{"id":18374719,"url":"https://github.com/jupiterone-archives/graph-openshift","last_synced_at":"2025-04-06T20:30:42.507Z","repository":{"id":41979199,"uuid":"174402618","full_name":"JupiterOne-Archives/graph-openshift","owner":"JupiterOne-Archives","description":"A graph conversion tool for https://www.openshift.com","archived":true,"fork":false,"pushed_at":"2024-01-02T19:11:52.000Z","size":1110,"stargazers_count":0,"open_issues_count":8,"forks_count":4,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-03-01T18:17:54.330Z","etag":null,"topics":["openshift","saas","security-audit","security-tools"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JupiterOne-Archives.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-03-07T18:55:17.000Z","updated_at":"2024-10-25T16:54:07.000Z","dependencies_parsed_at":"2023-12-05T18:46:29.876Z","dependency_job_id":"7240e8d4-403d-4f84-8e9d-16619f2914fe","html_url":"https://github.com/JupiterOne-Archives/graph-openshift","commit_stats":null,"previous_names":["jupiterone-archives/graph-openshift"],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne-Archives%2Fgraph-openshift","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne-Archives%2Fgraph-openshift/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne-Archives%2Fgraph-openshift/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne-Archives%2Fgraph-openshift/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JupiterOne-Archives","download_url":"https://codeload.github.com/JupiterOne-Archives/graph-openshift/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247547029,"owners_count":20956475,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openshift","saas","security-audit","security-tools"],"created_at":"2024-11-06T00:15:46.021Z","updated_at":"2025-04-06T20:30:42.066Z","avatar_url":"https://github.com/JupiterOne-Archives.png","language":"TypeScript","readme":"# JupiterOne Managed Integration for OpenShift\n\n[![Build Status](https://travis-ci.org/JupiterOne/graph-openshift.svg?branch=master)](https://travis-ci.org/JupiterOne/graph-openshift)\n\nA JupiterOne integration ingests information such as configurations and other\nmetadata about digital and physical assets belonging to an organization. The\nintegration is responsible for connecting to data provider APIs and determining\nchanges to make to the JupiterOne graph database to reflect the current state of\nassets. Managed integrations execute within the JupiterOne infrastructure and\nare deployed by the JupiterOne engineering team.\n\n## Integration Instance Configuration\n\nJupiterOne accounts may configure a number of instances of an integration, each\ncontaining credentials and other information necessary for the integration to\nconnect to provider APIs. An integration is triggered by an event containing the\ninstance configuration. `IntegrationInstance.config` is encrypted at rest and\ndecrypted before it is delivered to the integration execution handler.\n\nCurrently, the integration instance configuration user interface will need code\nchanges to collect necessary information.\n\nLocal execution of the integration is started through `execute.ts`\n(`yarn start`), which may be changed to load development credentials into the\n`IntegrationInstance.config`. Use environment variables to avoid publishing\nsensitive information to GitHub!\n\n## Documentation\n\nIntegration projects must provide documentation for docs.jupiterone.io. This\ndocumentation should outline the credentials required by the data provider API\n(including specific permissions if the data provider allows scoping of\ncredentials), which entities are ingested, and what relationships are created.\nAt build time, this documentation will be placed in a docs folder inside dist so\nthat it's included in the NPM module.\n\nThe documentation should be placed in `docs/jupiterone-io` and named after the\npackage. For example, an AWS integration with the name \"graph-aws\" in\n`package.json` should have its documentation in\n`docs/jupiterone-io/graph-aws.md`. Any other files in `docs/jupiterone-io` will\nnot be published. Also note that namespace is ignored, so \"graph-aws\" and\n\"@jupiterone/graph-aws\" should both name their docs file the same.\n\nThe first header in the documentation is used as the title of the document in\nthe table of contents on docs.jupiterone.io, so it should be the name of the\nprovider (E.G. \"AWS\").\n\nThe documentation is pushed to docs.jupiterone.io every time a new version of\nthe integration is specified in `package.json`, so make sure it's up to date\nevery time you release a new version.\n\n## Development Environment\n\nIntegrations mutate the graph to reflect configurations and metadata from the\nprovider. Developing an integration involves:\n\n1.  Establishing a secure connection to a provider API\n1.  Fetching provider data and converting it to entities and relationships\n1.  Collecting the existing set of entities and relationships already in the\n    graph\n1.  Performing a diff to determine which entites/relationships to\n    create/update/delete\n1.  Delivering create/update/delete operations to the persister to update the\n    graph\n\nRun the integration to see what happens. You may use use Node to execute\ndirectly on your machine (NVM is recommended).\n\n1.  Install Docker\n1.  `yarn install`\n1.  `yarn start:graph`\n1.  `yarn start`\n\nActivity is logged to the console indicating the operations produced and\nprocessed. View raw data in the graph database using\n[Graphexp](https://github.com/bricaud/graphexp).\n\nExecute the integration again to see that there are no change operations\nproduced.\n\nRestart the graph server to clear the data when you want to run the integration\nwith no existing data.\n\n```sh\nyarn stop:graph \u0026\u0026 yarn start:graph\n```\n\n### Environment Variables\n\nProvider API configuration is specified by users when they install the\nintegration into their JupiterOne environment. Some integrations may also\nrequire pre-shared secrets, used across all integration installations, which is\nto be secured by JupiterOne and provided in the execution context.\n\nLocal execution requires the same configuration parameters for a development\nprovider account. `tools/execute.ts` is the place to provide the parameters. The\nexecution script must not include any credentials, and it is important to make\nit easy for other developers to execute the integration against their own\ndevelopment provider account.\n\n1. Update `tools/execute.ts` to provide the properties required by the\n   `executionHandler` function\n1. Create a `.env` file to provide the environment variables transferred into\n   the properties\n\nFor example, given this execution script:\n\n```typescript\nconst integrationConfig = {\n  apiToken: process.env.MYPROVIDER_LOCAL_EXECUTION_API_TOKEN,\n};\n\nconst invocationArgs = {\n  preSharedPrivateKey: process.env.MYPROVIDER_LOCAL_EXECUTION_PRIVATE_KEY,\n};\n```\n\nCreate a `.env` file (this is `.gitignore`'d):\n\n```sh\nMYPROVIDER_LOCAL_EXECUTION_API_TOKEN=abc123\nMYPROVIDER_LOCAL_EXECUTION_PRIVATE_KEY='something\\nreally\\nlong'\n```\n\n#### SDK Variables\n\nEnvironment variables can modify some aspects of the integration SDK behavior.\nThese may be added to your `.env` with values to overrided the defaults listed\nhere.\n\n- `GRAPH_DB_ENDPOINT` - `\"localhost\"`\n\n### Running tests\n\nAll tests must be written using Jest. Focus on testing provider API interactions\nand conversion from provider data to entities and relationships.\n\nTo run tests locally:\n\n```sh\nyarn test\n```\n\n### Deployment\n\nManaged integrations are deployed into the JupiterOne infrastructure by staff\nengineers using internal projects that declare a dependency on the open source\nintegration NPM package. The package will be published by the JupiterOne team.\n\n```sh\nyarn build:publish\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjupiterone-archives%2Fgraph-openshift","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjupiterone-archives%2Fgraph-openshift","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjupiterone-archives%2Fgraph-openshift/lists"}