github.com/IBM-Cloud/bluemix-go@v0.0.0-20240423071914-9e96525baef4/examples/iam/user_policy/main.go (about) 1 package main 2 3 import ( 4 "flag" 5 "log" 6 "os" 7 "strings" 8 9 bluemix "github.com/IBM-Cloud/bluemix-go" 10 "github.com/IBM-Cloud/bluemix-go/api/account/accountv1" 11 "github.com/IBM-Cloud/bluemix-go/api/account/accountv2" 12 "github.com/IBM-Cloud/bluemix-go/api/iam/iamv1" 13 "github.com/IBM-Cloud/bluemix-go/api/iampap/iampapv1" 14 "github.com/IBM-Cloud/bluemix-go/api/mccp/mccpv2" 15 "github.com/IBM-Cloud/bluemix-go/models" 16 "github.com/IBM-Cloud/bluemix-go/session" 17 "github.com/IBM-Cloud/bluemix-go/trace" 18 "github.com/IBM-Cloud/bluemix-go/utils" 19 ) 20 21 func main() { 22 var org string 23 flag.StringVar(&org, "org", "", "Bluemix Organization") 24 25 var userEmail string 26 flag.StringVar(&userEmail, "userEmail", "", "Email of the user to be invited") 27 28 var service string 29 flag.StringVar(&service, "service", "", "Bluemix service name") 30 31 var roles string 32 flag.StringVar(&roles, "roles", "", "Comma seperated list of roles") 33 34 var serviceInstance string 35 flag.StringVar(&serviceInstance, "serviceInstance", "", "Bluemix service instance name") 36 37 var region string 38 flag.StringVar(®ion, "region", "", "Bluemix region") 39 40 var resourceType string 41 flag.StringVar(&resourceType, "resourceType", "", "Bluemix resource type") 42 43 var resource string 44 flag.StringVar(&resource, "resource", "", "Bluemix resource") 45 46 var resourceGroupID string 47 flag.StringVar(&resourceGroupID, "resourceGroupID", "", "Bluemix resource group ") 48 49 var serviceType string 50 flag.StringVar(&serviceType, "serviceType", "", "service type") 51 52 trace.Logger = trace.NewLogger("true") 53 c := new(bluemix.Config) 54 flag.BoolVar(&c.Debug, "debug", false, "Show full trace if on") 55 flag.Parse() 56 57 if org == "" || userEmail == "" || roles == "" { 58 flag.Usage() 59 os.Exit(1) 60 } 61 62 sess, err := session.New(c) 63 if err != nil { 64 log.Fatal(err) 65 } 66 67 client, err := mccpv2.New(sess) 68 69 if err != nil { 70 log.Fatal(err) 71 } 72 73 orgAPI := client.Organizations() 74 myorg, err := orgAPI.FindByName(org, sess.Config.Region) 75 76 if err != nil { 77 log.Fatal(err) 78 } 79 80 accClient, err := accountv2.New(sess) 81 if err != nil { 82 log.Fatal(err) 83 } 84 85 accountAPI := accClient.Accounts() 86 myAccount, err := accountAPI.FindByOrg(myorg.GUID, sess.Config.Region) 87 if err != nil { 88 log.Fatal(err) 89 } 90 91 accClient1, err := accountv1.New(sess) 92 if err != nil { 93 log.Fatal(err) 94 } 95 accountAPIV1 := accClient1.Accounts() 96 //Get list of users under account 97 user, err := accountAPIV1.InviteAccountUser(myAccount.GUID, userEmail) 98 if err != nil { 99 log.Fatal(err) 100 } 101 log.Println(user) 102 103 iamClient, err := iamv1.New(sess) 104 if err != nil { 105 log.Fatal(err) 106 } 107 108 serviceRolesAPI := iamClient.ServiceRoles() 109 110 var definedRoles []models.PolicyRole 111 112 if service == "" { 113 definedRoles, err = serviceRolesAPI.ListSystemDefinedRoles() 114 } else { 115 definedRoles, err = serviceRolesAPI.ListServiceRoles(service) 116 } 117 118 if err != nil { 119 log.Fatal(err) 120 } 121 122 filterRoles, err := utils.GetRolesFromRoleNames(strings.Split(roles, ","), definedRoles) 123 124 if err != nil { 125 log.Fatal(err) 126 } 127 128 var policy iampapv1.Policy 129 130 policyResource := iampapv1.Resource{} 131 132 if service != "" { 133 policyResource.SetServiceName(service) 134 } 135 136 if serviceInstance != "" { 137 policyResource.SetServiceInstance(serviceInstance) 138 } 139 140 if region != "" { 141 policyResource.SetRegion(region) 142 } 143 144 if resourceType != "" { 145 policyResource.SetResourceType(resourceType) 146 } 147 148 if resource != "" { 149 policyResource.SetResource(resource) 150 } 151 152 if resourceGroupID != "" { 153 policyResource.SetResourceGroupID(resourceGroupID) 154 } 155 156 switch serviceType { 157 case "service": 158 fallthrough 159 case "platform_service": 160 policyResource.SetServiceType(serviceType) 161 } 162 163 if len(policyResource.Attributes) == 0 { 164 policyResource.SetServiceType("service") 165 } 166 167 policy = iampapv1.Policy{Roles: iampapv1.ConvertRoleModels(filterRoles), Resources: []iampapv1.Resource{policyResource}} 168 169 policy.Resources[0].SetAccountID(myAccount.GUID) 170 171 userDetails, err := accountAPIV1.FindAccountUserByUserId(myAccount.GUID, userEmail) 172 if err != nil { 173 log.Fatal(err) 174 } 175 176 policy.Subjects = []iampapv1.Subject{ 177 { 178 Attributes: []iampapv1.Attribute{ 179 { 180 Name: "iam_id", 181 Value: userDetails.IbmUniqueId, 182 }, 183 }, 184 }, 185 } 186 187 policy.Type = iampapv1.AccessPolicyType 188 189 iampapClient, err := iampapv1.New(sess) 190 if err != nil { 191 log.Fatal(err) 192 } 193 194 userPolicyAPI := iampapClient.V1Policy() 195 196 createdPolicy, err := userPolicyAPI.Create(policy) 197 if err != nil { 198 log.Fatal(err) 199 } 200 201 log.Println(createdPolicy) 202 203 err = userPolicyAPI.Delete(createdPolicy.ID) 204 if err != nil { 205 log.Fatal(err) 206 } 207 208 err = accountAPIV1.DeleteAccountUser(myAccount.GUID, userDetails.Id) 209 if err != nil { 210 log.Fatal(err) 211 } 212 213 }