Documentation ¶
Overview ¶
Copyright © 2023 netr0m <netr0m@pm.me>
Copyright © 2023 netr0m <netr0m@pm.me>
Copyright © 2023 netr0m <netr0m@pm.me>
Copyright © 2024 netr0m <netr0m@pm.me>
Index ¶
- Constants
- func GetPIMAccessTokenAzureCLI(scope string) string
- func IsGroupAssignmentRequestFailed(requestResponse *GroupAssignmentRequestResponse) bool
- func IsGroupAssignmentRequestOK(requestResponse *GroupAssignmentRequestResponse) bool
- func IsGroupAssignmentRequestPending(requestResponse *GroupAssignmentRequestResponse) bool
- func IsRoleAssignmentRequestFailed(requestResponse *RoleAssignmentRequestResponse) bool
- func IsRoleAssignmentRequestOK(requestResponse *RoleAssignmentRequestResponse) bool
- func IsRoleAssignmentRequestPending(requestResponse *RoleAssignmentRequestResponse) bool
- func Request(request *PIMRequest, responseModel any) any
- func ValidateGroupAssignmentRequest(groupAssignmentRequest GroupAssignmentRequest, token string) bool
- func ValidateRoleAssignmentRequest(scope string, roleAssignmentRequest RoleAssignmentRequestRequest, token string) bool
- type AzureUserInfo
- type AzureUserInfoClaims
- type GroupAssignment
- type GroupAssignmentRequest
- type GroupAssignmentRequestResponse
- type GroupAssignmentRequestStatus
- type GroupAssignmentResponse
- type GroupAssignmentSchedule
- type GroupAssignmentSubject
- type GroupDefinition
- type GroupResource
- type PIMRequest
- type RoleAssignment
- type RoleAssignmentRequestProperties
- type RoleAssignmentRequestRequest
- type RoleAssignmentRequestResponse
- type RoleAssignmentResponse
- type RoleAssignmentValidationProperties
- type RoleExpandedProperties
- type RoleExpandedProperty
- type RoleProperties
- type ScheduleInfo
- type ScheduleInfoExpiration
- type TicketInfo
Constants ¶
View Source
const ( StatusAccepted string = "Accepted" StatusAdminApproved string = "AdminApproved" StatusAdminDenied string = "AdminDenied" StatusCanceled string = "Canceled" StatusDenied string = "Denied" StatusFailed string = "Failed" StatusFailedAsResourceIsLocked string = "FailedAsResourceIsLocked" StatusGranted string = "Granted" StatusInvalid string = "Invalid" StatusPendingAdminDecision string = "PendingAdminDecision" StatusPendingApproval string = "PendingApproval" StatusPendingApprovalProvisioning string = "PendingApprovalProvisioning" StatusPendingEvaluation string = "PendingEvaluation" StatusPendingExternalProvisioning string = "PendingExternalProvisioning" StatusPendingProvisioning string = "PendingProvisioning" StatusPendingRevocation string = "PendingRevocation" StatusPendingScheduleCreation string = "PendingScheduleCreation" StatusProvisioned string = "Provisioned" StatusProvisioningStarted string = "ProvisioningStarted" StatusRevoked string = "Revoked" StatusScheduleCreated string = "ScheduleCreated" StatusTimedOut string = "TimedOut" )
View Source
const AZ_AUTHORITY string = "https://login.microsoftonline.com/"
Authority used for Azure authentication
View Source
const AZ_PIM_API_VERSION string = "2020-10-01"
API version for the "role eligibility schedule instances" (i.e. eligible azure resource role assignments)
View Source
const AZ_PIM_BASE_PATH string = "providers/Microsoft.Authorization"
Base path for the Azure Entra PIM API
View Source
const AZ_PIM_BASE_URL string = "https://management.azure.com"
Base URL for the Azure Entra PIM API
View Source
const AZ_PIM_GROUP_BASE_PATH = "api/v2/privilegedAccess"
Base path for the Azure PIM Groups API
View Source
const AZ_PIM_GROUP_BASE_URL string = "https://api.azrbac.mspim.azure.com"
Base URL for the Azure PIM Groups API
View Source
const AZ_PIM_SCOPE string = AZ_PIM_BASE_URL
Scope used for Azure authentication
View Source
const DEFAULT_DURATION_MINUTES int = 480
Default duration for role activation
View Source
const DEFAULT_REASON string = "config"
Default reason for role activation
Variables ¶
This section is empty.
Functions ¶
func IsGroupAssignmentRequestFailed ¶
func IsGroupAssignmentRequestFailed(requestResponse *GroupAssignmentRequestResponse) bool
func IsGroupAssignmentRequestOK ¶
func IsGroupAssignmentRequestOK(requestResponse *GroupAssignmentRequestResponse) bool
func IsGroupAssignmentRequestPending ¶
func IsGroupAssignmentRequestPending(requestResponse *GroupAssignmentRequestResponse) bool
func IsRoleAssignmentRequestFailed ¶
func IsRoleAssignmentRequestFailed(requestResponse *RoleAssignmentRequestResponse) bool
func IsRoleAssignmentRequestOK ¶
func IsRoleAssignmentRequestOK(requestResponse *RoleAssignmentRequestResponse) bool
func IsRoleAssignmentRequestPending ¶
func IsRoleAssignmentRequestPending(requestResponse *RoleAssignmentRequestResponse) bool
func Request ¶
func Request(request *PIMRequest, responseModel any) any
func ValidateGroupAssignmentRequest ¶
func ValidateGroupAssignmentRequest(groupAssignmentRequest GroupAssignmentRequest, token string) bool
func ValidateRoleAssignmentRequest ¶
func ValidateRoleAssignmentRequest(scope string, roleAssignmentRequest RoleAssignmentRequestRequest, token string) bool
Types ¶
type AzureUserInfo ¶
func GetUserInfo ¶
func GetUserInfo(token string) AzureUserInfo
type AzureUserInfoClaims ¶
type AzureUserInfoClaims struct { *jwt.MapClaims *AzureUserInfo }
type GroupAssignment ¶
type GroupAssignment struct { Id string `json:"id"` ResourceId string `json:"resourceId"` RoleDefinitionId string `json:"roleDefinitionId"` SubjectId string `json:"subjectId"` AssignmentState string `json:"assignmentState"` Status string `json:"status"` Subject *GroupAssignmentSubject `json:"subject"` RoleDefinition *GroupDefinition `json:"roleDefinition"` }
type GroupAssignmentRequest ¶
type GroupAssignmentRequest struct { RoleDefinitionId string `json:"roleDefinitionId"` ResourceId string `json:"resourceId"` SubjectId string `json:"subjectId"` AssignmentState string `json:"assignmentState"` Type string `json:"type"` Reason string `json:"reason"` TicketNumber string `json:"ticketNumber"` TicketSystem string `json:"ticketSystem"` Schedule *GroupAssignmentSchedule `json:"schedule"` LinkedEligibleRoleAssignmentId string `json:"linkedEligibleRoleAssignmentId"` ScopedResourceId string `json:"scopedResourceId"` }
type GroupAssignmentRequestResponse ¶
type GroupAssignmentRequestResponse struct { Id string `json:"id"` ResourceId string `json:"resourceId"` RoleDefinitionId string `json:"roleDefinitionId"` SubjectId string `json:"subjectId"` ScopedResourceId string `json:"scopedResourceId"` LinkedEligibleRoleAssignmentId string `json:"linkedEligibleRoleAssignmentId"` Type string `json:"type"` AssignmentState string `json:"assignmentState"` RequestedDateTime string `json:"requestedDateTime"` RoleAssignmentStartDateTime string `json:"roleAssignmentStartDateTime"` RoleAssignmentEndDateTime string `json:"roleAssignmentEndDateTime"` Reason string `json:"reason"` TicketNumber string `json:"ticketNumber"` TicketSystem string `json:"ticketSystem"` Condition string `json:"condition"` ConditionVersion string `json:"conditionVersion"` ConditionDescription string `json:"conditionDescription"` Status *GroupAssignmentRequestStatus `json:"status"` Schedule *GroupAssignmentSchedule `json:"schedule"` Metadata map[string]interface{} `json:"metadata"` }
func RequestGroupAssignment ¶
func RequestGroupAssignment(subjectId string, groupAssignment *GroupAssignment, duration int, reason string, token string) *GroupAssignmentRequestResponse
type GroupAssignmentResponse ¶
type GroupAssignmentResponse struct {
Value []GroupAssignment `json:"value"`
}
func GetEligibleGroupAssignments ¶
func GetEligibleGroupAssignments(token string, subjectId string) *GroupAssignmentResponse
type GroupAssignmentSchedule ¶
type GroupAssignmentSubject ¶
type GroupDefinition ¶
type GroupDefinition struct { Id string `json:"id"` ResourceId string `json:"resourceId"` Type string `json:"type"` DisplayName string `json:"displayName"` Resource *GroupResource `json:"resource"` }
type GroupResource ¶
type PIMRequest ¶
type RoleAssignment ¶
type RoleAssignment struct { Properties *RoleProperties `json:"properties"` Name string `json:"name"` Id string `json:"id"` Type string `json:"type"` }
type RoleAssignmentRequestProperties ¶
type RoleAssignmentRequestProperties struct { PrincipalId string `json:"PrincipalId"` RoleDefinitionId string `json:"RoleDefinitionId"` RequestType string `json:"RequestType"` LinkedRoleEligibilityScheduleId string `json:"LinkedRoleEligibilityScheduleId"` Justification string `json:"Justification"` ScheduleInfo *ScheduleInfo `json:"ScheduleInfo"` TicketInfo *TicketInfo `json:"TicketInfo"` IsValidationOnly bool `json:"IsValidationOnly"` IsActivativation bool `json:"IsActivativation"` // yes, this typo is in the API }
type RoleAssignmentRequestRequest ¶
type RoleAssignmentRequestRequest struct {
Properties RoleAssignmentRequestProperties `json:"Properties"`
}
type RoleAssignmentRequestResponse ¶
type RoleAssignmentRequestResponse struct { Properties *RoleAssignmentValidationProperties `json:"properties"` Name string `json:"name"` Id string `json:"id"` Type string `json:"type"` }
func RequestRoleAssignment ¶
func RequestRoleAssignment(subjectId string, roleAssignment *RoleAssignment, duration int, reason string, token string) *RoleAssignmentRequestResponse
type RoleAssignmentResponse ¶
type RoleAssignmentResponse struct {
Value []RoleAssignment `json:"value"`
}
func GetEligibleRoleAssignments ¶
func GetEligibleRoleAssignments(token string) *RoleAssignmentResponse
type RoleAssignmentValidationProperties ¶
type RoleAssignmentValidationProperties struct { LinkedRoleEligibilityScheduleId string `json:"linkedRoleEligibilityScheduleId"` TargetRoleAssignmentScheduleId string `json:"targetRoleAssignmentScheduleId"` Scope string `json:"scope"` RoleDefinitionId string `json:"roleDefinitionId"` PrincipalId string `json:"principalId"` PrincipalType string `json:"principalType"` RequestType string `json:"requestType"` Status string `json:"status"` ScheduleInfo *ScheduleInfo `json:"scheduleInfo"` TicketInfo *TicketInfo `json:"ticketInfo"` Justification string `json:"justification"` RequestorId string `json:"requestorId"` CreatedOn string `json:"createdOn"` ExpandedProperties *RoleExpandedProperties `json:"expandedProperties"` }
type RoleExpandedProperties ¶
type RoleExpandedProperties struct { Principal *RoleExpandedProperty `json:"principal"` RoleDefinition *RoleExpandedProperty `json:"roleDefinition"` Scope *RoleExpandedProperty `json:"scope"` }
type RoleExpandedProperty ¶
type RoleProperties ¶
type RoleProperties struct { RoleEligibilityScheduleId string `json:"roleEligibilityScheduleId"` Scope string `json:"scope"` RoleDefinitionId string `json:"roleDefinitionId"` PrincipalId string `json:"principalId"` PrincipalType string `json:"principalType"` Status string `json:"status"` StartDateTime string `json:"startDateTime"` EndDateTime string `json:"endDateTime"` MemberType string `json:"memberType"` CreatedOn string `json:"createdOn"` Condition string `json:"condition"` ConditionVersion string `json:"conditionVersion"` ExpandedProperties *RoleExpandedProperties `json:"expandedProperties"` }
type ScheduleInfo ¶
type ScheduleInfo struct { StartDateTime interface{} `json:"startDateTime"` Expiration *ScheduleInfoExpiration `json:"expiration"` EndDateTime interface{} `json:"endDateTime"` }
type ScheduleInfoExpiration ¶
type TicketInfo ¶
Click to show internal directories.
Click to hide internal directories.