Documentation
¶
Overview ¶
Copyright © 2023 netr0m <netr0m@pm.me>
Copyright © 2023 netr0m <netr0m@pm.me>
Copyright © 2023 netr0m <netr0m@pm.me>
Copyright © 2024 netr0m <netr0m@pm.me>
Index ¶
- Constants
- func GetPIMAccessTokenAzureCLI(scope string) string
- func IsGroupAssignmentRequestFailed(requestResponse *GroupAssignmentRequestResponse) bool
- func IsGroupAssignmentRequestOK(requestResponse *GroupAssignmentRequestResponse) bool
- func IsGroupAssignmentRequestPending(requestResponse *GroupAssignmentRequestResponse) bool
- func IsRoleAssignmentRequestFailed(requestResponse *RoleAssignmentRequestResponse) bool
- func IsRoleAssignmentRequestOK(requestResponse *RoleAssignmentRequestResponse) bool
- func IsRoleAssignmentRequestPending(requestResponse *RoleAssignmentRequestResponse) bool
- func Request(request *PIMRequest, responseModel any) any
- func ValidateGroupAssignmentRequest(groupAssignmentRequest GroupAssignmentRequest, token string) bool
- func ValidateRoleAssignmentRequest(scope string, roleAssignmentRequest RoleAssignmentRequestRequest, token string) bool
- type AzureUserInfo
- type AzureUserInfoClaims
- type GroupAssignment
- type GroupAssignmentRequest
- type GroupAssignmentRequestResponse
- type GroupAssignmentRequestStatus
- type GroupAssignmentResponse
- type GroupAssignmentSchedule
- type GroupAssignmentSubject
- type GroupDefinition
- type GroupResource
- type PIMRequest
- type RoleAssignment
- type RoleAssignmentRequestProperties
- type RoleAssignmentRequestRequest
- type RoleAssignmentRequestResponse
- type RoleAssignmentResponse
- type RoleAssignmentValidationProperties
- type RoleExpandedProperties
- type RoleExpandedProperty
- type RoleProperties
- type ScheduleInfo
- type ScheduleInfoExpiration
- type TicketInfo
Constants ¶
View Source
const ( StatusAccepted string = "Accepted" StatusAdminApproved string = "AdminApproved" StatusAdminDenied string = "AdminDenied" StatusCanceled string = "Canceled" StatusDenied string = "Denied" StatusFailed string = "Failed" StatusFailedAsResourceIsLocked string = "FailedAsResourceIsLocked" StatusGranted string = "Granted" StatusInvalid string = "Invalid" StatusPendingAdminDecision string = "PendingAdminDecision" StatusPendingApproval string = "PendingApproval" StatusPendingApprovalProvisioning string = "PendingApprovalProvisioning" StatusPendingEvaluation string = "PendingEvaluation" StatusPendingExternalProvisioning string = "PendingExternalProvisioning" StatusPendingProvisioning string = "PendingProvisioning" StatusPendingRevocation string = "PendingRevocation" StatusPendingScheduleCreation string = "PendingScheduleCreation" StatusProvisioned string = "Provisioned" StatusProvisioningStarted string = "ProvisioningStarted" StatusRevoked string = "Revoked" StatusScheduleCreated string = "ScheduleCreated" StatusTimedOut string = "TimedOut" )
View Source
const AZ_AUTHORITY string = "https://login.microsoftonline.com/"
Authority used for Azure authentication
View Source
const AZ_PIM_API_VERSION string = "2020-10-01"
API version for the "role eligibility schedule instances" (i.e. eligible azure resource role assignments)
View Source
const AZ_PIM_BASE_PATH string = "providers/Microsoft.Authorization"
Base path for the Azure Entra PIM API
View Source
const AZ_PIM_BASE_URL string = "https://management.azure.com"
Base URL for the Azure Entra PIM API
View Source
const AZ_PIM_GROUP_BASE_PATH = "api/v2/privilegedAccess"
Base path for the Azure PIM Groups API
View Source
const AZ_PIM_GROUP_BASE_URL string = "https://api.azrbac.mspim.azure.com"
Base URL for the Azure PIM Groups API
View Source
const AZ_PIM_SCOPE string = AZ_PIM_BASE_URL
Scope used for Azure authentication
View Source
const DEFAULT_DURATION_MINUTES int = 480
Default duration for role activation
View Source
const DEFAULT_REASON string = "config"
Default reason for role activation
Variables ¶
This section is empty.
Functions ¶
func IsGroupAssignmentRequestFailed ¶
func IsGroupAssignmentRequestFailed(requestResponse *GroupAssignmentRequestResponse) bool
func IsGroupAssignmentRequestOK ¶
func IsGroupAssignmentRequestOK(requestResponse *GroupAssignmentRequestResponse) bool
func IsGroupAssignmentRequestPending ¶
func IsGroupAssignmentRequestPending(requestResponse *GroupAssignmentRequestResponse) bool
func IsRoleAssignmentRequestFailed ¶
func IsRoleAssignmentRequestFailed(requestResponse *RoleAssignmentRequestResponse) bool
func IsRoleAssignmentRequestOK ¶
func IsRoleAssignmentRequestOK(requestResponse *RoleAssignmentRequestResponse) bool
func IsRoleAssignmentRequestPending ¶
func IsRoleAssignmentRequestPending(requestResponse *RoleAssignmentRequestResponse) bool
func Request ¶
func Request(request *PIMRequest, responseModel any) any
func ValidateGroupAssignmentRequest ¶
func ValidateGroupAssignmentRequest(groupAssignmentRequest GroupAssignmentRequest, token string) bool
func ValidateRoleAssignmentRequest ¶
func ValidateRoleAssignmentRequest(scope string, roleAssignmentRequest RoleAssignmentRequestRequest, token string) bool
Types ¶
type AzureUserInfo ¶
func GetUserInfo ¶
func GetUserInfo(token string) AzureUserInfo
type AzureUserInfoClaims ¶
type AzureUserInfoClaims struct {
*jwt.MapClaims
*AzureUserInfo
}
type GroupAssignment ¶
type GroupAssignment struct {
Id string `json:"id"`
ResourceId string `json:"resourceId"`
RoleDefinitionId string `json:"roleDefinitionId"`
SubjectId string `json:"subjectId"`
AssignmentState string `json:"assignmentState"`
Status string `json:"status"`
Subject *GroupAssignmentSubject `json:"subject"`
RoleDefinition *GroupDefinition `json:"roleDefinition"`
}
type GroupAssignmentRequest ¶
type GroupAssignmentRequest struct {
RoleDefinitionId string `json:"roleDefinitionId"`
ResourceId string `json:"resourceId"`
SubjectId string `json:"subjectId"`
AssignmentState string `json:"assignmentState"`
Type string `json:"type"`
Reason string `json:"reason"`
TicketNumber string `json:"ticketNumber"`
TicketSystem string `json:"ticketSystem"`
Schedule *GroupAssignmentSchedule `json:"schedule"`
LinkedEligibleRoleAssignmentId string `json:"linkedEligibleRoleAssignmentId"`
ScopedResourceId string `json:"scopedResourceId"`
}
type GroupAssignmentRequestResponse ¶
type GroupAssignmentRequestResponse struct {
Id string `json:"id"`
ResourceId string `json:"resourceId"`
RoleDefinitionId string `json:"roleDefinitionId"`
SubjectId string `json:"subjectId"`
ScopedResourceId string `json:"scopedResourceId"`
LinkedEligibleRoleAssignmentId string `json:"linkedEligibleRoleAssignmentId"`
Type string `json:"type"`
AssignmentState string `json:"assignmentState"`
RequestedDateTime string `json:"requestedDateTime"`
RoleAssignmentStartDateTime string `json:"roleAssignmentStartDateTime"`
RoleAssignmentEndDateTime string `json:"roleAssignmentEndDateTime"`
Reason string `json:"reason"`
TicketNumber string `json:"ticketNumber"`
TicketSystem string `json:"ticketSystem"`
Condition string `json:"condition"`
ConditionVersion string `json:"conditionVersion"`
ConditionDescription string `json:"conditionDescription"`
Status *GroupAssignmentRequestStatus `json:"status"`
Schedule *GroupAssignmentSchedule `json:"schedule"`
Metadata map[string]interface{} `json:"metadata"`
}
func RequestGroupAssignment ¶
func RequestGroupAssignment(subjectId string, groupAssignment *GroupAssignment, duration int, reason string, token string) *GroupAssignmentRequestResponse
type GroupAssignmentResponse ¶
type GroupAssignmentResponse struct {
Value []GroupAssignment `json:"value"`
}
func GetEligibleGroupAssignments ¶
func GetEligibleGroupAssignments(token string, subjectId string) *GroupAssignmentResponse
type GroupAssignmentSchedule ¶
type GroupAssignmentSubject ¶
type GroupDefinition ¶
type GroupDefinition struct {
Id string `json:"id"`
ResourceId string `json:"resourceId"`
Type string `json:"type"`
DisplayName string `json:"displayName"`
Resource *GroupResource `json:"resource"`
}
type GroupResource ¶
type PIMRequest ¶
type RoleAssignment ¶
type RoleAssignment struct {
Properties *RoleProperties `json:"properties"`
Name string `json:"name"`
Id string `json:"id"`
Type string `json:"type"`
}
type RoleAssignmentRequestProperties ¶
type RoleAssignmentRequestProperties struct {
PrincipalId string `json:"PrincipalId"`
RoleDefinitionId string `json:"RoleDefinitionId"`
RequestType string `json:"RequestType"`
LinkedRoleEligibilityScheduleId string `json:"LinkedRoleEligibilityScheduleId"`
Justification string `json:"Justification"`
ScheduleInfo *ScheduleInfo `json:"ScheduleInfo"`
TicketInfo *TicketInfo `json:"TicketInfo"`
IsValidationOnly bool `json:"IsValidationOnly"`
IsActivativation bool `json:"IsActivativation"` // yes, this typo is in the API
}
type RoleAssignmentRequestRequest ¶
type RoleAssignmentRequestRequest struct {
Properties RoleAssignmentRequestProperties `json:"Properties"`
}
type RoleAssignmentRequestResponse ¶
type RoleAssignmentRequestResponse struct {
Properties *RoleAssignmentValidationProperties `json:"properties"`
Name string `json:"name"`
Id string `json:"id"`
Type string `json:"type"`
}
func RequestRoleAssignment ¶
func RequestRoleAssignment(subjectId string, roleAssignment *RoleAssignment, duration int, reason string, token string) *RoleAssignmentRequestResponse
type RoleAssignmentResponse ¶
type RoleAssignmentResponse struct {
Value []RoleAssignment `json:"value"`
}
func GetEligibleRoleAssignments ¶
func GetEligibleRoleAssignments(token string) *RoleAssignmentResponse
type RoleAssignmentValidationProperties ¶
type RoleAssignmentValidationProperties struct {
LinkedRoleEligibilityScheduleId string `json:"linkedRoleEligibilityScheduleId"`
TargetRoleAssignmentScheduleId string `json:"targetRoleAssignmentScheduleId"`
Scope string `json:"scope"`
RoleDefinitionId string `json:"roleDefinitionId"`
PrincipalId string `json:"principalId"`
PrincipalType string `json:"principalType"`
RequestType string `json:"requestType"`
Status string `json:"status"`
ScheduleInfo *ScheduleInfo `json:"scheduleInfo"`
TicketInfo *TicketInfo `json:"ticketInfo"`
Justification string `json:"justification"`
RequestorId string `json:"requestorId"`
CreatedOn string `json:"createdOn"`
ExpandedProperties *RoleExpandedProperties `json:"expandedProperties"`
}
type RoleExpandedProperties ¶
type RoleExpandedProperties struct {
Principal *RoleExpandedProperty `json:"principal"`
RoleDefinition *RoleExpandedProperty `json:"roleDefinition"`
Scope *RoleExpandedProperty `json:"scope"`
}
type RoleExpandedProperty ¶
type RoleProperties ¶
type RoleProperties struct {
RoleEligibilityScheduleId string `json:"roleEligibilityScheduleId"`
Scope string `json:"scope"`
RoleDefinitionId string `json:"roleDefinitionId"`
PrincipalId string `json:"principalId"`
PrincipalType string `json:"principalType"`
Status string `json:"status"`
StartDateTime string `json:"startDateTime"`
EndDateTime string `json:"endDateTime"`
MemberType string `json:"memberType"`
CreatedOn string `json:"createdOn"`
Condition string `json:"condition"`
ConditionVersion string `json:"conditionVersion"`
ExpandedProperties *RoleExpandedProperties `json:"expandedProperties"`
}
type ScheduleInfo ¶
type ScheduleInfo struct {
StartDateTime interface{} `json:"startDateTime"`
Expiration *ScheduleInfoExpiration `json:"expiration"`
EndDateTime interface{} `json:"endDateTime"`
}
type ScheduleInfoExpiration ¶
type TicketInfo ¶
Source Files
Click to show internal directories.
Click to hide internal directories.