okta-terraform-generator 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: be1b5bad3e26a996c3b4dfcd6d2bc1f50b272f9b2bf8f7c4e9e2b6999693fc92
+  data.tar.gz: 7745ad91a8734e6c66afc17537231caecc0422935cfd47944af0224f47e34161
+SHA512:
+  metadata.gz: aacb28e2014b333edfa5a6be4342bc11aa6919241fca6a19ff722f50cabeabf63936d362b98a468680ccc4bba9ae3e278ac225d0f83a0f99c9660d4cc8da91db
+  data.tar.gz: 6a82e0741eea6ad0c14ae7bb0ab7025e70cd0d434a714478ca76826a1e1559af635f9fd33fc550c9071119438370d7fb3f9bfca8e915923e966ce8302963b7cf

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,10 @@
+Metrics/AbcSize:
+  Max: 20
+Metrics/BlockLength:
+  Max: 81
+Metrics/LineLength:
+  Max: 152
+Naming/FileName:
+  Enabled: false
+Style/Documentation:
+  Enabled: false

data/.travis.yml

@@ -0,0 +1,35 @@
+sudo: false
+language: ruby
+rvm:
+- 2.4.2
+
+cache:
+- bundler
+
+notifications:
+  email:
+    on_success: change
+    on_failure: always
+
+branches:
+  only:
+  - master
+  - "/^v\\d+\\.\\d+\\.\\d+$/"
+
+before_install: gem install bundler -v 1.16.1
+
+install:
+- bundle install
+
+script:
+- bundle exec rubocop
+- bundle exec rake spec
+
+deploy:
+  provider: rubygems
+  api_key:
+    secure: ce//9TbWkYgG93n5qWg1qcTxHeEg/AsW9j5B0gA0BUWkfkfEJODWHiMPPeMhS5v3VZas6CGy44VTWBmSSWsDNxj/wk1evLxnhPhE5JNrBwzqB259zcP3vhm3rk9XlBSC/zcKXJvj7GQF15Qhh/pM8Qr0MXSvYHN0/eHGy+26FImnrR8HaDyDG6EUivvUPZcv7XsffuEGdNqMWM99HWxbuCX3j1QVwx62ZYYTqs5I+kGrW3S3oAlC76yoqyDOR4yDQWVDGdE8k8hJ6xKzSah7W5s+Ywjw7QnpqoSANj2HfN79XJfhS6kt21QPr0+Qa2CRzcBuM1aEQx+J34kf1t8jDMWkIsnnyVBHxxgTxuA+Seem1kj6ZGtaVR9hrLtsTe0zJhprSTCl7aEFw91JnqmO1dKLTXAQJ5h2B1GvEjR8Ajhhf1PYBkiSFD1jwL5pJS4VirwSo6HhHIysK6swqZ/HgtzmCf4oTZsXeF8Ue/YOHpOJVsi0S+BkZx+FoELzuRq5QIWwnMcmbyzV+jAtsLjAbmNhpz0bhwo91uaJOYWlRXOOd2GVOMgLzHbIvJJmF7NNLAu1u+9+MLc88RjksoZvMsgbHfHaOThUATuYr65xfCCSTm9lNfizLdIxBRU5SU8tsgmQxQabu/L98lsPv4d88J7ZCEIfqztLoK//FAPxOIQ=
+  gem: okta-terraform-generator
+  on:
+    tags: true
+    repo: schubergphilis/okta-terraform-generator

data/CHANGELOG.md

@@ -0,0 +1,9 @@
+# okta-terraform-generator CHANGELOG
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
+
+## 0.1.0 (2018-06-13)
+
+First release.

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at shoekstra@schubergphilis.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,20 @@
+source 'https://rubygems.org'
+
+group :development do
+  gem 'guard-rspec', require: false
+  gem 'pry', require: false
+  gem 'terminal-notifier-guard', require: false
+end
+
+group :test do
+  gem 'bundler', '~> 1.16'
+  gem 'multi_json'
+  gem 'rake', '~> 10.0'
+  gem 'rspec', '~> 3.0'
+  gem 'rspec-command'
+  gem 'rubocop'
+  gem 'vcr'
+  gem 'webmock'
+end
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,132 @@
+PATH
+  remote: .
+  specs:
+    okta-terraform-generator (0.1.0)
+      facets (~> 3.1)
+      mixlib-cli (~> 1.7)
+      octokit (~> 4.0)
+      oktakit (~> 0.2.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    ast (2.4.0)
+    coderay (1.1.2)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.3)
+    facets (3.1.0)
+    faraday (0.15.0)
+      multipart-post (>= 1.2, < 3)
+    ffi (1.9.23)
+    formatador (0.2.5)
+    guard (2.14.2)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    hashdiff (0.3.7)
+    listen (3.1.5)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+      ruby_dep (~> 1.2)
+    lumberjack (1.0.13)
+    method_source (0.9.0)
+    mixlib-cli (1.7.0)
+    mixlib-shellout (2.3.2)
+    multi_json (1.13.1)
+    multipart-post (2.0.0)
+    nenv (0.3.0)
+    notiffany (0.1.1)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    octokit (4.9.0)
+      sawyer (~> 0.8.0, >= 0.5.3)
+    oktakit (0.2.0)
+      sawyer (~> 0.8.1)
+    parallel (1.12.1)
+    parser (2.5.1.0)
+      ast (~> 2.4.0)
+    powerpack (0.1.1)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    public_suffix (3.0.2)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-command (1.0.3)
+      mixlib-shellout (~> 2.0)
+      rspec (~> 3.2)
+      rspec-its (~> 1.2)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-its (1.2.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    rubocop (0.55.0)
+      parallel (~> 1.10)
+      parser (>= 2.5)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.9.0)
+    ruby_dep (1.5.0)
+    safe_yaml (1.0.4)
+    sawyer (0.8.1)
+      addressable (>= 2.3.5, < 2.6)
+      faraday (~> 0.8, < 1.0)
+    shellany (0.0.1)
+    terminal-notifier-guard (1.7.0)
+    thor (0.20.0)
+    unicode-display_width (1.3.2)
+    vcr (4.0.0)
+    webmock (3.4.1)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  guard-rspec
+  multi_json
+  okta-terraform-generator!
+  pry
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  rspec-command
+  rubocop
+  terminal-notifier-guard
+  vcr
+  webmock
+
+BUNDLED WITH
+   1.16.1

data/Guardfile

@@ -0,0 +1,9 @@
+guard 'rspec', cmd: 'bundle exec rspec' do
+  require 'guard/rspec/dsl'
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_files)
+  watch(%r{^lib/**/.+\.rb$}) { rspec.spec_dir }
+end

data/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -0,0 +1,52 @@
+# okta-terraform-generator
+
+A command line helper to generate [Terraform](https://www.terraform.io/) files based on data found in an [Okta](https://www.okta.com/) tenant.
+
+## Installation
+
+This gem installs a `okta-terraform-generator` bin, to install it:
+
+```
+gem install okta-terraform-generator
+```
+
+## Usage
+
+The installed bin writes a file matching the name of the generator used in the current working directory (e.g. `github_membership.tf` when using the `github_membership` generator), so you'll want to be in the directory containing your Terraform plans when running `okta-terraform-generator`.
+
+Running `okta-terraform-generator` will print available generators, running `okta-terraform-generator GENERATOR_NAME` will print generator specific usage.
+
+## Contributing
+
+We welcome contributed improvements and bug fixes via the usual work flow:
+
+1. Fork this repository
+1. Create your feature branch (`git checkout -b my-new-feature`)
+1. Commit your changes (`git commit -am 'Add some feature'`)
+1. Push to the branch (`git push origin my-new-feature`)
+1. Create a new pull request
+
+## License & Authors
+
+* Author: Stephen Hoekstra (shoekstra@schubergphilis.com)
+
+```
+Copyright 2018 Stephen Hoekstra <shoekstra@schubergphilis.com>
+Copyright 2018 Schuberg Philis
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```
+
+## Code of Conduct
+
+Everyone interacting in the this project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/schubergphilis/okta-terraform-generator/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,9 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+ENV['OKTA_TEST_USER_GROUP'] = 'github_users'
+ENV['OKTA_TEST_ADMIN_GROUP'] = 'github_admins'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/okta-terraform-generator

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+require 'okta-terraform-generator/cli'
+
+generator = OktaTerraformGenerator::CLI.new.load_generator
+generator.run

data/lib/okta-terraform-generator.rb

@@ -0,0 +1,20 @@
+#
+# Copyright 2018 Stephen Hoekstra <shoekstra@schubergphilis.com>
+# Copyright 2018 Schuberg Philis
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module OktaTerraformGenerator
+  VERSION = '0.1.0'.freeze
+end

data/lib/okta-terraform-generator/cli.rb

@@ -0,0 +1,80 @@
+#
+# Copyright 2018 Stephen Hoekstra <shoekstra@schubergphilis.com>
+# Copyright 2018 Schuberg Philis
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'facets/string'
+require 'mixlib/cli'
+require 'okta-terraform-generator/helper'
+require 'oktakit'
+require 'oktakit/client/extended_groups'
+
+Dir[File.dirname(__FILE__) + '/cli/*.rb'].each { |file| require file }
+
+module OktaTerraformGenerator
+  class CLI
+    include Mixlib::CLI
+    include OktaTerraformGenerator::Helper
+
+    banner 'Usage: okta-terraform-generator [--version] GENERATOR (options)'
+
+    def load_generator
+      if ARGV.empty?
+        print_usage
+        print_generators
+        exit 1
+      end
+
+      if ARGV.any? { |arg| arg.casecmp('--version').zero? }
+        puts "okta-terraform-generator v#{OktaTerraformGenerator::VERSION}"
+        exit 0
+      end
+
+      Object.const_get("OktaTerraformGenerator::CLI::#{generator_class}").new
+    end
+
+    private
+
+    def generator_class
+      generator_name.capitalize.camelcase
+    end
+
+    def generator_name
+      validate_generator
+    end
+
+    def print_generators
+      puts "\nThe following resource generators are available:\n"
+      valid_generators.each do |valid_generator|
+        puts "  * #{valid_generator}"
+      end
+      puts ''
+    end
+
+    def valid_generators
+      Dir[File.dirname(__FILE__) + '/cli/*.rb'].map { |file| File.basename(file, '.rb') }.sort
+    end
+
+    def validate_generator
+      generator = ARGV[0]
+      return generator if valid_generators.include? generator
+
+      puts 'Invalid generator passed as first argument!'
+      print_usage
+      print_generators
+      exit 1
+    end
+  end
+end

data/lib/okta-terraform-generator/cli/github_membership.rb

@@ -0,0 +1,144 @@
+#
+# Copyright 2018 Stephen Hoekstra <shoekstra@schubergphilis.com>
+# Copyright 2018 Schuberg Philis
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'octokit'
+require 'okta-terraform-generator/cli'
+
+module OktaTerraformGenerator
+  class CLI
+    class GithubMembership < OktaTerraformGenerator::CLI
+      include Mixlib::CLI
+
+      banner "Usage: okta-terraform-generator github_membership (options)\n\nOptions:"
+
+      option :github_token,
+             short: '-h GITHUB_TOKEN',
+             long: '--github-token GITHUB_TOKEN',
+             default: ENV['GITHUB_TOKEN'],
+             description: 'Specifies the GitHub API token',
+             required: true
+
+      option :okta_admin_group,
+             short: '-a OKTA_GITHUB_ADMIN_GROUP',
+             long: '--okta-github-admin-group OKTA_GITHUB_ADMIN_GROUP',
+             default: ENV['OKTA_GITHUB_ADMIN_GROUP'],
+             description: 'Specifies the Okta group containing GitHub admin users',
+             required: true
+
+      option :okta_endpoint,
+             short: '-e OKTA_ENDPOINT',
+             long: '--okta-endpoint OKTA_ENDPOINT',
+             default: ENV['OKTA_ENDPOINT'],
+             description: 'Specifies the Okta API endpoint (e.g. https://myorg.okta.com/api/v1)',
+             required: true
+
+      option :okta_group,
+             short: '-g OKTA_GITHUB_USER_GROUP',
+             long: '--okta-github-user-group OKTA_GITHUB_USER_GROUP',
+             default: ENV['OKTA_GITHUB_USER_GROUP'],
+             description: 'Specifies the Okta group containing GitHub users (can be a comma separated list)',
+             proc: proc { |okta_group| okta_group.split('.').map(&:strip) },
+             required: true
+
+      option :okta_token,
+             short: '-t OKTA_TOKEN',
+             long: '--okta-token OKTA_TOKEN',
+             default: ENV['OKTA_TOKEN'],
+             description: 'Specifies the Okta API token',
+             required: true
+
+      def run(argv = ARGV.dup)
+        if argv.size == 1
+          print_usage
+          exit 1
+        end
+
+        setup(argv)
+        generate
+      end
+
+      private
+
+      def setup(argv)
+        parse_options(argv)
+      end
+
+      def github_client
+        @github_client ||= Octokit::Client.new(access_token: config[:github_token])
+      end
+
+      def okta_client
+        @okta_client ||= Oktakit::Client.new(token: config[:okta_token], api_endpoint: config[:okta_endpoint])
+      end
+
+      def admins
+        @admin_group_id ||= okta_client.group_id(config[:okta_admin_group])
+        @admins ||= list_group_github_handles(@admin_group_id).map { |u| u.profile.login.downcase.split('@').shift }.sort
+      end
+
+      def github_handle(handle)
+        github_client.user(handle).login
+      rescue Octokit::NotFound
+        false
+      end
+
+      def list_group_github_handles(group_id)
+        okta_client.list_active_group_members(group_id).select { |user| user.profile.key?(:githubHandle) && !user.profile.githubHandle.empty? }
+      end
+
+      def user_or_admin(login)
+        admins.include?(login) ? 'admin' : 'member'
+      end
+
+      def add_login_and_github_handle(login_and_github_handle)
+        login, handle = login_and_github_handle(login_and_github_handle)
+
+        return unless (github_handle = github_handle(handle))
+        return if resource_name_exists? login
+
+        add_to_resource_hash(login.to_s => {
+                               'username' => github_handle,
+                               'role'     => user_or_admin(login)
+                             })
+      end
+
+      def login_and_github_handle(login_and_github_handle)
+        # login  = Okta login
+        # handle = GitHub handle
+        login, handle = login_and_github_handle
+        login = login.split('@').shift
+        [login, handle]
+      end
+
+      def logins_and_github_handles(okta_group, group_id)
+        puts "Looking for active users in Okta group \"#{okta_group}\" (with group id: #{group_id}) and the \"githubHandle\" profile attribute set ... "
+        list_group_github_handles(group_id).map { |u| [u.profile.login.downcase, u.profile.githubHandle.downcase] }
+      end
+
+      def generate
+        config[:okta_group].each do |okta_group|
+          group_id = okta_client.group_id(okta_group)
+          logins_and_github_handles(okta_group, group_id).sort_by { |x, _y| x }.each do |login_and_github_handle|
+            add_login_and_github_handle(login_and_github_handle)
+          end
+        end
+
+        write_tf_file('github_membership.tf', resources)
+      end
+    end
+  end
+end

data/lib/okta-terraform-generator/helper.rb

@@ -0,0 +1,51 @@
+#
+# Copyright 2018 Stephen Hoekstra <shoekstra@schubergphilis.com>
+# Copyright 2018 Schuberg Philis
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'fileutils'
+require 'json'
+require 'pp'
+
+module OktaTerraformGenerator
+  module Helper
+    def add_to_resource_hash(resource_config)
+      resources['resource'][resource].merge!(resource_config)
+    end
+
+    def print_usage
+      puts opt_parser
+    end
+
+    def resource_name_exists?(resource_name)
+      resources['resource'][resource].key? resource_name
+    end
+
+    def resource
+      @resource ||= cli_arguments.shift
+    end
+
+    def resources
+      @resources ||= { 'resource' => { resource => {} } }
+    end
+
+    def write_tf_file(tf_file, content)
+      File.open(tf_file, 'w') do |f|
+        f.write(JSON.pretty_generate(content) + "\n")
+        puts "\nWrote generated JSON to #{tf_file}"
+      end
+    end
+  end
+end

data/lib/oktakit/client/extended_groups.rb

@@ -0,0 +1,46 @@
+#
+# Copyright 2018 Stephen Hoekstra <shoekstra@schubergphilis.com>
+# Copyright 2018 Schuberg Philis
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'oktakit/client/groups'
+
+module Oktakit
+  class Client
+    module ExtendedGroups
+      include Oktakit::Client::Groups
+
+      def list_active_group_members(group_id)
+        list_group_members(group_id).shift.select do |user|
+          user.status == 'ACTIVE'
+        end
+      end
+
+      def groups
+        @groups ||= list_groups.first
+      end
+
+      def group_id(group_name)
+        groups.select { |group| group[:type] == 'OKTA_GROUP' && group[:profile][:name] =~ /^#{group_name}$/i }.shift.id
+      end
+    end
+  end
+end
+
+module Oktakit
+  class Client
+    include ExtendedGroups
+  end
+end

data/okta-terraform-generator.gemspec

@@ -0,0 +1,27 @@
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'okta-terraform-generator'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'okta-terraform-generator'
+  spec.version       = OktaTerraformGenerator::VERSION
+  spec.authors       = ['Stephen Hoekstra']
+  spec.email         = ['shoekstra@schubergphilis.com']
+
+  spec.description   = 'This gem installs helper scripts to generate Terraform plans based on user or group data from Okta.'
+  spec.summary       = 'Helpers to generate Terraform plans using data from Okta'
+  spec.homepage      = 'https://github.com/schubergphilis/okta-terraform-generator'
+  spec.license       = 'Apache-2.0'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'bin'
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'facets', '~> 3.1'
+  spec.add_dependency 'mixlib-cli', '~> 1.7'
+  spec.add_dependency 'octokit', '~> 4.0'
+  spec.add_dependency 'oktakit', '~> 0.2.0'
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: okta-terraform-generator
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Stephen Hoekstra
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-06-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: facets
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: mixlib-cli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: octokit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: oktakit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+description: This gem installs helper scripts to generate Terraform plans based on
+  user or group data from Okta.
+email:
+- shoekstra@schubergphilis.com
+executables:
+- okta-terraform-generator
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/okta-terraform-generator
+- lib/okta-terraform-generator.rb
+- lib/okta-terraform-generator/cli.rb
+- lib/okta-terraform-generator/cli/github_membership.rb
+- lib/okta-terraform-generator/helper.rb
+- lib/oktakit/client/extended_groups.rb
+- okta-terraform-generator.gemspec
+homepage: https://github.com/schubergphilis/okta-terraform-generator
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.7
+signing_key: 
+specification_version: 4
+summary: Helpers to generate Terraform plans using data from Okta
+test_files: []