@flowcore/cli-plugin-iam 1.4.0 → 1.5.0

package/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## [1.5.0](https://github.com/flowcore-io/cli-plugin-iam/compare/v1.4.0...v1.5.0) (2025-02-16)
+
+
+### Features
+
+* add edit policy command to modify policy details interactively ([061e036](https://github.com/flowcore-io/cli-plugin-iam/commit/061e036e07fb076017543b8ed232f9077d615a72))
+
+
+### Bug Fixes
+
+* :rotating_light: fixed linting errors ([ff60a54](https://github.com/flowcore-io/cli-plugin-iam/commit/ff60a54131d35bfbc7f8b0ca3985e6a6528be8ae))
+* update GitHub Actions runners to use blacksmith infrastructure ([826d577](https://github.com/flowcore-io/cli-plugin-iam/commit/826d577d8145442b1e35b7268a6f7a5482047509))
+
 ## [1.4.0](https://github.com/flowcore-io/cli-plugin-iam/compare/v1.3.1...v1.4.0) (2024-11-08)
 
 

package/README.md

@@ -18,7 +18,7 @@ $ npm install -g @flowcore/cli-plugin-iam
 $ iam COMMAND
 running command...
 $ iam (--version)
-@flowcore/cli-plugin-iam/1.4.0 linux-x64 node-v22.10.0
+@flowcore/cli-plugin-iam/1.5.0 linux-x64 node-v20.16.0
 $ iam --help [COMMAND]
 USAGE
   $ iam COMMAND
@@ -29,6 +29,7 @@ USAGE
 <!-- commands -->
 * [`iam delete policy NAME`](#iam-delete-policy-name)
 * [`iam delete role NAME`](#iam-delete-role-name)
+* [`iam edit policy NAME`](#iam-edit-policy-name)
 * [`iam get policy [NAME]`](#iam-get-policy-name)
 * [`iam get role [NAME]`](#iam-get-role-name)
 
@@ -53,7 +54,7 @@ DESCRIPTION
   Delete a policy
 ```
 
-_See code: [src/commands/delete/policy.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.4.0/src/commands/delete/policy.ts)_
+_See code: [src/commands/delete/policy.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.5.0/src/commands/delete/policy.ts)_
 
 ## `iam delete role NAME`
 
@@ -76,7 +77,33 @@ DESCRIPTION
   Delete a role
 ```
 
-_See code: [src/commands/delete/role.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.4.0/src/commands/delete/role.ts)_
+_See code: [src/commands/delete/role.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.5.0/src/commands/delete/role.ts)_
+
+## `iam edit policy NAME`
+
+Edit a policy in your preferred editor
+
+```
+USAGE
+  $ iam edit policy NAME -t <value> [--profile <value>]
+
+ARGUMENTS
+  NAME  name
+
+FLAGS
+  -t, --tenant=<value>   (required) tenant
+      --profile=<value>  Specify the configuration profile to use
+
+DESCRIPTION
+  Edit a policy in your preferred editor
+
+EXAMPLES
+  $ flowcore iam edit policy my-policy -t my-tenant
+
+  $ FC_EDITOR=code flowcore iam edit policy my-policy -t my-tenant
+```
+
+_See code: [src/commands/edit/policy.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.5.0/src/commands/edit/policy.ts)_
 
 ## `iam get policy [NAME]`
 
@@ -99,7 +126,7 @@ DESCRIPTION
   Get a policy
 ```
 
-_See code: [src/commands/get/policy.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.4.0/src/commands/get/policy.ts)_
+_See code: [src/commands/get/policy.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.5.0/src/commands/get/policy.ts)_
 
 ## `iam get role [NAME]`
 
@@ -122,5 +149,5 @@ DESCRIPTION
   Get a role
 ```
 
-_See code: [src/commands/get/role.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.4.0/src/commands/get/role.ts)_
+_See code: [src/commands/get/role.ts](https://github.com/flowcore-io/cli-plugin-iam/blob/v1.5.0/src/commands/get/role.ts)_
 <!-- commandsstop -->

package/dist/commands/edit/policy.d.ts

@@ -0,0 +1,16 @@
+import { BaseCommand } from "@flowcore/cli-plugin-config";
+export declare const EDIT_POLICY_ARGS: {
+    NAME: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+};
+export default class EditPolicy extends BaseCommand<typeof EditPolicy> {
+    static args: {
+        NAME: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: string[];
+    static flags: {
+        tenant: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+    private spawnEditor;
+}

package/dist/commands/edit/policy.js

@@ -0,0 +1,118 @@
+import { BaseCommand, ValidateLogin } from "@flowcore/cli-plugin-config";
+import { ClientFactory } from "@flowcore/cli-plugin-core";
+import { Args, Flags } from "@oclif/core";
+import { spawn } from "node:child_process";
+import { unlink, writeFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { tryit } from "radash";
+import { v4 as uuidv4 } from "uuid";
+import { OrganizationService } from "../../services/organization.service.js";
+import { Api as IamApi } from "../../utils/clients/iam/Api.js";
+export const EDIT_POLICY_ARGS = {
+    NAME: Args.string({ description: "name", required: true }),
+};
+export default class EditPolicy extends BaseCommand {
+    static args = EDIT_POLICY_ARGS;
+    static description = "Edit a policy in your preferred editor";
+    static examples = [
+        "$ flowcore iam edit policy my-policy -t my-tenant",
+        "$ FC_EDITOR=code flowcore iam edit policy my-policy -t my-tenant",
+    ];
+    static flags = {
+        tenant: Flags.string({
+            char: "t",
+            description: "tenant",
+            required: true,
+        }),
+    };
+    async run() {
+        const { args, flags } = await this.parse(EditPolicy);
+        const graphqlClient = await ClientFactory.create(this.cliConfiguration, this.logger);
+        const organizationService = new OrganizationService(graphqlClient);
+        const organizations = await organizationService.getMyOrganizations();
+        const iamClient = new IamApi();
+        const config = this.cliConfiguration.getConfig();
+        const login = new ValidateLogin(config.login.url);
+        await login.validate(config, this.cliConfiguration, true);
+        const { auth } = config;
+        if (!auth?.accessToken) {
+            this.logger.fatal("Not logged in, run 'flowcore login'");
+        }
+        const organization = organizations.me.organizations.find((org) => org.organization.org === flags.tenant);
+        if (!organization) {
+            this.logger.fatal(`Organization ${flags.tenant} not found, or you are not a member`);
+        }
+        const [policiesErr, policies] = await tryit(iamClient.getApiV1PolicyAssociationsOrganizationByOrganizationId)(organization.organization.id, {
+            headers: {
+                Authorization: `Bearer ${auth?.accessToken}`,
+            },
+        });
+        if (policiesErr) {
+            this.logger.fatal(`Failed to get policies: ${policiesErr.message}`);
+        }
+        const policy = policies.data.find((policy) => policy.name === args.NAME);
+        if (!policy) {
+            this.logger.fatal(`Policy ${args.NAME} not found in tenant: ${flags.tenant}`);
+        }
+        // Create a temporary file with the policy content
+        const tmpFile = join(tmpdir(), `policy-${uuidv4()}.json`);
+        const policyContent = JSON.stringify({
+            description: policy.description,
+            documents: policy.policyDocuments,
+            name: policy.name,
+            version: policy.version,
+        }, null, 2);
+        try {
+            await writeFile(tmpFile, policyContent, "utf8");
+            await this.spawnEditor(tmpFile);
+            // Read and parse the edited content
+            const editedContent = await import(tmpFile, {
+                assert: { type: "json" },
+            });
+            // Update the policy
+            const [updateErr] = await tryit(iamClient.patchApiV1PoliciesById)(policy.id, {
+                description: editedContent.default.description,
+                name: editedContent.default.name,
+                organizationId: organization.organization.id,
+                policyDocuments: editedContent.default.documents,
+                version: editedContent.default.version,
+            }, {
+                headers: {
+                    Authorization: `Bearer ${auth?.accessToken}`,
+                },
+            });
+            if (updateErr) {
+                this.logger.fatal(`Failed to update policy: ${updateErr.message}`);
+            }
+            this.logger.info(`Policy ${policy.name} updated successfully`);
+        }
+        catch (error) {
+            this.logger.fatal(`Error editing policy: ${error}`);
+        }
+        finally {
+            await unlink(tmpFile).catch(() => {
+                // Ignore error if file doesn't exist
+            });
+        }
+    }
+    async spawnEditor(filePath) {
+        return new Promise((resolve, reject) => {
+            const editor = process.env.FC_EDITOR || process.env.EDITOR || "vim";
+            const child = spawn(editor, [filePath], {
+                stdio: "inherit",
+            });
+            child.on("exit", (code) => {
+                if (code === 0) {
+                    resolve();
+                }
+                else {
+                    reject(new Error(`Editor process exited with code ${code}`));
+                }
+            });
+            child.on("error", (err) => {
+                reject(err);
+            });
+        });
+    }
+}

package/dist/commands/get/policy.js

@@ -122,7 +122,7 @@ export default class GetPolicy extends BaseCommand {
                     const row = [
                         document.statementId,
                         document.resource,
-                        document.action,
+                        String(document.action),
                     ];
                     documentTable = documentTable.row(row);
                 }
@@ -143,7 +143,9 @@ export default class GetPolicy extends BaseCommand {
                     .table()
                     .head(userAssociationHeaders);
                 const keyAssociationTable = this.ui.table().head(keyAssociationHeaders);
-                const roleAssociationTable = this.ui.table().head(roleAssociationHeaders);
+                const roleAssociationTable = this.ui
+                    .table()
+                    .head(roleAssociationHeaders);
                 for (const association of associations.data.keys) {
                     keyAssociationTable.row([association.keyId]);
                 }

package/oclif.manifest.json

@@ -243,7 +243,55 @@
         "get",
         "role.js"
       ]
+    },
+    "edit:policy": {
+      "aliases": [],
+      "args": {
+        "NAME": {
+          "description": "name",
+          "name": "NAME",
+          "required": true
+        }
+      },
+      "description": "Edit a policy in your preferred editor",
+      "examples": [
+        "$ flowcore iam edit policy my-policy -t my-tenant",
+        "$ FC_EDITOR=code flowcore iam edit policy my-policy -t my-tenant"
+      ],
+      "flags": {
+        "profile": {
+          "description": "Specify the configuration profile to use",
+          "name": "profile",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "tenant": {
+          "char": "t",
+          "description": "tenant",
+          "name": "tenant",
+          "required": true,
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": false,
+      "hiddenAliases": [],
+      "id": "edit:policy",
+      "pluginAlias": "@flowcore/cli-plugin-iam",
+      "pluginName": "@flowcore/cli-plugin-iam",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": false,
+      "isESM": true,
+      "relativePath": [
+        "dist",
+        "commands",
+        "edit",
+        "policy.js"
+      ]
     }
   },
-  "version": "1.4.0"
+  "version": "1.5.0"
 }

package/package.json

@@ -91,7 +91,7 @@
 		"version": "oclif readme && git add README.md",
 		"update-schema": "rover graph introspect https://graph.api.flowcore.io/graphql -o schema.gql"
 	},
-	"version": "1.4.0",
+	"version": "1.5.0",
 	"bugs": "https://github.com/flowcore-io/cli-plugin-iam/issues",
 	"keywords": [
 		"oclif"