-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Maksim Kuznetsov
committed
Jul 24, 2024
1 parent
cd9d6a0
commit 9ee8a1f
Showing
13 changed files
with
1,623 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # Create Federation with Certificate & add User | ||
|
|
||
| This example program demonstrates how to manage creating and deleting Federation with Certificate and assigning Users. | ||
|
|
||
| The part of deleting is disabled by `deleteAfterRun` variable. | ||
|
|
||
| ## Running this example | ||
|
|
||
| Running this file will execute the following operations: | ||
|
|
||
| 1. **Create Federation:** Create is used to create a new Federation. | ||
| 2. **Create Certificate for Federation:** Create is used to create a new Certificate for Federation. | ||
| 3. **Create federated User:** Create is used to create a new federated User. | ||
| 4. **Update Federation:** Updates the Federation Name and Description. | ||
| 5. **(Delete Federation):** _(disabled by default)_ Delete a just-created Federation on a previous step. | ||
| 6. **(Delete Federation Certificate):** _(disabled by default)_ Delete a just-created Federation Certificate on a previous step. | ||
| 7. **(Delete User):** _(disabled by default)_ Delete a just-created federated User on a previous step. | ||
|
|
||
| You should see an output like the following: | ||
| ``` | ||
| Step 1: Created Federation Name: federation_name ID: 1a2b3c... | ||
| Step 2: Created Certificate for Federation ID: 12345_3... Federation ID: 1a2b3c... | ||
| Step 3: Created federated User ID: 54321_2... Keystone ID: 1c2b3a... | ||
| Step 4: Updated Federation Name and Description | ||
| Step 5: Deleting Federation with ID: 1a2b3c... | ||
| Step 6: Deleting Federation Certificate with ID: 12345_3... | ||
| Step 6: Deleting User with ID: 54321_2... | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,123 @@ | ||
| package main | ||
|
|
||
| import ( | ||
| "context" | ||
| "fmt" | ||
|
|
||
| "github.com/selectel/iam-go" | ||
| "github.com/selectel/iam-go/service/federations" | ||
| "github.com/selectel/iam-go/service/federations/certificates" | ||
| "github.com/selectel/iam-go/service/roles" | ||
| "github.com/selectel/iam-go/service/users" | ||
| ) | ||
|
|
||
| var ( | ||
| // KeystoneToken | ||
| token = "gAAAAA..." | ||
| deleteAfterRun = false | ||
|
|
||
| // Prefix to be added to User-Agent. | ||
| prefix = "iam-go" | ||
|
|
||
| federationName = "federation_name" | ||
| federationDescription = "federation_description" | ||
| updatedFederationName = "new_federation_name" | ||
| updatedFederationDescription = "new_federation_description" | ||
|
|
||
| certificateName = "certificate name" | ||
| certificateDescription = "certificate description" | ||
| certificateData = "cert" | ||
|
|
||
| userEmail = "[email protected]" | ||
| userExternalID = "some_id" | ||
| ) | ||
|
|
||
| func main() { | ||
| // Create a new IAM client. | ||
| iamClient, err := iam.New( | ||
| iam.WithAuthOpts(&iam.AuthOpts{KeystoneToken: token}), | ||
| iam.WithUserAgentPrefix(prefix), | ||
| ) | ||
| if err != nil { | ||
| fmt.Println(err) | ||
| return | ||
| } | ||
|
|
||
| federationsAPI := iamClient.Federations | ||
| federationsCertificatesAPI := iamClient.FederationsCertificates | ||
| usersAPI := iamClient.Users | ||
|
|
||
| ctx := context.Background() | ||
|
|
||
| federation, err := federationsAPI.Create(ctx, federations.CreateRequest{ | ||
| Federation: federations.Federation{ | ||
| Name: federationName, | ||
| Description: federationDescription, | ||
| Issuer: "http://localhost:8080/realms/master", | ||
| SSOUrl: "http://localhost:8080/realms/master/protocol/saml", | ||
| SignAuthnRequests: true, | ||
| ForceAuthn: true, | ||
| SessionMaxAgeHours: 100, | ||
| }, | ||
| }) | ||
| if err != nil { | ||
| fmt.Println(err) | ||
| return | ||
| } | ||
| fmt.Printf("Step 1: Created Federation Name: %s ID: %s\n", federation.Name, federation.ID) | ||
|
|
||
| certificate, err := federationsCertificatesAPI.Create(ctx, federation.ID, certificates.CreateRequest{ | ||
| Name: certificateName, | ||
| Description: certificateDescription, | ||
| Data: certificateData, | ||
| }) | ||
| if err != nil { | ||
| fmt.Println(err) | ||
| return | ||
| } | ||
| fmt.Printf("Step 2: Created Certificate for Federation ID: %s Federation ID: %s\n", certificate.ID, federation.ID) | ||
|
|
||
| user, err := usersAPI.Create(ctx, users.CreateRequest{ | ||
| AuthType: users.Federated, | ||
| Email: userEmail, | ||
| Federation: &users.Federation{ | ||
| ExternalID: userExternalID, | ||
| ID: federation.ID, | ||
| }, | ||
| Roles: []roles.Role{{Scope: roles.Account, RoleName: roles.Reader}}, | ||
| }) | ||
| if err != nil { | ||
| fmt.Println(err) | ||
| return | ||
| } | ||
| fmt.Printf("Step 3: Created federated User ID: %s Keystone ID: %s\n", user.ID, user.KeystoneID) | ||
|
|
||
| err = federationsAPI.Update(ctx, federation.ID, federations.UpdateRequest{ | ||
| Federation: federations.Federation{ | ||
| Name: updatedFederationName, | ||
| Description: updatedFederationDescription, | ||
| }, | ||
| }) | ||
| if err != nil { | ||
| fmt.Println(err) | ||
| return | ||
| } | ||
| fmt.Printf("Step 4: Updated Federation Name and Description") | ||
|
|
||
| if deleteAfterRun { | ||
| fmt.Printf("Step 5: Deleting Federation with ID: %s\n", federation.ID) | ||
| if err = federationsAPI.Delete(ctx, federation.ID); err != nil { | ||
| fmt.Println(err) | ||
| } | ||
|
|
||
| fmt.Printf("Step 6: Deleting Federation Certificate with ID: %s\n", certificate.ID) | ||
| if err = federationsAPI.Delete(ctx, federation.ID); err != nil { | ||
| fmt.Println(err) | ||
| } | ||
|
|
||
| fmt.Printf("Step 7: Deleting User with ID: %s\n", user.ID) | ||
| if err = usersAPI.Delete(ctx, user.ID); err != nil { | ||
| fmt.Println(err) | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.