feat: Initial release (#9)

Co-authored-by: spbsoluble <[email protected]>

Author: fiddlermikey

.github/config/.terraform.lock.hcl

@@ -0,0 +1,41 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_github"></a> [github](#requirement\_github) | >=6.2 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_github"></a> [github](#provider\_github) | 6.3.1 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_keyfactor_github_test_environment_12_3_0_kc"></a> [keyfactor\_github\_test\_environment\_12\_3\_0\_kc](#module\_keyfactor\_github\_test\_environment\_12\_3\_0\_kc) | git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
+| <a name="module_keyfactor_github_test_environment_ad_10_5_0"></a> [keyfactor\_github\_test\_environment\_ad\_10\_5\_0](#module\_keyfactor\_github\_test\_environment\_ad\_10\_5\_0) | git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [github_repository.repo](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_keyfactor_auth_token_url_12_3_0_KC"></a> [keyfactor\_auth\_token\_url\_12\_3\_0\_KC](#input\_keyfactor\_auth\_token\_url\_12\_3\_0\_KC) | The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token | `string` | `"https://int-oidc-lab.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"` | no |
+| <a name="input_keyfactor_client_id_12_3_0"></a> [keyfactor\_client\_id\_12\_3\_0](#input\_keyfactor\_client\_id\_12\_3\_0) | The client ID to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
+| <a name="input_keyfactor_client_secret_12_3_0"></a> [keyfactor\_client\_secret\_12\_3\_0](#input\_keyfactor\_client\_secret\_12\_3\_0) | The client secret to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
+| <a name="input_keyfactor_hostname_10_5_0"></a> [keyfactor\_hostname\_10\_5\_0](#input\_keyfactor\_hostname\_10\_5\_0) | The hostname of the Keyfactor instance | `string` | `"integrations1050-lab.kfdelivery.com"` | no |
+| <a name="input_keyfactor_hostname_12_3_0_KC"></a> [keyfactor\_hostname\_12\_3\_0\_KC](#input\_keyfactor\_hostname\_12\_3\_0\_KC) | The hostname of the Keyfactor instance | `string` | `"int-oidc-lab.eastus2.cloudapp.azure.com"` | no |
+| <a name="input_keyfactor_password_10_5_0"></a> [keyfactor\_password\_10\_5\_0](#input\_keyfactor\_password\_10\_5\_0) | The password to authenticate with the Keyfactor instance | `string` | n/a | yes |
+| <a name="input_keyfactor_username_10_5_0"></a> [keyfactor\_username\_10\_5\_0](#input\_keyfactor\_username\_10\_5\_0) | The username to authenticate with the Keyfactor instance | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.

.github/config/MODULE.MD

@@ -0,0 +1,26 @@
+.DEFAULT_GOAL := help
+
+##@ Utility
+help:  ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+deps: ## Install deps for macos
+	@brew install pre-commit tflint terraform terraform-docs
+
+docs: ## Run terraform-docs to update module docs.
+	@terraform-docs markdown . > MODULE.MD
+	@terraform-docs markdown table --output-file README.md --output-mode inject .
+
+lint: ## Run tflint
+	@tflint
+
+validate: ## Run terraform validate
+	@terraform init --upgrade
+	@terraform validate
+
+precommit/add: ## Install pre-commit hook
+	@pre-commit install
+
+precommit/remove: ## Uninstall pre-commit hook
+	@pre-commit uninstall
+

.github/config/Makefile

@@ -0,0 +1,91 @@
+# GitHub Test Environment Setup
+
+This code sets up GitHub environments for testing against Keyfactor Command instances that are configured to use
+Active Directory or Keycloak for authentication.
+
+## Requirements
+
+1. Terraform >= 1.0
+2. GitHub Provider >= 6.2
+3. Keyfactor Command instance(s) configured to use Active Directory or Keycloak for authentication
+4. AD or Keycloak credentials for authenticating to the Keyfactor Command instance(s)
+5. A GitHub token with access and permissions to the repository where the environments will be created
+
+## Adding a new environment
+
+Modify the `environments.tf` file to include the new environment module. The module should be named appropriately.
+Example:
+
+### Active Directory Environment
+
+```hcl
+module "keyfactor_github_test_environment_ad_10_5_0" {
+  source = "git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
+
+  gh_environment_name = "KFC_10_5_0" # Keyfactor Command 10.5.0 environment using Active Directory(/Basic Auth)
+  gh_repo_name       = data.github_repository.repo.name
+  keyfactor_hostname = var.keyfactor_hostname_10_5_0
+  keyfactor_username = var.keyfactor_username_AD
+  keyfactor_password = var.keyfactor_password_AD
+}
+```
+
+### oAuth Client Environment
+
+```hcl
+module "keyfactor_github_test_environment_12_3_0_kc" {
+  source = "git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-kc.git?ref=main"
+
+  gh_environment_name = "KFC_12_3_0_KC" # Keyfactor Command 12.3.0 environment using Keycloak
+  gh_repo_name              = data.github_repository.repo.name
+  keyfactor_hostname        = var.keyfactor_hostname_12_3_0_OAUTH
+  keyfactor_auth_token_url  = var.keyfactor_auth_token_url
+  keyfactor_client_id       = var.keyfactor_client_id
+  keyfactor_client_secret   = var.keyfactor_client_secret
+  keyfactor_tls_skip_verify = true
+}
+```
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_github"></a> [github](#requirement\_github) | >=6.2 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_github"></a> [github](#provider\_github) | 6.3.1 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_keyfactor_github_test_environment_12_3_0_kc"></a> [keyfactor\_github\_test\_environment\_12\_3\_0\_kc](#module\_keyfactor\_github\_test\_environment\_12\_3\_0\_kc) | git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
+| <a name="module_keyfactor_github_test_environment_ad_10_5_0"></a> [keyfactor\_github\_test\_environment\_ad\_10\_5\_0](#module\_keyfactor\_github\_test\_environment\_ad\_10\_5\_0) | git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git | main |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [github_repository.repo](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_keyfactor_auth_token_url_12_3_0_KC"></a> [keyfactor\_auth\_token\_url\_12\_3\_0\_KC](#input\_keyfactor\_auth\_token\_url\_12\_3\_0\_KC) | The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token | `string` | `"https://int-oidc-lab.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"` | no |
+| <a name="input_keyfactor_client_id_12_3_0"></a> [keyfactor\_client\_id\_12\_3\_0](#input\_keyfactor\_client\_id\_12\_3\_0) | The client ID to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
+| <a name="input_keyfactor_client_secret_12_3_0"></a> [keyfactor\_client\_secret\_12\_3\_0](#input\_keyfactor\_client\_secret\_12\_3\_0) | The client secret to authenticate with the Keyfactor instance using Keycloak client credentials | `string` | n/a | yes |
+| <a name="input_keyfactor_hostname_10_5_0"></a> [keyfactor\_hostname\_10\_5\_0](#input\_keyfactor\_hostname\_10\_5\_0) | The hostname of the Keyfactor instance | `string` | `"integrations1050-lab.kfdelivery.com"` | no |
+| <a name="input_keyfactor_hostname_12_3_0_KC"></a> [keyfactor\_hostname\_12\_3\_0\_KC](#input\_keyfactor\_hostname\_12\_3\_0\_KC) | The hostname of the Keyfactor instance | `string` | `"int-oidc-lab.eastus2.cloudapp.azure.com"` | no |
+| <a name="input_keyfactor_password_10_5_0"></a> [keyfactor\_password\_10\_5\_0](#input\_keyfactor\_password\_10\_5\_0) | The password to authenticate with the Keyfactor instance | `string` | n/a | yes |
+| <a name="input_keyfactor_username_10_5_0"></a> [keyfactor\_username\_10\_5\_0](#input\_keyfactor\_username\_10\_5\_0) | The username to authenticate with the Keyfactor instance | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

.github/config/README.md

@@ -0,0 +1,35 @@
+module "keyfactor_github_test_environment_ad_10_5_0" {
+  source = "git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
+
+  gh_environment_name = "KFC_10_5_0"
+  gh_repo_name        = data.github_repository.repo.name
+  keyfactor_hostname  = var.keyfactor_hostname_10_5_0
+  keyfactor_username  = var.keyfactor_username_10_5_0
+  keyfactor_password  = var.keyfactor_password_10_5_0
+  keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
+}
+
+# module "keyfactor_github_test_environment_11_5_0_kc" {
+#   source = "git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-kc.git?ref=main"
+#
+#   gh_environment_name       = "KFC_11_5_0_KC"
+#   gh_repo_name              = data.github_repository.repo.name
+#   keyfactor_hostname        = var.keyfactor_hostname_11_5_0_KC
+#   keyfactor_client_id       = var.keyfactor_client_id_11_5_0
+#   keyfactor_client_secret   = var.keyfactor_client_secret_11_5_0
+#   keyfactor_auth_hostname   = var.keyfactor_auth_hostname_11_5_0_KC
+#   keyfactor_tls_skip_verify = true
+# }
+
+module "keyfactor_github_test_environment_12_3_0_kc" {
+  source = "git::ssh://[email protected]/Keyfactor/terraform-module-keyfactor-github-test-environment-ad.git?ref=main"
+
+  gh_environment_name       = "KFC_12_3_0_KC"
+  gh_repo_name              = data.github_repository.repo.name
+  keyfactor_hostname        = var.keyfactor_hostname_12_3_0_KC
+  keyfactor_auth_token_url  = var.keyfactor_auth_token_url_12_3_0_KC
+  keyfactor_client_id       = var.keyfactor_client_id_12_3_0
+  keyfactor_client_secret   = var.keyfactor_client_secret_12_3_0
+  keyfactor_tls_skip_verify = true
+  keyfactor_config_file = base64encode(file("${path.module}/command_config.json"))
+}

.github/config/environments.tf

@@ -0,0 +1,20 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    github = {
+      source = "integrations/github"
+      version = ">=6.2"
+    }
+  }
+  backend "azurerm" {
+    resource_group_name  = "integrations-infra"
+    storage_account_name = "integrationstfstate"
+    container_name       = "tfstate"
+    key                  = "github/repos/keyfactor-auth-client-go.tfstate"
+  }
+}
+
+provider "github" {
+  # Configuration options
+  owner = "Keyfactor"
+}

.github/config/providers.tf

@@ -0,0 +1,3 @@
+data "github_repository" "repo" {
+  name = "keyfactor-auth-client-go"
+}

.github/config/repo.tf

@@ -0,0 +1,38 @@
+variable "keyfactor_hostname_10_5_0" {
+  description = "The hostname of the Keyfactor instance"
+  type        = string
+  default     = "integrations1050-lab.kfdelivery.com"
+}
+
+variable "keyfactor_username_10_5_0" {
+  description = "The username to authenticate with the Keyfactor instance"
+  type        = string
+}
+
+variable "keyfactor_password_10_5_0" {
+  description = "The password to authenticate with the Keyfactor instance"
+  type        = string
+}
+
+variable "keyfactor_client_id_12_3_0" {
+  description = "The client ID to authenticate with the Keyfactor instance using Keycloak client credentials"
+  type        = string
+}
+
+variable "keyfactor_client_secret_12_3_0" {
+  description = "The client secret to authenticate with the Keyfactor instance using Keycloak client credentials"
+  type        = string
+}
+
+variable "keyfactor_hostname_12_3_0_KC" {
+  description = "The hostname of the Keyfactor instance"
+  type        = string
+  default     = "int-oidc-lab.eastus2.cloudapp.azure.com"
+}
+
+variable "keyfactor_auth_token_url_12_3_0_KC" {
+  description = "The hostname of the KeyCloak instance to authenticate to for a Keyfactor Command access token"
+  type        = string
+  default     = "https://int-oidc-lab.eastus2.cloudapp.azure.com:8444/realms/Keyfactor/protocol/openid-connect/token"
+}
+

.github/config/variables.tf

@@ -0,0 +1,12 @@
+# See GitHub's documentation for more information on this file:
+# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/dependabot.yml

@@ -0,0 +1,49 @@
+name: Go Test Workflow
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  test:
+    name: Run tests
+    runs-on: kf-auth-client-runner-set
+    strategy:
+      matrix:
+        environment: [ "KFC_10_5_0", "KFC_12_3_0_KC"]
+    environment: ${{ matrix.environment }}
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.22
+
+      - name: Get Public IP
+        run: curl -s https://api.ipify.org
+
+      - name: Validate lab cert is present
+        run: |
+          cat lib/certs/int-oidc-lab.eastus2.cloudapp.azure.com.crt
+
+      - name: Run tests
+        run: |
+          if [ -n "${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }}" ]; then
+            mkdir -p ~/.keyfactor
+            echo "${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }}" | base64 --decode > ~/.keyfactor/command_config.json
+          fi
+          go test -v -cover ./auth_providers/...
+        env:
+          KEYFACTOR_PASSWORD: ${{ secrets.KEYFACTOR_PASSWORD }}
+          KEYFACTOR_USERNAME: ${{ secrets.KEYFACTOR_USERNAME }}
+          KEYFACTOR_AUTH_CONFIG_B64: ${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }}
+          KEYFACTOR_AUTH_CLIENT_ID: ${{ secrets.KEYFACTOR_AUTH_CLIENT_ID }}
+          KEYFACTOR_AUTH_CLIENT_SECRET: ${{ secrets.KEYFACTOR_AUTH_CLIENT_SECRET }}
+          KEYFACTOR_AUTH_TOKEN_URL: ${{ vars.KEYFACTOR_AUTH_TOKEN_URL }}
+          KEYFACTOR_HOSTNAME: ${{ vars.KEYFACTOR_HOSTNAME }}
+          KEYFACTOR_AUTH_HOSTNAME: ${{ vars.KEYFACTOR_AUTH_HOSTNAME }}
+          KEYFACTOR_SKIP_VERIFY: ${{ vars.KEYFACTOR_SKIP_VERIFY }}
+          TEST_KEYFACTOR_AD_AUTH: ${{ vars.TEST_KEYFACTOR_AD_AUTH }}
+          TEST_KEYFACTOR_KC_AUTH: ${{ vars.TEST_KEYFACTOR_KC_AUTH }}

.github/workflows/go_tests.yml

@@ -0,0 +1,20 @@
+name: Keyfactor Bootstrap Workflow
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [ opened, closed, synchronize, edited, reopened ]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
+
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@v3
+    secrets:
+      token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}