feat(notificationchannels): add team option in provider, add share_with_current_team in notification channels (#294)

* feat(notificationchannels): add team option in provider, add share_with_current_team in notification channels

Author: filiptubic

.github/workflows/test.yml

@@ -25,6 +25,7 @@ jobs:
   test-sysdig:
     name: Sysdig Acceptance Tests
     runs-on: ubuntu-latest
+    needs: test
 
     steps:
       - name: Check out code

sysdig/common_test.go

@@ -0,0 +1,18 @@
+//go:build tf_acc_sysdig || tf_acc_ibm || unit
+
+package sysdig_test
+
+import (
+	"os"
+	"testing"
+)
+
+func sysdigOrIBMMonitorPreCheck(t *testing.T) func() {
+	return func() {
+		monitor := os.Getenv("SYSDIG_MONITOR_API_TOKEN")
+		ibmMonitor := os.Getenv("SYSDIG_IBM_MONITOR_API_KEY")
+		if monitor == "" && ibmMonitor == "" {
+			t.Fatal("SYSDIG_MONITOR_API_TOKEN or SYSDIG_IBM_MONITOR_API_KEY must be set for acceptance tests")
+		}
+	}
+}

sysdig/internal/client/v2/client.go

@@ -6,6 +6,7 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"github.com/hashicorp/go-retryablehttp"
 	"github.com/jmespath/go-jmespath"
 	"github.com/spf13/cast"
@@ -17,18 +18,24 @@ import (
 )
 
 const (
+	GetMePath                 = "/api/users/me"
 	AuthorizationHeader       = "Authorization"
 	ContentTypeHeader         = "Content-Type"
 	ContentTypeJSON           = "application/json"
 	ContentTypeFormURLEncoded = "x-www-form-urlencoded"
 )
 
+type Base interface {
+	CurrentTeamID(ctx context.Context) (int, error)
+}
+
 type Common interface {
 	TeamInterface
 	NotificationChannelInterface
 }
 
 type Requester interface {
+	CurrentTeamID(ctx context.Context) (int, error)
 	Request(ctx context.Context, method string, url string, payload io.Reader) (*http.Response, error)
 }
 
@@ -100,6 +107,39 @@ func request(httpClient *http.Client, cfg *config, request *http.Request) (*http
 	return response, err
 }
 
+func getMe(ctx context.Context, cfg *config, httpClient *http.Client, headers map[string]string) (*User, error) {
+	r, err := http.NewRequest(
+		http.MethodGet,
+		fmt.Sprintf("%s%s", cfg.url, GetMePath),
+		nil,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	r = r.WithContext(ctx)
+	for k, v := range headers {
+		r.Header.Set(k, v)
+	}
+
+	resp, err := request(httpClient, cfg, r)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	wrapper, err := Unmarshal[userWrapper](resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return &wrapper.User, nil
+}
+
+func (client *Client) CurrentTeamID(ctx context.Context) (int, error) {
+	return client.requester.CurrentTeamID(ctx)
+}
+
 func newHTTPClient(cfg *config) *http.Client {
 	httpClient := retryablehttp.NewClient()
 	transport := http.DefaultTransport.(*http.Transport).Clone()

sysdig/internal/client/v2/config.go

@@ -1,13 +1,15 @@
 package v2
 
 type config struct {
-	url           string
-	token         string
-	insecure      bool
-	extraHeaders  map[string]string
-	ibmInstanceID string
-	ibmAPIKey     string
-	ibmIamURL     string
+	url            string
+	token          string
+	insecure       bool
+	extraHeaders   map[string]string
+	ibmInstanceID  string
+	ibmAPIKey      string
+	ibmIamURL      string
+	sysdigTeamName string
+	sysdigTeamID   *int
 }
 
 type ClientOption func(c *config)
@@ -54,6 +56,18 @@ func WithIBMIamURL(url string) ClientOption {
 	}
 }
 
+func WithSysdigTeamID(teamID *int) ClientOption {
+	return func(c *config) {
+		c.sysdigTeamID = teamID
+	}
+}
+
+func WithSysdigTeamName(teamName string) ClientOption {
+	return func(c *config) {
+		c.sysdigTeamName = teamName
+	}
+}
+
 func configure(opts ...ClientOption) *config {
 	cfg := &config{}
 	for _, opt := range opts {

sysdig/internal/client/v2/ibm.go

@@ -6,7 +6,9 @@ import (
 	"io"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
+	"sync"
 	"time"
 )
 
@@ -16,6 +18,8 @@ const (
 	IBMGrantTypeFormValue = "grant_type"
 	IBMApiKeyFormValue    = "apikey"
 	IBMAPIKeyGrantType    = "urn:ibm:params:oauth:grant-type:apikey"
+	SysdigTeamIDHeader    = "SysdigTeamID"
+	GetTeamByNamePath     = "/api/v2/teams/light/name/"
 )
 
 type IBMCommon interface {
@@ -30,10 +34,15 @@ type IBMAccessToken string
 type UnixTimestamp int64
 
 type IBMRequest struct {
-	config          *config
-	httpClient      *http.Client
+	config     *config
+	httpClient *http.Client
+
+	tokenLock       *sync.Mutex
 	tokenExpiration UnixTimestamp
 	token           IBMAccessToken
+
+	teamIDLock *sync.Mutex
+	teamID     *int
 }
 
 type IAMTokenResponse struct {
@@ -42,6 +51,9 @@ type IAMTokenResponse struct {
 }
 
 func (ir *IBMRequest) getIBMIAMToken() (IBMAccessToken, error) {
+	ir.tokenLock.Lock()
+	defer ir.tokenLock.Unlock()
+
 	if UnixTimestamp(time.Now().Unix()) < ir.tokenExpiration {
 		return ir.token, nil
 	}
@@ -75,6 +87,71 @@ func (ir *IBMRequest) getIBMIAMToken() (IBMAccessToken, error) {
 	return ir.token, nil
 }
 
+func (ir *IBMRequest) getTeamIDByName(ctx context.Context, name string, token IBMAccessToken) (int, error) {
+	r, err := http.NewRequest(
+		http.MethodGet,
+		fmt.Sprintf("%s%s%s", ir.config.url, GetTeamByNamePath, name),
+		nil,
+	)
+	if err != nil {
+		return -1, err
+	}
+
+	r = r.WithContext(ctx)
+	r.Header.Set(IBMInstanceIDHeader, ir.config.ibmInstanceID)
+	r.Header.Set(AuthorizationHeader, fmt.Sprintf("Bearer %s", token))
+
+	resp, err := request(ir.httpClient, ir.config, r)
+	if err != nil {
+		return -1, err
+	}
+	defer resp.Body.Close()
+
+	wrapper, err := Unmarshal[teamWrapper](resp.Body)
+	if err != nil {
+		return -1, err
+	}
+
+	return wrapper.Team.ID, nil
+}
+
+func (ir *IBMRequest) CurrentTeamID(ctx context.Context) (int, error) {
+	ir.teamIDLock.Lock()
+	defer ir.teamIDLock.Unlock()
+
+	if ir.teamID != nil {
+		return *ir.teamID, nil
+	}
+
+	token, err := ir.getIBMIAMToken()
+	if err != nil {
+		return -1, err
+	}
+
+	if ir.config.sysdigTeamName != "" {
+		teamID, err := ir.getTeamIDByName(ctx, ir.config.sysdigTeamName, token)
+		if err != nil {
+			return -1, err
+		}
+
+		ir.teamID = &teamID
+		return *ir.teamID, nil
+	}
+
+	// use default current team
+	user, err := getMe(ctx, ir.config, ir.httpClient, map[string]string{
+		IBMInstanceIDHeader: ir.config.ibmInstanceID,
+		AuthorizationHeader: fmt.Sprintf("Bearer %s", token),
+	})
+	if err != nil {
+		return -1, err
+	}
+
+	ir.teamID = &user.CurrentTeam
+
+	return *ir.teamID, nil
+}
+
 func (ir *IBMRequest) Request(ctx context.Context, method string, url string, payload io.Reader) (*http.Response, error) {
 	r, err := http.NewRequest(method, url, payload)
 	if err != nil {
@@ -86,9 +163,15 @@ func (ir *IBMRequest) Request(ctx context.Context, method string, url string, pa
 		return nil, err
 	}
 
+	teamID, err := ir.CurrentTeamID(ctx)
+	if err != nil {
+		return nil, err
+	}
+
 	r = r.WithContext(ctx)
 	r.Header.Set(IBMInstanceIDHeader, ir.config.ibmInstanceID)
 	r.Header.Set(AuthorizationHeader, fmt.Sprintf("Bearer %s", token))
+	r.Header.Set(SysdigTeamIDHeader, strconv.Itoa(teamID))
 	r.Header.Set(ContentTypeHeader, ContentTypeJSON)
 
 	return request(ir.httpClient, ir.config, r)
@@ -99,8 +182,11 @@ func newIBMClient(opts ...ClientOption) *Client {
 	return &Client{
 		config: cfg,
 		requester: &IBMRequest{
+			tokenLock:  &sync.Mutex{},
+			teamIDLock: &sync.Mutex{},
 			config:     cfg,
 			httpClient: newHTTPClient(cfg),
+			teamID:     cfg.sysdigTeamID,
 		},
 	}
 }