feat: introduce add family of commands for company IAM (#140)

CHANGELOG.md

@@ -7,15 +7,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### BREAKING
+
+- move serviceaccount commads under `company iam add`
+
+### Added
+
+- `company iam add user` command
+- `company iam add group` command
+- `company iam add group-member` command
+
 ### Changed
 
+- the company iam list commands now return the id of the entities as well
 - update go version to 1.21.5
 - update logr to v1.4.1
 - update uuid to 1.5.0
 - update exp to v0.0.0-20231219180239-dc181d75b848
 
 ## [0.10.0] - 2023-12-20
 
+### BREAKING
+
+- `miactl marketplace delete` does not accept anymore the id as argument, it should be provided to the flag `--object-id`
+- `miactl marketplace get` does not accept anymore the id as argument, it should be provided to the flag `--object-id`
+
 ### Added
 
 - `company iam list` command
@@ -47,11 +63,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - `runtime logs` now is working correctly for pods with more than one container
 
-### BREAKING
-
-- `miactl marketplace delete` does not accept anymore the id as argument, it should be provided to the flag `--object-id`
-- `miactl marketplace get` does not accept anymore the id as argument, it should be provided to the flag `--object-id`
-
 ## [0.9.0] - 2023-11-15
 
 ### Added

docs/30_commands.md

@@ -186,21 +186,34 @@ Available flags for the command:
 - `--context`, to specify a different context from the currently selected one
 - `--company-id`, to set the ID of the desired Company
 
-## project
+#### add serviceaccount basic
 
-This command allows you to manage `miactl` Projects.
+The `company iam add serviceaccount basic` subcommand allows you to create a new service account for your Company.
 
-To access the resources, you need an account with the correct permissions.
+Usage:
 
-### list
+```sh
+miactl company iam add serviceaccount basic NAME [flags]
+```
 
-The `project list` subcommand allows you to view the list of Projects belonging to the Company specified in the current
-context. The output will show the **names**, **IDs**, and **Configuration Git paths** of the Projects.
+Available flags for the command:
+
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
+- `--role`, the Company role for the service account
+
+#### add serviceaccount jwt
+
+The `company iam add serviceaccount jwt` subcommand allows you to create a new service account for your Company that will
+use the jwt authorization method.
 
 Usage:
 
 ```sh
-miactl project list [flags]
+miactl company iam add serviceaccount jwt NAME [flags]
 ```
 
 Available flags for the command:
@@ -210,15 +223,17 @@ Available flags for the command:
 - `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
 - `--context`, to specify a different context from the currently selected one
 - `--company-id`, to set the ID of the desired Company
+- `--output`, optional flag to save the service account configuration as json in a file at the provided path
+- `--role`, the Company role for the service account
 
-## deploy
+#### add user
 
-This command allows you to trigger the deploy pipeline for the selected Project.
+The `company iam add user` subcommand allows you to add a user in your Company with the given role.
 
 Usage:
 
 ```sh
-miactl deploy ENVIRONMENT [flags]
+miactl company iam add user [flags]
 ```
 
 Available flags for the command:
@@ -228,21 +243,63 @@ Available flags for the command:
 - `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
 - `--context`, to specify a different context from the currently selected one
 - `--company-id`, to set the ID of the desired Company
-- `--project-id`, to set the ID of the desired Project
-- `--deploy-type`, to select a deploy type (default is `smart_deploy`)
-- `--no-semver`, to force the deploy without `semver`
-- `--revision`, to specify the revision of the commit to deploy
+- `--email`, the email of the user to add
+- `--role`, the Company role of the user
+
+#### add group
+
+The `company iam add group` subcommand allows you to add a group in your Company with the given role.
+
+Usage:
+
+```sh
+miactl company iam add group NAME [flags]
+```
+
+Available flags for the command:
+
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
+- `--role`, the Company role of the user
+
+#### add group-member
+
+The `company iam add group-member` subcommand allows you to add one or more users to a group in your Company.
+
+Usage:
+
+```sh
+miactl company iam add group-member [flags]
+```
 
-## serviceaccount
+Available flags for the command:
 
-### create basic
+- `--group-id`, the group id where to add the users
+- `--user-email`, the list of user email to add to the group
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
 
-The `serviceaccount create basic` subcommand allows you to create a new service account for your Company.
+## project
+
+This command allows you to manage `miactl` Projects.
+
+To access the resources, you need an account with the correct permissions.
+
+### list
+
+The `project list` subcommand allows you to view the list of Projects belonging to the Company specified in the current
+context. The output will show the **names**, **IDs**, and **Configuration Git paths** of the Projects.
 
 Usage:
 
 ```sh
-miactl serviceaccount create basic NAME [flags]
+miactl project list [flags]
 ```
 
 Available flags for the command:
@@ -252,17 +309,15 @@ Available flags for the command:
 - `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
 - `--context`, to specify a different context from the currently selected one
 - `--company-id`, to set the ID of the desired Company
-- `--role`, the Company role for the service account
 
-### create jwt
+## deploy
 
-The `serviceaccount create jwt` subcommand allows you to create a new service account for your Company that will
-use the jwt authorization method.
+This command allows you to trigger the deploy pipeline for the selected Project.
 
 Usage:
 
 ```sh
-miactl serviceaccount create jwt NAME [flags]
+miactl deploy ENVIRONMENT [flags]
 ```
 
 Available flags for the command:
@@ -272,8 +327,10 @@ Available flags for the command:
 - `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
 - `--context`, to specify a different context from the currently selected one
 - `--company-id`, to set the ID of the desired Company
-- `--output`, optional flag to save the service account json description in a file at the provided path
-- `--role`, the Company role for the service account
+- `--project-id`, to set the ID of the desired Project
+- `--deploy-type`, to select a deploy type (default is `smart_deploy`)
+- `--no-semver`, to force the deploy without `semver`
+- `--revision`, to specify the revision of the commit to deploy
 
 ## runtime
 

internal/clioptions/clioptions.go

@@ -46,12 +46,17 @@ type CLIOptions struct {
 	DeployType string
 	NoSemVer   bool
 
+	IAMRole string
+
+	UserEmail string
+
+	UserEmails []string
+	GroupID    string
+
 	BasicClientID     string
 	BasicClientSecret string
 	JWTJsonPath       string
-
-	ServiceAccountRole string
-	OutputPath         string
+	OutputPath        string
 
 	MarketplaceResourcePaths []string
 	// MarketplaceItemID is the itemId field of a Marketplace item
@@ -132,12 +137,26 @@ func (o *CLIOptions) AddContextAuthFlags(flags *pflag.FlagSet) {
 }
 
 func (o *CLIOptions) AddServiceAccountFlags(flags *pflag.FlagSet) {
-	flags.StringVarP(&o.ServiceAccountRole, "role", "r", "", "the company role of the service account")
+	flags.StringVarP(&o.IAMRole, "role", "r", "", "the company role of the service account")
 }
 
 func (o *CLIOptions) AddJWTServiceAccountFlags(flags *pflag.FlagSet) {
 	o.AddServiceAccountFlags(flags)
-	flags.StringVarP(&o.OutputPath, "output", "o", "", "write the service account to a file")
+	flags.StringVarP(&o.OutputPath, "output", "o", "", "write the service account configuration as json to a file")
+}
+
+func (o *CLIOptions) AddNewUserFlags(flags *pflag.FlagSet) {
+	flags.StringVarP(&o.IAMRole, "role", "r", "", "the company role of the user")
+	flags.StringVarP(&o.UserEmail, "email", "", "", "the email of the user to add")
+}
+
+func (o *CLIOptions) CreateNewGroupFlags(flags *pflag.FlagSet) {
+	flags.StringVarP(&o.IAMRole, "role", "r", "", "the company role of the group")
+}
+
+func (o *CLIOptions) AddMemberToGroupFlags(flags *pflag.FlagSet) {
+	flags.StringSliceVarP(&o.UserEmails, "user-email", "", []string{}, "the list of user email to add to the group")
+	flags.StringVarP(&o.GroupID, "group-id", "", "", "the group id where to add the users")
 }
 
 func (o *CLIOptions) AddMarketplaceApplyFlags(cmd *cobra.Command) {

internal/cmd/company/iam.go

@@ -37,6 +37,7 @@ via a group or through service accounts.`,
 
 	cmd.AddCommand(
 		iam.ListCmd(o),
+		iam.AddCmd(o),
 	)
 
 	return cmd

internal/cmd/company/iam/add.go

@@ -0,0 +1,42 @@
+// Copyright Mia srl
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package iam
+
+import (
+	"github.com/mia-platform/miactl/internal/clioptions"
+	"github.com/mia-platform/miactl/internal/cmd/company/iam/group"
+	"github.com/mia-platform/miactl/internal/cmd/company/iam/serviceaccount"
+	"github.com/mia-platform/miactl/internal/cmd/company/iam/user"
+	"github.com/spf13/cobra"
+)
+
+func AddCmd(options *clioptions.CLIOptions) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "add",
+		Short: "Add a new IAM entity to a company",
+		Long: `A Company can have associated different entities for managing the roles, this command will create or
+add them to the company selected via the flag or context`,
+	}
+
+	cmd.AddCommand(
+		serviceaccount.CreateServiceAccountCmd(options),
+		user.AddCmd(options),
+		group.AddCmd(options),
+		group.AddMemberCmd(options),
+	)
+
+	return cmd
+}