From a6a39f3285871721364595f870741bddfec8d0b9 Mon Sep 17 00:00:00 2001 From: Tyler Creller Date: Mon, 30 Sep 2024 09:34:46 -0400 Subject: [PATCH] Add FedRAMP example (#1000) --- README.md | 4 ++ authentication/transport_wrapper.go | 3 ++ connection.go | 1 + examples/fedramp_auth.go | 79 +++++++++++++++++++++++++++++ 4 files changed, 87 insertions(+) create mode 100644 examples/fedramp_auth.go diff --git a/README.md b/README.md index 3ebedff6..21f7ad95 100644 --- a/README.md +++ b/README.md @@ -289,3 +289,7 @@ and copying the internal representation into it. See also the command-line tool https://github.com/openshift-online/ocm-cli built on top of this SDK. + +## FedRAMP + +The OCM SDK fully supports the OCM FedRAMP environment. Additional `TokenURL`, `URL`, and `Client` configuration is required in order to make the connection. An example implementation for the OCM FedRAMP environment can be found in the [examples](examples/fedramp_auth.go) directory. diff --git a/authentication/transport_wrapper.go b/authentication/transport_wrapper.go index 63c1fedd..730e34f7 100644 --- a/authentication/transport_wrapper.go +++ b/authentication/transport_wrapper.go @@ -48,6 +48,9 @@ const ( DefaultTokenURL = "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token" DefaultClientID = "cloud-services" DefaultClientSecret = "" + + FedRAMPTokenURL = "https://sso.openshiftusgov.com/realms/redhat-external/protocol/openid-connect/token" + FedRAMPClientID = "console-dot" ) // DefaultScopes is the ser of scopes used by default: diff --git a/connection.go b/connection.go index 7f398a2e..8f9c09eb 100644 --- a/connection.go +++ b/connection.go @@ -57,6 +57,7 @@ const ( DefaultClientSecret = authentication.DefaultClientSecret DefaultURL = "https://api.openshift.com" DefaultAgent = "OCM-SDK/" + Version + FedRAMPURL = "https://api.openshiftusgov.com" ) // DefaultScopes is the ser of scopes used by default: diff --git a/examples/fedramp_auth.go b/examples/fedramp_auth.go new file mode 100644 index 00000000..3c487be1 --- /dev/null +++ b/examples/fedramp_auth.go @@ -0,0 +1,79 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// This example shows how create a connection using the OpenID refresh token grant for +// FedRAMP authentication. + +package main + +import ( + "context" + "fmt" + "os" + + sdk "github.com/openshift-online/ocm-sdk-go" + "github.com/openshift-online/ocm-sdk-go/authentication" + cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1" + "github.com/openshift-online/ocm-sdk-go/logging" +) + +func main() { + // Create a context: + ctx := context.Background() + + // Create a logger that has the debug level enabled: + logger, err := logging.NewGoLoggerBuilder(). + Debug(true). + Build() + if err != nil { + fmt.Fprintf(os.Stderr, "Can't build logger: %v\n", err) + os.Exit(1) + } + + // Create the connection, and remember to close it: + connection, err := sdk.NewConnectionBuilder(). + Logger(logger). + URL(sdk.FedRAMPURL). + TokenURL(authentication.FedRAMPTokenURL). + Tokens(os.Getenv("OCM_REFRESH_TOKEN")). + Client(authentication.FedRAMPClientID, ""). + BuildContext(ctx) + if err != nil { + fmt.Fprintf(os.Stderr, "Can't build connection: %v\n", err) + os.Exit(1) + } + defer connection.Close() + + // Get the client for the service that manages the collection of clusters: + collection := connection.ClustersMgmt().V1().Clusters() + + // Retrieve the collection of clusters: + response, err := collection.List(). + Search("name like 'my%'"). + Page(1). + Size(10). + SendContext(ctx) + if err != nil { + fmt.Fprintf(os.Stderr, "Can't retrieve clusters: %v\n", err) + os.Exit(1) + } + + // Print the result: + response.Items().Each(func(cluster *cmv1.Cluster) bool { + fmt.Printf("%s - %s\n", cluster.ID(), cluster.Name()) + return true + }) +}