Add gitlab and teleport support (#18)

opalsecurity · Feb 24, 2023 · 6fe8548 · 6fe8548
1 parent 43c268e
commit 6fe8548
Show file tree

Hide file tree

Showing 5 changed files with 116 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## v1.0.3
+
+NEW FEATURES:
+- adds creation support for Gitlab and Teleport
+
 ## v1.0.2
 
 BUG FIXES:

diff --git a/docs/resources/group.md b/docs/resources/group.md
@@ -183,6 +183,7 @@ Optional:
 - `active_directory_group` (Block List, Max: 1) The remote_info for an Active Directory group. (see [below for nested schema](#nestedblock--remote_info--active_directory_group))
 - `duo_group` (Block List, Max: 1) The remote_info for an Duo Security group. (see [below for nested schema](#nestedblock--remote_info--duo_group))
 - `github_team` (Block List, Max: 1) The remote_info for a GitHub team. (see [below for nested schema](#nestedblock--remote_info--github_team))
+- `gitlab_group` (Block List, Max: 1) The remote_info for a Gitlab group. (see [below for nested schema](#nestedblock--remote_info--gitlab_group))
 - `google_group` (Block List, Max: 1) The remote_info for a Google group. (see [below for nested schema](#nestedblock--remote_info--google_group))
 - `ldap_group` (Block List, Max: 1) The remote_info for a LDAP group. (see [below for nested schema](#nestedblock--remote_info--ldap_group))
 - `okta_group` (Block List, Max: 1) The remote_info for an Okta group. (see [below for nested schema](#nestedblock--remote_info--okta_group))
@@ -211,6 +212,14 @@ Required:
 - `team_slug` (String) The slug of the GitHub team.
 
 
+<a id="nestedblock--remote_info--gitlab_group"></a>
+### Nested Schema for `remote_info.gitlab_group`
+
+Required:
+
+- `group_id` (String) The id of the Gitlab group.
+
+
 <a id="nestedblock--remote_info--google_group"></a>
 ### Nested Schema for `remote_info.google_group`
 

diff --git a/docs/resources/resource.md b/docs/resources/resource.md
@@ -177,9 +177,11 @@ Optional:
 - `aws_iam_role` (Block List, Max: 1) The remote_info for an AWS IAM role. (see [below for nested schema](#nestedblock--remote_info--aws_iam_role))
 - `aws_rds_instance` (Block List, Max: 1) The remote_info for an AWS RDS instance. (see [below for nested schema](#nestedblock--remote_info--aws_rds_instance))
 - `github_repo` (Block List, Max: 1) The remote_info for a Github repo. (see [below for nested schema](#nestedblock--remote_info--github_repo))
+- `gitlab_project` (Block List, Max: 1) The remote_info for a Gitlab project. (see [below for nested schema](#nestedblock--remote_info--gitlab_project))
 - `okta_app` (Block List, Max: 1) The remote_info for an Okta app. (see [below for nested schema](#nestedblock--remote_info--okta_app))
 - `okta_custom_role` (Block List, Max: 1) The remote_info for an Okta custom role. (see [below for nested schema](#nestedblock--remote_info--okta_custom_role))
 - `okta_standard_role` (Block List, Max: 1) The remote_info for an Okta standard role. (see [below for nested schema](#nestedblock--remote_info--okta_standard_role))
+- `teleport_role` (Block List, Max: 1) The remote_info for a Teleport role. (see [below for nested schema](#nestedblock--remote_info--teleport_role))
 
 <a id="nestedblock--remote_info--aws_ec2_instance"></a>
 ### Nested Schema for `remote_info.aws_ec2_instance`
@@ -224,6 +226,14 @@ Required:
 - `repo_name` (String) The name of the repository.
 
 
+<a id="nestedblock--remote_info--gitlab_project"></a>
+### Nested Schema for `remote_info.gitlab_project`
+
+Required:
+
+- `project_id` (String) The id of the project.
+
+
 <a id="nestedblock--remote_info--okta_app"></a>
 ### Nested Schema for `remote_info.okta_app`
 
@@ -248,6 +258,14 @@ Required:
 - `role_type` (String) The type of the role.
 
 
+<a id="nestedblock--remote_info--teleport_role"></a>
+### Nested Schema for `remote_info.teleport_role`
+
+Required:
+
+- `role_name` (String) The name of the role.
+
+
 
 <a id="nestedblock--reviewer_stage"></a>
 ### Nested Schema for `reviewer_stage`

diff --git a/opal/group_remote_info.go b/opal/group_remote_info.go
@@ -62,6 +62,22 @@ func groupRemoteInfoElem() *schema.Resource {
 					},
 				},
 			},
+			"gitlab_group": {
+				Description: "The remote_info for a Gitlab group.",
+				Type:        schema.TypeList,
+				MaxItems:    1,
+				Optional:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"group_id": {
+							Description: "The id of the Gitlab group.",
+							Type:        schema.TypeString,
+							Required:    true,
+							ForceNew:    true,
+						},
+					},
+				},
+			},
 			"google_group": {
 				Description: "The remote_info for a Google group.",
 				Type:        schema.TypeList,
@@ -158,6 +174,18 @@ func parseGroupRemoteInfo(remoteInfoI interface{}) (*opal.GroupRemoteInfo, error
 			}, nil
 		}
 	}
+	if gitlabGroupI, ok := remoteInfoMap["gitlab_group"]; ok {
+		gitlabGroupIList := gitlabGroupI.([]interface{})
+
+		if len(gitlabGroupIList) == 1 {
+			gitlabGroup := gitlabGroupIList[0].(map[string]any)
+			return &opal.GroupRemoteInfo{
+				GitlabGroup: &opal.GroupRemoteInfoGitlabGroup{
+					GroupId: gitlabGroup["group_id"].(string),
+				},
+			}, nil
+		}
+	}
 	if googleGroupI, ok := remoteInfoMap["google_group"]; ok {
 		googleGroupIList := googleGroupI.([]interface{})
 

diff --git a/opal/resource_remote_info.go b/opal/resource_remote_info.go
@@ -112,6 +112,22 @@ func resourceRemoteInfoElem() *schema.Resource {
 					},
 				},
 			},
+			"gitlab_project": {
+				Description: "The remote_info for a Gitlab project.",
+				Type:        schema.TypeList,
+				MaxItems:    1,
+				Optional:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"project_id": {
+							Description: "The id of the project.",
+							Type:        schema.TypeString,
+							Required:    true,
+							ForceNew:    true,
+						},
+					},
+				},
+			},
 			"okta_app": {
 				Description: "The remote_info for an Okta app.",
 				Type:        schema.TypeList,
@@ -160,6 +176,22 @@ func resourceRemoteInfoElem() *schema.Resource {
 					},
 				},
 			},
+			"teleport_role": {
+				Description: "The remote_info for a Teleport role.",
+				Type:        schema.TypeList,
+				MaxItems:    1,
+				Optional:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"role_name": {
+							Description: "The name of the role.",
+							Type:        schema.TypeString,
+							Required:    true,
+							ForceNew:    true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -235,6 +267,18 @@ func parseResourceRemoteInfo(remoteInfoI interface{}) (*opal.ResourceRemoteInfo,
 			}, nil
 		}
 	}
+	if gitlabProjectI, ok := remoteInfoMap["gitlab_project"]; ok {
+		gitlabProjectIList := gitlabProjectI.([]interface{})
+
+		if len(gitlabProjectIList) == 1 {
+			gitlabProject := gitlabProjectIList[0].(map[string]any)
+			return &opal.ResourceRemoteInfo{
+				GitlabProject: &opal.ResourceRemoteInfoGitlabProject{
+					ProjectId: gitlabProject["project_id"].(string),
+				},
+			}, nil
+		}
+	}
 	if oktaAppI, ok := remoteInfoMap["okta_app"]; ok {
 		oktaAppIList := oktaAppI.([]interface{})
 
@@ -271,6 +315,18 @@ func parseResourceRemoteInfo(remoteInfoI interface{}) (*opal.ResourceRemoteInfo,
 			}, nil
 		}
 	}
+	if teleportRoleI, ok := remoteInfoMap["teleport_role"]; ok {
+		teleportRoleIList := teleportRoleI.([]interface{})
+
+		if len(teleportRoleIList) == 1 {
+			teleportRole := teleportRoleIList[0].(map[string]any)
+			return &opal.ResourceRemoteInfo{
+				TeleportRole: &opal.ResourceRemoteInfoTeleportRole{
+					RoleName: teleportRole["role_name"].(string),
+				},
+			}, nil
+		}
+	}
 
 	return nil, errors.New("could not find supported remote_info type")
 }