From e0642a2374eea3a48552b1dad72a272908298755 Mon Sep 17 00:00:00 2001 From: Haryo Bagas Assyafah Date: Sat, 21 Dec 2024 00:49:38 +0700 Subject: [PATCH] feat: fix readme --- plugins/providers/alicloud_ram/README.md | 320 +++++++++++++---------- plugins/providers/alicloud_ram/errors.go | 2 +- 2 files changed, 186 insertions(+), 136 deletions(-) diff --git a/plugins/providers/alicloud_ram/README.md b/plugins/providers/alicloud_ram/README.md index 0308bc833..130e9c7bd 100644 --- a/plugins/providers/alicloud_ram/README.md +++ b/plugins/providers/alicloud_ram/README.md @@ -16,34 +16,34 @@ - Custom Policy ```json { - "Version": "1", - "Statement": [ - { - "Effect": "Allow", - "Action": "ram:ListPolicies", - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": "ram:AttachPolicyToUser", - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": "ram:DetachPolicyFromUser", - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": "ram:AttachPolicyToRole", - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": "ram:DetachPolicyFromRole", - "Resource": "*" - } - ] + "Version": "1", + "Statement": [ + { + "Effect": "Allow", + "Action": "ram:ListPolicies", + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": "ram:AttachPolicyToUser", + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": "ram:DetachPolicyFromUser", + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": "ram:AttachPolicyToRole", + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": "ram:DetachPolicyFromRole", + "Resource": "*" + } + ] } ``` @@ -119,124 +119,174 @@ ### For Standalone Provider ```json { - "type": "alicloud_ram", - "urn": "al-xxxx-id-x:500xxxxxxxxxxxxx", // using self main account id - "allowed_account_types": [ - "ramUser", - "ramRole" - ], - "credentials": { - "main_account_id": "500xxxxxxxxxxxxx", // using self main account id - "access_key_id": "access_key_id (in base64)", - "access_key_secret": "access_key_secret (in base64)", - }, - "appeal": { - "allow_permanent_access": false, - "allow_active_access_extension_in": "336h" - }, - "resources": [ + "type": "alicloud_ram", + "urn": "al-xxxx-id-x:500xxxxxxxxxxxxx", // using self main account id + "allowed_account_types": [ + "ramUser", + "ramRole" + ], + "credentials": { + "main_account_id": "500xxxxxxxxxxxxx", // using self main account id + "access_key_id": "access_key_id (in base64)", + "access_key_secret": "access_key_secret (in base64)", + }, + "appeal": { + "allow_permanent_access": false, + "allow_active_access_extension_in": "336h" + }, + "resources": [ + { + "type": "account", + "policy": { + "id": "alicloud_account_policy", + "version": 1 + }, + "roles": [ { - "type": "account", - "policy": { - "id": "alicloud_account_policy", - "version": 1 + "id": "sample-role", + "name": "Sample Role", + "description": "Description for Sample Role", + "permissions": [ + { + "name": "AliyunOSSReadOnlyAccess", + "type": "System" }, - "roles": [ - { - "id": "sample-role", - "name": "Sample Role", - "description": "Description for Sample Role", - "permissions": [ - { - "name": "AliyunOSSReadOnlyAccess", - "type": "System" - }, - { - "name": "AliyunOSSFullAccess", - "type": "System" - }, - { - "name": "AliyunECSFullAccess", - "type": "System" - } - ] - }, - { - "id": "sample-role-2", - "name": "Sample Role 2", - "description": "Description for Sample Role 2", - "permissions": [ - { - "name": "AliyunCloudMonitorFullAccess", - "type": "System" - } - ] - } - ] + { + "name": "AliyunOSSFullAccess", + "type": "System" + }, + { + "name": "AliyunECSFullAccess", + "type": "System" + } + ] + }, + { + "id": "sample-role-2", + "name": "Sample Role 2", + "description": "Description for Sample Role 2", + "permissions": [ + { + "name": "AliyunCloudMonitorFullAccess", + "type": "System" + } + ] } - ] + ] + } + ] } ``` ### For CROSS Provider ```json { - "type": "alicloud_ram", - "urn": "al-xxxx-id-x:501xxxxxxxxxxxxx", // using role main account id - "allowed_account_types": [ - "ramUser", - "ramRole" - ], - "credentials": { - "main_account_id": "501xxxxxxxxxxxxx", // using role main account id - "access_key_id": "access_key_id (in base64)", - "access_key_secret": "access_key_secret (in base64)", - "ram_role": "acs:ram::501xxxxxxxxxxxxx:role/role-name" // using role main account id - }, - "appeal": { - "allow_permanent_access": false, - "allow_active_access_extension_in": "336h" - }, - "resources": [ + "type": "alicloud_ram", + "urn": "al-xxxx-id-x:501xxxxxxxxxxxxx", // using role main account id + "allowed_account_types": [ + "ramUser", + "ramRole" + ], + "credentials": { + "main_account_id": "501xxxxxxxxxxxxx", // using role main account id + "access_key_id": "access_key_id (in base64)", + "access_key_secret": "access_key_secret (in base64)", + "ram_role": "acs:ram::501xxxxxxxxxxxxx:role/role-name" // using role main account id + }, + "appeal": { + "allow_permanent_access": false, + "allow_active_access_extension_in": "336h" + }, + "resources": [ + { + "type": "account", + "policy": { + "id": "alicloud_account_policy", + "version": 1 + }, + "roles": [ { - "type": "account", - "policy": { - "id": "alicloud_account_policy", - "version": 1 + "id": "sample-role", + "name": "Sample Role", + "description": "Description for Sample Role", + "permissions": [ + { + "name": "AliyunOSSReadOnlyAccess", + "type": "System" + }, + { + "name": "AliyunOSSFullAccess", + "type": "System" }, - "roles": [ - { - "id": "sample-role", - "name": "Sample Role", - "description": "Description for Sample Role", - "permissions": [ - { - "name": "AliyunOSSReadOnlyAccess", - "type": "System" - }, - { - "name": "AliyunOSSFullAccess", - "type": "System" - }, - { - "name": "AliyunECSFullAccess", - "type": "System" - } - ] - }, - { - "id": "sample-role-2", - "name": "Sample Role 2", - "description": "Description for Sample Role 2", - "permissions": [ - { - "name": "AliyunCloudMonitorFullAccess", - "type": "System" - } - ] - } - ] + { + "name": "AliyunECSFullAccess", + "type": "System" + } + ] + }, + { + "id": "sample-role-2", + "name": "Sample Role 2", + "description": "Description for Sample Role 2", + "permissions": [ + { + "name": "AliyunCloudMonitorFullAccess", + "type": "System" + } + ] } - ] + ] + } + ] } ``` + +# Example Requests +### Create Appeal For RAM Account +```json +{ + "resources": [ + { + "id": "{{RESOURCE_ID}}", + "role": "sample-role", + "options": { + "duration": "1h" + }, + "details": { + "questions": { + "What is the purpose of getting access to this role?": "Test" + } + } + } + ], + "account_id": "example.user@500xxxxxxxxxxxxx.onaliyun.com", + "account_type": "ramUser" +} +``` + +### Create Appeal For RAM Role +```json +{ + "resources": [ + { + "id": "{{RESOURCE_ID}}", + "role": "sample-role", + "options": { + "duration": "1h" + }, + "details": { + "questions": { + "What is the purpose of getting access to this role?": "Test" + } + } + } + ], + "account_id": "role-name", + "account_type": "ramRole" +} +``` + +# DOCS +For another documentation you can refer to this link: +[https://github.com/goto/guardian/tree/main/plugins/providers/alicloud_ram/docs](https://github.com/goto/guardian/tree/main/plugins/providers/alicloud_ram/docs) + diff --git a/plugins/providers/alicloud_ram/errors.go b/plugins/providers/alicloud_ram/errors.go index b91fefdae..4621925b9 100644 --- a/plugins/providers/alicloud_ram/errors.go +++ b/plugins/providers/alicloud_ram/errors.go @@ -17,6 +17,6 @@ var ( ErrGrantRoleNotFoundAtResource = errors.New("grant role not found at resource") ErrEmptyGrantRole = errors.New("empty grant role") ErrInvalidPolicyType = fmt.Errorf("invalid policy type. policy type must be one of: %v\n", getPolicyTypes()) - ErrInvalidAliAccountUserID = errors.New("invalid ali account user id. see: https://github.com/goto/guardian/tree/main/plugins/providers/alicloudiam/docs/ali-account-user-id-example.png") + ErrInvalidAliAccountUserID = errors.New("invalid ali account user id. see: https://github.com/goto/guardian/tree/main/plugins/providers/alicloud_ram/docs/ali-account-user-id-example.png") ErrEmptyResourceConfig = errors.New("empty resource config") )