users

Documentation

Index

• Variables

Variables

var CreateCommand = cli.Command{
	Name: "create",
	Flags: []cli.Flag{
		&cli.StringFlag{Name: "username", Aliases: []string{"u"}, Usage: "The username of the user to create (should be an email address)", Required: true},
		&cli.StringFlag{Name: "given-name", Usage: "The user's given name"},
		&cli.StringFlag{Name: "family-name", Usage: "The user's family name"},
		&cli.BoolFlag{Name: "admin", Aliases: []string{"a"}, Usage: "Whether to make the user a Common Fate administrator"},
	},
	Description: "Create a Cognito user",
	Action: func(c *cli.Context) error {
		ctx := c.Context

		username := c.String("username")
		f := c.Path("file")
		dc, err := deploy.ConfigFromContext(ctx)
		if err != nil {
			return err
		}

		cfg, err := cfaws.ConfigFromContextOrDefault(ctx)
		if err != nil {
			return err
		}
		adminGroup := dc.Deployment.Parameters.AdministratorGroupID

		o, err := dc.LoadOutput(ctx)
		if err != nil {
			return err
		}
		cog := cognitoidentityprovider.NewFromConfig(cfg)

		in := cognitoidentityprovider.AdminCreateUserInput{
			UserPoolId: &o.UserPoolID,
			Username:   &username,
		}

		givenName := c.String("given-name")
		if givenName != "" {
			in.UserAttributes = append(in.UserAttributes, types.AttributeType{
				Name:  aws.String("given_name"),
				Value: &givenName,
			})
		}

		familyName := c.String("family-name")
		if familyName != "" {
			in.UserAttributes = append(in.UserAttributes, types.AttributeType{
				Name:  aws.String("family_name"),
				Value: &familyName,
			})
		}

		_, err = cog.AdminCreateUser(ctx, &in)
		if err != nil {
			return err
		}

		clio.Successf("created user %s", username)

		if c.Bool("admin") {
			if adminGroup == "" {
				return clierr.New(fmt.Sprintf("The AdministratorGroupID parameter is not set in %s. Set the parameter in the Parameters section and then call 'gdeploy identity groups members add --username %s --group <the admin group ID>' to make the user a Common Fate administrator.", f, username))
			}

			_, err = cog.AdminAddUserToGroup(ctx, &cognitoidentityprovider.AdminAddUserToGroupInput{
				GroupName:  &adminGroup,
				Username:   &username,
				UserPoolId: &o.UserPoolID,
			})
			if err != nil {
				return err
			}

			clio.Successf("added user %s to administrator group '%s'", username, adminGroup)
		}
		clio.Warn("Run 'gdeploy identity sync' to sync your changes now.")

		return nil
	},
}

var DeleteCommand = cli.Command{
	Name: "delete",
	Flags: []cli.Flag{
		&cli.StringFlag{Name: "username", Aliases: []string{"u"}, Usage: "The username of the user to delete (should be an email address)", Required: true},
	},
	Description: "Delete a Cognito user",
	Action: func(c *cli.Context) error {
		ctx := c.Context

		username := c.String("username")
		dc, err := deploy.ConfigFromContext(ctx)
		if err != nil {
			return err
		}
		cfg, err := cfaws.ConfigFromContextOrDefault(ctx)
		if err != nil {
			return err
		}
		o, err := dc.LoadOutput(ctx)
		if err != nil {
			return err
		}

		cog := cognitoidentityprovider.NewFromConfig(cfg)

		_, err = cog.AdminDeleteUser(ctx, &cognitoidentityprovider.AdminDeleteUserInput{
			UserPoolId: &o.UserPoolID,
			Username:   &username,
		})

		if err != nil {
			return err
		}

		clio.Successf("Deleted user %s", username)
		clio.Warn("Run 'gdeploy identity sync' to sync your changes now.")
		return nil
	}}

var UsersCommand = cli.Command{
	Name:        "users",
	Description: "Add or remove users from the default cognito user pool.\nThese commands are only available when you are using the default Cognito user pool. If you have connected an SSO provider, like Okta, Google or AzureAD, use those tools to manage your users and groups instead.",
	Subcommands: []*cli.Command{&CreateCommand, &DeleteCommand},
	Action:      cli.ShowSubcommandHelp,
}