From c9df134254fd284356e6cdd7cc5a1cf619d46d40 Mon Sep 17 00:00:00 2001 From: Patrick Cowland Date: Thu, 5 Dec 2024 13:22:57 +0000 Subject: [PATCH 1/2] Enforce connector property ordering for idempotent generation --- .../davinci_connection_property_vars.tf | 86 +++++++++---------- example/output/davinci_connectors.tf | 72 ++++++++-------- internal/generate/data_connection.go | 7 ++ 3 files changed, 86 insertions(+), 79 deletions(-) diff --git a/example/output/davinci_connection_property_vars.tf b/example/output/davinci_connection_property_vars.tf index 1bd75f8..0f9852c 100644 --- a/example/output/davinci_connection_property_vars.tf +++ b/example/output/davinci_connection_property_vars.tf @@ -29,14 +29,6 @@ variable "davinci_connection_flowconnector__2581eb287bb1d9bd29ae9886d675f89f_pem // Properties for the "Flow Conductor" connector, with connector ID flowConnector. // Terraform Resource: davinci_connection.flowconnector__33329a264e268ab31fb19637debf1ea3 -// The 'Public Key' property for the connector named 'Flow Conductor' with connector ID 'flowConnector'. pem public key -variable "davinci_connection_flowconnector__33329a264e268ab31fb19637debf1ea3_pemPublicKey" { - type = string - - description = "The 'Public Key' property for the connector named 'Flow Conductor' with connector ID 'flowConnector'. pem public key" - default = null -} - // The 'Enforce Signed Token' property for the connector named 'Flow Conductor' with connector ID 'flowConnector'. variable "davinci_connection_flowconnector__33329a264e268ab31fb19637debf1ea3_enforcedSignedToken" { type = bool @@ -53,17 +45,17 @@ variable "davinci_connection_flowconnector__33329a264e268ab31fb19637debf1ea3_inp default = null } -// Properties for the "Http" connector, with connector ID httpConnector. -// Terraform Resource: davinci_connection.httpconnector__867ed4363b2bc21c860085ad2baa817d - -// The 'Trusted Sites' property for the connector named 'Http' with connector ID 'httpConnector'. Enter the hostname for the trusted sites that host your HTML. Note: Ensure that the content hosted on these sites can be trusted and that publishing safeguards are in place to prevent unexpected issues. -variable "davinci_connection_httpconnector__867ed4363b2bc21c860085ad2baa817d_whiteList" { +// The 'Public Key' property for the connector named 'Flow Conductor' with connector ID 'flowConnector'. pem public key +variable "davinci_connection_flowconnector__33329a264e268ab31fb19637debf1ea3_pemPublicKey" { type = string - description = "The 'Trusted Sites' property for the connector named 'Http' with connector ID 'httpConnector'. Enter the hostname for the trusted sites that host your HTML. Note: Ensure that the content hosted on these sites can be trusted and that publishing safeguards are in place to prevent unexpected issues." + description = "The 'Public Key' property for the connector named 'Flow Conductor' with connector ID 'flowConnector'. pem public key" default = null } +// Properties for the "Http" connector, with connector ID httpConnector. +// Terraform Resource: davinci_connection.httpconnector__867ed4363b2bc21c860085ad2baa817d + // The 'Select an OpenID token management connection for signed HTTP responses.' property for the connector named 'Http' with connector ID 'httpConnector'. variable "davinci_connection_httpconnector__867ed4363b2bc21c860085ad2baa817d_connectionId" { type = string @@ -88,9 +80,33 @@ variable "davinci_connection_httpconnector__867ed4363b2bc21c860085ad2baa817d_rec default = null } +// The 'Trusted Sites' property for the connector named 'Http' with connector ID 'httpConnector'. Enter the hostname for the trusted sites that host your HTML. Note: Ensure that the content hosted on these sites can be trusted and that publishing safeguards are in place to prevent unexpected issues. +variable "davinci_connection_httpconnector__867ed4363b2bc21c860085ad2baa817d_whiteList" { + type = string + + description = "The 'Trusted Sites' property for the connector named 'Http' with connector ID 'httpConnector'. Enter the hostname for the trusted sites that host your HTML. Note: Ensure that the content hosted on these sites can be trusted and that publishing safeguards are in place to prevent unexpected issues." + default = null +} + // Properties for the "PingOne Notifications" connector, with connector ID notificationsConnector. // Terraform Resource: davinci_connection.notificationsconnector__cacf3d2861657174d93cbf445d55797a +// The 'Client ID' property for the connector named 'PingOne Notifications' with connector ID 'notificationsConnector'. The Client ID of your PingOne Worker application. +variable "davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientId" { + type = string + + description = "The 'Client ID' property for the connector named 'PingOne Notifications' with connector ID 'notificationsConnector'. The Client ID of your PingOne Worker application." + default = null +} + +// The 'Client Secret' property for the connector named 'PingOne Notifications' with connector ID 'notificationsConnector'. The Client Secret of your PingOne Worker application. +variable "davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientSecret" { + type = string + + description = "The 'Client Secret' property for the connector named 'PingOne Notifications' with connector ID 'notificationsConnector'. The Client Secret of your PingOne Worker application." + default = null +} + // The 'Environment ID' property for the connector named 'PingOne Notifications' with connector ID 'notificationsConnector'. Your PingOne Environment ID. variable "davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_envId" { type = string @@ -115,25 +131,17 @@ variable "davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d5 default = null } -// The 'Client ID' property for the connector named 'PingOne Notifications' with connector ID 'notificationsConnector'. The Client ID of your PingOne Worker application. -variable "davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientId" { - type = string - - description = "The 'Client ID' property for the connector named 'PingOne Notifications' with connector ID 'notificationsConnector'. The Client ID of your PingOne Worker application." - default = null -} +// Properties for the "PingOne MFA" connector, with connector ID pingOneMfaConnector. +// Terraform Resource: davinci_connection.pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949 -// The 'Client Secret' property for the connector named 'PingOne Notifications' with connector ID 'notificationsConnector'. The Client Secret of your PingOne Worker application. -variable "davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientSecret" { +// The 'Client ID' property for the connector named 'PingOne MFA' with connector ID 'pingOneMfaConnector'. The Client ID of your PingOne Worker application. +variable "davinci_connection_pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949_clientId" { type = string - description = "The 'Client Secret' property for the connector named 'PingOne Notifications' with connector ID 'notificationsConnector'. The Client Secret of your PingOne Worker application." + description = "The 'Client ID' property for the connector named 'PingOne MFA' with connector ID 'pingOneMfaConnector'. The Client ID of your PingOne Worker application." default = null } -// Properties for the "PingOne MFA" connector, with connector ID pingOneMfaConnector. -// Terraform Resource: davinci_connection.pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949 - // The 'Client Secret' property for the connector named 'PingOne MFA' with connector ID 'pingOneMfaConnector'. The Client Secret of your PingOne Worker application. variable "davinci_connection_pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949_clientSecret" { type = string @@ -166,14 +174,6 @@ variable "davinci_connection_pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c9 default = null } -// The 'Client ID' property for the connector named 'PingOne MFA' with connector ID 'pingOneMfaConnector'. The Client ID of your PingOne Worker application. -variable "davinci_connection_pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949_clientId" { - type = string - - description = "The 'Client ID' property for the connector named 'PingOne MFA' with connector ID 'pingOneMfaConnector'. The Client ID of your PingOne Worker application." - default = null -} - // Properties for the "PingOne Protect" connector, with connector ID pingOneRiskConnector. // Terraform Resource: davinci_connection.pingoneriskconnector__292873d5ceea806d81373ed0341b5c88 @@ -212,6 +212,14 @@ variable "davinci_connection_pingoneriskconnector__292873d5ceea806d81373ed0341b5 // Properties for the "PingOne" connector, with connector ID pingOneSSOConnector. // Terraform Resource: davinci_connection.pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02bb +// The 'Client ID' property for the connector named 'PingOne' with connector ID 'pingOneSSOConnector'. The Client ID of your PingOne Worker application. +variable "davinci_connection_pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02bb_clientId" { + type = string + + description = "The 'Client ID' property for the connector named 'PingOne' with connector ID 'pingOneSSOConnector'. The Client ID of your PingOne Worker application." + default = null +} + // The 'Client Secret' property for the connector named 'PingOne' with connector ID 'pingOneSSOConnector'. The Client Secret of your PingOne Worker application. variable "davinci_connection_pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02bb_clientSecret" { type = string @@ -235,11 +243,3 @@ variable "davinci_connection_pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02 description = "The 'Region' property for the connector named 'PingOne' with connector ID 'pingOneSSOConnector'. The region in which your PingOne environment exists." default = null } - -// The 'Client ID' property for the connector named 'PingOne' with connector ID 'pingOneSSOConnector'. The Client ID of your PingOne Worker application. -variable "davinci_connection_pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02bb_clientId" { - type = string - - description = "The 'Client ID' property for the connector named 'PingOne' with connector ID 'pingOneSSOConnector'. The Client ID of your PingOne Worker application." - default = null -} diff --git a/example/output/davinci_connectors.tf b/example/output/davinci_connectors.tf index 01237a2..48028cf 100644 --- a/example/output/davinci_connectors.tf +++ b/example/output/davinci_connectors.tf @@ -80,12 +80,6 @@ resource "davinci_connection" "flowconnector__33329a264e268ab31fb19637debf1ea3" dynamic "property" { for_each = concat( - // Public Key - var.davinci_connection_flowconnector__33329a264e268ab31fb19637debf1ea3_pemPublicKey != null ? [{ - name = "pemPublicKey" - type = "string" - value = jsonencode(var.davinci_connection_flowconnector__33329a264e268ab31fb19637debf1ea3_pemPublicKey) - }] : [], // Enforce Signed Token var.davinci_connection_flowconnector__33329a264e268ab31fb19637debf1ea3_enforcedSignedToken != null ? [{ name = "enforcedSignedToken" @@ -98,6 +92,12 @@ resource "davinci_connection" "flowconnector__33329a264e268ab31fb19637debf1ea3" type = "string" value = jsonencode(var.davinci_connection_flowconnector__33329a264e268ab31fb19637debf1ea3_inputSchema) }] : [], + // Public Key + var.davinci_connection_flowconnector__33329a264e268ab31fb19637debf1ea3_pemPublicKey != null ? [{ + name = "pemPublicKey" + type = "string" + value = jsonencode(var.davinci_connection_flowconnector__33329a264e268ab31fb19637debf1ea3_pemPublicKey) + }] : [], ) content { @@ -126,12 +126,6 @@ resource "davinci_connection" "httpconnector__867ed4363b2bc21c860085ad2baa817d" dynamic "property" { for_each = concat( - // Trusted Sites - var.davinci_connection_httpconnector__867ed4363b2bc21c860085ad2baa817d_whiteList != null ? [{ - name = "whiteList" - type = "string" - value = jsonencode(var.davinci_connection_httpconnector__867ed4363b2bc21c860085ad2baa817d_whiteList) - }] : [], // Select an OpenID token management connection for signed HTTP responses. var.davinci_connection_httpconnector__867ed4363b2bc21c860085ad2baa817d_connectionId != null ? [{ name = "connectionId" @@ -150,6 +144,12 @@ resource "davinci_connection" "httpconnector__867ed4363b2bc21c860085ad2baa817d" type = "string" value = jsonencode(var.davinci_connection_httpconnector__867ed4363b2bc21c860085ad2baa817d_recaptchaSiteKey) }] : [], + // Trusted Sites + var.davinci_connection_httpconnector__867ed4363b2bc21c860085ad2baa817d_whiteList != null ? [{ + name = "whiteList" + type = "string" + value = jsonencode(var.davinci_connection_httpconnector__867ed4363b2bc21c860085ad2baa817d_whiteList) + }] : [], ) content { @@ -187,6 +187,18 @@ resource "davinci_connection" "notificationsconnector__cacf3d2861657174d93cbf445 dynamic "property" { for_each = concat( + // Client ID + var.davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientId != null ? [{ + name = "clientId" + type = "string" + value = jsonencode(var.davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientId) + }] : [], + // Client Secret + var.davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientSecret != null ? [{ + name = "clientSecret" + type = "string" + value = jsonencode(var.davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientSecret) + }] : [], // Environment ID var.davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_envId != null ? [{ name = "envId" @@ -205,18 +217,6 @@ resource "davinci_connection" "notificationsconnector__cacf3d2861657174d93cbf445 type = "string" value = jsonencode(var.davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_region) }] : [], - // Client ID - var.davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientId != null ? [{ - name = "clientId" - type = "string" - value = jsonencode(var.davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientId) - }] : [], - // Client Secret - var.davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientSecret != null ? [{ - name = "clientSecret" - type = "string" - value = jsonencode(var.davinci_connection_notificationsconnector__cacf3d2861657174d93cbf445d55797a_clientSecret) - }] : [], ) content { @@ -245,6 +245,12 @@ resource "davinci_connection" "pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9 dynamic "property" { for_each = concat( + // Client ID + var.davinci_connection_pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949_clientId != null ? [{ + name = "clientId" + type = "string" + value = jsonencode(var.davinci_connection_pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949_clientId) + }] : [], // Client Secret var.davinci_connection_pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949_clientSecret != null ? [{ name = "clientSecret" @@ -269,12 +275,6 @@ resource "davinci_connection" "pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9 type = "string" value = jsonencode(var.davinci_connection_pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949_region) }] : [], - // Client ID - var.davinci_connection_pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949_clientId != null ? [{ - name = "clientId" - type = "string" - value = jsonencode(var.davinci_connection_pingonemfaconnector__b72bd44e6be8180bd5988ac74cd9c949_clientId) - }] : [], ) content { @@ -337,6 +337,12 @@ resource "davinci_connection" "pingonessoconnector__94141bf2f1b9b59a5f5365ff135e dynamic "property" { for_each = concat( + // Client ID + var.davinci_connection_pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02bb_clientId != null ? [{ + name = "clientId" + type = "string" + value = jsonencode(var.davinci_connection_pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02bb_clientId) + }] : [], // Client Secret var.davinci_connection_pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02bb_clientSecret != null ? [{ name = "clientSecret" @@ -355,12 +361,6 @@ resource "davinci_connection" "pingonessoconnector__94141bf2f1b9b59a5f5365ff135e type = "string" value = jsonencode(var.davinci_connection_pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02bb_region) }] : [], - // Client ID - var.davinci_connection_pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02bb_clientId != null ? [{ - name = "clientId" - type = "string" - value = jsonencode(var.davinci_connection_pingonessoconnector__94141bf2f1b9b59a5f5365ff135e02bb_clientId) - }] : [], ) content { diff --git a/internal/generate/data_connection.go b/internal/generate/data_connection.go index d779975..624782e 100644 --- a/internal/generate/data_connection.go +++ b/internal/generate/data_connection.go @@ -1,6 +1,9 @@ package generate import ( + "slices" + "strings" + "github.com/samir-gandhi/davinci-client-go/davinci" ) @@ -54,6 +57,10 @@ func getConnectionProperties(connectorID string) ([]connectionDataProperty, erro } } + slices.SortFunc(connectionProperties, func(i, j connectionDataProperty) int { + return strings.Compare(i.Name, j.Name) + }) + return connectionProperties, nil } From bde7ea79ca8c9a3b84b4a7b9c0b849ab9172b569 Mon Sep 17 00:00:00 2001 From: Patrick Cowland Date: Thu, 5 Dec 2024 13:27:29 +0000 Subject: [PATCH 2/2] add missing workflow --- .github/workflows/codeql-analysis.yml | 77 +++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..bd514d2 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,77 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '34 8 * * 5' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 \ No newline at end of file