@flowcore/cli-plugin-iam 1.0.0

package/CHANGELOG.md

@@ -0,0 +1,13 @@
+# Changelog
+
+## 1.0.0 (2024-09-29)
+
+
+### Features
+
+* :tada: initial commit ([72c9ba6](https://github.com/flowcore-io/cli-plugin-iam/commit/72c9ba65bd10c43d7e6711fbc39eb877ee257bb2))
+
+
+### Bug Fixes
+
+* **configuration:** :wrench: updated eslint configuration ([f9d2bac](https://github.com/flowcore-io/cli-plugin-iam/commit/f9d2bac01baa39963273922dbad697da6496a41b))

package/README.md

@@ -0,0 +1,78 @@
+Flowcore CLI Plugin - Iam
+=================
+
+Flowcore CLI plugin for managing the IAM of the Flowcore Platform
+
+[![Version](https://img.shields.io/npm/v/@flowcore/flowcore-cli-plugin-scenario)](https://npmjs.org/package/@flowcore/flowcore-cli-plugin-scenario)
+[![oclif](https://img.shields.io/badge/cli-oclif-brightgreen.svg)](https://oclif.io)
+[![Build and Release](https://github.com/@flowcore/flowcore-cli-plugin-scenario/actions/workflows/build.yml/badge.svg)](https://github.com/@flowcore/flowcore-cli-plugin-scenario/actions/workflows/build.yml)
+
+<!-- toc -->
+* [Usage](#usage)
+* [Commands](#commands)
+<!-- tocstop -->
+# Usage
+<!-- usage -->
+```sh-session
+$ npm install -g @flowcore/cli-plugin-iam
+$ iam COMMAND
+running command...
+$ iam (--version)
+@flowcore/cli-plugin-iam/1.0.0 linux-x64 node-v20.17.0
+$ iam --help [COMMAND]
+USAGE
+  $ iam COMMAND
+...
+```
+<!-- usagestop -->
+# Commands
+<!-- commands -->
+* [`iam get policy [NAME]`](#iam-get-policy-name)
+* [`iam get role [NAME]`](#iam-get-role-name)
+
+## `iam get policy [NAME]`
+
+Get a policy
+
+```
+USAGE
+  $ iam get policy [NAME] [--profile <value>] [-j] [-t <value>] [-w]
+
+ARGUMENTS
+  NAME  name
+
+FLAGS
+  -j, --json             json output
+  -t, --tenant=<value>   tenant
+  -w, --wide             wide output
+      --profile=<value>  Specify the configuration profile to use
+
+DESCRIPTION
+  Get a policy
+```
+
+_See code: [src/commands/get/policy.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.0.0/src/commands/get/policy.ts)_
+
+## `iam get role [NAME]`
+
+Get a role
+
+```
+USAGE
+  $ iam get role [NAME] [--profile <value>] [-j] [-t <value>] [-w]
+
+ARGUMENTS
+  NAME  name
+
+FLAGS
+  -j, --json             json output
+  -t, --tenant=<value>   tenant
+  -w, --wide             wide output
+      --profile=<value>  Specify the configuration profile to use
+
+DESCRIPTION
+  Get a role
+```
+
+_See code: [src/commands/get/role.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.0.0/src/commands/get/role.ts)_
+<!-- commandsstop -->

package/bin/dev.cmd

@@ -0,0 +1,3 @@
+@echo off
+
+node --loader ts-node/esm --no-warnings=ExperimentalWarning "%~dp0\dev" %*

package/bin/dev.js

@@ -0,0 +1,5 @@
+#!/usr/bin/env -S node --loader ts-node/esm --no-warnings=ExperimentalWarning
+
+import {execute} from '@oclif/core'
+
+await execute({development: true, dir: import.meta.url})

package/bin/run.cmd

@@ -0,0 +1,3 @@
+@echo off
+
+node "%~dp0\run" %*

package/bin/run.js

@@ -0,0 +1,5 @@
+#!/usr/bin/env node
+
+import {execute} from '@oclif/core'
+
+await execute({dir: import.meta.url})

package/dist/commands/get/policy.d.ts

@@ -0,0 +1,17 @@
+import { BaseCommand } from "@flowcore/cli-plugin-config";
+export declare const GET_POLICY_ARGS: {
+    NAME: import("@oclif/core/interfaces").Arg<string | undefined, Record<string, unknown>>;
+};
+export default class GetPolicy extends BaseCommand<typeof GetPolicy> {
+    static args: {
+        NAME: import("@oclif/core/interfaces").Arg<string | undefined, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: never[];
+    static flags: {
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        tenant: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        wide: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/get/policy.js

@@ -0,0 +1,165 @@
+import { BaseCommand, ValidateLogin } from "@flowcore/cli-plugin-config";
+import { ClientFactory } from "@flowcore/cli-plugin-core";
+import { Args, Flags } from "@oclif/core";
+import _ from "lodash";
+import { tryit } from "radash";
+import { OrganizationService } from "../../services/organization.service.js";
+import { Api as IamApi } from "../../utils/clients/iam/Api.js";
+export const GET_POLICY_ARGS = {
+    NAME: Args.string({ description: "name", required: false }),
+};
+export default class GetPolicy extends BaseCommand {
+    static args = GET_POLICY_ARGS;
+    static description = "Get a policy";
+    static examples = [];
+    static flags = {
+        json: Flags.boolean({
+            char: "j",
+            description: "json output",
+            required: false,
+        }),
+        tenant: Flags.string({
+            char: "t",
+            description: "tenant",
+            required: false,
+        }),
+        wide: Flags.boolean({
+            char: "w",
+            description: "wide output",
+            required: false,
+        }),
+    };
+    async run() {
+        const { args, flags } = await this.parse(GetPolicy);
+        if (args.NAME && !flags.tenant) {
+            this.logger.fatal("Tenant is required when using name");
+        }
+        const graphqlClient = await ClientFactory.create(this.cliConfiguration, this.logger, flags.json);
+        const organizationService = new OrganizationService(graphqlClient);
+        const organizations = await organizationService.getMyOrganizations();
+        const iamClient = new IamApi({
+            baseUrl: "https://iam.api.flowcore.io",
+        });
+        const config = this.cliConfiguration.getConfig();
+        const login = new ValidateLogin(config.login.url);
+        await login.validate(config, this.cliConfiguration, !flags.json);
+        const { auth } = config;
+        if (!auth?.accessToken) {
+            this.logger.fatal("Not logged in, run 'flowcore login'");
+        }
+        let policiesResponse;
+        if (flags.tenant) {
+            const organization = organizations.me.organizations.find((organization) => organization.organization.org === flags.tenant);
+            if (!organization) {
+                this.logger.fatal(`Organization ${flags.tenant} not found or not accessible`);
+            }
+            const [err, response] = await tryit(iamClient.getApiV1PolicyAssociationsOrganizationByOrganizationId)(organization.organization.id, {
+                headers: {
+                    Authorization: `Bearer ${auth?.accessToken}`,
+                },
+            });
+            if (err) {
+                this.logger.fatal(`Failed to get policies: ${err.message}`);
+            }
+            policiesResponse = response;
+        }
+        else {
+            const [err, response] = await tryit(iamClient.getApiV1Policies)({
+                headers: {
+                    Authorization: `Bearer ${auth?.accessToken}`,
+                },
+            });
+            if (err) {
+                this.logger.fatal(`Failed to get policies: ${err.message}`);
+            }
+            policiesResponse = response;
+        }
+        const policies = policiesResponse.data
+            .map((policy) => {
+            const organizationLink = organizations.me.organizations.find((organization) => organization.organization.id === policy.organizationId);
+            if (!organizationLink) {
+                return;
+            }
+            return {
+                description: policy.description,
+                documents: policy.policyDocuments,
+                id: policy.id,
+                name: policy.name,
+                organization: organizationLink,
+                organizationId: policy.organizationId,
+                principal: policy.principal,
+                version: policy.version,
+            };
+        })
+            .filter((policy) => policy !== undefined);
+        if (args.NAME) {
+            const policy = policies.find((policy) => policy.name === args.NAME);
+            if (!policy) {
+                this.logger.fatal(`Policy ${args.NAME} not found`);
+            }
+            if (flags.json) {
+                console.log(JSON.stringify(_.omit(policy, "organization"), null, 2));
+            }
+            else {
+                this.ui
+                    .sticker()
+                    .add(`Policy ${this.ui.colors.green(policy.name)}`)
+                    .add("")
+                    .add(`ID: ${this.ui.colors.green(policy.id)}`)
+                    .add(`Description: ${this.ui.colors.green(policy.description ?? "")}`)
+                    .add(`Organization: ${this.ui.colors.green(policy.organization.organization.displayName === "" ? policy.organization.organization.org : policy.organization.organization.displayName)}`)
+                    .render();
+                this.logger.info("");
+                this.logger.info("Documents:");
+                const documents = policy.documents.map((document) => ({
+                    action: document.action,
+                    resource: document.resource,
+                    statementId: document.statementId,
+                }));
+                const documentHeaders = ["Statement ID", "Resource", "Action"];
+                let documentTable = this.ui.table().head(documentHeaders);
+                for (const document of documents) {
+                    const row = [
+                        document.statementId,
+                        document.resource,
+                        document.action,
+                    ];
+                    documentTable = documentTable.row(row);
+                }
+                documentTable.render();
+            }
+        }
+        else if (flags.json) {
+            console.log(JSON.stringify(policies.map((policy) => _.omit(policy, "organization")), null, 2));
+        }
+        else {
+            const headers = [
+                "Policy ID",
+                "Name",
+                "Description",
+                "Version",
+                "Documents",
+                "Principal",
+                "Organization Name",
+                ...(flags.wide ? ["Organization ID"] : []),
+            ];
+            const listTable = this.ui.table().head(headers);
+            for (const policy of policies) {
+                const row = [
+                    policy.id,
+                    policy.name,
+                    policy.description ?? "",
+                    policy.version,
+                    policy.documents.length,
+                    policy.principal ?? "",
+                    policy.organization.organization.displayName === ""
+                        ? policy.organization.organization.org
+                        : policy.organization.organization.displayName,
+                    ...(flags.wide ? [policy.organization.organization.id] : []),
+                ];
+                listTable.row(row);
+            }
+            listTable.render();
+        }
+    }
+}

package/dist/commands/get/role.d.ts

@@ -0,0 +1,17 @@
+import { BaseCommand } from "@flowcore/cli-plugin-config";
+export declare const GET_ROLE_ARGS: {
+    NAME: import("@oclif/core/interfaces").Arg<string | undefined, Record<string, unknown>>;
+};
+export default class GetRole extends BaseCommand<typeof GetRole> {
+    static args: {
+        NAME: import("@oclif/core/interfaces").Arg<string | undefined, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: never[];
+    static flags: {
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        tenant: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        wide: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/get/role.js

@@ -0,0 +1,157 @@
+import { BaseCommand, ValidateLogin } from "@flowcore/cli-plugin-config";
+import { ClientFactory } from "@flowcore/cli-plugin-core";
+import { Args, Flags } from "@oclif/core";
+import _ from "lodash";
+import { tryit } from "radash";
+import { OrganizationService } from "../../services/organization.service.js";
+import { Api as IamApi } from "../../utils/clients/iam/Api.js";
+export const GET_ROLE_ARGS = {
+    NAME: Args.string({ description: "name", required: false }),
+};
+export default class GetRole extends BaseCommand {
+    static args = GET_ROLE_ARGS;
+    static description = "Get a role";
+    static examples = [];
+    static flags = {
+        json: Flags.boolean({
+            char: "j",
+            description: "json output",
+            required: false,
+        }),
+        tenant: Flags.string({
+            char: "t",
+            description: "tenant",
+            required: false,
+        }),
+        wide: Flags.boolean({
+            char: "w",
+            description: "wide output",
+            required: false,
+        }),
+    };
+    async run() {
+        const { args, flags } = await this.parse(GetRole);
+        if (args.NAME && !flags.tenant) {
+            this.logger.fatal("Tenant is required when using name");
+        }
+        const graphqlClient = await ClientFactory.create(this.cliConfiguration, this.logger, flags.json);
+        const organizationService = new OrganizationService(graphqlClient);
+        const organizations = await organizationService.getMyOrganizations();
+        const iamClient = new IamApi({
+            baseUrl: "https://iam.api.flowcore.io",
+        });
+        const config = this.cliConfiguration.getConfig();
+        const login = new ValidateLogin(config.login.url);
+        await login.validate(config, this.cliConfiguration, !flags.json);
+        const { auth } = config;
+        if (!auth?.accessToken) {
+            this.logger.fatal("Not logged in, run 'flowcore login'");
+        }
+        const [err, rolesResponse] = await tryit(iamClient.getApiV1Roles)({
+            headers: {
+                Authorization: `Bearer ${auth?.accessToken}`,
+            },
+        });
+        if (err) {
+            this.logger.fatal(`Failed to get roles: ${err.message}`);
+        }
+        const roles = rolesResponse.data
+            .map((role) => {
+            const organizationLink = organizations.me.organizations.find((organization) => organization.organization.id === role.organizationId);
+            if (!organizationLink) {
+                return;
+            }
+            return {
+                description: role.description,
+                id: role.id,
+                name: role.name,
+                organization: organizationLink,
+                organizationId: role.organizationId,
+            };
+        })
+            .filter((role) => role !== undefined)
+            .filter((role) => {
+            if (flags.tenant) {
+                return role.organization.organization.org === flags.tenant;
+            }
+            return true;
+        });
+        if (args.NAME) {
+            const role = roles.find((role) => role.name === args.NAME);
+            if (!role) {
+                this.logger.fatal(`Role ${args.NAME} not found`);
+            }
+            if (flags.json) {
+                console.log(JSON.stringify(_.omit(role, "organization"), null, 2));
+            }
+            else {
+                this.ui
+                    .sticker()
+                    .add(`Role ${this.ui.colors.green(role.name)}`)
+                    .add("")
+                    .add(`ID: ${this.ui.colors.green(role.id)}`)
+                    .add(`Description: ${this.ui.colors.green(role.description ?? "")}`)
+                    .add(`Organization: ${this.ui.colors.green(role.organization.organization.displayName === "" ? role.organization.organization.org : role.organization.organization.displayName)}`)
+                    .render();
+                this.logger.info("");
+                this.logger.info("Policies:");
+                const [err, policies] = await tryit(iamClient.getApiV1PolicyAssociationsOrganizationByOrganizationId)(role.organization.organization.id, {
+                    headers: {
+                        Authorization: `Bearer ${auth?.accessToken}`,
+                    },
+                });
+                if (err) {
+                    this.logger.fatal(`Failed to get policies: ${err.message}`);
+                }
+                const policyHeaders = [
+                    "Policy ID",
+                    "Name",
+                    "Description",
+                    "Version",
+                    "Documents",
+                    "Principal",
+                ];
+                let policyTable = this.ui.table().head(policyHeaders);
+                for (const policy of policies.data) {
+                    const row = [
+                        policy.id,
+                        policy.name,
+                        policy.description ?? "",
+                        policy.version,
+                        policy.policyDocuments.length,
+                        policy.principal ?? "",
+                    ];
+                    policyTable = policyTable.row(row);
+                }
+                policyTable.render();
+                this.logger.info("");
+            }
+        }
+        else if (flags.json) {
+            console.log(JSON.stringify(roles.map((role) => _.omit(role, "organization")), null, 2));
+        }
+        else {
+            const headers = [
+                "Role ID",
+                "Name",
+                "Description",
+                "Organization Name",
+                ...(flags.wide ? ["Organization ID"] : []),
+            ];
+            let listTable = this.ui.table().head(headers);
+            for (const role of roles) {
+                const row = [
+                    role.id,
+                    role.name,
+                    role.description ?? "",
+                    role.organization.organization.displayName === ""
+                        ? role.organization.organization.org
+                        : role.organization.organization.displayName,
+                    ...(flags.wide ? [role.organization.organization.id] : []),
+                ];
+                listTable = listTable.row(row);
+            }
+            listTable.render();
+        }
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1 @@
+export { run } from '@oclif/core';

package/dist/index.js

@@ -0,0 +1 @@
+export { run } from '@oclif/core';

package/dist/services/organization.service.d.ts

@@ -0,0 +1,15 @@
+import type { QueryGraphQL } from "@flowcore/cli-plugin-core";
+import { type FetchMyOrganizationsQueryResponse } from "../utils/queries/fetch-organization-by-tenant.gql.js";
+export declare class OrganizationService {
+    private readonly client;
+    constructor(client: QueryGraphQL);
+    filterOrganizationsById(ids: string[]): Promise<{
+        linkType: string;
+        organization: {
+            displayName: string;
+            id: string;
+            org: string;
+        };
+    }[]>;
+    getMyOrganizations(): Promise<FetchMyOrganizationsQueryResponse>;
+}

package/dist/services/organization.service.js

@@ -0,0 +1,13 @@
+import { FETCH_MY_ORGANIZATIONS_GQL_QUERY, } from "../utils/queries/fetch-organization-by-tenant.gql.js";
+export class OrganizationService {
+    client;
+    constructor(client) {
+        this.client = client;
+    }
+    filterOrganizationsById(ids) {
+        return this.getMyOrganizations().then((organizations) => organizations.me.organizations.filter((organization) => ids.includes(organization.organization.id)));
+    }
+    async getMyOrganizations() {
+        return this.client.request(FETCH_MY_ORGANIZATIONS_GQL_QUERY);
+    }
+}