github.com/IBM-Cloud/bluemix-go@v0.0.0-20240423071914-9e96525baef4/examples/iam/user_policy_with_custom_role/main.go (about) 1 package main 2 3 import ( 4 "flag" 5 "log" 6 "os" 7 "strings" 8 9 bluemix "github.com/IBM-Cloud/bluemix-go" 10 "github.com/IBM-Cloud/bluemix-go/api/account/accountv1" 11 "github.com/IBM-Cloud/bluemix-go/api/account/accountv2" 12 "github.com/IBM-Cloud/bluemix-go/api/iampap/iampapv1" 13 "github.com/IBM-Cloud/bluemix-go/api/iampap/iampapv2" 14 "github.com/IBM-Cloud/bluemix-go/api/mccp/mccpv2" 15 "github.com/IBM-Cloud/bluemix-go/session" 16 "github.com/IBM-Cloud/bluemix-go/trace" 17 "github.com/IBM-Cloud/bluemix-go/utils" 18 ) 19 20 func main() { 21 var org string 22 flag.StringVar(&org, "org", "smjtorg", "Bluemix Organization") 23 24 var userEmail string 25 flag.StringVar(&userEmail, "userEmail", "guvaish1@in.ibm.com", "Email of the user to be invited") 26 27 var service string 28 flag.StringVar(&service, "service", "kms", "Bluemix service name") 29 30 var roles string 31 flag.StringVar(&roles, "roles", "Tes", "Comma seperated list of custom roles") 32 33 var serviceInstance string 34 flag.StringVar(&serviceInstance, "serviceInstance", "", "Bluemix service instance name") 35 36 var region string 37 flag.StringVar(®ion, "region", "", "Bluemix region") 38 39 var resourceType string 40 flag.StringVar(&resourceType, "resourceType", "", "Bluemix resource type") 41 42 var resource string 43 flag.StringVar(&resource, "resource", "", "Bluemix resource") 44 45 var resourceGroupID string 46 flag.StringVar(&resourceGroupID, "resourceGroupID", "", "Bluemix resource group ") 47 48 var serviceType string 49 flag.StringVar(&serviceType, "serviceType", "", "service type") 50 51 trace.Logger = trace.NewLogger("true") 52 c := new(bluemix.Config) 53 flag.BoolVar(&c.Debug, "debug", false, "Show full trace if on") 54 flag.Parse() 55 56 if org == "" || userEmail == "" { 57 flag.Usage() 58 os.Exit(1) 59 } 60 61 sess, err := session.New(c) 62 if err != nil { 63 log.Fatal(err) 64 } 65 66 client, err := mccpv2.New(sess) 67 68 if err != nil { 69 log.Fatal(err) 70 } 71 72 orgAPI := client.Organizations() 73 myorg, err := orgAPI.FindByName(org, sess.Config.Region) 74 75 if err != nil { 76 log.Fatal(err) 77 } 78 79 accClient, err := accountv2.New(sess) 80 if err != nil { 81 log.Fatal(err) 82 } 83 84 accountAPI := accClient.Accounts() 85 myAccount, err := accountAPI.FindByOrg(myorg.GUID, sess.Config.Region) 86 if err != nil { 87 log.Fatal(err) 88 } 89 90 accClient1, err := accountv1.New(sess) 91 if err != nil { 92 log.Fatal(err) 93 } 94 accountAPIV1 := accClient1.Accounts() 95 //Get list of users under account 96 user, err := accountAPIV1.InviteAccountUser(myAccount.GUID, userEmail) 97 if err != nil { 98 log.Fatal(err) 99 } 100 log.Println(user) 101 102 var definedRoles []iampapv2.Role 103 104 roleClient, err := iampapv2.New(sess) 105 if err != nil { 106 log.Fatal(err) 107 } 108 customRoleapi := roleClient.IAMRoles() 109 110 if service == "" { 111 definedRoles, err = customRoleapi.ListSystemDefinedRoles() 112 } else { 113 definedRoles, err = customRoleapi.ListAll(iampapv2.RoleQuery{AccountID: myAccount.GUID, ServiceName: service}) 114 // customRoles, err1 := customRoleapi.ListCustomRoles(myAccount.GUID, service) 115 // if err1 != nil { 116 // log.Fatal(err) 117 // } 118 // definedRoles = append(definedRoles, customRoles...) 119 120 } 121 122 if err != nil { 123 log.Fatal(err) 124 } 125 126 filterRoles, err := utils.GetRolesFromRoleNamesV2(strings.Split(roles, ","), definedRoles) 127 128 if err != nil { 129 log.Fatal(err) 130 } 131 132 var policy iampapv1.Policy 133 134 policyResource := iampapv1.Resource{} 135 136 if service != "" { 137 policyResource.SetServiceName(service) 138 } 139 140 if serviceInstance != "" { 141 policyResource.SetServiceInstance(serviceInstance) 142 } 143 144 if region != "" { 145 policyResource.SetRegion(region) 146 } 147 148 if resourceType != "" { 149 policyResource.SetResourceType(resourceType) 150 } 151 152 if resource != "" { 153 policyResource.SetResource(resource) 154 } 155 156 if resourceGroupID != "" { 157 policyResource.SetResourceGroupID(resourceGroupID) 158 } 159 160 switch serviceType { 161 case "service": 162 fallthrough 163 case "platform_service": 164 policyResource.SetServiceType(serviceType) 165 } 166 167 if len(policyResource.Attributes) == 0 { 168 policyResource.SetServiceType("service") 169 } 170 171 policy = iampapv1.Policy{Roles: iampapv1.ConvertV2RoleModels(filterRoles), Resources: []iampapv1.Resource{policyResource}} 172 173 policy.Resources[0].SetAccountID(myAccount.GUID) 174 175 userDetails, err := accountAPIV1.FindAccountUserByUserId(myAccount.GUID, userEmail) 176 if err != nil { 177 log.Fatal(err) 178 } 179 180 policy.Subjects = []iampapv1.Subject{ 181 { 182 Attributes: []iampapv1.Attribute{ 183 { 184 Name: "iam_id", 185 Value: userDetails.IbmUniqueId, 186 }, 187 }, 188 }, 189 } 190 191 policy.Type = iampapv1.AccessPolicyType 192 193 iampapClient, err := iampapv1.New(sess) 194 if err != nil { 195 log.Fatal(err) 196 } 197 198 userPolicyAPI := iampapClient.V1Policy() 199 200 createdPolicy, err := userPolicyAPI.Create(policy) 201 if err != nil { 202 log.Fatal(err) 203 } 204 205 log.Println(createdPolicy) 206 207 err = userPolicyAPI.Delete(createdPolicy.ID) 208 if err != nil { 209 log.Fatal(err) 210 } 211 212 err = accountAPIV1.DeleteAccountUser(myAccount.GUID, userDetails.Id) 213 if err != nil { 214 log.Fatal(err) 215 } 216 217 }