feat(repo-guard): add generic external member provider and static member provider

repo-guard/README.md

@@ -3,61 +3,3 @@ title: Repo Guard
 ---
 
 Repo Guard Greenhouse Plugin manages Github teams, team memberships and repository & team assignments.
-
-## Hierarchy of Custom Resources
-
-![](img/overview.png)
-
-## Custom Resources
-
-### `Github` – an installation of Github App
-
-```
-apiVersion: githubguard.sap/v1
-kind: Github
-metadata:
-  name: com
-spec:
-  webURL: https://github.com
-  v3APIURL: https://api.github.com
-  integrationID: 123456
-  clientUserAgent: greenhouse-repo-guard
-  secret: github-com-secret
-```
-
-### `GithubOrganization` with Feature & Action Flags
-```
-apiVersion: githubguard.sap/v1
-kind: GithubOrganization
-metadata:
-  name: com--greenhouse-sandbox
-  labels:
-    githubguard.sap/addTeam: "true"
-    githubguard.sap/removeTeam: "true"
-    githubguard.sap/addOrganizationOwner: "true"
-    githubguard.sap/removeOrganizationOwner: "true"
-    githubguard.sap/addRepositoryTeam: "true"
-    githubguard.sap/removeRepositoryTeam: "true"
-    githubguard.sap/dryRun: "false"
-```
-
-Default team & repository assignments:
-![](img/default-team-assignment.png)
-
-
-### `GithubTeamRepository` for exception team & repository assignments 
-![](img/github-team-repository.png)
-
-
-### `GithubAccountLink` for external account matching
-```
-apiVersion: githubguard.sap/v1
-kind: GithubAccountLink
-metadata:
-  annotations: 
-   name: com-123456 
-spec:
-  userID: 123456
-  githubID: 2042059
-  github: com
-```

repo-guard/charts/Chart.yaml

@@ -5,5 +5,5 @@ apiVersion: v2
 name: repo-guard
 description: A Helm chart for Kubernetes
 type: application
-version: 1.4.5
-appVersion: "1.4.5"
+version: 1.5.0
+appVersion: "1.5.0"

repo-guard/charts/crds/genericexternalmemberprovider-crd.yaml

@@ -0,0 +1,78 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.19.0
+  name: genericexternalmemberproviders.githubguard.sap
+spec:
+  group: githubguard.sap
+  names:
+    kind: GenericExternalMemberProvider
+    listKind: GenericExternalMemberProviderList
+    plural: genericexternalmemberproviders
+    singular: genericexternalmemberprovider
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: GenericExternalMemberProvider is the Schema for HTTP based external
+          member providers
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: |-
+              GenericExternalMemberProviderSpec contains HTTP configuration for generic providers
+              Secret may contain username/password or token.
+            properties:
+              endpoint:
+                type: string
+              idField:
+                type: string
+              pageParam:
+                type: string
+              paginated:
+                type: boolean
+              resultsField:
+                type: string
+              secret:
+                type: string
+              totalPagesField:
+                type: string
+              testConnectionURL:
+                type: string
+            type: object
+          status:
+            properties:
+              error:
+                type: string
+              state:
+                type: string
+              timestamp:
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

repo-guard/charts/crds/githubteam-crd.yaml

@@ -66,13 +66,34 @@ spec:
                       distributionListID:
                         type: string
                     type: object
+                  genericHTTP:
+                    properties:
+                      group:
+                        type: string
+                      provider:
+                        type: string
+                    type: object
+                  ldap:
+                    properties:
+                      group:
+                        type: string
+                      provider:
+                        type: string
+                    type: object
                   ldapGroup:
                     properties:
                       group:
                         type: string
                       ldapGroupProvider:
                         type: string
                     type: object
+                  static:
+                    properties:
+                      group:
+                        type: string
+                      provider:
+                        type: string
+                    type: object
                 type: object
               github:
                 type: string

repo-guard/charts/crds/staticmemberprovider-crd.yaml

@@ -0,0 +1,69 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.19.0
+  name: staticmemberproviders.githubguard.sap
+spec:
+  group: githubguard.sap
+  names:
+    kind: StaticMemberProvider
+    listKind: StaticMemberProviderList
+    plural: staticmemberproviders
+    singular: staticmemberprovider
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: StaticMemberProvider provides static members by group
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              groups:
+                items:
+                  properties:
+                    group:
+                      type: string
+                    members:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+          status:
+            properties:
+              error:
+                type: string
+              state:
+                type: string
+              timestamp:
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

repo-guard/charts/templates/genericexternalmemberprovider.yaml

@@ -0,0 +1,44 @@
+# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.genericExternalMemberProviders }}
+{{- range $idx, $gep := .Values.genericExternalMemberProviders }}
+apiVersion: githubguard.sap/v1
+kind: GenericExternalMemberProvider
+metadata:
+  name: {{ $gep.name | required "genericExternalMemberProviders[].name is required" }}
+spec:
+  endpoint: {{ $gep.endpoint | required "genericExternalMemberProviders[].endpoint is required" }}
+  secret: {{ printf "%s-genericext-secret" (lower $gep.name) }}
+  {{- if $gep.idField }}
+  idField: {{ $gep.idField }}
+  {{- end }}
+  {{- if $gep.resultsField }}
+  resultsField: {{ $gep.resultsField }}
+  {{- end }}
+  {{- if hasKey $gep "paginated" }}
+  paginated: {{ $gep.paginated }}
+  {{- end }}
+  {{- if $gep.pageParam }}
+  pageParam: {{ $gep.pageParam }}
+  {{- end }}
+  {{- if $gep.totalPagesField }}
+  totalPagesField: {{ $gep.totalPagesField }}
+  {{- end }}
+  {{- if $gep.testConnectionURL }}
+  testConnectionURL: {{ $gep.testConnectionURL }}
+  {{- end }}
+---
+{{- if or $gep.username $gep.password }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-genericext-secret" (lower $gep.name) }}
+type: Opaque
+data:
+  username: {{ $gep.username | default "" | b64enc }}
+  password: {{ $gep.password | default "" | b64enc }}
+---
+{{- end }}
+{{- end }}
+{{- end }}

repo-guard/charts/templates/githubteam.yaml

@@ -20,7 +20,7 @@ metadata:
     githubguard.sap/require-osmp-check: "true"
     {{- end }}
 spec:
-  {{- if or $team.distributionListID $team.ldapGroup }}
+  {{- if or $team.distributionListID $team.ldapGroup $team.ldap $team.genericHTTP $team.static }}
   externalMemberProvider:
     {{- if $team.distributionListID }}
     distributionList:
@@ -32,6 +32,25 @@ spec:
       ldapGroupProvider: "{{ $.Values.ldap.name }}"
       group: {{ $team.ldapGroup }}
     {{- end }}
+    {{- if $team.ldap }}
+    ldap:
+      {{- if $team.ldap.provider }}
+      provider: {{ $team.ldap.provider }}
+      {{- else if $.Values.ldap.name }}
+      provider: "{{ $.Values.ldap.name }}"
+      {{- end }}
+      group: {{ $team.ldap.group }}
+    {{- end }}
+    {{- if $team.genericHTTP }}
+    genericHTTP:
+      provider: {{ $team.genericHTTP.provider }}
+      group: {{ $team.genericHTTP.group }}
+    {{- end }}
+    {{- if $team.static }}
+    static:
+      provider: {{ $team.static.provider }}
+      group: {{ $team.static.group }}
+    {{- end }}
   {{- end }}
   github: {{ $githubKey }}
   organization: {{ $org.organization }}