Initial code

.github/workflows/go.yml

@@ -0,0 +1,31 @@
+# This workflow will build a golang project
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
+
+name: Go
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.20'
+
+    - name: Build
+      run: go build -v ./...
+
+    - name: Test
+      run: go test -v ./...
+
+    - name: Run golangci-lint
+      uses: golangci/[email protected]

.gitignore

@@ -0,0 +1,2 @@
+*.local.yaml
+specs

.golangci.yml

@@ -0,0 +1,200 @@
+# This file contains all available configuration options
+# with their default values.
+
+# options for analysis running
+run:
+  # default concurrency is a available CPU number
+  #  concurrency: 8
+
+  # timeout for analysis, e.g. 30s, 5m, default is 1m
+  deadline: 20m
+
+  # exit code when at least one issue was found, default is 1
+  issues-exit-code: 1
+
+  # include test files or not, default is true
+  tests: true
+
+  # default is true. Enables skipping of directories:
+  #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
+  skip-dirs-use-default: true
+
+  # which dirs to skip: they won't be analyzed;
+  # can use regexp here: generated.*, regexp is applied on full path;
+  # default value is empty list, but next dirs are always skipped independently
+  # from this option's value:
+  #   	vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
+  # skip-dirs:
+
+  # which files to skip: they will be analyzed, but issues from them
+  # won't be reported. Default value is empty list, but there is
+  # no need to include all autogenerated files, we confidently recognize
+  # autogenerated files. If it's not please let us know
+  skip-files:
+
+# output configuration options
+output:
+  # colored-line-number|line-number|json|tab|checkstyle, default is "colored-line-number"
+  format: colored-line-number
+
+  # print lines of code with issue, default is true
+  print-issued-lines: true
+
+  # print linter name in the end of issue text, default is true
+  print-linter-name: true
+
+# all available settings of specific linters
+linters-settings:
+  govet:
+    # report about shadowed variables
+    check-shadowing: false
+
+    # settings per analyzer
+    settings:
+      printf: # analyzer name, run `go tool vet help` to see all analyzers
+        funcs: # run `go tool vet help printf` to see available settings for `printf` analyzer
+        - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
+        - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
+        - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
+        - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
+
+    enable-all: false
+    disable-all: true
+    enable:
+    - asmdecl
+    - assign
+    - atomic
+    - bools
+    - buildtag
+    - cgocall
+    - composites
+    - copylocks
+    - errorsas
+    - httpresponse
+    - ifaceassert
+    - loopclosure
+    - lostcancel
+    - nilfunc
+    - printf
+    - shift
+    - stdmethods
+    - structtag
+    - testinggoroutine
+    - tests
+    - unmarshal
+    - unreachable
+    - unsafeptr
+    - unusedresult
+
+  gofmt:
+    simplify: false # gofmt with `-s` option, true by default
+
+  goimports:
+    local-prefixes: go.ytsaurus.tech
+
+  goconst:
+    # minimal length of string constant, 3 by default
+    min-len: 3
+    # minimal occurrences count to trigger, 3 by default
+    min-occurrences: 3
+
+  misspell:
+    # Correct spellings using locale preferences for US or UK.
+    # Default is to use a neutral variety of English.
+    # Setting locale to US will correct the British spelling of 'colour' to 'color'.
+    locale: US
+
+  lll:
+    # max line length, lines longer will be reported. Default is 120.
+    # '\t' is counted as 1 character by default, and can be changed with the tab-width option
+    line-length: 240
+    # tab width in spaces. Default to 1.
+    tab-width: 4
+
+  staticcheck:
+    # Select the Go version to target. The default is '1.13'.
+    go: 1.20.0
+    checks: # default checks from https://staticcheck.io/docs/configuration/options/ + excluded SA1019
+    - all
+    - -ST1000 # Incorrect or missing package comment
+    - -ST1003 # Poorly chosen identifier
+    - -ST1016 # Use consistent method receiver names
+    - -ST1020 # The documentation of an exported function should start with the function’s name
+    - -ST1021 # The documentation of an exported type should start with type’s name
+    - -ST1022 # The documentation of an exported variable or constant should start with variable’s name
+
+  unused:
+    # treat code as a program (not a library) and report unused exported identifiers; default is false.
+    # XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
+    # if it's called for subdir of a project it can't find funcs usages. All text editor integrations
+    # with golangci-lint call it on a directory with the changed file.
+    check-exported: false
+
+  revive:
+    severity: error
+    confidence: 0.8
+    rules:
+      - name: blank-imports
+      - name: context-as-argument
+      - name: context-keys-type
+      - name: deep-exit
+        disabled: true
+      - name: dot-imports
+      - name: duplicated-imports
+      - name: early-return
+        disabled: true
+      - name: error-naming
+      - name: error-return
+      - name: error-strings
+      - name: errorf
+      - name: identical-branches
+      - name: if-return
+      - name: increment-decrement
+      - name: indent-error-flow
+      - name: imports-blacklist
+      - name: range
+      - name: receiver-naming
+      - name: time-naming
+      - name: var-naming
+      - name: var-declaration
+      - name: unexported-return
+  godot:
+    scope: toplevel
+
+linters:
+  enable-all: false
+  enable:
+  - goimports
+  - govet
+  - ineffassign
+  - lll
+  - staticcheck
+  - unused
+  - gosimple
+  - gofmt
+  - revive
+  - unconvert
+  - typecheck
+  - godot
+  disable-all: true
+
+issues:
+  # Independently from option `exclude` we use default exclude patterns,
+  # it can be disabled by this option. To list all
+  # excluded by default patterns execute `golangci-lint run --help`.
+  # Default value for this option is true.
+  exclude-use-default: false
+
+  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+  max-per-linter: 0
+
+  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  max-same-issues: 0
+
+  # Show only new issues: if there are unstaged changes or untracked files,
+  # only those changes are analyzed, else only changes in HEAD~ are analyzed.
+  # It's a super-useful option for integration of golangci-lint into existing
+  # large codebase. It's not practical to fix all existing issues at the moment
+  # of integration: much better don't allow issues in new code.
+  # Default is false.
+  new: false

Dockerfile

@@ -0,0 +1,15 @@
+FROM --platform=linux/amd64 golang:1.20
+WORKDIR /app
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY *.go ./
+RUN GOOS=linux GOARCH=amd64 go build -o /ytsaurus-active-directory-integration
+
+FROM golang:1.20
+
+RUN apt-get update && apt-get install -y telnet curl strace lsof less gzip dnsutils gettext-base
+COPY --from=0 /ytsaurus-active-directory-integration /ytsaurus-active-directory-integration
+CMD ["/ytsaurus-active-directory-integration"]
+

Makefile

@@ -0,0 +1,15 @@
+.PHONY: lint
+lint:
+	golangci-lint run
+
+.PHONY: lint-fix
+lint-fix:
+	golangci-lint run --fix
+
+.PHONY: test
+test:
+	go test ./...
+
+.PHONY: format
+format:
+	go fmt

app.go

@@ -0,0 +1,105 @@
+package main
+
+import (
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"k8s.io/utils/clock"
+)
+
+type Azure interface {
+	GetUsers() ([]AzureUser, error)
+	GetGroupsWithMembers() ([]AzureGroupWithMembers, error)
+}
+
+type App struct {
+	syncInterval      time.Duration
+	usernameReplaces  []ReplacementPair
+	groupnameReplaces []ReplacementPair
+	removeLimit       int
+	banDuration       time.Duration
+
+	ytsaurus *Ytsaurus
+	azure    Azure
+
+	stopCh chan struct{}
+	sigCh  chan os.Signal
+	logger appLoggerType
+}
+
+func NewApp(cfg *Config, logger appLoggerType) (*App, error) {
+	azure, err := NewAzureReal(cfg.Azure, logger)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewAppCustomized(cfg, logger, azure, clock.RealClock{})
+}
+
+// NewAppCustomized used in tests.
+func NewAppCustomized(cfg *Config, logger appLoggerType, azure Azure, clock clock.PassiveClock) (*App, error) {
+	yt, err := NewYtsaurus(cfg.Ytsaurus, logger, clock)
+	if err != nil {
+		return nil, err
+	}
+
+	sigCh := make(chan os.Signal, 1)
+	signal.Notify(sigCh, syscall.SIGUSR1)
+
+	return &App{
+		syncInterval:      cfg.App.SyncInterval,
+		usernameReplaces:  cfg.App.UsernameReplacements,
+		groupnameReplaces: cfg.App.GroupnameReplacements,
+		removeLimit:       cfg.App.RemoveLimit,
+		banDuration:       cfg.App.BanBeforeRemoveDuration,
+
+		ytsaurus: yt,
+		azure:    azure,
+
+		stopCh: make(chan struct{}),
+		sigCh:  sigCh,
+		logger: logger,
+	}, nil
+}
+
+func (a *App) Start() {
+	a.logger.Info("Starting the application")
+	if a.syncInterval > 0 {
+		ticker := time.NewTicker(a.syncInterval)
+		for {
+			select {
+			case <-a.stopCh:
+				a.logger.Info("Stopping the application")
+				return
+			case <-ticker.C:
+				a.logger.Debug("Received next tick")
+				a.syncOnce()
+			case <-a.sigCh:
+				a.logger.Info("Received SIGUSR1")
+				a.syncOnce()
+			}
+		}
+	} else {
+		a.logger.Info(
+			"app.sync_interval config variable is not greater than zero, " +
+				"auto sync is disabled. Send SIGUSR1 for manual sync.",
+		)
+		for {
+			select {
+			case <-a.stopCh:
+				a.logger.Info("Stopping the application")
+				return
+			case <-a.sigCh:
+				a.logger.Info("Received SIGUSR1")
+				a.syncOnce()
+			}
+		}
+	}
+
+}
+
+func (a *App) Stop() {
+	close(a.stopCh)
+}