access_identity_provider.go

package cloudflare

import (
	"encoding/json"
	"fmt"

	"github.com/pkg/errors"
)

// AccessIdentityProvider is the structure of the provider object.
type AccessIdentityProvider struct {
	ID     string      `json:"id,omitemtpy"`
	Name   string      `json:"name"`
	Type   string      `json:"type"`
	Config interface{} `json:"config"`
}

// AccessAzureADConfiguration is the representation of the Azure AD identity
// provider.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/azuread/
type AccessAzureADConfiguration struct {
	ClientID      string `json:"client_id"`
	ClientSecret  string `json:"client_secret"`
	DirectoryID   string `json:"directory_id"`
	SupportGroups bool   `json:"support_groups"`
}

// AccessCentrifyConfiguration is the representation of the Centrify identity
// provider.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/centrify/
type AccessCentrifyConfiguration struct {
	ClientID        string `json:"client_id"`
	ClientSecret    string `json:"client_secret"`
	CentrifyAccount string `json:"centrify_account"`
	CentrifyAppID   string `json:"centrify_app_id"`
}

// AccessCentrifySAMLConfiguration is the representation of the Centrify
// identity provider using SAML.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/saml-centrify/
type AccessCentrifySAMLConfiguration struct {
	IssuerURL          string   `json:"issuer_url"`
	SsoTargetURL       string   `json:"sso_target_url"`
	Attributes         []string `json:"attributes"`
	EmailAttributeName string   `json:"email_attribute_name"`
	SignRequest        bool     `json:"sign_request"`
	IdpPublicCert      string   `json:"idp_public_cert"`
}

// AccessFacebookConfiguration is the representation of the Facebook identity
// provider.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/facebook-login/
type AccessFacebookConfiguration struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
}

// AccessGSuiteConfiguration is the representation of the GSuite identity
// provider.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/gsuite/
type AccessGSuiteConfiguration struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	AppsDomain   string `json:"apps_domain"`
}

// AccessGenericOIDCConfiguration is the representation of the generic OpenID
// Connect (OIDC) connector.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/generic-oidc/
type AccessGenericOIDCConfiguration struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	AuthURL      string `json:"auth_url"`
	TokenURL     string `json:"token_url"`
	CertsURL     string `json:"certs_url"`
}

// AccessGitHubConfiguration is the representation of the GitHub identity
// provider.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/github/
type AccessGitHubConfiguration struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
}

// AccessGoogleConfiguration is the representation of the Google identity
// provider.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/google/
type AccessGoogleConfiguration struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
}

// AccessJumpCloudSAMLConfiguration is the representation of the Jump Cloud
// identity provider using SAML.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/jumpcloud-saml/
type AccessJumpCloudSAMLConfiguration struct {
	IssuerURL          string   `json:"issuer_url"`
	SsoTargetURL       string   `json:"sso_target_url"`
	Attributes         []string `json:"attributes"`
	EmailAttributeName string   `json:"email_attribute_name"`
	SignRequest        bool     `json:"sign_request"`
	IdpPublicCert      string   `json:"idp_public_cert"`
}

// AccessOktaConfiguration is the representation of the Okta identity provider.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/okta/
type AccessOktaConfiguration struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	OktaAccount  string `json:"okta_account"`
}

// AccessOktaSAMLConfiguration is the representation of the Okta identity
// provider using SAML.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/saml-okta/
type AccessOktaSAMLConfiguration struct {
	IssuerURL          string   `json:"issuer_url"`
	SsoTargetURL       string   `json:"sso_target_url"`
	Attributes         []string `json:"attributes"`
	EmailAttributeName string   `json:"email_attribute_name"`
	SignRequest        bool     `json:"sign_request"`
	IdpPublicCert      string   `json:"idp_public_cert"`
}

// AccessOneTimePinConfiguration is the representation of the default One Time
// Pin identity provider.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/one-time-pin/
type AccessOneTimePinConfiguration struct{}

// AccessOneLoginOIDCConfiguration is the representation of the OneLogin
// OpenID connector as an identity provider.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/onelogin-oidc/
type AccessOneLoginOIDCConfiguration struct {
	ClientID        string `json:"client_id"`
	ClientSecret    string `json:"client_secret"`
	OneloginAccount string `json:"onelogin_account"`
}

// AccessOneLoginSAMLConfiguration is the representation of the OneLogin
// identity provider using SAML.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/onelogin-saml/
type AccessOneLoginSAMLConfiguration struct {
	IssuerURL          string   `json:"issuer_url"`
	SsoTargetURL       string   `json:"sso_target_url"`
	Attributes         []string `json:"attributes"`
	EmailAttributeName string   `json:"email_attribute_name"`
	SignRequest        bool     `json:"sign_request"`
	IdpPublicCert      string   `json:"idp_public_cert"`
}

// AccessPingSAMLConfiguration is the representation of the Ping identity
// provider using SAML.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/ping-saml/
type AccessPingSAMLConfiguration struct {
	IssuerURL          string   `json:"issuer_url"`
	SsoTargetURL       string   `json:"sso_target_url"`
	Attributes         []string `json:"attributes"`
	EmailAttributeName string   `json:"email_attribute_name"`
	SignRequest        bool     `json:"sign_request"`
	IdpPublicCert      string   `json:"idp_public_cert"`
}

// AccessYandexConfiguration is the representation of the Yandex identity provider.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/yandex/
type AccessYandexConfiguration struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
}

// AccessADSAMLConfiguration is the representation of the Active Directory
// identity provider using SAML.
//
// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/adfs/
type AccessADSAMLConfiguration struct {
	IssuerURL          string   `json:"issuer_url"`
	SsoTargetURL       string   `json:"sso_target_url"`
	Attributes         []string `json:"attributes"`
	EmailAttributeName string   `json:"email_attribute_name"`
	SignRequest        bool     `json:"sign_request"`
	IdpPublicCert      string   `json:"idp_public_cert"`
}

// AccessIdentityProvidersListResponse is the API response for multiple
// Access Identity Providers.
type AccessIdentityProvidersListResponse struct {
	Success  bool                     `json:"success"`
	Errors   []string                 `json:"errors"`
	Messages []string                 `json:"messages"`
	Result   []AccessIdentityProvider `json:"result"`
}

// AccessIdentityProviderListResponse is the API response for a single
// Access Identity Provider.
type AccessIdentityProviderListResponse struct {
	Success  bool                   `json:"success"`
	Errors   []string               `json:"errors"`
	Messages []string               `json:"messages"`
	Result   AccessIdentityProvider `json:"result"`
}

// AccessIdentityProviders returns all Access Identity Providers for an
// account.
//
// API reference: https://api.cloudflare.com/#access-identity-providers-list-access-identity-providers
func (api *API) AccessIdentityProviders(accountID string) ([]AccessIdentityProvider, error) {
	uri := "/accounts/" + accountID + "/access/identity_providers"

	res, err := api.makeRequest("GET", uri, nil)
	if err != nil {
		return []AccessIdentityProvider{}, errors.Wrap(err, errMakeRequestError)
	}

	var accessIdentityProviderResponse AccessIdentityProvidersListResponse
	err = json.Unmarshal(res, &accessIdentityProviderResponse)
	if err != nil {
		return []AccessIdentityProvider{}, errors.Wrap(err, errUnmarshalError)
	}

	return accessIdentityProviderResponse.Result, nil
}

// AccessIdentityProviderDetails returns a single Access Identity
// Provider for an account.
//
// API reference: https://api.cloudflare.com/#access-identity-providers-access-identity-providers-details
func (api *API) AccessIdentityProviderDetails(accountID, identityProviderID string) (AccessIdentityProvider, error) {
	uri := fmt.Sprintf(
		"/accounts/%s/access/identity_providers/%s",
		accountID,
		identityProviderID,
	)

	res, err := api.makeRequest("GET", uri, nil)
	if err != nil {
		return AccessIdentityProvider{}, errors.Wrap(err, errMakeRequestError)
	}

	var accessIdentityProviderResponse AccessIdentityProviderListResponse
	err = json.Unmarshal(res, &accessIdentityProviderResponse)
	if err != nil {
		return AccessIdentityProvider{}, errors.Wrap(err, errUnmarshalError)
	}

	return accessIdentityProviderResponse.Result, nil
}

// CreateAccessIdentityProvider creates a new Access Identity Provider.
//
// API reference: https://api.cloudflare.com/#access-identity-providers-create-access-identity-provider
func (api *API) CreateAccessIdentityProvider(accountID string, identityProviderConfiguration AccessIdentityProvider) (AccessIdentityProvider, error) {
	uri := "/accounts/" + accountID + "/access/identity_providers"

	res, err := api.makeRequest("POST", uri, identityProviderConfiguration)
	if err != nil {
		return AccessIdentityProvider{}, errors.Wrap(err, errMakeRequestError)
	}

	var accessIdentityProviderResponse AccessIdentityProviderListResponse
	err = json.Unmarshal(res, &accessIdentityProviderResponse)
	if err != nil {
		return AccessIdentityProvider{}, errors.Wrap(err, errUnmarshalError)
	}

	return accessIdentityProviderResponse.Result, nil
}

// UpdateAccessIdentityProvider updates an existing Access Identity
// Provider.
//
// API reference: https://api.cloudflare.com/#access-identity-providers-create-access-identity-provider
func (api *API) UpdateAccessIdentityProvider(accountID, identityProviderUUID string, identityProviderConfiguration AccessIdentityProvider) (AccessIdentityProvider, error) {
	uri := fmt.Sprintf(
		"/accounts/%s/access/identity_providers/%s",
		accountID,
		identityProviderUUID,
	)

	res, err := api.makeRequest("PUT", uri, identityProviderConfiguration)
	if err != nil {
		return AccessIdentityProvider{}, errors.Wrap(err, errMakeRequestError)
	}

	var accessIdentityProviderResponse AccessIdentityProviderListResponse
	err = json.Unmarshal(res, &accessIdentityProviderResponse)
	if err != nil {
		return AccessIdentityProvider{}, errors.Wrap(err, errUnmarshalError)
	}

	return accessIdentityProviderResponse.Result, nil
}

// DeleteAccessIdentityProvider deletes an Access Identity Provider.
//
// API reference: https://api.cloudflare.com/#access-identity-providers-create-access-identity-provider
func (api *API) DeleteAccessIdentityProvider(accountID, identityProviderUUID string) (AccessIdentityProvider, error) {
	uri := fmt.Sprintf(
		"/accounts/%s/access/identity_providers/%s",
		accountID,
		identityProviderUUID,
	)

	res, err := api.makeRequest("DELETE", uri, nil)
	if err != nil {
		return AccessIdentityProvider{}, errors.Wrap(err, errMakeRequestError)
	}

	var accessIdentityProviderResponse AccessIdentityProviderListResponse
	err = json.Unmarshal(res, &accessIdentityProviderResponse)
	if err != nil {
		return AccessIdentityProvider{}, errors.Wrap(err, errUnmarshalError)
	}

	return accessIdentityProviderResponse.Result, nil
}