Add SDK client wrapper

pkg/onepassword/client/sdk/sdk.go

@@ -0,0 +1,91 @@
+package sdk
+
+import (
+	"context"
+
+	"github.com/1Password/onepassword-operator/pkg/onepassword/model"
+	sdk "github.com/1password/onepassword-sdk-go"
+)
+
+// Config holds the configuration for the 1Password SDK client.
+type Config struct {
+	ServiceAccountToken string
+	IntegrationName     string
+	IntegrationVersion  string
+}
+
+// SDK is a client for interacting with 1Password using the SDK.
+type SDK struct {
+	client *sdk.Client
+}
+
+func NewClient(config Config) (*SDK, error) {
+	client, err := sdk.NewClient(context.Background(),
+		sdk.WithServiceAccountToken(config.ServiceAccountToken),
+		sdk.WithIntegrationInfo(config.IntegrationName, config.IntegrationVersion),
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return &SDK{
+		client: client,
+	}, nil
+}
+
+func (s *SDK) GetItemByID(vaultID, itemID string) (*model.Item, error) {
+	sdkItem, err := s.client.Items().Get(context.Background(), vaultID, itemID)
+	if err != nil {
+		return nil, err
+	}
+
+	var item model.Item
+	item.FromSDKItem(&sdkItem)
+	return &item, nil
+}
+
+func (s *SDK) GetItemsByTitle(vaultID, itemTitle string) ([]model.Item, error) {
+	// Get all items in the vault
+	sdkItems, err := s.client.Items().List(context.Background(), vaultID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Filter items by title
+	var items []model.Item
+	for _, sdkItem := range sdkItems {
+		if sdkItem.Title == itemTitle {
+			var item model.Item
+			item.FromSDKItemOverview(&sdkItem)
+			items = append(items, item)
+		}
+	}
+
+	return items, nil
+}
+
+func (s *SDK) GetFileContent(vaultID, itemID, fileID string) ([]byte, error) {
+	return s.client.Items().Files().Read(context.Background(), vaultID, itemID, sdk.FileAttributes{
+		ID: fileID,
+	})
+}
+
+func (s *SDK) GetVaultsByTitle(title string) ([]model.Vault, error) {
+	// List all vaults
+	sdkVaults, err := s.client.Vaults().List(context.Background())
+	if err != nil {
+		return nil, err
+	}
+
+	// Filter vaults by title
+	var vaults []model.Vault
+	for _, sdkVault := range sdkVaults {
+		if sdkVault.Title == title {
+			var vault model.Vault
+			vault.FromSDKVault(&sdkVault)
+			vaults = append(vaults, vault)
+		}
+	}
+
+	return vaults, nil
+}

pkg/onepassword/client/sdk/sdk_test.go

@@ -0,0 +1,269 @@
+package sdk
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+
+	clienttesting "github.com/1Password/onepassword-operator/pkg/onepassword/client/testing"
+	clientmock "github.com/1Password/onepassword-operator/pkg/onepassword/client/testing/mock"
+	"github.com/1Password/onepassword-operator/pkg/onepassword/model"
+	sdk "github.com/1password/onepassword-sdk-go"
+)
+
+const VaultTitleEmployee = "Employee"
+
+func TestSDK_GetItemByID(t *testing.T) {
+	sdkItem := clienttesting.CreateSDKItem()
+
+	testCases := map[string]struct {
+		mockItemAPI func() *clientmock.ItemAPIMock
+		check       func(t *testing.T, item *model.Item, err error)
+	}{
+		"should return a single vault": {
+			mockItemAPI: func() *clientmock.ItemAPIMock {
+				m := &clientmock.ItemAPIMock{}
+				m.On("Get", context.Background(), "vault-id", "item-id").Return(*sdkItem, nil)
+				return m
+			},
+			check: func(t *testing.T, item *model.Item, err error) {
+				require.NoError(t, err)
+				clienttesting.CheckSDKItemMapping(t, sdkItem, item)
+			},
+		},
+		"should return an error": {
+			mockItemAPI: func() *clientmock.ItemAPIMock {
+				m := &clientmock.ItemAPIMock{}
+				m.On("Get", context.Background(), "vault-id", "item-id").Return(sdk.Item{}, errors.New("error"))
+				return m
+			},
+			check: func(t *testing.T, item *model.Item, err error) {
+				require.Error(t, err)
+				require.Empty(t, item)
+			},
+		},
+	}
+
+	for description, tc := range testCases {
+		t.Run(description, func(t *testing.T) {
+			client := &SDK{
+				client: &sdk.Client{
+					ItemsAPI: tc.mockItemAPI(),
+				},
+			}
+			item, err := client.GetItemByID("vault-id", "item-id")
+			tc.check(t, item, err)
+		})
+	}
+}
+
+func TestSDK_GetItemsByTitle(t *testing.T) {
+	sdkItem1 := clienttesting.CreateSDKItemOverview()
+	sdkItem2 := clienttesting.CreateSDKItemOverview()
+
+	testCases := map[string]struct {
+		mockItemAPI func() *clientmock.ItemAPIMock
+		check       func(t *testing.T, items []model.Item, err error)
+	}{
+		"should return a single item": {
+			mockItemAPI: func() *clientmock.ItemAPIMock {
+				m := &clientmock.ItemAPIMock{}
+
+				copySDKItem2 := *sdkItem2
+				copySDKItem2.Title = "Some other item"
+
+				m.On("List", context.Background(), "vault-id", mock.Anything).Return([]sdk.ItemOverview{
+					*sdkItem1,
+					copySDKItem2,
+				}, nil)
+				return m
+			},
+			check: func(t *testing.T, items []model.Item, err error) {
+				require.NoError(t, err)
+				require.Len(t, items, 1)
+				clienttesting.CheckSDKItemOverviewMapping(t, sdkItem1, &items[0])
+			},
+		},
+		"should return a two items": {
+			mockItemAPI: func() *clientmock.ItemAPIMock {
+				m := &clientmock.ItemAPIMock{}
+				m.On("List", context.Background(), "vault-id", mock.Anything).Return([]sdk.ItemOverview{
+					*sdkItem1,
+					*sdkItem2,
+				}, nil)
+				return m
+			},
+			check: func(t *testing.T, items []model.Item, err error) {
+				require.NoError(t, err)
+				require.Len(t, items, 2)
+				clienttesting.CheckSDKItemOverviewMapping(t, sdkItem1, &items[0])
+				clienttesting.CheckSDKItemOverviewMapping(t, sdkItem2, &items[1])
+			},
+		},
+		"should return an error": {
+			mockItemAPI: func() *clientmock.ItemAPIMock {
+				m := &clientmock.ItemAPIMock{}
+				m.On("List", context.Background(), "vault-id", mock.Anything).Return([]sdk.ItemOverview{}, errors.New("error"))
+				return m
+			},
+			check: func(t *testing.T, items []model.Item, err error) {
+				require.Error(t, err)
+				require.Empty(t, items)
+			},
+		},
+	}
+
+	for description, tc := range testCases {
+		t.Run(description, func(t *testing.T) {
+			client := &SDK{
+				client: &sdk.Client{
+					ItemsAPI: tc.mockItemAPI(),
+				},
+			}
+			items, err := client.GetItemsByTitle("vault-id", "item-title")
+			tc.check(t, items, err)
+		})
+	}
+}
+
+func TestSDK_GetFileContent(t *testing.T) {
+	testCases := map[string]struct {
+		mockItemAPI func() *clientmock.ItemAPIMock
+		check       func(t *testing.T, content []byte, err error)
+	}{
+		"should return file content": {
+			mockItemAPI: func() *clientmock.ItemAPIMock {
+				fileMock := &clientmock.FileAPIMock{}
+				fileMock.On("Read", mock.Anything, "vault-id", "item-id",
+					mock.MatchedBy(func(attr sdk.FileAttributes) bool {
+						return attr.ID == "file-id"
+					}),
+				).Return([]byte("file content"), nil)
+
+				itemMock := &clientmock.ItemAPIMock{
+					FilesAPI: fileMock,
+				}
+				itemMock.On("Files").Return(fileMock)
+
+				return itemMock
+			},
+			check: func(t *testing.T, content []byte, err error) {
+				require.NoError(t, err)
+				require.Equal(t, []byte("file content"), content)
+			},
+		},
+		"should return an error": {
+			mockItemAPI: func() *clientmock.ItemAPIMock {
+				fileMock := &clientmock.FileAPIMock{}
+				fileMock.On("Read", mock.Anything, "vault-id", "item-id",
+					mock.MatchedBy(func(attr sdk.FileAttributes) bool {
+						return attr.ID == "file-id"
+					}),
+				).Return(nil, errors.New("error"))
+
+				itemMock := &clientmock.ItemAPIMock{
+					FilesAPI: fileMock,
+				}
+				itemMock.On("Files").Return(fileMock)
+
+				return itemMock
+			},
+			check: func(t *testing.T, content []byte, err error) {
+				require.Error(t, err)
+				require.Nil(t, content)
+			},
+		},
+	}
+
+	for description, tc := range testCases {
+		t.Run(description, func(t *testing.T) {
+			client := &SDK{
+				client: &sdk.Client{
+					ItemsAPI: tc.mockItemAPI(),
+				},
+			}
+			content, err := client.GetFileContent("vault-id", "item-id", "file-id")
+			tc.check(t, content, err)
+		})
+	}
+}
+
+// TODO: check CreatedAt as soon as a new SDK version returns it
+func TestSDK_GetVaultsByTitle(t *testing.T) {
+	testCases := map[string]struct {
+		mockVaultAPI func() *clientmock.VaultAPIMock
+		check        func(t *testing.T, vaults []model.Vault, err error)
+	}{
+		"should return a single vault": {
+			mockVaultAPI: func() *clientmock.VaultAPIMock {
+				m := &clientmock.VaultAPIMock{}
+				m.On("List", context.Background()).Return([]sdk.VaultOverview{
+					{
+						ID:    "test-id",
+						Title: VaultTitleEmployee,
+					},
+					{
+						ID:    "test-id-2",
+						Title: "Some other vault",
+					},
+				}, nil)
+				return m
+			},
+			check: func(t *testing.T, vaults []model.Vault, err error) {
+				require.NoError(t, err)
+				require.Len(t, vaults, 1)
+				require.Equal(t, "test-id", vaults[0].ID)
+			},
+		},
+		"should return a two vaults": {
+			mockVaultAPI: func() *clientmock.VaultAPIMock {
+				m := &clientmock.VaultAPIMock{}
+				m.On("List", context.Background()).Return([]sdk.VaultOverview{
+					{
+						ID:    "test-id",
+						Title: VaultTitleEmployee,
+					},
+					{
+						ID:    "test-id-2",
+						Title: VaultTitleEmployee,
+					},
+				}, nil)
+				return m
+			},
+			check: func(t *testing.T, vaults []model.Vault, err error) {
+				require.NoError(t, err)
+				require.Len(t, vaults, 2)
+				// Check the first vault
+				require.Equal(t, "test-id", vaults[0].ID)
+				// Check the second vault
+				require.Equal(t, "test-id-2", vaults[1].ID)
+			},
+		},
+		"should return an error": {
+			mockVaultAPI: func() *clientmock.VaultAPIMock {
+				m := &clientmock.VaultAPIMock{}
+				m.On("List", context.Background()).Return([]sdk.VaultOverview{}, errors.New("error"))
+				return m
+			},
+			check: func(t *testing.T, vaults []model.Vault, err error) {
+				require.Error(t, err)
+				require.Empty(t, vaults)
+			},
+		},
+	}
+
+	for description, tc := range testCases {
+		t.Run(description, func(t *testing.T) {
+			client := &SDK{
+				client: &sdk.Client{
+					VaultsAPI: tc.mockVaultAPI(),
+				},
+			}
+			vault, err := client.GetVaultsByTitle(VaultTitleEmployee)
+			tc.check(t, vault, err)
+		})
+	}
+}