github.com/IBM-Cloud/bluemix-go@v0.0.0-20240314082800-4e02a69b84b2/api/iam/iamv1/service_roles.go (about) 1 package iamv1 2 3 import ( 4 "net/url" 5 6 "github.com/IBM-Cloud/bluemix-go/client" 7 "github.com/IBM-Cloud/bluemix-go/helpers" 8 "github.com/IBM-Cloud/bluemix-go/models" 9 "github.com/IBM-Cloud/bluemix-go/rest" 10 ) 11 12 type serviceRoleQueryResponse struct { 13 ServiceSpecificRoles []models.PolicyRole `json:"supportedRoles"` 14 PlatformExtensions struct { 15 Roles []models.PolicyRole `json:"supportedRoles"` 16 } `json:"platformExtensions"` 17 } 18 19 type ServiceRoleRepository interface { 20 // List all roles of a given service, including those supported system defined roles 21 ListServiceRoles(serviceName string) ([]models.PolicyRole, error) 22 // List all system defined roles 23 ListSystemDefinedRoles() ([]models.PolicyRole, error) 24 // List servie specific roles 25 ListServiceSpecificRoles(serviceName string) ([]models.PolicyRole, error) 26 // List authorization roles 27 ListAuthorizationRoles(sourceServiceName string, targetServiceName string) ([]models.PolicyRole, error) 28 } 29 30 type serviceRoleRepository struct { 31 client *client.Client 32 } 33 34 func NewServiceRoleRepository(c *client.Client) ServiceRoleRepository { 35 return &serviceRoleRepository{ 36 client: c, 37 } 38 } 39 40 func (r *serviceRoleRepository) ListServiceRoles(serviceName string) ([]models.PolicyRole, error) { 41 response := struct { 42 ServiceSpecificRoles []models.PolicyRole `json:"supportedRoles"` 43 PlatformExtensions struct { 44 Roles []models.PolicyRole `json:"supportedRoles"` 45 } `json:"platformExtensions"` 46 }{} 47 48 _, err := r.client.Get("/acms/v1/roles?serviceName="+url.QueryEscape(serviceName), &response) 49 if err != nil { 50 return []models.PolicyRole{}, err 51 } 52 53 roles := append(response.ServiceSpecificRoles, response.PlatformExtensions.Roles...) 54 55 return roles, nil 56 } 57 58 func (r *serviceRoleRepository) ListSystemDefinedRoles() ([]models.PolicyRole, error) { 59 response := struct { 60 Roles []models.Role `json:"systemDefinedRoles"` 61 }{} 62 63 _, err := r.client.Get("/acms/v1/roles", &response) 64 if err != nil { 65 return []models.PolicyRole{}, err 66 } 67 68 // system defined roles uses `crn` instead of `id`, need to conversion 69 // TODO: remove this if IAM PAP unify the data model 70 roles := []models.PolicyRole{} 71 for _, role := range response.Roles { 72 roles = append(roles, role.ToPolicyRole()) 73 } 74 return roles, nil 75 } 76 func (r *serviceRoleRepository) ListServiceSpecificRoles(serviceName string) ([]models.PolicyRole, error) { 77 var response serviceRoleQueryResponse 78 var err error 79 if response, err = r.queryServiceRoles(serviceName); err != nil { 80 return []models.PolicyRole{}, err 81 } 82 return response.ServiceSpecificRoles, nil 83 84 } 85 86 func (r *serviceRoleRepository) queryServiceRoles(name string) (serviceRoleQueryResponse, error) { 87 response := serviceRoleQueryResponse{} 88 89 _, err := r.client.Get("/acms/v1/roles?serviceName="+url.QueryEscape(name), &response) 90 if err != nil { 91 return serviceRoleQueryResponse{}, err 92 } 93 94 return response, nil 95 } 96 97 func (r *serviceRoleRepository) ListAuthorizationRoles(sourceServiceName string, targetServiceName string) ([]models.PolicyRole, error) { 98 req := rest.GetRequest(helpers.GetFullURL(*r.client.Config.Endpoint, "/acms/v1/roles")) 99 req.Query("sourceServiceName", sourceServiceName) 100 req.Query("serviceName", targetServiceName) 101 req.Query("policyType", "authorization") 102 103 var response serviceRoleQueryResponse 104 _, err := r.client.SendRequest(req, &response) 105 if err != nil { 106 return []models.PolicyRole{}, err 107 } 108 109 roles := append(response.ServiceSpecificRoles, response.PlatformExtensions.Roles...) 110 return roles, nil 111 }