github.com/IBM-Cloud/bluemix-go@v0.0.0-20240314082800-4e02a69b84b2/examples/iam_pap/iampapv1/authorization_policy/main.go (about) 1 package main 2 3 import ( 4 "flag" 5 "log" 6 "os" 7 "strings" 8 9 bluemix "github.com/IBM-Cloud/bluemix-go" 10 "github.com/IBM-Cloud/bluemix-go/api/account/accountv2" 11 "github.com/IBM-Cloud/bluemix-go/api/iam/iamv1" 12 "github.com/IBM-Cloud/bluemix-go/api/iampap/iampapv1" 13 "github.com/IBM-Cloud/bluemix-go/api/mccp/mccpv2" 14 "github.com/IBM-Cloud/bluemix-go/models" 15 "github.com/IBM-Cloud/bluemix-go/session" 16 "github.com/IBM-Cloud/bluemix-go/trace" 17 "github.com/IBM-Cloud/bluemix-go/utils" 18 19 ) 20 21 func main() { 22 var org string 23 flag.StringVar(&org, "org", "", "Bluemix Organization") 24 25 var sourceServiceName string 26 flag.StringVar(&sourceServiceName, "source_service_name", "", "Bluemix service name") 27 28 var targetServiceName string 29 flag.StringVar(&targetServiceName, "target_service_name", "", "Bluemix service name") 30 31 var roles string 32 flag.StringVar(&roles, "roles", "", "Comma seperated list of roles") 33 34 var sourceServiceInstanceId string 35 flag.StringVar(&sourceServiceInstanceId, "source_service_instance_id", "", "Bluemix source service instance id") 36 37 var targetServiceInstanceId string 38 flag.StringVar(&targetServiceInstanceId, "target_service_instance_id", "", "Bluemix target service instance id") 39 40 var sourceResourceGroupId string 41 flag.StringVar(&sourceResourceGroupId, "source_resource_group_id", "", "Bluemix source resource group id") 42 43 var targetResourceGroupId string 44 flag.StringVar(&targetResourceGroupId, "target_resource_group_id", "", "Bluemix target resource group id") 45 46 var sourceResourceType string 47 flag.StringVar(&sourceResourceType, "source_resource_type", "", "Source resource type") 48 49 var targetResourceType string 50 flag.StringVar(&targetResourceType, "target_resource_type", "", "Target resource type") 51 52 trace.Logger = trace.NewLogger("true") 53 c := new(bluemix.Config) 54 flag.BoolVar(&c.Debug, "debug", false, "Show full trace if on") 55 flag.Parse() 56 57 if org == "" || sourceServiceName == "" || targetServiceName == "" { 58 flag.Usage() 59 os.Exit(1) 60 } 61 62 sess, err := session.New(c) 63 if err != nil { 64 log.Fatal(err) 65 } 66 67 client, err := mccpv2.New(sess) 68 69 if err != nil { 70 log.Fatal(err) 71 } 72 73 orgAPI := client.Organizations() 74 myorg, err := orgAPI.FindByName(org, sess.Config.Region) 75 76 if err != nil { 77 log.Fatal(err) 78 } 79 80 accClient, err := accountv2.New(sess) 81 if err != nil { 82 log.Fatal(err) 83 } 84 85 accountAPI := accClient.Accounts() 86 myAccount, err := accountAPI.FindByOrg(myorg.GUID, sess.Config.Region) 87 if err != nil { 88 log.Fatal(err) 89 } 90 91 iamClient, err := iamv1.New(sess) 92 if err != nil { 93 log.Fatal(err) 94 } 95 96 serviceRolesAPI := iamClient.ServiceRoles() 97 98 var definedRoles []models.PolicyRole 99 100 if sourceServiceName == "" { 101 definedRoles, err = serviceRolesAPI.ListSystemDefinedRoles() 102 } else { 103 definedRoles, err = serviceRolesAPI.ListAuthorizationRoles(sourceServiceName, targetServiceName) 104 } 105 106 if err != nil { 107 log.Fatal(err) 108 } 109 110 filterRoles, err := utils.GetRolesFromRoleNames(strings.Split(roles, ","), definedRoles) 111 112 if err != nil { 113 log.Fatal(err) 114 } 115 116 policy := iampapv1.Policy{ 117 Type: iampapv1.AuthorizationPolicyType, 118 } 119 120 policy.Roles = iampapv1.ConvertRoleModels(filterRoles) 121 122 policy.Subjects = []iampapv1.Subject{ 123 { 124 Attributes: []iampapv1.Attribute{ 125 { 126 Name: "accountId", 127 Value: myAccount.GUID, 128 }, 129 { 130 Name: "serviceName", 131 Value: sourceServiceName, 132 }, 133 }, 134 }, 135 } 136 137 policy.Resources = []iampapv1.Resource{ 138 { 139 Attributes: []iampapv1.Attribute{ 140 { 141 Name: "accountId", 142 Value: myAccount.GUID, 143 }, 144 { 145 Name: "serviceName", 146 Value: targetServiceName, 147 }, 148 }, 149 }, 150 } 151 152 if sourceServiceInstanceId != "" { 153 policy.Subjects[0].SetServiceInstance(sourceServiceInstanceId) 154 } 155 156 if targetServiceInstanceId != "" { 157 policy.Resources[0].SetServiceInstance(targetServiceInstanceId) 158 } 159 160 if sourceResourceGroupId != "" { 161 policy.Subjects[0].SetResourceGroupID(sourceResourceGroupId) 162 } 163 164 if targetResourceGroupId != "" { 165 policy.Resources[0].SetResourceGroupID(targetResourceGroupId) 166 } 167 168 iampapClient, err := iampapv1.New(sess) 169 if err != nil { 170 log.Fatal(err) 171 } 172 173 authPolicy := iampapClient.V1Policy() 174 175 createdAuthPolicy, err := authPolicy.Create(policy) 176 177 if err != nil { 178 log.Fatal(err) 179 } 180 181 log.Println(createdAuthPolicy) 182 183 getPolicy, err := authPolicy.Get(createdAuthPolicy.ID) 184 if err != nil { 185 log.Fatal(err) 186 } 187 188 log.Println(getPolicy) 189 190 err = authPolicy.Delete(createdAuthPolicy.ID) 191 if err != nil { 192 log.Fatal(err) 193 } 194 195 }