github.com/IBM-Cloud/bluemix-go@v0.0.0-20240423071914-9e96525baef4/examples/usermanagement/user_invite/main.go (about) 1 package main 2 3 import ( 4 "flag" 5 "fmt" 6 "log" 7 "os" 8 "strings" 9 10 bluemix "github.com/IBM-Cloud/bluemix-go" 11 "github.com/IBM-Cloud/bluemix-go/api/iam/iamv1" 12 "github.com/IBM-Cloud/bluemix-go/api/iampap/iampapv1" 13 "github.com/IBM-Cloud/bluemix-go/api/mccp/mccpv2" 14 v2 "github.com/IBM-Cloud/bluemix-go/api/usermanagement/usermanagementv2" 15 "github.com/IBM-Cloud/bluemix-go/models" 16 "github.com/IBM-Cloud/bluemix-go/session" 17 "github.com/IBM-Cloud/bluemix-go/trace" 18 "github.com/IBM-Cloud/bluemix-go/utils" 19 ) 20 21 func main() { 22 23 const ( 24 Member = "MEMBER" 25 Manager = "manager" 26 Auditor = "auditor" 27 BillingManager = "billingmanager" 28 Developer = "developer" 29 ) 30 var userEmail string 31 flag.StringVar(&userEmail, "userEmail", "", "Email of the user to be invited") 32 33 var accountID string 34 flag.StringVar(&accountID, "accountID", "", "Account ID of the inviter") 35 36 var service string 37 flag.StringVar(&service, "service", "", "Bluemix service name") 38 39 var roles string 40 flag.StringVar(&roles, "roles", "", "Comma seperated list of roles") 41 42 var serviceInstance string 43 flag.StringVar(&serviceInstance, "serviceInstance", "", "Bluemix service instance name") 44 45 var region string 46 flag.StringVar(®ion, "region", "", "Bluemix region") 47 48 var resourceType string 49 flag.StringVar(&resourceType, "resourceType", "", "Bluemix resource type") 50 51 var resource string 52 flag.StringVar(&resource, "resource", "", "Bluemix resource") 53 54 var resourceGroupID string 55 flag.StringVar(&resourceGroupID, "resourceGroupID", "", "Bluemix resource group ") 56 57 var serviceType string 58 flag.StringVar(&serviceType, "serviceType", "", "service type") 59 60 var org string 61 flag.StringVar(&org, "org", "", "Cloud foundry organization") 62 63 var space string 64 flag.StringVar(&space, "space", "", "Cloud foundry Space") 65 66 var infraPermission string 67 flag.StringVar(&infraPermission, "infraPermission", "", "Comma seperated list of infraPermissions") 68 69 var accessGroups string 70 flag.StringVar(&accessGroups, "accessGroups", "", "Comma seperated list of accessGroups") 71 72 var orgRoles string 73 flag.StringVar(&orgRoles, "orgRoles", "", "Comma seperated list of accessGroups") 74 75 var spaceRoles string 76 flag.StringVar(&spaceRoles, "spaceRoles", "", "Comma seperated list of accessGroups") 77 78 var allowedIP string 79 flag.StringVar(&allowedIP, "allowedIP", "", "Comma seperated list of allowedIP") 80 81 trace.Logger = trace.NewLogger("true") 82 c := new(bluemix.Config) 83 flag.Parse() 84 85 if userEmail == "" || accountID == "" || roles == "" || spaceRoles == "" || orgRoles == "" { 86 flag.Usage() 87 os.Exit(1) 88 } 89 90 sess, err := session.New(c) 91 if err != nil { 92 log.Fatal(err) 93 } 94 userManagementHandler, err := v2.New(sess) 95 if err != nil { 96 log.Println("failed to initilize userManagementHandler", err) 97 } 98 userInvite := userManagementHandler.UserInvite() 99 100 client, err := mccpv2.New(sess) 101 if err != nil { 102 log.Fatal(err) 103 } 104 orgAPI := client.Organizations() 105 spaceAPI := client.Spaces() 106 107 users := make([]v2.User, 0) 108 users = append(users, v2.User{Email: userEmail, AccountRole: Member}) 109 110 // user roles 111 iamClient, err := iamv1.New(sess) 112 if err != nil { 113 log.Fatal(err) 114 } 115 116 serviceRolesAPI := iamClient.ServiceRoles() 117 118 var definedRoles []models.PolicyRole 119 120 if service == "" { 121 definedRoles, err = serviceRolesAPI.ListSystemDefinedRoles() 122 } else { 123 definedRoles, err = serviceRolesAPI.ListServiceRoles(service) 124 } 125 126 filterRoles, err := utils.GetRolesFromRoleNames(strings.Split(roles, ","), definedRoles) 127 128 if err != nil { 129 log.Fatal(err) 130 } 131 132 policyResource := iampapv1.Resource{} 133 134 if service != "" { 135 policyResource.SetServiceName(service) 136 } 137 138 if serviceInstance != "" { 139 policyResource.SetServiceInstance(serviceInstance) 140 } 141 142 if region != "" { 143 policyResource.SetRegion(region) 144 } 145 146 if resourceType != "" { 147 policyResource.SetResourceType(resourceType) 148 } 149 150 if resource != "" { 151 policyResource.SetResource(resource) 152 } 153 154 if resourceGroupID != "" { 155 policyResource.SetResourceGroupID(resourceGroupID) 156 } 157 158 switch serviceType { 159 case "service": 160 fallthrough 161 case "platform_service": 162 policyResource.SetServiceType(serviceType) 163 } 164 165 if len(policyResource.Attributes) == 0 { 166 policyResource.SetServiceType("service") 167 } 168 policyResource.SetAccountID(accountID) 169 170 policy := v2.UserPolicy{Roles: iampapv1.ConvertRoleModels(filterRoles), Type: "access", Resources: []iampapv1.Resource{policyResource}} 171 var Policies = []v2.UserPolicy{policy} 172 173 payload := v2.UserInvite{} 174 175 payload.Users = users 176 177 payload.IAMPolicy = Policies 178 179 if infraPermission != "" { 180 payload.InfrastructureRoles = &v2.InfraPermissions{Permissions: strings.Split(infraPermission, ",")} 181 } 182 183 if accessGroups != "" { 184 payload.AccessGroup = strings.Split(accessGroups, ",") 185 } 186 187 // Organization roles 188 if orgRoles != "" && org != "" { 189 orgnaization := v2.OrgRole{} 190 myorg, err := orgAPI.FindByName(org, region) 191 if err != nil { 192 log.Fatal(err) 193 } 194 orgroles := strings.Split(orgRoles, ",") 195 orgnaization.Users = []string{userEmail} 196 orgnaization.ID = myorg.GUID 197 orgnaization.Region = region 198 for _, r := range orgroles { 199 role := strings.ToLower(r) 200 if role == Auditor { 201 orgnaization.Auditors = []string{userEmail} 202 } 203 if role == Manager { 204 orgnaization.Managers = []string{userEmail} 205 } 206 if role == BillingManager { 207 orgnaization.BillingManagers = []string{userEmail} 208 } 209 } 210 if spaceRoles != "" && space != "" { 211 myspace, err := spaceAPI.FindByNameInOrg(myorg.GUID, space, region) 212 if err != nil { 213 log.Fatal(err) 214 } 215 spaceroles := strings.Split(spaceRoles, ",") 216 space := v2.Space{ 217 ID: myspace.GUID, 218 } 219 for _, r := range spaceroles { 220 role := strings.ToLower(r) 221 if role == Manager { 222 space.Managers = []string{userEmail} 223 } 224 if role == Developer { 225 space.Developers = []string{userEmail} 226 } 227 if role == Auditor { 228 space.Auditors = []string{userEmail} 229 } 230 } 231 orgnaization.Spaces = []v2.Space{space} 232 } 233 payload.OrganizationRoles = []v2.OrgRole{orgnaization} 234 } 235 236 out, err := userInvite.InviteUsers(accountID, payload) 237 if err != nil { 238 log.Fatal(err) 239 } 240 241 fmt.Println("Invited User=", out) 242 243 //Fetch users in first page (max 100 users) 244 usersList, errList := userInvite.GetUsers(accountID) 245 if errList != nil { 246 log.Fatal(errList) 247 } 248 fmt.Println("List Of Users=", usersList) 249 var UserIAMID string 250 for _, u := range usersList.Resources { 251 if strings.ToLower(u.Email) == strings.ToLower(userEmail) { 252 UserIAMID = u.IamID 253 break 254 } 255 } 256 257 //Fetch ALL users in account 258 users_in_account, errList := userInvite.ListUsers(accountID) 259 if errList != nil { 260 log.Fatal(errList) 261 } 262 fmt.Println("Number Of Users=", len(users_in_account)) 263 264 settings, geterror := userInvite.GetUserSettings(accountID, UserIAMID) 265 if geterror != nil { 266 log.Fatal(geterror) 267 } 268 269 fmt.Println("GET User Settings=", settings) 270 271 UserSettingsPayload := v2.UserSettingOptions{} 272 273 if allowedIP != "" { 274 UserSettingsPayload.AllowedIPAddresses = allowedIP 275 } 276 277 resp, UserSettingError := userInvite.ManageUserSettings(accountID, UserIAMID, UserSettingsPayload) 278 if UserSettingError != nil { 279 log.Fatal(UserSettingError) 280 } 281 282 fmt.Println("PATCH User Settings=", resp) 283 284 profile, errProf := userInvite.GetUserProfile(accountID, UserIAMID) 285 if errProf != nil { 286 log.Fatal(errProf) 287 } 288 fmt.Println("UserProfile=", profile) 289 290 errRemove := userInvite.RemoveUsers(accountID, UserIAMID) 291 if errRemove != nil { 292 log.Fatal(errRemove) 293 } 294 }