-
Notifications
You must be signed in to change notification settings - Fork 152
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(iam): improve rules handling (#3753)
- Loading branch information
Showing
16 changed files
with
1,173 additions
and
20 deletions.
There are no files selected for viewing
21 changes: 21 additions & 0 deletions
21
cmd/scw/testdata/test-all-usage-iam-rule-create-usage.golden
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲 | ||
🟥🟥🟥 STDERR️️ 🟥🟥🟥️ | ||
Create a rule for a specific IAM policy | ||
|
||
USAGE: | ||
scw iam rule create <policy-id ...> [arg=value ...] | ||
|
||
ARGS: | ||
policy-id Id of policy to update | ||
[permission-set-names.{index}] Names of permission sets bound to the rule | ||
[project-ids.{index}] List of Project IDs the rule is scoped to | ||
[organization-id] ID of Organization the rule is scoped to | ||
|
||
FLAGS: | ||
-h, --help help for create | ||
|
||
GLOBAL FLAGS: | ||
-c, --config string The path to the config file | ||
-D, --debug Enable debug mode | ||
-o, --output string Output format: json or human, see 'scw help output' for more info (default "human") | ||
-p, --profile string The config profile to use |
19 changes: 19 additions & 0 deletions
19
cmd/scw/testdata/test-all-usage-iam-rule-delete-usage.golden
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲 | ||
🟥🟥🟥 STDERR️️ 🟥🟥🟥️ | ||
Delete a rule for a specific IAM policy | ||
|
||
USAGE: | ||
scw iam rule delete <policy-id ...> [arg=value ...] | ||
|
||
ARGS: | ||
policy-id Id of policy to update | ||
[rule-id] Id of rule to delete | ||
|
||
FLAGS: | ||
-h, --help help for delete | ||
|
||
GLOBAL FLAGS: | ||
-c, --config string The path to the config file | ||
-D, --debug Enable debug mode | ||
-o, --output string Output format: json or human, see 'scw help output' for more info (default "human") | ||
-p, --profile string The config profile to use |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
package iam | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
|
||
"github.com/scaleway/scaleway-cli/v2/internal/core" | ||
iam "github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1" | ||
"github.com/scaleway/scaleway-sdk-go/scw" | ||
) | ||
|
||
func iamPolicyCreateBuilder(c *core.Command) *core.Command { | ||
c.ArgSpecs.GetByName("rules.{index}.permission-set-names.{index}").AutoCompleteFunc = func(ctx context.Context, _ string, _ any) core.AutocompleteSuggestions { | ||
client := core.ExtractClient(ctx) | ||
api := iam.NewAPI(client) | ||
// TODO: store result in a CLI cache | ||
resp, err := api.ListPermissionSets(&iam.ListPermissionSetsRequest{ | ||
PageSize: scw.Uint32Ptr(100), | ||
}, scw.WithAllPages()) | ||
if err != nil { | ||
return nil | ||
} | ||
suggestions := core.AutocompleteSuggestions{} | ||
for _, ps := range resp.PermissionSets { | ||
suggestions = append(suggestions, ps.Name) | ||
} | ||
return suggestions | ||
} | ||
return c | ||
} | ||
|
||
type PolicyGetInterceptorResponse struct { | ||
*iam.Policy | ||
Rules []*iam.Rule | ||
} | ||
|
||
func iamPolicyGetBuilder(c *core.Command) *core.Command { | ||
c.View = &core.View{ | ||
Title: "Policy", | ||
Sections: []*core.ViewSection{ | ||
{ | ||
Title: "Rules", | ||
FieldName: "Rules", | ||
}, | ||
}, | ||
} | ||
c.AddInterceptors(func(ctx context.Context, argsI interface{}, runner core.CommandRunner) (interface{}, error) { | ||
args := argsI.(*iam.GetPolicyRequest) | ||
api := iam.NewAPI(core.ExtractClient(ctx)) | ||
|
||
respI, err := runner(ctx, argsI) | ||
if err != nil { | ||
return respI, err | ||
} | ||
resp := &PolicyGetInterceptorResponse{ | ||
Policy: respI.(*iam.Policy), | ||
} | ||
|
||
rules, err := api.ListRules(&iam.ListRulesRequest{ | ||
PolicyID: args.PolicyID, | ||
}, scw.WithContext(ctx), scw.WithAllPages()) | ||
if err != nil { | ||
return nil, fmt.Errorf("failed to list rules for given policy: %w", err) | ||
} | ||
resp.Rules = rules.Rules | ||
|
||
return resp, nil | ||
}) | ||
|
||
return c | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
package iam_test | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/alecthomas/assert" | ||
"github.com/scaleway/scaleway-cli/v2/internal/core" | ||
"github.com/scaleway/scaleway-cli/v2/internal/namespaces/account/v3" | ||
iam "github.com/scaleway/scaleway-cli/v2/internal/namespaces/iam/v1alpha1" | ||
) | ||
|
||
func Test_getPolicyWithRules(t *testing.T) { | ||
t.Run("simple", core.Test(&core.TestConfig{ | ||
Commands: core.NewCommandsMerge( | ||
iam.GetCommands(), | ||
account.GetCommands(), | ||
), | ||
BeforeFunc: core.BeforeFuncCombine( | ||
core.ExecStoreBeforeCmd("Project", "scw account project create name=test-cli-get-policy"), | ||
core.ExecStoreBeforeCmd("Policy", "scw iam policy create name=test-cli-get-policy no-principal=true rules.0.permission-set-names.0=IPAMReadOnly rules.0.project-ids.0={{ .Project.ID }}"), | ||
), | ||
Cmd: `scw iam policy get {{ .Policy.ID }}`, | ||
Check: core.TestCheckCombine( | ||
func(t *testing.T, ctx *core.CheckFuncCtx) { | ||
assert.Contains(t, string(ctx.Stdout), "IPAMReadOnly") | ||
}, | ||
core.TestCheckGolden(), | ||
core.TestCheckExitCode(0), | ||
), | ||
AfterFunc: core.AfterFuncCombine( | ||
core.ExecAfterCmd("scw iam policy delete {{ .Policy.ID }}"), | ||
core.ExecAfterCmd("scw account project delete project-id={{ .Project.ID }}"), | ||
), | ||
})) | ||
} |
Oops, something went wrong.