pim

package

v1.4.0 Latest Latest Go to latest Published: Nov 5, 2024 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/netr0m/az-pim-cli

Links

Open Source Insights

Documentation ¶

Overview ¶

Index ¶

Constants
func GetAccessToken(scope string, c Client) string
func IsGovernanceRoleAssignmentRequestFailed(requestResponse *GovernanceRoleAssignmentRequestResponse) bool
func IsGovernanceRoleAssignmentRequestOK(requestResponse *GovernanceRoleAssignmentRequestResponse) bool
func IsGovernanceRoleAssignmentRequestPending(requestResponse *GovernanceRoleAssignmentRequestResponse) bool
func IsGovernanceRoleType(roleType string) bool
func IsResourceAssignmentRequestFailed(requestResponse *ResourceAssignmentRequestResponse) bool
func IsResourceAssignmentRequestOK(requestResponse *ResourceAssignmentRequestResponse) bool
func IsResourceAssignmentRequestPending(requestResponse *ResourceAssignmentRequestResponse) bool
func Request(request *PIMRequest, responseModel any) any
func ValidateGovernanceRoleAssignmentRequest(roleType string, roleAssignmentRequest *GovernanceRoleAssignmentRequest, ...) bool
func ValidateResourceAssignmentRequest(scope string, resourceAssignmentRequest *ResourceAssignmentRequestRequest, ...) bool
type AzureClient
- func (c AzureClient) GetAccessToken(scope string) string
- func (c AzureClient) GetEligibleGovernanceRoleAssignments(roleType string, subjectId string, token string) *GovernanceRoleAssignmentResponse
- func (c AzureClient) GetEligibleResourceAssignments(token string) *ResourceAssignmentResponse
- func (c AzureClient) RequestGovernanceRoleAssignment(roleType string, ...) *GovernanceRoleAssignmentRequestResponse
- func (c AzureClient) RequestResourceAssignment(scope string, resourceAssignmentRequest *ResourceAssignmentRequestRequest, ...) *ResourceAssignmentRequestResponse
- func (c AzureClient) ValidateGovernanceRoleAssignmentRequest(roleType string, roleAssignmentRequest *GovernanceRoleAssignmentRequest, ...) bool
- func (c AzureClient) ValidateResourceAssignmentRequest(scope string, resourceAssignmentRequest *ResourceAssignmentRequestRequest, ...) bool
type AzureUserInfo
- func GetUserInfo(token string) AzureUserInfo
type AzureUserInfoClaims
type Client
type GovernanceRoleAssignment
- func (roleAssignment *GovernanceRoleAssignment) Debug() string
type GovernanceRoleAssignmentRequest
- func CreateGovernanceRoleAssignmentRequest(subjectId string, roleType string, ...) (string, *GovernanceRoleAssignmentRequest)
type GovernanceRoleAssignmentRequestResponse
- func RequestGovernanceRoleAssignment(roleType string, ...) *GovernanceRoleAssignmentRequestResponse
- func (response *GovernanceRoleAssignmentRequestResponse) CheckGovernanceRoleAssignmentResult(request *GovernanceRoleAssignmentRequest) bool
type GovernanceRoleAssignmentRequestStatus
type GovernanceRoleAssignmentResponse
- func GetEligibleGovernanceRoleAssignments(roleType string, subjectId string, token string, c Client) *GovernanceRoleAssignmentResponse
type GovernanceRoleAssignmentSchedule
type GovernanceRoleAssignmentSubject
type GovernanceRoleDefinition
type GovernanceRoleResource
type PIMRequest
type ResourceAssignment
- func (resourceAssignment *ResourceAssignment) Debug() string
type ResourceAssignmentRequestProperties
type ResourceAssignmentRequestRequest
- func CreateResourceAssignmentRequest(subjectId string, resourceAssignment *ResourceAssignment, duration int, ...) (string, *ResourceAssignmentRequestRequest)
type ResourceAssignmentRequestResponse
- func RequestResourceAssignment(scope string, resourceAssignmentRequest *ResourceAssignmentRequestRequest, ...) *ResourceAssignmentRequestResponse
- func (response *ResourceAssignmentRequestResponse) CheckResourceAssignmentResult(request *ResourceAssignmentRequestRequest) bool
type ResourceAssignmentResponse
- func GetEligibleResourceAssignments(token string, c Client) *ResourceAssignmentResponse
type ResourceAssignmentValidationProperties
type ResourceExpandedProperties
type ResourceExpandedProperty
type ResourceProperties
type ScheduleInfo
type ScheduleInfoExpiration
type TicketInfo

Constants ¶

View Source

const (
	ROLE_TYPE_AAD_GROUPS  = "aadGroups"
	ROLE_TYPE_ENTRA_ROLES = "aadroles"
)

Role types

View Source

const (
	StatusAccepted                    string = "Accepted"
	StatusAdminApproved               string = "AdminApproved"
	StatusAdminDenied                 string = "AdminDenied"
	StatusCanceled                    string = "Canceled"
	StatusDenied                      string = "Denied"
	StatusFailed                      string = "Failed"
	StatusFailedAsResourceIsLocked    string = "FailedAsResourceIsLocked"
	StatusGranted                     string = "Granted"
	StatusInvalid                     string = "Invalid"
	StatusPendingAdminDecision        string = "PendingAdminDecision"
	StatusPendingApproval             string = "PendingApproval"
	StatusPendingApprovalProvisioning string = "PendingApprovalProvisioning"
	StatusPendingEvaluation           string = "PendingEvaluation"
	StatusPendingExternalProvisioning string = "PendingExternalProvisioning"
	StatusPendingProvisioning         string = "PendingProvisioning"
	StatusPendingRevocation           string = "PendingRevocation"
	StatusPendingScheduleCreation     string = "PendingScheduleCreation"
	StatusProvisioned                 string = "Provisioned"
	StatusProvisioningStarted         string = "ProvisioningStarted"
	StatusRevoked                     string = "Revoked"
	StatusScheduleCreated             string = "ScheduleCreated"
	StatusTimedOut                    string = "TimedOut"
)

View Source

const AZ_AUTHORITY string = "https://login.microsoftonline.com/"

Authority used for Azure authentication

View Source

const AZ_PIM_API_VERSION string = "2020-10-01"

API version for the "role eligibility schedule instances" (i.e. eligible azure resource role assignments)

View Source

const AZ_PIM_BASE_PATH string = "providers/Microsoft.Authorization"

Base path for the Azure Entra PIM API

View Source

const AZ_PIM_BASE_URL string = "https://management.azure.com"

Base URL for the Azure Entra PIM API

View Source

const AZ_PIM_GOV_ROLE_BASE_PATH = "api/v2/privilegedAccess"

Base path for the Azure PIM Governance Role API

View Source

const AZ_PIM_GOV_ROLE_BASE_URL string = "https://api.azrbac.mspim.azure.com"

Base URL for the Azure PIM Governance Role API

View Source

const AZ_PIM_SCOPE string = AZ_PIM_BASE_URL

Scope used for Azure authentication

View Source

const DEFAULT_DURATION_MINUTES int = 480

Default duration for role activation

View Source

const DEFAULT_REASON string = "config"

Default reason for role activation

Variables ¶

This section is empty.

Functions ¶

func GetAccessToken ¶ added in v1.4.0

func GetAccessToken(scope string, c Client) string

func IsGovernanceRoleAssignmentRequestFailed ¶ added in v1.3.0

func IsGovernanceRoleAssignmentRequestFailed(requestResponse *GovernanceRoleAssignmentRequestResponse) bool

func IsGovernanceRoleAssignmentRequestOK ¶ added in v1.3.0

func IsGovernanceRoleAssignmentRequestOK(requestResponse *GovernanceRoleAssignmentRequestResponse) bool

func IsGovernanceRoleAssignmentRequestPending ¶ added in v1.3.0

func IsGovernanceRoleAssignmentRequestPending(requestResponse *GovernanceRoleAssignmentRequestResponse) bool

func IsGovernanceRoleType ¶ added in v1.3.0

func IsGovernanceRoleType(roleType string) bool

func IsResourceAssignmentRequestFailed ¶ added in v1.2.0

func IsResourceAssignmentRequestFailed(requestResponse *ResourceAssignmentRequestResponse) bool

func IsResourceAssignmentRequestOK ¶ added in v1.2.0

func IsResourceAssignmentRequestOK(requestResponse *ResourceAssignmentRequestResponse) bool

func IsResourceAssignmentRequestPending ¶ added in v1.2.0

func IsResourceAssignmentRequestPending(requestResponse *ResourceAssignmentRequestResponse) bool

func Request ¶

func Request(request *PIMRequest, responseModel any) any

func ValidateGovernanceRoleAssignmentRequest ¶ added in v1.3.0

func ValidateGovernanceRoleAssignmentRequest(roleType string, roleAssignmentRequest *GovernanceRoleAssignmentRequest, token string, c Client) bool

func ValidateResourceAssignmentRequest ¶ added in v1.2.0

func ValidateResourceAssignmentRequest(scope string, resourceAssignmentRequest *ResourceAssignmentRequestRequest, token string, c Client) bool

Types ¶

type AzureClient ¶ added in v1.4.0

type AzureClient struct{}

Azure Client implementation

func (AzureClient) GetAccessToken ¶ added in v1.4.0

func (c AzureClient) GetAccessToken(scope string) string

Implementation of the GetAccessToken call

func (AzureClient) GetEligibleGovernanceRoleAssignments ¶ added in v1.4.0

func (c AzureClient) GetEligibleGovernanceRoleAssignments(roleType string, subjectId string, token string) *GovernanceRoleAssignmentResponse

func (AzureClient) GetEligibleResourceAssignments ¶ added in v1.4.0

func (c AzureClient) GetEligibleResourceAssignments(token string) *ResourceAssignmentResponse

func (AzureClient) RequestGovernanceRoleAssignment ¶ added in v1.4.0

func (c AzureClient) RequestGovernanceRoleAssignment(roleType string, governanceRoleAssignmentRequest *GovernanceRoleAssignmentRequest, token string) *GovernanceRoleAssignmentRequestResponse

func (AzureClient) RequestResourceAssignment ¶ added in v1.4.0

func (c AzureClient) RequestResourceAssignment(scope string, resourceAssignmentRequest *ResourceAssignmentRequestRequest, token string) *ResourceAssignmentRequestResponse

func (AzureClient) ValidateGovernanceRoleAssignmentRequest ¶ added in v1.4.0

func (c AzureClient) ValidateGovernanceRoleAssignmentRequest(roleType string, roleAssignmentRequest *GovernanceRoleAssignmentRequest, token string) bool

func (AzureClient) ValidateResourceAssignmentRequest ¶ added in v1.4.0

func (c AzureClient) ValidateResourceAssignmentRequest(scope string, resourceAssignmentRequest *ResourceAssignmentRequestRequest, token string) bool

type AzureUserInfo ¶

type AzureUserInfo struct {
	ObjectId string `json:"oid"`
	Email    string `json:"unique_name"`
}

func GetUserInfo ¶

func GetUserInfo(token string) AzureUserInfo

type AzureUserInfoClaims ¶

type AzureUserInfoClaims struct {
	*jwt.MapClaims
	*AzureUserInfo
}

type Client ¶ added in v1.4.0

type Client interface {
	GetAccessToken(scope string) string
	GetEligibleResourceAssignments(token string) *ResourceAssignmentResponse
	GetEligibleGovernanceRoleAssignments(roleType string, subjectId string, token string) *GovernanceRoleAssignmentResponse
	ValidateResourceAssignmentRequest(scope string, resourceAssignmentRequest *ResourceAssignmentRequestRequest, token string) bool
	ValidateGovernanceRoleAssignmentRequest(roleType string, roleAssignmentRequest *GovernanceRoleAssignmentRequest, token string) bool
	RequestResourceAssignment(scope string, resourceAssignmentRequest *ResourceAssignmentRequestRequest, token string) *ResourceAssignmentRequestResponse
	RequestGovernanceRoleAssignment(roleType string, governanceRoleAssignmentRequest *GovernanceRoleAssignmentRequest, token string) *GovernanceRoleAssignmentRequestResponse
}

Azure Client interface

type GovernanceRoleAssignment ¶ added in v1.3.0

type GovernanceRoleAssignment struct {
	Id               string                           `json:"id"`
	ResourceId       string                           `json:"resourceId"`
	RoleDefinitionId string                           `json:"roleDefinitionId"`
	SubjectId        string                           `json:"subjectId"`
	AssignmentState  string                           `json:"assignmentState"`
	Status           string                           `json:"status"`
	Subject          *GovernanceRoleAssignmentSubject `json:"subject"`
	RoleDefinition   *GovernanceRoleDefinition        `json:"roleDefinition"`
}

func (*GovernanceRoleAssignment) Debug ¶ added in v1.4.0

func (roleAssignment *GovernanceRoleAssignment) Debug() string

type GovernanceRoleAssignmentRequest ¶ added in v1.3.0

type GovernanceRoleAssignmentRequest struct {
	RoleDefinitionId               string                            `json:"roleDefinitionId"`
	ResourceId                     string                            `json:"resourceId"`
	SubjectId                      string                            `json:"subjectId"`
	AssignmentState                string                            `json:"assignmentState"`
	Type                           string                            `json:"type"`
	Reason                         string                            `json:"reason"`
	TicketNumber                   string                            `json:"ticketNumber"`
	TicketSystem                   string                            `json:"ticketSystem"`
	Schedule                       *GovernanceRoleAssignmentSchedule `json:"schedule"`
	LinkedEligibleRoleAssignmentId string                            `json:"linkedEligibleRoleAssignmentId"`
	ScopedResourceId               string                            `json:"scopedResourceId"`
}

func CreateGovernanceRoleAssignmentRequest ¶ added in v1.4.0

func CreateGovernanceRoleAssignmentRequest(subjectId string, roleType string, governanceRoleAssignment *GovernanceRoleAssignment, duration int, reason string, ticketSystem string, ticketNumber string) (string, *GovernanceRoleAssignmentRequest)

type GovernanceRoleAssignmentRequestResponse ¶ added in v1.3.0

type GovernanceRoleAssignmentRequestResponse struct {
	Id                             string                                 `json:"id"`
	ResourceId                     string                                 `json:"resourceId"`
	RoleDefinitionId               string                                 `json:"roleDefinitionId"`
	SubjectId                      string                                 `json:"subjectId"`
	ScopedResourceId               string                                 `json:"scopedResourceId"`
	LinkedEligibleRoleAssignmentId string                                 `json:"linkedEligibleRoleAssignmentId"`
	Type                           string                                 `json:"type"`
	AssignmentState                string                                 `json:"assignmentState"`
	RequestedDateTime              string                                 `json:"requestedDateTime"`
	RoleAssignmentStartDateTime    string                                 `json:"roleAssignmentStartDateTime"`
	RoleAssignmentEndDateTime      string                                 `json:"roleAssignmentEndDateTime"`
	Reason                         string                                 `json:"reason"`
	TicketNumber                   string                                 `json:"ticketNumber"`
	TicketSystem                   string                                 `json:"ticketSystem"`
	Condition                      string                                 `json:"condition"`
	ConditionVersion               string                                 `json:"conditionVersion"`
	ConditionDescription           string                                 `json:"conditionDescription"`
	Status                         *GovernanceRoleAssignmentRequestStatus `json:"status"`
	Schedule                       *GovernanceRoleAssignmentSchedule      `json:"schedule"`
	Metadata                       map[string]interface{}                 `json:"metadata"`
}

func RequestGovernanceRoleAssignment ¶ added in v1.3.0

func RequestGovernanceRoleAssignment(roleType string, governanceRoleAssignmentRequest *GovernanceRoleAssignmentRequest, token string, c Client) *GovernanceRoleAssignmentRequestResponse

func (*GovernanceRoleAssignmentRequestResponse) CheckGovernanceRoleAssignmentResult ¶ added in v1.4.0

func (response *GovernanceRoleAssignmentRequestResponse) CheckGovernanceRoleAssignmentResult(request *GovernanceRoleAssignmentRequest) bool

type GovernanceRoleAssignmentRequestStatus ¶ added in v1.3.0

type GovernanceRoleAssignmentRequestStatus struct {
	Status        string              `json:"status"`
	SubStatus     string              `json:"subStatus"`
	StatusDetails []map[string]string `json:"statusDetails"`
}

type GovernanceRoleAssignmentResponse ¶ added in v1.3.0

type GovernanceRoleAssignmentResponse struct {
	Value []GovernanceRoleAssignment `json:"value"`
}

func GetEligibleGovernanceRoleAssignments ¶ added in v1.3.0

func GetEligibleGovernanceRoleAssignments(roleType string, subjectId string, token string, c Client) *GovernanceRoleAssignmentResponse

type GovernanceRoleAssignmentSchedule ¶ added in v1.3.0

type GovernanceRoleAssignmentSchedule struct {
	Type          string      `json:"type"`
	StartDateTime interface{} `json:"startDateTime"`
	EndDateTime   interface{} `json:"endDateTime"`
	Duration      string      `json:"duration"`
}

type GovernanceRoleAssignmentSubject ¶ added in v1.3.0

type GovernanceRoleAssignmentSubject struct {
	Id            string `json:"id"`
	Type          string `json:"type"`
	DisplayName   string `json:"displayName"`
	PrincipalName string `json:"principalName"`
	Email         string `json:"email"`
}

type GovernanceRoleDefinition ¶ added in v1.3.0

type GovernanceRoleDefinition struct {
	Id          string                  `json:"id"`
	ResourceId  string                  `json:"resourceId"`
	Type        string                  `json:"type"`
	DisplayName string                  `json:"displayName"`
	Resource    *GovernanceRoleResource `json:"resource"`
}

type GovernanceRoleResource ¶ added in v1.3.0

type GovernanceRoleResource struct {
	Id          string `json:"id"`
	Type        string `json:"type"`
	DisplayName string `json:"displayName"`
	Status      string `json:"status"`
}

type PIMRequest ¶

type PIMRequest struct {
	Url     string
	Token   string
	Method  string
	Headers map[string][]string
	Payload interface{}
	Params  map[string]string
}

type ResourceAssignment ¶ added in v1.2.0

type ResourceAssignment struct {
	Properties *ResourceProperties `json:"properties"`
	Name       string              `json:"name"`
	Id         string              `json:"id"`
	Type       string              `json:"type"`
}

func (*ResourceAssignment) Debug ¶ added in v1.4.0

func (resourceAssignment *ResourceAssignment) Debug() string

type ResourceAssignmentRequestProperties ¶ added in v1.2.0

type ResourceAssignmentRequestProperties struct {
	PrincipalId                     string        `json:"PrincipalId"`
	RoleDefinitionId                string        `json:"RoleDefinitionId"`
	RequestType                     string        `json:"RequestType"`
	LinkedRoleEligibilityScheduleId string        `json:"LinkedRoleEligibilityScheduleId"`
	Justification                   string        `json:"Justification"`
	ScheduleInfo                    *ScheduleInfo `json:"ScheduleInfo"`
	TicketInfo                      *TicketInfo   `json:"TicketInfo"`
	IsValidationOnly                bool          `json:"IsValidationOnly"`
	IsActivativation                bool          `json:"IsActivativation"` // yes, this typo is in the API
}

type ResourceAssignmentRequestRequest ¶ added in v1.2.0

type ResourceAssignmentRequestRequest struct {
	Properties ResourceAssignmentRequestProperties `json:"Properties"`
}

func CreateResourceAssignmentRequest ¶ added in v1.4.0

func CreateResourceAssignmentRequest(subjectId string, resourceAssignment *ResourceAssignment, duration int, reason string, ticketSystem string, ticketNumber string) (string, *ResourceAssignmentRequestRequest)

type ResourceAssignmentRequestResponse ¶ added in v1.2.0

type ResourceAssignmentRequestResponse struct {
	Properties *ResourceAssignmentValidationProperties `json:"properties"`
	Name       string                                  `json:"name"`
	Id         string                                  `json:"id"`
	Type       string                                  `json:"type"`
}

func RequestResourceAssignment ¶ added in v1.2.0

func RequestResourceAssignment(scope string, resourceAssignmentRequest *ResourceAssignmentRequestRequest, token string, c Client) *ResourceAssignmentRequestResponse

func (*ResourceAssignmentRequestResponse) CheckResourceAssignmentResult ¶ added in v1.4.0

func (response *ResourceAssignmentRequestResponse) CheckResourceAssignmentResult(request *ResourceAssignmentRequestRequest) bool

type ResourceAssignmentResponse ¶ added in v1.2.0

type ResourceAssignmentResponse struct {
	Value []ResourceAssignment `json:"value"`
}

func GetEligibleResourceAssignments ¶ added in v1.2.0

func GetEligibleResourceAssignments(token string, c Client) *ResourceAssignmentResponse

type ResourceAssignmentValidationProperties ¶ added in v1.2.0

type ResourceAssignmentValidationProperties struct {
	LinkedRoleEligibilityScheduleId string                      `json:"linkedRoleEligibilityScheduleId"`
	TargetRoleAssignmentScheduleId  string                      `json:"targetRoleAssignmentScheduleId"`
	Scope                           string                      `json:"scope"`
	RoleDefinitionId                string                      `json:"roleDefinitionId"`
	PrincipalId                     string                      `json:"principalId"`
	PrincipalType                   string                      `json:"principalType"`
	RequestType                     string                      `json:"requestType"`
	Status                          string                      `json:"status"`
	ScheduleInfo                    *ScheduleInfo               `json:"scheduleInfo"`
	TicketInfo                      *TicketInfo                 `json:"ticketInfo"`
	Justification                   string                      `json:"justification"`
	RequestorId                     string                      `json:"requestorId"`
	CreatedOn                       string                      `json:"createdOn"`
	ExpandedProperties              *ResourceExpandedProperties `json:"expandedProperties"`
}

type ResourceExpandedProperties ¶ added in v1.2.0

type ResourceExpandedProperties struct {
	Principal      *ResourceExpandedProperty `json:"principal"`
	RoleDefinition *ResourceExpandedProperty `json:"roleDefinition"`
	Scope          *ResourceExpandedProperty `json:"scope"`
}

type ResourceExpandedProperty ¶ added in v1.2.0

type ResourceExpandedProperty struct {
	Id          string `json:"id"`
	DisplayName string `json:"displayName"`
	Type        string `json:"type"`
	Email       string `json:"email"`
}

type ResourceProperties ¶ added in v1.2.0

type ResourceProperties struct {
	RoleEligibilityScheduleId string                      `json:"roleEligibilityScheduleId"`
	Scope                     string                      `json:"scope"`
	RoleDefinitionId          string                      `json:"roleDefinitionId"`
	PrincipalId               string                      `json:"principalId"`
	PrincipalType             string                      `json:"principalType"`
	Status                    string                      `json:"status"`
	StartDateTime             string                      `json:"startDateTime"`
	EndDateTime               string                      `json:"endDateTime"`
	MemberType                string                      `json:"memberType"`
	CreatedOn                 string                      `json:"createdOn"`
	Condition                 string                      `json:"condition"`
	ConditionVersion          string                      `json:"conditionVersion"`
	ExpandedProperties        *ResourceExpandedProperties `json:"expandedProperties"`
}

type ScheduleInfo ¶

type ScheduleInfo struct {
	StartDateTime interface{}             `json:"startDateTime"`
	Expiration    *ScheduleInfoExpiration `json:"expiration"`
	EndDateTime   interface{}             `json:"endDateTime"`
}

type ScheduleInfoExpiration ¶

type ScheduleInfoExpiration struct {
	Type     string `json:"type"`
	Duration string `json:"duration"`
}

type TicketInfo ¶

type TicketInfo struct {
	TicketNumber string `json:"ticketNumber"`
	TicketSystem string `json:"ticketSystem"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL