Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add iam org policy commands #553

Merged
merged 20 commits into from
Nov 23, 2023
Merged

Add iam org policy commands #553

merged 20 commits into from
Nov 23, 2023

Conversation

kobajagi
Copy link
Contributor

@kobajagi kobajagi commented Oct 18, 2023
edited
Loading

Description

This PR adds IAM Org Policy commands: exo iam org-policy show, exo iam org-policy replace and exo iam org-policy reset.

$ go run . iam org-policy 
IAM Organization Policy management

Usage:
  exo iam org-policy [command]

Available Commands:
  replace     Replace Org policy
  reset       Reset Org policy to default
  show        Show Org policy details
...

Checklist

(For exoscale contributors)

  • Changelog updated (under Unreleased block)
  • Testing

Testing

Show command

$ go run  . iam org-policy show
┼─────────┼─────────────────────────────────┼─────────────┼─────────────────────────────────────────────────────────────────────────────────────┼
│ SERVICE │ TYPE (DEFAULT STRATEGY "ALLOW") │ RULE ACTION │                                   RULE EXPRESSION                                   │
┼─────────┼─────────────────────────────────┼─────────────┼─────────────────────────────────────────────────────────────────────────────────────┼
│ sos     │ rules                           │ allow       │ operation in ['list-sos-buckets-usage', 'list-buckets']                             │
│         │                                 │ deny        │ !(resources.bucket in ['my-bucket', 'my-other-bucket'])                             │
│         │                                 │ allow       │ operation in ['list-objects', 'get-object']                                         │
│         │                                 │ deny        │ operation in ['get-bucket-acl', 'get-bucket-cors', 'get-bucket-ownership-controls'] │
│ cdn     │ deny                            │             │                                                                                     │
┼─────────┼─────────────────────────────────┼─────────────┼─────────────────────────────────────────────────────────────────────────────────────┼

Replace

$ go run . iam org-policy show --output-format json | jq 'del(.services.sos)' | go run . iam org-policy replace
┼─────────┼─────────────────────────────────┼─────────────┼─────────────────┼
│ SERVICE │ TYPE (DEFAULT STRATEGY "ALLOW") │ RULE ACTION │ RULE EXPRESSION │
┼─────────┼─────────────────────────────────┼─────────────┼─────────────────┼
│ cdn     │ deny                            │             │                 │
┼─────────┼─────────────────────────────────┼─────────────┼─────────────────┼

Reset

$ go run . iam org-policy reset
[+] This action will remove any resource constrains you may had set in your Org Policy. Proceed? [yN]: y
$ go run . iam org-policy show
┼─────────┼─────────────────────────────────┼─────────────┼─────────────────┼
│ SERVICE │ TYPE (DEFAULT STRATEGY "ALLOW") │ RULE ACTION │ RULE EXPRESSION │
┼─────────┼─────────────────────────────────┼─────────────┼─────────────────┼
┼─────────┼─────────────────────────────────┼─────────────┼─────────────────┼

@shortcut-integration
Copy link

This pull request has been linked to Shortcut Story #68211: IAMv3 Tooling.

@kobajagi kobajagi force-pushed the predrag/sc-68211/iamv3-tooling branch from b46487f to 67d3ce8 Compare November 15, 2023 08:10
@kobajagi kobajagi marked this pull request as ready for review November 15, 2023 08:46
@kobajagi kobajagi force-pushed the predrag/sc-68211/iamv3-tooling branch from ce5e212 to afff783 Compare November 20, 2023 15:19
@kobajagi kobajagi mentioned this pull request Nov 20, 2023
Merged
2 tasks
sauterp
sauterp approved these changes Nov 22, 2023
View reviewed changes
cmd/iam_org_policy_replace.go Outdated Show resolved Hide resolved
cmd/iam_org_policy_reset.go Outdated Show resolved Hide resolved
cmd/iam_org_policy_reset.go Outdated Show resolved Hide resolved
kobajagi and others added 3 commits November 22, 2023 11:54
@kobajagi kobajagi merged commit cb85f72 into master Nov 23, 2023
@kobajagi kobajagi deleted the predrag/sc-68211/iamv3-tooling branch November 23, 2023 11:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PhilippeChepy PhilippeChepy PhilippeChepy approved these changes

@sauterp sauterp sauterp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kobajagi @PhilippeChepy @sauterp