Skip to content

Commit

Permalink
feat: fix readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@bearaujus
bearaujus committed Dec 20, 2024
1 parent a308082 commit e0642a2
Show file tree
Hide file tree
Showing 2 changed files with 186 additions and 136 deletions.
320 changes: 185 additions & 135 deletions plugins/providers/alicloud_ram/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,34 +16,34 @@
- Custom Policy
```json
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "ram:ListPolicies",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:AttachPolicyToUser",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:DetachPolicyFromUser",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:AttachPolicyToRole",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:DetachPolicyFromRole",
"Resource": "*"
}
]
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "ram:ListPolicies",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:AttachPolicyToUser",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:DetachPolicyFromUser",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:AttachPolicyToRole",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:DetachPolicyFromRole",
"Resource": "*"
}
]
}
```

Expand Down Expand Up @@ -119,124 +119,174 @@
### For Standalone Provider
```json
{
"type": "alicloud_ram",
"urn": "al-xxxx-id-x:500xxxxxxxxxxxxx", // using self main account id
"allowed_account_types": [
"ramUser",
"ramRole"
],
"credentials": {
"main_account_id": "500xxxxxxxxxxxxx", // using self main account id
"access_key_id": "access_key_id (in base64)",
"access_key_secret": "access_key_secret (in base64)",
},
"appeal": {
"allow_permanent_access": false,
"allow_active_access_extension_in": "336h"
},
"resources": [
"type": "alicloud_ram",
"urn": "al-xxxx-id-x:500xxxxxxxxxxxxx", // using self main account id
"allowed_account_types": [
"ramUser",
"ramRole"
],
"credentials": {
"main_account_id": "500xxxxxxxxxxxxx", // using self main account id
"access_key_id": "access_key_id (in base64)",
"access_key_secret": "access_key_secret (in base64)",
},
"appeal": {
"allow_permanent_access": false,
"allow_active_access_extension_in": "336h"
},
"resources": [
{
"type": "account",
"policy": {
"id": "alicloud_account_policy",
"version": 1
},
"roles": [
{
"type": "account",
"policy": {
"id": "alicloud_account_policy",
"version": 1
"id": "sample-role",
"name": "Sample Role",
"description": "Description for Sample Role",
"permissions": [
{
"name": "AliyunOSSReadOnlyAccess",
"type": "System"
},
"roles": [
{
"id": "sample-role",
"name": "Sample Role",
"description": "Description for Sample Role",
"permissions": [
{
"name": "AliyunOSSReadOnlyAccess",
"type": "System"
},
{
"name": "AliyunOSSFullAccess",
"type": "System"
},
{
"name": "AliyunECSFullAccess",
"type": "System"
}
]
},
{
"id": "sample-role-2",
"name": "Sample Role 2",
"description": "Description for Sample Role 2",
"permissions": [
{
"name": "AliyunCloudMonitorFullAccess",
"type": "System"
}
]
}
]
{
"name": "AliyunOSSFullAccess",
"type": "System"
},
{
"name": "AliyunECSFullAccess",
"type": "System"
}
]
},
{
"id": "sample-role-2",
"name": "Sample Role 2",
"description": "Description for Sample Role 2",
"permissions": [
{
"name": "AliyunCloudMonitorFullAccess",
"type": "System"
}
]
}
]
]
}
]
}
```

### For CROSS Provider
```json
{
"type": "alicloud_ram",
"urn": "al-xxxx-id-x:501xxxxxxxxxxxxx", // using role main account id
"allowed_account_types": [
"ramUser",
"ramRole"
],
"credentials": {
"main_account_id": "501xxxxxxxxxxxxx", // using role main account id
"access_key_id": "access_key_id (in base64)",
"access_key_secret": "access_key_secret (in base64)",
"ram_role": "acs:ram::501xxxxxxxxxxxxx:role/role-name" // using role main account id
},
"appeal": {
"allow_permanent_access": false,
"allow_active_access_extension_in": "336h"
},
"resources": [
"type": "alicloud_ram",
"urn": "al-xxxx-id-x:501xxxxxxxxxxxxx", // using role main account id
"allowed_account_types": [
"ramUser",
"ramRole"
],
"credentials": {
"main_account_id": "501xxxxxxxxxxxxx", // using role main account id
"access_key_id": "access_key_id (in base64)",
"access_key_secret": "access_key_secret (in base64)",
"ram_role": "acs:ram::501xxxxxxxxxxxxx:role/role-name" // using role main account id
},
"appeal": {
"allow_permanent_access": false,
"allow_active_access_extension_in": "336h"
},
"resources": [
{
"type": "account",
"policy": {
"id": "alicloud_account_policy",
"version": 1
},
"roles": [
{
"type": "account",
"policy": {
"id": "alicloud_account_policy",
"version": 1
"id": "sample-role",
"name": "Sample Role",
"description": "Description for Sample Role",
"permissions": [
{
"name": "AliyunOSSReadOnlyAccess",
"type": "System"
},
{
"name": "AliyunOSSFullAccess",
"type": "System"
},
"roles": [
{
"id": "sample-role",
"name": "Sample Role",
"description": "Description for Sample Role",
"permissions": [
{
"name": "AliyunOSSReadOnlyAccess",
"type": "System"
},
{
"name": "AliyunOSSFullAccess",
"type": "System"
},
{
"name": "AliyunECSFullAccess",
"type": "System"
}
]
},
{
"id": "sample-role-2",
"name": "Sample Role 2",
"description": "Description for Sample Role 2",
"permissions": [
{
"name": "AliyunCloudMonitorFullAccess",
"type": "System"
}
]
}
]
{
"name": "AliyunECSFullAccess",
"type": "System"
}
]
},
{
"id": "sample-role-2",
"name": "Sample Role 2",
"description": "Description for Sample Role 2",
"permissions": [
{
"name": "AliyunCloudMonitorFullAccess",
"type": "System"
}
]
}
]
]
}
]
}
```

# Example Requests
### Create Appeal For RAM Account
```json
{
"resources": [
{
"id": "{{RESOURCE_ID}}",
"role": "sample-role",
"options": {
"duration": "1h"
},
"details": {
"questions": {
"What is the purpose of getting access to this role?": "Test"
}
}
}
],
"account_id": "[email protected]",
"account_type": "ramUser"
}
```

### Create Appeal For RAM Role
```json
{
"resources": [
{
"id": "{{RESOURCE_ID}}",
"role": "sample-role",
"options": {
"duration": "1h"
},
"details": {
"questions": {
"What is the purpose of getting access to this role?": "Test"
}
}
}
],
"account_id": "role-name",
"account_type": "ramRole"
}
```

# DOCS
For another documentation you can refer to this link:
[https://github.com/goto/guardian/tree/main/plugins/providers/alicloud_ram/docs](https://github.com/goto/guardian/tree/main/plugins/providers/alicloud_ram/docs)

2 changes: 1 addition & 1 deletion plugins/providers/alicloud_ram/errors.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,6 @@ var (
ErrGrantRoleNotFoundAtResource = errors.New("grant role not found at resource")
ErrEmptyGrantRole = errors.New("empty grant role")
ErrInvalidPolicyType = fmt.Errorf("invalid policy type. policy type must be one of: %v\n", getPolicyTypes())
ErrInvalidAliAccountUserID = errors.New("invalid ali account user id. see: https://github.com/goto/guardian/tree/main/plugins/providers/alicloudiam/docs/ali-account-user-id-example.png")
ErrInvalidAliAccountUserID = errors.New("invalid ali account user id. see: https://github.com/goto/guardian/tree/main/plugins/providers/alicloud_ram/docs/ali-account-user-id-example.png")
ErrEmptyResourceConfig = errors.New("empty resource config")
)

0 comments on commit e0642a2

Please sign in to comment.