Merge pull request #256 from 1Password/andi_t/introduce_terraform_plugin

Add Terraform plugin

Author: AndyTitu

plugins/terraform/plugin.go

@@ -0,0 +1,19 @@
+package terraform
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/schema"
+)
+
+func New() schema.Plugin {
+	return schema.Plugin{
+		Name: "terraform",
+		Platform: schema.PlatformInfo{
+			Name:     "Terraform",
+			Homepage: sdk.URL("https://www.terraform.io"),
+		},
+		Executables: []schema.Executable{
+			TerraformCLI(),
+		},
+	}
+}

plugins/terraform/terraform.go

@@ -0,0 +1,38 @@
+package terraform
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/needsauth"
+	"github.com/1Password/shell-plugins/sdk/schema"
+)
+
+func TerraformCLI() schema.Executable {
+	return schema.Executable{
+		Name:    "Terraform CLI",
+		Runs:    []string{"terraform"},
+		DocsURL: sdk.URL("https://developer.hashicorp.com/terraform/cli"),
+		NeedsAuth: needsauth.IfAll(
+			needsauth.NotForHelpOrVersion(),
+			needsauth.NotWithoutArgs(),
+		),
+		Uses: []schema.CredentialUsage{
+			{
+				Description: "Credentials to use within the Terraform project",
+				SelectFrom: &schema.CredentialSelection{
+					ID:                    "project",
+					IncludeAllCredentials: true,
+					AllowMultiple:         true,
+				},
+				Optional: true,
+				NeedsAuth: needsauth.IfAny(
+					needsauth.ForCommand("refresh"),
+					needsauth.ForCommand("plan"),
+					needsauth.ForCommand("apply"),
+					needsauth.ForCommand("destroy"),
+					needsauth.ForCommand("import"),
+					needsauth.ForCommand("test"),
+				),
+			},
+		},
+	}
+}

sdk/schema/executable.go

@@ -21,22 +21,45 @@ type Executable struct {
 	// (Optional) A URL to the documentation about this executable.
 	DocsURL *url.URL
 
-	// (Optional) Whether the exectuable needs authentication for certain args.
+	// (Optional) Whether the executable needs authentication for certain args.
 	NeedsAuth sdk.NeedsAuthentication
 }
 
 type CredentialUsage struct {
-	// The name of the credential to use in the executable.
+	// (Optional) The name of the credential to use in the executable. Mutually exclusive with `SelectFrom`.
 	Name sdk.CredentialName
 
 	// (Optional) The plugin name that contains the credential. Defaults to the current package. This can be used to
-	// include credentials from other plugins.
+	// include credentials from other plugins. Mutually exclusive with `SelectFrom`.
 	Plugin string
 
 	// (Optional) The provisioner to use to provision this credential to the executable. Overrides the DefaultProvisioner
 	// set in the credential schema, so should only be used if this executable requires a custom configuration, that deviates
-	// from the way the credential is usually provisioned.
+	// from the way the credential is usually provisioned. Mutually exclusive with `SelectFrom`.
 	Provisioner sdk.Provisioner
+
+	// (Optional) What this credential will be used for by the executable.
+	Description string
+
+	// (Optional) Instead of requiring a specific credential, have the user select from a list of compatible credentials.
+	// Mutually exclusive with: `Name` and `Plugin`.
+	SelectFrom *CredentialSelection
+
+	// (Optional) Whether the exectuable needs authentication for this credential. Works side by side with the executable's
+	// `NeedsAuth`, which can still be used for more generic authentications opt-outs, such as the help flag.
+	NeedsAuth sdk.NeedsAuthentication
+
+	// Whether this credential is needed for the executable to run. If set to true, the executable cannot run without provisioning this credential.
+	Optional bool
+}
+
+type CredentialSelection struct {
+	// ID helps identify credentials chosen in this selection. This must be unique in relation to other selections specified in usages within its executable.
+	ID string
+	// IncludeAllCredentials specifies whether this selection should contain all credentials defined in all plugins.
+	IncludeAllCredentials bool
+	// AllowMultiple specifies whether multiple credentials can be selected to be part of this credential use.
+	AllowMultiple bool
 }
 
 func (e Executable) Validate() (bool, ValidationReport) {
@@ -75,9 +98,57 @@ func (e Executable) Validate() (bool, ValidationReport) {
 		Severity:    ValidationSeverityError,
 	})
 
+	report.AddCheck(ValidationCheck{
+		Description: "Credential usage definitions are uniquely identifiable inside an executable",
+		Assertion:   AreCredentialUsagesUniquelyIdentifiable(e),
+		Severity:    ValidationSeverityError,
+	})
+
 	return report.IsValid(), report
 }
 
 func (e Executable) Command() string {
 	return strings.Join(e.Runs, " ")
 }
+
+func (c CredentialUsage) Validate() (bool, ValidationReport) {
+	report := ValidationReport{
+		Heading: fmt.Sprintf("Credential usage %s", c.ID()),
+		Checks:  []ValidationCheck{},
+	}
+	report.AddCheck(ValidationCheck{
+		Description: "If defined, a credential reference must have at least a `Name`",
+		Assertion:   c.Name != "" || (c.Plugin == "" && c.Provisioner == nil),
+		Severity:    ValidationSeverityError,
+	})
+
+	report.AddCheck(ValidationCheck{
+		Description: "If defined, a credential selection must have its `ID` and `IncludeAllCredentials` set",
+		Assertion:   c.SelectFrom == nil || (c.SelectFrom.ID != "" && c.SelectFrom.IncludeAllCredentials),
+		Severity:    ValidationSeverityError,
+	})
+
+	report.AddCheck(ValidationCheck{
+		Description: "Credential usage has either a credential reference or selection defined, but not both",
+		Assertion:   (c.SelectFrom != nil || c.Name != "") && !(c.SelectFrom != nil && c.Name != ""),
+		Severity:    ValidationSeverityError,
+	})
+	return report.IsValid(), report
+}
+
+// ID returns the identifier of this credential usage at the scope of its executable
+func (c CredentialUsage) ID() string {
+	if c.Name != "" {
+		if c.Plugin != "" {
+			return strings.Join([]string{c.Name.ID().String(), c.Plugin}, "|")
+		} else {
+			return c.Name.ID().String()
+		}
+	}
+
+	if c.SelectFrom != nil && c.SelectFrom.ID != "" {
+		return c.SelectFrom.ID
+	}
+
+	return ""
+}

sdk/schema/plugin.go

@@ -68,13 +68,13 @@ func (p Plugin) Validate() (bool, ValidationReport) {
 
 	report.AddCheck(ValidationCheck{
 		Description: "Has a credential type or executable defined",
-		Assertion:   len(p.Credentials) > 0 && len(p.Executables) > 0,
+		Assertion:   len(p.Credentials) > 0 || len(p.Executables) > 0,
 		Severity:    ValidationSeverityError,
 	})
 
 	report.AddCheck(ValidationCheck{
 		Description: "Has no more than one credential type defined. Plugins with multiple credential types are not supported yet",
-		Assertion:   len(p.Credentials) == 1,
+		Assertion:   len(p.Credentials) <= 1,
 		Severity:    ValidationSeverityError,
 	})
 
@@ -107,6 +107,12 @@ func (p Plugin) DeepValidate() []ValidationReport {
 	for _, exe := range p.Executables {
 		_, exeReport := exe.Validate()
 		reports = append(reports, exeReport)
+
+		for _, usage := range exe.Uses {
+			_, usageReport := usage.Validate()
+			usageReport.Heading = fmt.Sprintf("Executable %s: %s", exe.Name, usageReport.Heading)
+			reports = append(reports, usageReport)
+		}
 	}
 
 	return reports

sdk/schema/validation.go

@@ -98,15 +98,17 @@ func ContainsLowercaseLettersOrDigits(str string) bool {
 func CredentialReferencesInCredentialList(plugin Plugin) bool {
 	for _, executable := range plugin.Executables {
 		for _, execCredential := range executable.Uses {
-			found := false
-			for _, credential := range plugin.Credentials {
-				if execCredential.Name == credential.Name {
-					found = true
-					break
+			if execCredential.Name != "" {
+				found := false
+				for _, credential := range plugin.Credentials {
+					if execCredential.Name == credential.Name {
+						found = true
+						break
+					}
+				}
+				if !found {
+					return false
 				}
-			}
-			if !found {
-				return false
 			}
 		}
 	}
@@ -122,6 +124,15 @@ func NoDuplicateCredentials(plugin Plugin) bool {
 	return IsStringSliceASet(ids)
 }
 
+func AreCredentialUsagesUniquelyIdentifiable(executable Executable) bool {
+	var usageIds []string
+	for _, credentialUsage := range executable.Uses {
+		usageIds = append(usageIds, credentialUsage.ID())
+	}
+
+	return IsStringSliceASet(usageIds)
+}
+
 func IsStringSliceASet(slice []string) bool {
 	for i, s := range slice {
 		if i == len(slice)-1 {