332 lines
12 KiB
Go
332 lines
12 KiB
Go
|
package cloudflare
|
||
|
|
||
|
import (
|
||
|
"encoding/json"
|
||
|
"fmt"
|
||
|
|
||
|
"github.com/pkg/errors"
|
||
|
)
|
||
|
|
||
|
// AccessIdentityProvider is the structure of the provider object.
|
||
|
type AccessIdentityProvider struct {
|
||
|
ID string `json:"id,omitemtpy"`
|
||
|
Name string `json:"name"`
|
||
|
Type string `json:"type"`
|
||
|
Config interface{} `json:"config"`
|
||
|
}
|
||
|
|
||
|
// AccessAzureADConfiguration is the representation of the Azure AD identity
|
||
|
// provider.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/azuread/
|
||
|
type AccessAzureADConfiguration struct {
|
||
|
ClientID string `json:"client_id"`
|
||
|
ClientSecret string `json:"client_secret"`
|
||
|
DirectoryID string `json:"directory_id"`
|
||
|
SupportGroups bool `json:"support_groups"`
|
||
|
}
|
||
|
|
||
|
// AccessCentrifyConfiguration is the representation of the Centrify identity
|
||
|
// provider.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/centrify/
|
||
|
type AccessCentrifyConfiguration struct {
|
||
|
ClientID string `json:"client_id"`
|
||
|
ClientSecret string `json:"client_secret"`
|
||
|
CentrifyAccount string `json:"centrify_account"`
|
||
|
CentrifyAppID string `json:"centrify_app_id"`
|
||
|
}
|
||
|
|
||
|
// AccessCentrifySAMLConfiguration is the representation of the Centrify
|
||
|
// identity provider using SAML.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/saml-centrify/
|
||
|
type AccessCentrifySAMLConfiguration struct {
|
||
|
IssuerURL string `json:"issuer_url"`
|
||
|
SsoTargetURL string `json:"sso_target_url"`
|
||
|
Attributes []string `json:"attributes"`
|
||
|
EmailAttributeName string `json:"email_attribute_name"`
|
||
|
SignRequest bool `json:"sign_request"`
|
||
|
IdpPublicCert string `json:"idp_public_cert"`
|
||
|
}
|
||
|
|
||
|
// AccessFacebookConfiguration is the representation of the Facebook identity
|
||
|
// provider.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/facebook-login/
|
||
|
type AccessFacebookConfiguration struct {
|
||
|
ClientID string `json:"client_id"`
|
||
|
ClientSecret string `json:"client_secret"`
|
||
|
}
|
||
|
|
||
|
// AccessGSuiteConfiguration is the representation of the GSuite identity
|
||
|
// provider.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/gsuite/
|
||
|
type AccessGSuiteConfiguration struct {
|
||
|
ClientID string `json:"client_id"`
|
||
|
ClientSecret string `json:"client_secret"`
|
||
|
AppsDomain string `json:"apps_domain"`
|
||
|
}
|
||
|
|
||
|
// AccessGenericOIDCConfiguration is the representation of the generic OpenID
|
||
|
// Connect (OIDC) connector.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/generic-oidc/
|
||
|
type AccessGenericOIDCConfiguration struct {
|
||
|
ClientID string `json:"client_id"`
|
||
|
ClientSecret string `json:"client_secret"`
|
||
|
AuthURL string `json:"auth_url"`
|
||
|
TokenURL string `json:"token_url"`
|
||
|
CertsURL string `json:"certs_url"`
|
||
|
}
|
||
|
|
||
|
// AccessGitHubConfiguration is the representation of the GitHub identity
|
||
|
// provider.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/github/
|
||
|
type AccessGitHubConfiguration struct {
|
||
|
ClientID string `json:"client_id"`
|
||
|
ClientSecret string `json:"client_secret"`
|
||
|
}
|
||
|
|
||
|
// AccessGoogleConfiguration is the representation of the Google identity
|
||
|
// provider.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/google/
|
||
|
type AccessGoogleConfiguration struct {
|
||
|
ClientID string `json:"client_id"`
|
||
|
ClientSecret string `json:"client_secret"`
|
||
|
}
|
||
|
|
||
|
// AccessJumpCloudSAMLConfiguration is the representation of the Jump Cloud
|
||
|
// identity provider using SAML.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/jumpcloud-saml/
|
||
|
type AccessJumpCloudSAMLConfiguration struct {
|
||
|
IssuerURL string `json:"issuer_url"`
|
||
|
SsoTargetURL string `json:"sso_target_url"`
|
||
|
Attributes []string `json:"attributes"`
|
||
|
EmailAttributeName string `json:"email_attribute_name"`
|
||
|
SignRequest bool `json:"sign_request"`
|
||
|
IdpPublicCert string `json:"idp_public_cert"`
|
||
|
}
|
||
|
|
||
|
// AccessOktaConfiguration is the representation of the Okta identity provider.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/okta/
|
||
|
type AccessOktaConfiguration struct {
|
||
|
ClientID string `json:"client_id"`
|
||
|
ClientSecret string `json:"client_secret"`
|
||
|
OktaAccount string `json:"okta_account"`
|
||
|
}
|
||
|
|
||
|
// AccessOktaSAMLConfiguration is the representation of the Okta identity
|
||
|
// provider using SAML.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/saml-okta/
|
||
|
type AccessOktaSAMLConfiguration struct {
|
||
|
IssuerURL string `json:"issuer_url"`
|
||
|
SsoTargetURL string `json:"sso_target_url"`
|
||
|
Attributes []string `json:"attributes"`
|
||
|
EmailAttributeName string `json:"email_attribute_name"`
|
||
|
SignRequest bool `json:"sign_request"`
|
||
|
IdpPublicCert string `json:"idp_public_cert"`
|
||
|
}
|
||
|
|
||
|
// AccessOneTimePinConfiguration is the representation of the default One Time
|
||
|
// Pin identity provider.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/one-time-pin/
|
||
|
type AccessOneTimePinConfiguration struct{}
|
||
|
|
||
|
// AccessOneLoginOIDCConfiguration is the representation of the OneLogin
|
||
|
// OpenID connector as an identity provider.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/onelogin-oidc/
|
||
|
type AccessOneLoginOIDCConfiguration struct {
|
||
|
ClientID string `json:"client_id"`
|
||
|
ClientSecret string `json:"client_secret"`
|
||
|
OneloginAccount string `json:"onelogin_account"`
|
||
|
}
|
||
|
|
||
|
// AccessOneLoginSAMLConfiguration is the representation of the OneLogin
|
||
|
// identity provider using SAML.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/onelogin-saml/
|
||
|
type AccessOneLoginSAMLConfiguration struct {
|
||
|
IssuerURL string `json:"issuer_url"`
|
||
|
SsoTargetURL string `json:"sso_target_url"`
|
||
|
Attributes []string `json:"attributes"`
|
||
|
EmailAttributeName string `json:"email_attribute_name"`
|
||
|
SignRequest bool `json:"sign_request"`
|
||
|
IdpPublicCert string `json:"idp_public_cert"`
|
||
|
}
|
||
|
|
||
|
// AccessPingSAMLConfiguration is the representation of the Ping identity
|
||
|
// provider using SAML.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/ping-saml/
|
||
|
type AccessPingSAMLConfiguration struct {
|
||
|
IssuerURL string `json:"issuer_url"`
|
||
|
SsoTargetURL string `json:"sso_target_url"`
|
||
|
Attributes []string `json:"attributes"`
|
||
|
EmailAttributeName string `json:"email_attribute_name"`
|
||
|
SignRequest bool `json:"sign_request"`
|
||
|
IdpPublicCert string `json:"idp_public_cert"`
|
||
|
}
|
||
|
|
||
|
// AccessYandexConfiguration is the representation of the Yandex identity provider.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/yandex/
|
||
|
type AccessYandexConfiguration struct {
|
||
|
ClientID string `json:"client_id"`
|
||
|
ClientSecret string `json:"client_secret"`
|
||
|
}
|
||
|
|
||
|
// AccessADSAMLConfiguration is the representation of the Active Directory
|
||
|
// identity provider using SAML.
|
||
|
//
|
||
|
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/adfs/
|
||
|
type AccessADSAMLConfiguration struct {
|
||
|
IssuerURL string `json:"issuer_url"`
|
||
|
SsoTargetURL string `json:"sso_target_url"`
|
||
|
Attributes []string `json:"attributes"`
|
||
|
EmailAttributeName string `json:"email_attribute_name"`
|
||
|
SignRequest bool `json:"sign_request"`
|
||
|
IdpPublicCert string `json:"idp_public_cert"`
|
||
|
}
|
||
|
|
||
|
// AccessIdentityProvidersListResponse is the API response for multiple
|
||
|
// Access Identity Providers.
|
||
|
type AccessIdentityProvidersListResponse struct {
|
||
|
Success bool `json:"success"`
|
||
|
Errors []string `json:"errors"`
|
||
|
Messages []string `json:"messages"`
|
||
|
Result []AccessIdentityProvider `json:"result"`
|
||
|
}
|
||
|
|
||
|
// AccessIdentityProviderListResponse is the API response for a single
|
||
|
// Access Identity Provider.
|
||
|
type AccessIdentityProviderListResponse struct {
|
||
|
Success bool `json:"success"`
|
||
|
Errors []string `json:"errors"`
|
||
|
Messages []string `json:"messages"`
|
||
|
Result AccessIdentityProvider `json:"result"`
|
||
|
}
|
||
|
|
||
|
// AccessIdentityProviders returns all Access Identity Providers for an
|
||
|
// account.
|
||
|
//
|
||
|
// API reference: https://api.cloudflare.com/#access-identity-providers-list-access-identity-providers
|
||
|
func (api *API) AccessIdentityProviders(accountID string) ([]AccessIdentityProvider, error) {
|
||
|
uri := "/accounts/" + accountID + "/access/identity_providers"
|
||
|
|
||
|
res, err := api.makeRequest("GET", uri, nil)
|
||
|
if err != nil {
|
||
|
return []AccessIdentityProvider{}, errors.Wrap(err, errMakeRequestError)
|
||
|
}
|
||
|
|
||
|
var accessIdentityProviderResponse AccessIdentityProvidersListResponse
|
||
|
err = json.Unmarshal(res, &accessIdentityProviderResponse)
|
||
|
if err != nil {
|
||
|
return []AccessIdentityProvider{}, errors.Wrap(err, errUnmarshalError)
|
||
|
}
|
||
|
|
||
|
return accessIdentityProviderResponse.Result, nil
|
||
|
}
|
||
|
|
||
|
// AccessIdentityProviderDetails returns a single Access Identity
|
||
|
// Provider for an account.
|
||
|
//
|
||
|
// API reference: https://api.cloudflare.com/#access-identity-providers-access-identity-providers-details
|
||
|
func (api *API) AccessIdentityProviderDetails(accountID, identityProviderID string) (AccessIdentityProvider, error) {
|
||
|
uri := fmt.Sprintf(
|
||
|
"/accounts/%s/access/identity_providers/%s",
|
||
|
accountID,
|
||
|
identityProviderID,
|
||
|
)
|
||
|
|
||
|
res, err := api.makeRequest("GET", uri, nil)
|
||
|
if err != nil {
|
||
|
return AccessIdentityProvider{}, errors.Wrap(err, errMakeRequestError)
|
||
|
}
|
||
|
|
||
|
var accessIdentityProviderResponse AccessIdentityProviderListResponse
|
||
|
err = json.Unmarshal(res, &accessIdentityProviderResponse)
|
||
|
if err != nil {
|
||
|
return AccessIdentityProvider{}, errors.Wrap(err, errUnmarshalError)
|
||
|
}
|
||
|
|
||
|
return accessIdentityProviderResponse.Result, nil
|
||
|
}
|
||
|
|
||
|
// CreateAccessIdentityProvider creates a new Access Identity Provider.
|
||
|
//
|
||
|
// API reference: https://api.cloudflare.com/#access-identity-providers-create-access-identity-provider
|
||
|
func (api *API) CreateAccessIdentityProvider(accountID string, identityProviderConfiguration AccessIdentityProvider) (AccessIdentityProvider, error) {
|
||
|
uri := "/accounts/" + accountID + "/access/identity_providers"
|
||
|
|
||
|
res, err := api.makeRequest("POST", uri, identityProviderConfiguration)
|
||
|
if err != nil {
|
||
|
return AccessIdentityProvider{}, errors.Wrap(err, errMakeRequestError)
|
||
|
}
|
||
|
|
||
|
var accessIdentityProviderResponse AccessIdentityProviderListResponse
|
||
|
err = json.Unmarshal(res, &accessIdentityProviderResponse)
|
||
|
if err != nil {
|
||
|
return AccessIdentityProvider{}, errors.Wrap(err, errUnmarshalError)
|
||
|
}
|
||
|
|
||
|
return accessIdentityProviderResponse.Result, nil
|
||
|
}
|
||
|
|
||
|
// UpdateAccessIdentityProvider updates an existing Access Identity
|
||
|
// Provider.
|
||
|
//
|
||
|
// API reference: https://api.cloudflare.com/#access-identity-providers-create-access-identity-provider
|
||
|
func (api *API) UpdateAccessIdentityProvider(accountID, identityProviderUUID string, identityProviderConfiguration AccessIdentityProvider) (AccessIdentityProvider, error) {
|
||
|
uri := fmt.Sprintf(
|
||
|
"/accounts/%s/access/identity_providers/%s",
|
||
|
accountID,
|
||
|
identityProviderUUID,
|
||
|
)
|
||
|
|
||
|
res, err := api.makeRequest("PUT", uri, identityProviderConfiguration)
|
||
|
if err != nil {
|
||
|
return AccessIdentityProvider{}, errors.Wrap(err, errMakeRequestError)
|
||
|
}
|
||
|
|
||
|
var accessIdentityProviderResponse AccessIdentityProviderListResponse
|
||
|
err = json.Unmarshal(res, &accessIdentityProviderResponse)
|
||
|
if err != nil {
|
||
|
return AccessIdentityProvider{}, errors.Wrap(err, errUnmarshalError)
|
||
|
}
|
||
|
|
||
|
return accessIdentityProviderResponse.Result, nil
|
||
|
}
|
||
|
|
||
|
// DeleteAccessIdentityProvider deletes an Access Identity Provider.
|
||
|
//
|
||
|
// API reference: https://api.cloudflare.com/#access-identity-providers-create-access-identity-provider
|
||
|
func (api *API) DeleteAccessIdentityProvider(accountID, identityProviderUUID string) (AccessIdentityProvider, error) {
|
||
|
uri := fmt.Sprintf(
|
||
|
"/accounts/%s/access/identity_providers/%s",
|
||
|
accountID,
|
||
|
identityProviderUUID,
|
||
|
)
|
||
|
|
||
|
res, err := api.makeRequest("DELETE", uri, nil)
|
||
|
if err != nil {
|
||
|
return AccessIdentityProvider{}, errors.Wrap(err, errMakeRequestError)
|
||
|
}
|
||
|
|
||
|
var accessIdentityProviderResponse AccessIdentityProviderListResponse
|
||
|
err = json.Unmarshal(res, &accessIdentityProviderResponse)
|
||
|
if err != nil {
|
||
|
return AccessIdentityProvider{}, errors.Wrap(err, errUnmarshalError)
|
||
|
}
|
||
|
|
||
|
return accessIdentityProviderResponse.Result, nil
|
||
|
}
|