github.com/IBM-Cloud/bluemix-go@v0.0.0-20240314082800-4e02a69b84b2/examples/iam_pap/iampapv1/accessPolicy/main.go (about) 1 package main 2 3 import ( 4 "flag" 5 "log" 6 "os" 7 "strings" 8 9 bluemix "github.com/IBM-Cloud/bluemix-go" 10 "github.com/IBM-Cloud/bluemix-go/api/account/accountv2" 11 "github.com/IBM-Cloud/bluemix-go/api/iam/iamv1" 12 "github.com/IBM-Cloud/bluemix-go/api/iampap/iampapv1" 13 "github.com/IBM-Cloud/bluemix-go/api/iamuum/iamuumv1" 14 "github.com/IBM-Cloud/bluemix-go/api/mccp/mccpv2" 15 "github.com/IBM-Cloud/bluemix-go/models" 16 "github.com/IBM-Cloud/bluemix-go/session" 17 "github.com/IBM-Cloud/bluemix-go/trace" 18 "github.com/IBM-Cloud/bluemix-go/utils" 19 ) 20 21 func main() { 22 var org string 23 flag.StringVar(&org, "org", "", "Bluemix Organization") 24 25 var accessGroup string 26 flag.StringVar(&accessGroup, "accessgroup", "", "Bluemix access group name") 27 28 var service string 29 flag.StringVar(&service, "service", "", "Bluemix service name") 30 31 var roles string 32 flag.StringVar(&roles, "roles", "", "Comma seperated list of roles") 33 34 var serviceInstance string 35 flag.StringVar(&serviceInstance, "serviceInstance", "", "Bluemix service instance name") 36 37 var region string 38 flag.StringVar(®ion, "region", "", "Bluemix region") 39 40 var resourceType string 41 flag.StringVar(&resourceType, "resourceType", "", "Bluemix resource type") 42 43 var resource string 44 flag.StringVar(&resource, "resource", "", "Bluemix resource") 45 46 var resourceGroupID string 47 flag.StringVar(&resourceGroupID, "resourceGroupID", "", "Bluemix resource group ") 48 49 var serviceType string 50 flag.StringVar(&serviceType, "serviceType", "", "service type") 51 52 trace.Logger = trace.NewLogger("true") 53 c := new(bluemix.Config) 54 flag.BoolVar(&c.Debug, "debug", false, "Show full trace if on") 55 flag.Parse() 56 57 if org == "" || roles == "" || accessGroup == "" { 58 flag.Usage() 59 os.Exit(1) 60 } 61 62 sess, err := session.New(c) 63 if err != nil { 64 log.Fatal(err) 65 } 66 67 client, err := mccpv2.New(sess) 68 69 if err != nil { 70 log.Fatal(err) 71 } 72 73 orgAPI := client.Organizations() 74 myorg, err := orgAPI.FindByName(org, sess.Config.Region) 75 76 if err != nil { 77 log.Fatal(err) 78 } 79 80 accClient, err := accountv2.New(sess) 81 if err != nil { 82 log.Fatal(err) 83 } 84 85 accountAPI := accClient.Accounts() 86 myAccount, err := accountAPI.FindByOrg(myorg.GUID, sess.Config.Region) 87 if err != nil { 88 log.Fatal(err) 89 } 90 91 iamClient, err := iamv1.New(sess) 92 if err != nil { 93 log.Fatal(err) 94 } 95 96 serviceRolesAPI := iamClient.ServiceRoles() 97 98 var policy iampapv1.Policy 99 100 var definedRoles []models.PolicyRole 101 102 if service == "" { 103 definedRoles, err = serviceRolesAPI.ListSystemDefinedRoles() 104 } else { 105 definedRoles, err = serviceRolesAPI.ListServiceRoles(service) 106 } 107 108 if err != nil { 109 log.Fatal(err) 110 } 111 112 filterRoles, err := utils.GetRolesFromRoleNames(strings.Split(roles, ","), definedRoles) 113 114 if err != nil { 115 log.Fatal(err) 116 } 117 118 policyResource := iampapv1.Resource{} 119 120 if service != "" { 121 policyResource.SetServiceName(service) 122 } 123 124 if serviceInstance != "" { 125 policyResource.SetServiceInstance(serviceInstance) 126 } 127 128 if region != "" { 129 policyResource.SetRegion(region) 130 } 131 132 if resourceType != "" { 133 policyResource.SetResourceType(resourceType) 134 } 135 136 if resource != "" { 137 policyResource.SetResource(resource) 138 } 139 140 if resourceGroupID != "" { 141 policyResource.SetResourceGroupID(resourceGroupID) 142 } 143 144 switch serviceType { 145 case "service": 146 fallthrough 147 case "platform_service": 148 policyResource.SetServiceType(serviceType) 149 } 150 151 if len(policyResource.Attributes) == 0 { 152 policyResource.SetServiceType("service") 153 } 154 155 policy = iampapv1.Policy{Roles: iampapv1.ConvertRoleModels(filterRoles), Resources: []iampapv1.Resource{policyResource}} 156 157 policy.Resources[0].SetAccountID(myAccount.GUID) 158 159 iamuumClient, err := iamuumv1.New(sess) 160 if err != nil { 161 log.Fatal(err) 162 } 163 accessGroupAPI := iamuumClient.AccessGroup() 164 165 data := models.AccessGroup{ 166 Name: accessGroup, 167 } 168 agID, err := accessGroupAPI.Create(data, myAccount.GUID) 169 if err != nil { 170 log.Fatal(err) 171 } 172 log.Println(agID) 173 174 iampapClient, err := iampapv1.New(sess) 175 if err != nil { 176 log.Fatal(err) 177 } 178 179 policy.Subjects = []iampapv1.Subject{ 180 { 181 Attributes: []iampapv1.Attribute{ 182 { 183 Name: "access_group_id", 184 Value: agID.ID, 185 }, 186 }, 187 }, 188 } 189 190 policy.Type = iampapv1.AccessPolicyType 191 192 accessPolicy := iampapClient.V1Policy() 193 194 createdPolicy, err := accessPolicy.Create(policy) 195 if err != nil { 196 log.Fatal(err) 197 } 198 199 log.Println(createdPolicy) 200 201 getPolicy, err := accessPolicy.Get(createdPolicy.ID) 202 if err != nil { 203 log.Fatal(err) 204 } 205 206 log.Println(getPolicy) 207 208 err = accessPolicy.Delete(createdPolicy.ID) 209 if err != nil { 210 log.Fatal(err) 211 } 212 213 err = accessGroupAPI.Delete(agID.ID, false) 214 if err != nil { 215 log.Fatal(err) 216 } 217 218 }