Basic Google Groups support (#66)

* Basic Google Groups support * Add tests --------- Co-authored-by: Bojan Zelic <[email protected]>
BojanZelic · Mar 7, 2023 · 47b5336 · 47b5336
1 parent 70a3c24
commit 47b5336
Show file tree

Hide file tree

Showing 7 changed files with 151 additions and 0 deletions.
diff --git a/api/v1alpha1/cloudflareaccessgroup_types.go b/api/v1alpha1/cloudflareaccessgroup_types.go
@@ -70,6 +70,9 @@ type CloudFlareAccessGroupRule struct {
 
 	// Matches any valid service token
 	AnyAccessServiceToken *bool `json:"anyAccessServiceToken,omitempty"`
+
+	// Matches Google Group
+	GoogleGroups []GoogleGroup `json:"googleGroups,omitempty"`
 }
 
 // CloudflareAccessGroupStatus defines the observed state of CloudflareAccessGroup.
@@ -177,6 +180,12 @@ func (c CloudFlareAccessGroupRuleGroups) TransformCloudflareRuleFields(managedCF
 					*managedCFFields[i] = append(*managedCFFields[i], cfapi.NewAccessGroupAccessGroup(group.Value))
 				}
 			}
+
+			for _, googleGroup := range field.GoogleGroups {
+				if googleGroup.Email != "" && googleGroup.IdentityProviderID != "" {
+					*managedCFFields[i] = append(*managedCFFields[i], cfapi.NewAccessGroupGSuite(googleGroup.Email, googleGroup.IdentityProviderID))
+				}
+			}
 		}
 	}
 }

diff --git a/api/v1alpha1/cloudflareaccessgroup_types_test.go b/api/v1alpha1/cloudflareaccessgroup_types_test.go
@@ -75,6 +75,33 @@ var _ = Describe("Creating a CloudflareAccessGroup", Label("CloudflareAccessGrou
 			}
 		})
 
+		It("can export googleGroups to the cloudflare object", func() {
+			googleGroups := []v1alpha1.GoogleGroup{
+				{
+					Email:              "[email protected]",
+					IdentityProviderID: "00000000-0000-0000-0000-00000000000000",
+				},
+				{
+					Email:              "[email protected]",
+					IdentityProviderID: "11111111-1111-1111-1111-111111111111",
+				},
+			}
+			accessRule.Spec.Include = []v1alpha1.CloudFlareAccessGroupRule{{
+				GoogleGroups: googleGroups},
+			}
+			for i := range googleGroups {
+				Expect(accessRule.ToCloudflare().Include[i]).To(Equal(cloudflare.AccessGroupGSuite{
+					Gsuite: struct {
+						Email              string "json:\"email\""
+						IdentityProviderID string "json:\"identity_provider_id\""
+					}{
+						Email:              googleGroups[i].Email,
+						IdentityProviderID: googleGroups[i].IdentityProviderID,
+					},
+				}))
+			}
+		})
+
 		It("can export ipRanges to the cloudflare object", func() {
 			ips := []string{"1.1.1.1/32", "8.8.8.8/32"}
 			accessRule.Spec.Include = []v1alpha1.CloudFlareAccessGroupRule{{

diff --git a/api/v1alpha1/reference_types.go b/api/v1alpha1/reference_types.go
@@ -22,6 +22,11 @@ type ServiceToken struct {
 	ValueFrom *ServiceTokenReference `json:"valueFrom,omitempty" protobuf:"bytes,2,opt,name=valueFrom"`
 }
 
+type GoogleGroup struct {
+	Email              string `json:"email"`
+	IdentityProviderID string `json:"identityProviderId"`
+}
+
 type AccessGroupReference struct {
 	// `namespace` is the namespace of the AccessGroup.
 	// Required

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/cloudflare.zelic.io_cloudflareaccessapplications.yaml b/config/crd/bases/cloudflare.zelic.io_cloudflareaccessapplications.yaml
@@ -136,6 +136,19 @@ spec:
                           everyone:
                             description: Allow Everyone
                             type: boolean
+                          googleGroups:
+                            description: Matches Google Group
+                            items:
+                              properties:
+                                email:
+                                  type: string
+                                identityProviderId:
+                                  type: string
+                              required:
+                              - email
+                              - identityProviderId
+                              type: object
+                            type: array
                           ipRanges:
                             description: Matches an IP CIDR block
                             items:
@@ -229,6 +242,19 @@ spec:
                           everyone:
                             description: Allow Everyone
                             type: boolean
+                          googleGroups:
+                            description: Matches Google Group
+                            items:
+                              properties:
+                                email:
+                                  type: string
+                                identityProviderId:
+                                  type: string
+                              required:
+                              - email
+                              - identityProviderId
+                              type: object
+                            type: array
                           ipRanges:
                             description: Matches an IP CIDR block
                             items:
@@ -325,6 +351,19 @@ spec:
                           everyone:
                             description: Allow Everyone
                             type: boolean
+                          googleGroups:
+                            description: Matches Google Group
+                            items:
+                              properties:
+                                email:
+                                  type: string
+                                identityProviderId:
+                                  type: string
+                              required:
+                              - email
+                              - identityProviderId
+                              type: object
+                            type: array
                           ipRanges:
                             description: Matches an IP CIDR block
                             items:

diff --git a/config/crd/bases/cloudflare.zelic.io_cloudflareaccessgroups.yaml b/config/crd/bases/cloudflare.zelic.io_cloudflareaccessgroups.yaml
@@ -93,6 +93,19 @@ spec:
                     everyone:
                       description: Allow Everyone
                       type: boolean
+                    googleGroups:
+                      description: Matches Google Group
+                      items:
+                        properties:
+                          email:
+                            type: string
+                          identityProviderId:
+                            type: string
+                        required:
+                        - email
+                        - identityProviderId
+                        type: object
+                      type: array
                     ipRanges:
                       description: Matches an IP CIDR block
                       items:
@@ -186,6 +199,19 @@ spec:
                     everyone:
                       description: Allow Everyone
                       type: boolean
+                    googleGroups:
+                      description: Matches Google Group
+                      items:
+                        properties:
+                          email:
+                            type: string
+                          identityProviderId:
+                            type: string
+                        required:
+                        - email
+                        - identityProviderId
+                        type: object
+                      type: array
                     ipRanges:
                       description: Matches an IP CIDR block
                       items:
@@ -282,6 +308,19 @@ spec:
                     everyone:
                       description: Allow Everyone
                       type: boolean
+                    googleGroups:
+                      description: Matches Google Group
+                      items:
+                        properties:
+                          email:
+                            type: string
+                          identityProviderId:
+                            type: string
+                        required:
+                        - email
+                        - identityProviderId
+                        type: object
+                      type: array
                     ipRanges:
                       description: Matches an IP CIDR block
                       items:

diff --git a/internal/cfapi/access_group_types.go b/internal/cfapi/access_group_types.go
@@ -30,6 +30,18 @@ func NewAccessGroupIP(ip string) cloudflare.AccessGroupIP {
 	}
 }
 
+func NewAccessGroupGSuite(email string, identityProviderID string) cloudflare.AccessGroupGSuite {
+	return cloudflare.AccessGroupGSuite{
+		Gsuite: struct {
+			Email              string "json:\"email\""
+			IdentityProviderID string "json:\"identity_provider_id\""
+		}{
+			Email:              email,
+			IdentityProviderID: identityProviderID,
+		},
+	}
+}
+
 func NewAccessGroupServiceToken(token string) cloudflare.AccessGroupServiceToken {
 	return cloudflare.AccessGroupServiceToken{
 		ServiceToken: struct {