outdated
|
|
||
| docker-compose up -d secretless | ||
|
|
||
| # This is where you should prepare the container of the platform you are connecting to secretless |
|
|
||
| func TestTemplateConnector(t *testing.T) { | ||
| t.Run("An empty test", func(t *testing.T) { | ||
| // We use go std test lib & testify/assert as our standard testing lib on secretless |
| "github.com/cyberark/secretless-broker/pkg/secretless/log" | ||
| "github.com/cyberark/secretless-broker/pkg/secretless/plugin/connector" | ||
|
|
||
| gohttp "net/http" |
There was a problem hiding this comment.
the imports should be arranged:
<stdlib libraries>
<third-party libs>
<internal libs>
| @@ -0,0 +1,24 @@ | |||
| package template | |||
There was a problem hiding this comment.
This location for the template connector isn't optimal. Generally we don't want any unused code in internal/
| // TODO: add logic according to | ||
| // https://github.com/cyberark/secretless-broker/blob/master/pkg/secretless/plugin/connector/README.md#http-connector | ||
|
|
||
| return nil |
There was a problem hiding this comment.
If you are really trying to create an inclusive example, giving the error a variable would be better:
var err error
return err
| // https://github.com/cyberark/secretless-broker/blob/master/pkg/secretless/plugin/connector/README.md#plugininfo | ||
| return map[string]string{ | ||
| "pluginAPIVersion": "", | ||
| "type": "", |
There was a problem hiding this comment.
Type prefix for http plugins is standardized: https://github.com/cyberark/secretless-broker/blob/master/internal/plugin/connectors/http/basicauth/plugin.go#L13
| // TODO: add logic according to | ||
| // https://github.com/cyberark/secretless-broker/blob/master/pkg/secretless/plugin/connector/README.md#tcp-connector | ||
|
|
||
| return nil, nil |
There was a problem hiding this comment.
This skeleton should have a bit more stuff probably (it should connect to the backend and return a net.Conn).
There was a problem hiding this comment.
how can i connect to a backend without knowing what it is?
Or do you think I should add it as a comment?
whenever i linked to a doc i didn't add more details so it won't be duplicated. wdyt? @sgnn7
There was a problem hiding this comment.
You can add an example of it trying to parse "host" and "port" from credentialValuesByID
There was a problem hiding this comment.
i couldn't find a generic way to write that. I updated the function description to better describe its process
| // https://github.com/cyberark/secretless-broker/blob/master/pkg/secretless/plugin/connector/README.md#plugininfo | ||
| return map[string]string{ | ||
| "pluginAPIVersion": "", | ||
| "type": "", |
There was a problem hiding this comment.
This is standardized for tcp connectors: https://github.com/cyberark/secretless-broker/blob/master/internal/plugin/connectors/tcp/pg/plugin.go#L35
| version: '3.0' | ||
|
|
||
| services: | ||
| # TODO: add a service for the platform you want to connect with secretless |
There was a problem hiding this comment.
The wording here is odd - we don't want to connect a service to secretless but instead connect secretless to a service
| # TODO: add a service for the platform you want to connect with secretless | ||
|
|
||
| secretless: | ||
| image: secretless-broker # this image is built in bin/build |
| - ./secretless.yml:/secretless.yml | ||
|
|
||
| test: | ||
| image: secretless-dev # this image is built in bin/build |
| @@ -0,0 +1 @@ | |||
| # fill in according to https://docs.secretless.io/Latest/en/Content/Get%20Started/configuration.htm | |||
There was a problem hiding this comment.
I'm guessing this should have at least some starter skeleton config
sure, once these changes are merged i will link them in the README
I just rearranged them according to the feedback. Hope it's clearer now. |
templates/http/template/connector.go
Outdated
| } | ||
|
|
||
| // This function has access to the client http.Request and the credentials (as a map), and is expected to decorate the | ||
| // request with Authorization headers. |
There was a problem hiding this comment.
line too long: wrap at 80 (you can set a hotkey in GoLand to make this easier)
Also, I'd say:
and is expected to modify the request so that it will authenticate. This typically means adding required authorization headers.
because some auth systems require other types of modifications, and in theory there is no limit on what they might require.
orenbm
force-pushed
the
add-template-skeletons
branch
from
9d5bebb to
4a0d6be
Compare
go.mod
Outdated
| @@ -8,6 +8,7 @@ require ( | |||
| github.com/cyberark/conjur-api-go v0.5.2 | |||
| github.com/cyberark/conjur-authn-k8s-client v0.13.0 | |||
| github.com/cyberark/summon v0.7.0 | |||
| github.com/denisenkom/go-mssqldb v0.0.0-20191001013358-cfbb681360f0 | |||
There was a problem hiding this comment.
the changes to go.* are unrelated to this code, afaict. do they need to be included in this PR?
templates/README.md
Outdated
|
|
||
| To add a new connector do the following: | ||
|
|
||
| 1. Copy the relevant template directory (HTTP/TCP) into `internal/plugin/connectors/<protocol>`. |
There was a problem hiding this comment.
is protocol the language we're using for http vs tcp? it would be good to use consistent language to refer to this - I think I've seen it elsewhere as connector type
There was a problem hiding this comment.
i didn't find something consistent. I see "handler type", "connection type", "config type"
I guess "connector type" makes sense
templates/README.md
Outdated
|
|
||
| 1. Copy the relevant template directory (HTTP/TCP) into `internal/plugin/connectors/<protocol>`. | ||
| 1. Inside each template directory you will find the required files & structs implemented, with | ||
| instructions to fill them with the content of the new connector |
There was a problem hiding this comment.
are the instructions in the form of TODOs or otherwise? would be good to be clear about how to find the instructions here
templates/README.md
Outdated
| 1. Copy the relevant template directory (HTTP/TCP) into `internal/plugin/connectors/<protocol>`. | ||
| 1. Inside each template directory you will find the required files & structs implemented, with | ||
| instructions to fill them with the content of the new connector | ||
| 1. Add an entry to the `Plugins` map defined in GetInternalPluginsFunc() of `internal_plugins.go`, |
There was a problem hiding this comment.
this should be a link to a file, so the user doesn't have to search the code for this
templates/README.md
Outdated
| instructions to fill them with the content of the new connector | ||
| 1. Add an entry to the `Plugins` map defined in GetInternalPluginsFunc() of `internal_plugins.go`, | ||
| according to their type (HTTP/TCP) | ||
| 1. Copy the `template_connector_test` directory into `test` and rename it to `<connector_name>_connector` |
There was a problem hiding this comment.
can you link to template_connector_test here?
templates/README.md
Outdated
| @@ -0,0 +1,28 @@ | |||
| # Using templates to implement Secretless Connector Plugins | |||
There was a problem hiding this comment.
maybe this content should be moved to examples/connector_templates instead of putting it in templates? I'm basing this suggestion on the go project layout standards
orenbm
force-pushed
the
add-template-skeletons
branch
4 times, most recently
from
7f6bedc to
17706c2
Compare
templates/README.md
Outdated
| scripts | ||
| using | ||
| the `run_integration` script. In most cases, you will also call `junit` on | ||
| the xml file that `run_integration` outputs in your test's subdirectory. |
There was a problem hiding this comment.
This paragraph has some odd whitespace formatting/line breaks
orenbm
force-pushed
the
add-template-skeletons
branch
2 times, most recently
from
a3c3616 to
8a7c10a
Compare
orenbm
force-pushed
the
add-template-skeletons
branch
2 times, most recently
from
7436c4f to
d8326b6
Compare
|
|
||
| To add a new connector do the following: | ||
|
|
||
| 1. Copy the relevant template directory (HTTP/TCP) into `internal/plugin/connectors/<connector type>`. |
There was a problem hiding this comment.
how do you know which one to copy? is it worth referring to the connector docs to learn more if you're not sure which one you need to copy?
There was a problem hiding this comment.
@izgeri is this line ok?
If you're not sure which connector type is suitable, please refer to the [connector technical overview](https://github.com/cyberark/secretless-broker/tree/master/pkg/secretless/plugin/connector#technical-overview)
In the current structure it seems as if the template connector is an actual connector. This commit moves all the templates to a `examples/connector_templates` directory, with a README inside explaining what needs to be done
orenbm
force-pushed
the
add-template-skeletons
branch
from
d8326b6 to
80e322c
Compare
What does this PR do (include background context, if relevant)?
Adds a template connector skeleton. It includes all the code that needs to be in a new connector with guidance to fill the rest
What ticket does this PR close?
Connected to #1211