forked from cloudflare/cloudflare-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
permission_group.go
99 lines (80 loc) · 2.95 KB
/
permission_group.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package cloudflare
import (
"context"
"errors"
"fmt"
"net/http"
"github.com/goccy/go-json"
)
type PermissionGroup struct {
ID string `json:"id"`
Name string `json:"name"`
Meta map[string]string `json:"meta"`
Permissions []Permission `json:"permissions"`
}
type Permission struct {
ID string `json:"id"`
Key string `json:"key"`
Attributes map[string]string `json:"attributes,omitempty"` // same as Meta in other structs
}
type PermissionGroupListResponse struct {
Success bool `json:"success"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
Result []PermissionGroup `json:"result"`
}
type PermissionGroupDetailResponse struct {
Success bool `json:"success"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
Result PermissionGroup `json:"result"`
}
type ListPermissionGroupParams struct {
Depth int `url:"depth,omitempty"`
RoleName string `url:"name,omitempty"`
}
const errMissingPermissionGroupID = "missing required permission group ID"
var ErrMissingPermissionGroupID = errors.New(errMissingPermissionGroupID)
// GetPermissionGroup returns a specific permission group from the API given
// the account ID and permission group ID.
func (api *API) GetPermissionGroup(ctx context.Context, rc *ResourceContainer, permissionGroupId string) (PermissionGroup, error) {
if rc.Level != AccountRouteLevel {
return PermissionGroup{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
}
if rc.Identifier == "" {
return PermissionGroup{}, ErrMissingAccountID
}
if permissionGroupId == "" {
return PermissionGroup{}, ErrMissingPermissionGroupID
}
uri := fmt.Sprintf("/accounts/%s/iam/permission_groups/%s?depth=2", rc.Identifier, permissionGroupId)
res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
if err != nil {
return PermissionGroup{}, err
}
var permissionGroupResponse PermissionGroupDetailResponse
err = json.Unmarshal(res, &permissionGroupResponse)
if err != nil {
return PermissionGroup{}, err
}
return permissionGroupResponse.Result, nil
}
// ListPermissionGroups returns all valid permission groups for the provided
// parameters.
func (api *API) ListPermissionGroups(ctx context.Context, rc *ResourceContainer, params ListPermissionGroupParams) ([]PermissionGroup, error) {
if rc.Level != AccountRouteLevel {
return []PermissionGroup{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
}
params.Depth = 2
uri := buildURI(fmt.Sprintf("/accounts/%s/iam/permission_groups", rc.Identifier), params)
res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
if err != nil {
return []PermissionGroup{}, err
}
var permissionGroupResponse PermissionGroupListResponse
err = json.Unmarshal(res, &permissionGroupResponse)
if err != nil {
return []PermissionGroup{}, err
}
return permissionGroupResponse.Result, nil
}