2024-03-20 12:18:46 +02:00
|
|
|
package integration
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
|
|
|
|
|
|
|
"github.com/zitadel/zitadel/pkg/grpc/admin"
|
|
|
|
"github.com/zitadel/zitadel/pkg/grpc/management"
|
|
|
|
)
|
|
|
|
|
2024-09-06 15:47:57 +03:00
|
|
|
func (i *Instance) CreateMachineUserPATWithMembership(ctx context.Context, roles ...string) (id, pat string, err error) {
|
|
|
|
user := i.CreateMachineUser(ctx)
|
2024-03-20 12:18:46 +02:00
|
|
|
|
2024-09-06 15:47:57 +03:00
|
|
|
patResp, err := i.Client.Mgmt.AddPersonalAccessToken(ctx, &management.AddPersonalAccessTokenRequest{
|
2024-03-20 12:18:46 +02:00
|
|
|
UserId: user.GetUserId(),
|
|
|
|
ExpirationDate: timestamppb.New(time.Now().Add(24 * time.Hour)),
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return "", "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
orgRoles := make([]string, 0, len(roles))
|
|
|
|
iamRoles := make([]string, 0, len(roles))
|
|
|
|
|
|
|
|
for _, role := range roles {
|
|
|
|
if strings.HasPrefix(role, "ORG_") {
|
|
|
|
orgRoles = append(orgRoles, role)
|
|
|
|
}
|
|
|
|
if strings.HasPrefix(role, "IAM_") {
|
|
|
|
iamRoles = append(iamRoles, role)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(orgRoles) > 0 {
|
2024-09-06 15:47:57 +03:00
|
|
|
_, err := i.Client.Mgmt.AddOrgMember(ctx, &management.AddOrgMemberRequest{
|
2024-03-20 12:18:46 +02:00
|
|
|
UserId: user.GetUserId(),
|
|
|
|
Roles: orgRoles,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return "", "", err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(iamRoles) > 0 {
|
2024-09-06 15:47:57 +03:00
|
|
|
_, err := i.Client.Admin.AddIAMMember(ctx, &admin.AddIAMMemberRequest{
|
2024-03-20 12:18:46 +02:00
|
|
|
UserId: user.GetUserId(),
|
|
|
|
Roles: iamRoles,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return "", "", err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return user.GetUserId(), patResp.GetToken(), nil
|
|
|
|
}
|