Merge pull request #6 from ConductorOne/mchavez-baton-elastic-tests

Adding CI tests
ConductorOne · Jul 25, 2024 · a2aff13 · a2aff13
2 parents 9ff10d5 + f5abd7e
commit a2aff13
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 1 deletion.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -35,4 +35,39 @@ jobs:
         if: always()
         uses: guyarb/golang-test-annotations@v0.5.1
         with:
-          test-results: test.json
+          test-results: test.json
+  test:
+    runs-on: ubuntu-latest
+    env:
+      BATON_LOG_LEVEL: debug
+      # Add any environment variables needed to run baton-bitbucket-datacenter
+      BATON_DEPLOYMENT_API_KEY: ${{ secrets.BATON_DEPLOYMENT_API_KEY }}
+      BATON_DEPLOYMENT_ENDPOINT: ${{ secrets.BATON_DEPLOYMENT_ENDPOINT }}
+      BATON_ORGANIZATION_ID: ${{ secrets.BATON_ORGANIZATION_ID }}
+      BATON_API_KEY: ${{ secrets.BATON_API_KEY }}
+      # The following parameters are passed to grant/revoke commands
+      CONNECTOR_GRANT: 'roleMapping:mapping7:member:deploymentUser:jacknich'
+      CONNECTOR_ENTITLEMENT: 'roleMapping:mapping7:member'
+      CONNECTOR_PRINCIPAL_TYPE: 'deploymentUser'
+      CONNECTOR_PRINCIPAL: 'jacknich'
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.22.x
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Install baton
+        run: ./scripts/get-baton.sh && mv baton /usr/local/bin
+      - name: Build baton-elastic
+        run: go build ./cmd/baton-elastic
+      - name: Run baton-elastic
+        run: ./baton-elastic
+      - name: Revoke grants
+        run: ./baton-elastic --revoke-grant ${{ env.CONNECTOR_GRANT }}
+      - name: Check grant was revoked
+        run: ./baton-elastic && baton grants --entitlement "${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"
+      - name: Grant entitlement
+        run: ./baton-elastic && ./baton-elastic --grant-entitlement ${{ env.CONNECTOR_ENTITLEMENT }} --grant-principal-type ${{ env.CONNECTOR_PRINCIPAL_TYPE }} --grant-principal ${{ env.CONNECTOR_PRINCIPAL }}  --provisioning
+      - name: Check grant was granted
+        run: ./baton-elastic && baton grants --entitlement "${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
diff --git a/scripts/get-baton.sh b/scripts/get-baton.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+OS=$(uname -s | tr '[:upper:]' '[:lower:]')
+ARCH=$(uname -m)
+if [ "${ARCH}" = "x86_64" ]; then
+  ARCH="amd64"
+fi
+
+RELEASES_URL="https://api.github.com/repos/conductorone/baton/releases/latest"
+BASE_URL="https://github.com/conductorone/baton/releases/download"
+
+DOWNLOAD_URL=$(curl "${RELEASES_URL}" | jq --raw-output ".assets[].browser_download_url | match(\"${BASE_URL}/v[.0-9]+/baton-v[.0-9]+-${OS}-${ARCH}.*\"; \"i\").string")
+
+FILENAME=$(basename ${DOWNLOAD_URL})
+
+curl -LO ${DOWNLOAD_URL}
+tar xzf ${FILENAME}