feat: add remove family of iam commands (#144)

Co-authored-by: Davide Bianchi <[email protected]>

CHANGELOG.md

@@ -19,6 +19,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `company iam add group-member` command
 - `company iam edit serviceaccount` command
 - `company iam edit group` command
+- `company iam remove user` command
+- `company iam remove group` command
+- `company iam remove serviceaccount` command
+- `company iam remove group-member` command
 
 ### Changed
 
@@ -31,6 +35,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 
 - remove conflicting shortand flag `-v` from `miactl marketplace delete` command
+- creation of basic auth service account
 
 ## [0.10.0] - 2023-12-20
 

docs/30_commands.md

@@ -346,6 +346,85 @@ Available flags for the command:
 - `--group-id`, the id of the group to edit
 - `--role`, the new Company role of the group
 
+#### remove user
+
+The `company iam remove user` subcommand allows you to remove a user from a company. Alternatively you can use the
+`no-include-groups` flag for only remove the role directly associated to a user, but leave intact its groups memberships.
+
+Usage:
+
+```sh
+miactl company iam remove user [flags]
+```
+
+Available flags for the command:
+
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
+- `--user-id`, the id of the user to remove
+- `--no-include-groups`, set this flag for keeping the user memberhip, and only remove the role attached to the user
+
+#### remove group
+
+The `company iam remove group` subcommand allows you to remove a group and all its memberships from a company.
+
+Usage:
+
+```sh
+miactl company iam remove group [flags]
+```
+
+Available flags for the command:
+
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
+- `--group-id`, the id of the group to remove
+
+#### remove serviceaccount
+
+The `company iam remove serviceaccount` subcommand allows you to removeo a service account in your Company.
+
+Usage:
+
+```sh
+miactl company iam remove serviceaccount [flags]
+```
+
+Available flags for the command:
+
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
+- `--service-account-id`, the id of the service account to remove
+
+#### remove group-member
+
+The `company iam remove group-member` subcommand allows you to remove one or more users from a group in your Company.
+
+Usage:
+
+```sh
+miactl company iam remove group-member [flags]
+```
+
+Available flags for the command:
+
+- `--group-id`, the group id where to remove the users
+- `--user-id`, the list of user ids to remove from the group
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
+
 ## project
 
 This command allows you to manage `miactl` Projects.

internal/client/response.go

@@ -90,11 +90,6 @@ func (r *Response) ParseResponse(obj interface{}) error {
 		return r.err
 	}
 
-	err := json.Unmarshal(r.body, obj)
-	if err != nil && err != io.EOF {
-		return fmt.Errorf("error during response parsing: %w", err)
-	}
-
 	return parseBody(r.body, obj)
 }
 

internal/clioptions/clioptions.go

@@ -48,10 +48,12 @@ type CLIOptions struct {
 
 	IAMRole string
 
-	UserEmail string
-	UserID    string
+	UserEmail                 string
+	UserID                    string
+	KeepUserGroupMemeberships bool
 
 	UserEmails []string
+	UserIDs    []string
 	GroupID    string
 
 	ServiceAccountID string
@@ -153,6 +155,10 @@ func (o *CLIOptions) AddEditServiceAccountFlags(flags *pflag.FlagSet) {
 	flags.StringVarP(&o.ServiceAccountID, "service-account-id", "", "", "the service account id to edit")
 }
 
+func (o *CLIOptions) AddRemoveServiceAccountFlags(flags *pflag.FlagSet) {
+	flags.StringVarP(&o.ServiceAccountID, "service-account-id", "", "", "the service account id to remove")
+}
+
 func (o *CLIOptions) AddNewUserFlags(flags *pflag.FlagSet) {
 	flags.StringVarP(&o.IAMRole, "role", "r", "", "the company role of the user")
 	flags.StringVarP(&o.UserEmail, "email", "", "", "the email of the user to add")
@@ -163,11 +169,16 @@ func (o *CLIOptions) AddEditUserFlags(flags *pflag.FlagSet) {
 	flags.StringVarP(&o.UserID, "user-id", "", "", "the user id to edit")
 }
 
+func (o *CLIOptions) AddRemoveUserFlags(flags *pflag.FlagSet) {
+	flags.StringVarP(&o.UserID, "user-id", "", "", "the user id to remove")
+	flags.BoolVarP(&o.KeepUserGroupMemeberships, "no-include-groups", "", false, "keep the user membership in the company groups")
+}
+
 func (o *CLIOptions) CreateNewGroupFlags(flags *pflag.FlagSet) {
 	flags.StringVarP(&o.IAMRole, "role", "r", "", "the company role of the group")
 }
 
-func (o *CLIOptions) AddMemberToGroupFlags(flags *pflag.FlagSet) {
+func (o *CLIOptions) AddNewMembersToGroupFlags(flags *pflag.FlagSet) {
 	flags.StringSliceVarP(&o.UserEmails, "user-email", "", []string{}, "the list of user email to add to the group")
 	flags.StringVarP(&o.GroupID, "group-id", "", "", "the group id where to add the users")
 }
@@ -177,6 +188,15 @@ func (o *CLIOptions) AddEditGroupFlags(flags *pflag.FlagSet) {
 	flags.StringVarP(&o.GroupID, "group-id", "", "", "the group id to edit")
 }
 
+func (o *CLIOptions) AddRemoveGroupFlags(flags *pflag.FlagSet) {
+	flags.StringVarP(&o.GroupID, "group-id", "", "", "the group id to remove")
+}
+
+func (o *CLIOptions) AddRemoveMembersFromGroupFlags(flags *pflag.FlagSet) {
+	flags.StringSliceVarP(&o.UserIDs, "user-id", "", []string{}, "the list of user id to remove to the group")
+	flags.StringVarP(&o.GroupID, "group-id", "", "", "the group id where to remove the users")
+}
+
 func (o *CLIOptions) AddMarketplaceApplyFlags(cmd *cobra.Command) {
 	cmd.Flags().StringArrayVarP(&o.MarketplaceResourcePaths, "file-path", "f", []string{}, "paths to JSON/YAML files or folder of files containing a Marketplace item definition")
 	err := cmd.MarkFlagRequired("file-path")

internal/cmd/company/iam.go

@@ -39,6 +39,7 @@ via a group or through service accounts.`,
 		iam.ListCmd(o),
 		iam.AddCmd(o),
 		iam.EditCmd(o),
+		iam.RemoveCmd(o),
 	)
 
 	return cmd

internal/cmd/company/iam/group/add_member.go

@@ -47,7 +47,7 @@ func AddMemberCmd(options *clioptions.CLIOptions) *cobra.Command {
 		},
 	}
 
-	options.AddMemberToGroupFlags(cmd.Flags())
+	options.AddNewMembersToGroupFlags(cmd.Flags())
 	return cmd
 }
 

internal/cmd/company/iam/group/remove.go

@@ -0,0 +1,77 @@
+// Copyright Mia srl
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package group
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/mia-platform/miactl/internal/client"
+	"github.com/mia-platform/miactl/internal/clioptions"
+	"github.com/spf13/cobra"
+)
+
+const (
+	removeGroupTemplate = "/api/companies/%s/groups/%s"
+)
+
+func RemoveCmd(options *clioptions.CLIOptions) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "group",
+		Short: "Remove a group from a company",
+		Long:  "Remove a group from a company",
+
+		Args: cobra.NoArgs,
+		Run: func(cmd *cobra.Command, args []string) {
+			restConfig, err := options.ToRESTConfig()
+			cobra.CheckErr(err)
+			client, err := client.APIClientForConfig(restConfig)
+			cobra.CheckErr(err)
+
+			err = removeCompanyGroup(cmd.Context(), client, restConfig.CompanyID, options.GroupID)
+			cobra.CheckErr(err)
+		},
+	}
+
+	options.AddRemoveGroupFlags(cmd.Flags())
+	return cmd
+}
+
+func removeCompanyGroup(ctx context.Context, client *client.APIClient, companyID, groupID string) error {
+	if len(companyID) == 0 {
+		return fmt.Errorf("company id is required, please set it via flag or context")
+	}
+
+	if len(groupID) == 0 {
+		return fmt.Errorf("the group id is required")
+	}
+
+	resp, err := client.
+		Delete().
+		APIPath(fmt.Sprintf(removeGroupTemplate, companyID, groupID)).
+		Do(ctx)
+
+	if err != nil {
+		return err
+	}
+
+	if err := resp.Error(); err != nil {
+		return err
+	}
+
+	fmt.Printf("group %s successfully removed\n", groupID)
+	return nil
+}

internal/cmd/company/iam/group/remove_member.go

@@ -0,0 +1,92 @@
+// Copyright Mia srl
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package group
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/mia-platform/miactl/internal/client"
+	"github.com/mia-platform/miactl/internal/clioptions"
+	"github.com/mia-platform/miactl/internal/resources"
+	"github.com/spf13/cobra"
+)
+
+const (
+	removeMemberTemplate = "/api/companies/%s/groups/%s/members"
+)
+
+func RemoveMemberCmd(options *clioptions.CLIOptions) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "group-member",
+		Short: "Remove one or more users from a group",
+		Long:  "Remove one or more users from a company group. The users can be removed via their ids",
+
+		Args: cobra.NoArgs,
+		Run: func(cmd *cobra.Command, args []string) {
+			restConfig, err := options.ToRESTConfig()
+			cobra.CheckErr(err)
+			client, err := client.APIClientForConfig(restConfig)
+			cobra.CheckErr(err)
+
+			err = removeMemberFromGroup(cmd.Context(), client, restConfig.CompanyID, options.GroupID, options.UserIDs)
+			cobra.CheckErr(err)
+		},
+	}
+
+	options.AddRemoveMembersFromGroupFlags(cmd.Flags())
+	return cmd
+}
+
+func removeMemberFromGroup(ctx context.Context, client *client.APIClient, companyID, groupID string, userIDs []string) error {
+	if len(companyID) == 0 {
+		return fmt.Errorf("company id is required, please set it via flag or context")
+	}
+
+	if len(groupID) == 0 {
+		return fmt.Errorf("a group id is required")
+	}
+
+	if len(userIDs) < 1 {
+		return fmt.Errorf("at least one user id must be used")
+	}
+
+	payload := resources.RemoveMembersToGroup{
+		Members: userIDs,
+	}
+
+	body, err := resources.EncodeResourceToJSON(payload)
+	if err != nil {
+		return fmt.Errorf("failed to encode request body: %w", err)
+	}
+
+	resp, err := client.
+		Delete().
+		APIPath(fmt.Sprintf(removeMemberTemplate, companyID, groupID)).
+		Body(body).
+		Do(ctx)
+
+	if err != nil {
+		return err
+	}
+
+	if err := resp.Error(); err != nil {
+		return err
+	}
+
+	fmt.Println("the users has been removed from the group")
+	return nil
+}