terraorg 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce81d4e08d1d925fbf0cc419b5012725e33190563592d8ad491bf52a39df2920
-  data.tar.gz: 1854959244ef5576f9c39f3079ae73e7af243f591c972e3f79ecfb9729a87445
+  metadata.gz: 46107b71a1eace06c51463513c5b495b9549ec19ebc911103ec0d7f236fec6f8
+  data.tar.gz: b05708c67d359a3040eca8724140603d5c4debd6e2f1a25c87034e8a9b60e7be
 SHA512:
-  metadata.gz: 498d390c6eb73ff5761ccc40e8a0918d8c0e1ec8ac21d2d5862a9d9b0c7da514e574849a853cb9fce4b8516625bcb72ef6bcc39b2de52e80cbf13fef6e62a5a8
-  data.tar.gz: 72575c047b7565108453002e809fa2c76346e6a8998f04ff52750c065ecb48eb1b9235f0d0a6cd2e967b81292e30a668d91339b9d1bc26e7fc520669a47a750f
+  metadata.gz: 9f9286df25676340a5e3a36221f5b7de4ed21cce63281850210f18b360474544e453939b8b4559dec6cb58dfa0b9ce5facca21570f03295cb5f9d0b5c56eff57
+  data.tar.gz: 196d63d8df921c54216511ee7604b6ec8f8813241609a1fb0c4fa5480d965c4d2e9f0b2042a0f55a46b1fbaa8cb633f50317608afbf68f71d42b8b00fc877f83

data/README.md

@@ -34,7 +34,9 @@ Based on the org that this tool was originally designed for, orgs are expected
 to have three levels:
 
 * *squads*: the base unit of team-dom, containing people, who may be in
-  different geographical regions.
+  different geographical regions. Teams contain _members_ (full time heads)
+  and _associates_ (typically part time floaters.) Any associate of a squad
+  must also have a home squad for which they are a full time member.
 * *platoons*: a unit which contains squads and exceptional people who are
   members of the platoon, but not part of any squad
 * *org*: The whole organization, including its manager, any exceptional squads
@@ -45,6 +47,10 @@ The tool generates groups for each granular unit of organization in Okta and G
 Suite in Terraform. With patching, it could be possible for more organizational
 systems to be supported.
 
+## Diagram
+
+![Diagram of org structure](img/diagram.png)
+
 ## How it works
 
 Firstly, take your entire existing organization and define it using the
@@ -120,6 +126,10 @@ information on how to configure the providers.
 [articulate/terraform-provider-okta]: https://github.com/articulate/terraform-provider-okta
 [DeviaVir/terraform-provider-gsuite]: https://github.com/DeviaVir/terraform-provider-gsuite
 
+## Running tests
+There are a limited number of tests that can be invoked with 
+`ruby -I lib  test/terraorg/model/org_test.rb `
+
 ## Suggested process
 
 At [LiveRamp], a pull request based workflow leveraging [Atlantis] is used to

data/lib/terraorg/model/org.rb

@@ -54,7 +54,7 @@ class Org
 
     # Do not allow the JSON files to contain any people who have left.
     unless @people.inactive.empty?
-      $stderr.puts "ERROR: Users have left the company: #{@people.inactive.map(&:id).join(', ')}"
+      $stderr.puts "ERROR: Users have left the company, or are Suspended in Okta: #{@people.inactive.map(&:id).join(', ')}"
       failure = true
     end
 
@@ -97,7 +97,8 @@ class Org
     # across the entire org. A person can be an associate of other squads
     # at a different count. See top of file for defined limits.
     squad_count = {}
-    all_squads.map(&:teams).flatten.map(&:values).flatten.map(&:members).flatten.each do |member|
+    all_members = all_squads.map(&:teams).flatten.map(&:values).flatten.map(&:members).flatten
+    all_members.each do |member|
       squad_count[member.id] = squad_count.fetch(member.id, 0) + 1
     end
     more_than_max_squads = squad_count.select do |member, count|
@@ -109,7 +110,8 @@ class Org
     end
 
     associate_count = {}
-    all_squads.map(&:teams).flatten.map(&:values).flatten.map(&:associates).flatten.each do |assoc|
+    all_associates = all_squads.map(&:teams).flatten.map(&:values).flatten.map(&:associates).flatten
+    all_associates.each do |assoc|
       associate_count[assoc.id] = associate_count.fetch(assoc.id, 0) + 1
     end
     more_than_max_squads = associate_count.select do |_, count|
@@ -130,6 +132,13 @@ class Org
       failure = true
     end
 
+    # Validate that any associate is a member of some squad
+    associates_but_not_members = Set.new(all_associates.map(&:id)) - Set.new(all_members.map(&:id)) - exceptions
+    if !associates_but_not_members.empty?
+      $stderr.puts "ERROR: #{associates_but_not_members.map(&:id)} are associates of squads but not members of any squad"
+      failure = true
+    end
+
     raise "CRITICAL: Validation failed due to at least one error above" if failure && strict
   end
 
@@ -193,13 +202,16 @@ class Org
     md_lines.join("\n")
   end
 
-  def generate_tf
-    tf = @member_platoons.map { |p| p.generate_tf(@id) }.join("\n")
-    File.write('auto.platoons.tf', tf)
+  def generate_tf_platoons
+    @member_platoons.map { |p| p.generate_tf(@id) }.join("\n")
+  end
 
-    tf = @member_exception_squads.map { |s| s.generate_tf(@id) }.join("\n")
-    File.write('auto.exception_squads.tf', tf)
+  def generate_tf_squads
+    @member_exception_squads.map { |s| s.generate_tf(@id) }.join("\n")
+  end
 
+  def generate_tf_org
+    tf = ''
     # Roll all platoons and exception squads into the org.
     roll_up_to_org = \
       @member_exception_squads.map { |s| s.unique_name(@id, nil) } + \
@@ -239,14 +251,18 @@ EOF
     all_locations[@manager_location] = all_locations.fetch(@manager_location, Set.new).add(@manager)
 
     all_locations.each do |l, m|
+      description = "#{@name} organization members based in #{l} (terraorg)"
       name = "#{unique_name}-#{l.downcase}"
       tf += <<-EOF
 resource "okta_group" "#{name}" {
   name = "#{name}"
-  description = "#{@name} organization members based in #{l} (terraorg)"
+  description = "#{description}"
   users = #{Util.persons_tf(m)}
 }
+
+#{Util.gsuite_group_tf(name, @gsuite_domain, m, description)}
 EOF
+
     end
 
     # Generate a special GSuite group for all managers (org, platoon, squad
@@ -255,7 +271,17 @@ EOF
     all_managers = Set.new([@manager] + @platoons.all.map(&:manager) + @squads.all.map(&:manager).select { |m| m })
     manager_dl = "#{@id}-managers"
     tf += Util.gsuite_group_tf(manager_dl, @gsuite_domain, all_managers, "All managers of the #{@name} organization (terraorg)")
+    tf
+  end
+
+  def generate_tf
+    tf = generate_tf_platoons
+    File.write('auto.platoons.tf', tf)
+
+    tf = generate_tf_squads
+    File.write('auto.exception_squads.tf', tf)
 
+    tf = generate_tf_org
     File.write('auto.org.tf', tf)
   end
 

data/lib/terraorg/version.rb

@@ -13,5 +13,5 @@
 # limitations under the License.
 
 module Terraorg
-  VERSION = '0.3.0'
+  VERSION = '0.5.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: terraorg
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Joshua Kwan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-27 00:00:00.000000000 Z
+date: 2020-10-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: countries
@@ -66,6 +66,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.14'
 description: Manage an organizational structure with Okta and G-Suite using Terraform
 email: joshk@triplehelix.org
 executables:
@@ -104,7 +118,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: terraorg