terraorg 0.3.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +11 -1
- data/lib/terraorg/model/org.rb +35 -9
- data/lib/terraorg/version.rb +1 -1
- metadata +17 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 46107b71a1eace06c51463513c5b495b9549ec19ebc911103ec0d7f236fec6f8
|
|
4
|
+
data.tar.gz: b05708c67d359a3040eca8724140603d5c4debd6e2f1a25c87034e8a9b60e7be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f9286df25676340a5e3a36221f5b7de4ed21cce63281850210f18b360474544e453939b8b4559dec6cb58dfa0b9ce5facca21570f03295cb5f9d0b5c56eff57
|
|
7
|
+
data.tar.gz: 196d63d8df921c54216511ee7604b6ec8f8813241609a1fb0c4fa5480d965c4d2e9f0b2042a0f55a46b1fbaa8cb633f50317608afbf68f71d42b8b00fc877f83
|
data/README.md
CHANGED
|
@@ -34,7 +34,9 @@ Based on the org that this tool was originally designed for, orgs are expected
|
|
|
34
34
|
to have three levels:
|
|
35
35
|
|
|
36
36
|
* *squads*: the base unit of team-dom, containing people, who may be in
|
|
37
|
-
different geographical regions.
|
|
37
|
+
different geographical regions. Teams contain _members_ (full time heads)
|
|
38
|
+
and _associates_ (typically part time floaters.) Any associate of a squad
|
|
39
|
+
must also have a home squad for which they are a full time member.
|
|
38
40
|
* *platoons*: a unit which contains squads and exceptional people who are
|
|
39
41
|
members of the platoon, but not part of any squad
|
|
40
42
|
* *org*: The whole organization, including its manager, any exceptional squads
|
|
@@ -45,6 +47,10 @@ The tool generates groups for each granular unit of organization in Okta and G
|
|
|
45
47
|
Suite in Terraform. With patching, it could be possible for more organizational
|
|
46
48
|
systems to be supported.
|
|
47
49
|
|
|
50
|
+
## Diagram
|
|
51
|
+
|
|
52
|
+
|
|
53
|
+
|
|
48
54
|
## How it works
|
|
49
55
|
|
|
50
56
|
Firstly, take your entire existing organization and define it using the
|
|
@@ -120,6 +126,10 @@ information on how to configure the providers.
|
|
|
120
126
|
[articulate/terraform-provider-okta]: https://github.com/articulate/terraform-provider-okta
|
|
121
127
|
[DeviaVir/terraform-provider-gsuite]: https://github.com/DeviaVir/terraform-provider-gsuite
|
|
122
128
|
|
|
129
|
+
## Running tests
|
|
130
|
+
There are a limited number of tests that can be invoked with
|
|
131
|
+
`ruby -I lib test/terraorg/model/org_test.rb `
|
|
132
|
+
|
|
123
133
|
## Suggested process
|
|
124
134
|
|
|
125
135
|
At [LiveRamp], a pull request based workflow leveraging [Atlantis] is used to
|
data/lib/terraorg/model/org.rb
CHANGED
|
@@ -54,7 +54,7 @@ class Org
|
|
|
54
54
|
|
|
55
55
|
# Do not allow the JSON files to contain any people who have left.
|
|
56
56
|
unless @people.inactive.empty?
|
|
57
|
-
$stderr.puts "ERROR: Users have left the company: #{@people.inactive.map(&:id).join(', ')}"
|
|
57
|
+
$stderr.puts "ERROR: Users have left the company, or are Suspended in Okta: #{@people.inactive.map(&:id).join(', ')}"
|
|
58
58
|
failure = true
|
|
59
59
|
end
|
|
60
60
|
|
|
@@ -97,7 +97,8 @@ class Org
|
|
|
97
97
|
# across the entire org. A person can be an associate of other squads
|
|
98
98
|
# at a different count. See top of file for defined limits.
|
|
99
99
|
squad_count = {}
|
|
100
|
-
all_squads.map(&:teams).flatten.map(&:values).flatten.map(&:members).flatten
|
|
100
|
+
all_members = all_squads.map(&:teams).flatten.map(&:values).flatten.map(&:members).flatten
|
|
101
|
+
all_members.each do |member|
|
|
101
102
|
squad_count[member.id] = squad_count.fetch(member.id, 0) + 1
|
|
102
103
|
end
|
|
103
104
|
more_than_max_squads = squad_count.select do |member, count|
|
|
@@ -109,7 +110,8 @@ class Org
|
|
|
109
110
|
end
|
|
110
111
|
|
|
111
112
|
associate_count = {}
|
|
112
|
-
all_squads.map(&:teams).flatten.map(&:values).flatten.map(&:associates).flatten
|
|
113
|
+
all_associates = all_squads.map(&:teams).flatten.map(&:values).flatten.map(&:associates).flatten
|
|
114
|
+
all_associates.each do |assoc|
|
|
113
115
|
associate_count[assoc.id] = associate_count.fetch(assoc.id, 0) + 1
|
|
114
116
|
end
|
|
115
117
|
more_than_max_squads = associate_count.select do |_, count|
|
|
@@ -130,6 +132,13 @@ class Org
|
|
|
130
132
|
failure = true
|
|
131
133
|
end
|
|
132
134
|
|
|
135
|
+
# Validate that any associate is a member of some squad
|
|
136
|
+
associates_but_not_members = Set.new(all_associates.map(&:id)) - Set.new(all_members.map(&:id)) - exceptions
|
|
137
|
+
if !associates_but_not_members.empty?
|
|
138
|
+
$stderr.puts "ERROR: #{associates_but_not_members.map(&:id)} are associates of squads but not members of any squad"
|
|
139
|
+
failure = true
|
|
140
|
+
end
|
|
141
|
+
|
|
133
142
|
raise "CRITICAL: Validation failed due to at least one error above" if failure && strict
|
|
134
143
|
end
|
|
135
144
|
|
|
@@ -193,13 +202,16 @@ class Org
|
|
|
193
202
|
md_lines.join("\n")
|
|
194
203
|
end
|
|
195
204
|
|
|
196
|
-
def
|
|
197
|
-
|
|
198
|
-
|
|
205
|
+
def generate_tf_platoons
|
|
206
|
+
@member_platoons.map { |p| p.generate_tf(@id) }.join("\n")
|
|
207
|
+
end
|
|
199
208
|
|
|
200
|
-
|
|
201
|
-
|
|
209
|
+
def generate_tf_squads
|
|
210
|
+
@member_exception_squads.map { |s| s.generate_tf(@id) }.join("\n")
|
|
211
|
+
end
|
|
202
212
|
|
|
213
|
+
def generate_tf_org
|
|
214
|
+
tf = ''
|
|
203
215
|
# Roll all platoons and exception squads into the org.
|
|
204
216
|
roll_up_to_org = \
|
|
205
217
|
@member_exception_squads.map { |s| s.unique_name(@id, nil) } + \
|
|
@@ -239,14 +251,18 @@ EOF
|
|
|
239
251
|
all_locations[@manager_location] = all_locations.fetch(@manager_location, Set.new).add(@manager)
|
|
240
252
|
|
|
241
253
|
all_locations.each do |l, m|
|
|
254
|
+
description = "#{@name} organization members based in #{l} (terraorg)"
|
|
242
255
|
name = "#{unique_name}-#{l.downcase}"
|
|
243
256
|
tf += <<-EOF
|
|
244
257
|
resource "okta_group" "#{name}" {
|
|
245
258
|
name = "#{name}"
|
|
246
|
-
description = "#{
|
|
259
|
+
description = "#{description}"
|
|
247
260
|
users = #{Util.persons_tf(m)}
|
|
248
261
|
}
|
|
262
|
+
|
|
263
|
+
#{Util.gsuite_group_tf(name, @gsuite_domain, m, description)}
|
|
249
264
|
EOF
|
|
265
|
+
|
|
250
266
|
end
|
|
251
267
|
|
|
252
268
|
# Generate a special GSuite group for all managers (org, platoon, squad
|
|
@@ -255,7 +271,17 @@ EOF
|
|
|
255
271
|
all_managers = Set.new([@manager] + @platoons.all.map(&:manager) + @squads.all.map(&:manager).select { |m| m })
|
|
256
272
|
manager_dl = "#{@id}-managers"
|
|
257
273
|
tf += Util.gsuite_group_tf(manager_dl, @gsuite_domain, all_managers, "All managers of the #{@name} organization (terraorg)")
|
|
274
|
+
tf
|
|
275
|
+
end
|
|
276
|
+
|
|
277
|
+
def generate_tf
|
|
278
|
+
tf = generate_tf_platoons
|
|
279
|
+
File.write('auto.platoons.tf', tf)
|
|
280
|
+
|
|
281
|
+
tf = generate_tf_squads
|
|
282
|
+
File.write('auto.exception_squads.tf', tf)
|
|
258
283
|
|
|
284
|
+
tf = generate_tf_org
|
|
259
285
|
File.write('auto.org.tf', tf)
|
|
260
286
|
end
|
|
261
287
|
|
data/lib/terraorg/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: terraorg
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Joshua Kwan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-10-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: countries
|
|
@@ -66,6 +66,20 @@ dependencies:
|
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0.2'
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: minitest
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - "~>"
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '5.14'
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - "~>"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '5.14'
|
|
69
83
|
description: Manage an organizational structure with Okta and G-Suite using Terraform
|
|
70
84
|
email: joshk@triplehelix.org
|
|
71
85
|
executables:
|
|
@@ -104,7 +118,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
104
118
|
- !ruby/object:Gem::Version
|
|
105
119
|
version: '0'
|
|
106
120
|
requirements: []
|
|
107
|
-
rubygems_version: 3.0.
|
|
121
|
+
rubygems_version: 3.0.8
|
|
108
122
|
signing_key:
|
|
109
123
|
specification_version: 4
|
|
110
124
|
summary: terraorg
|