credentials-sdk

module
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 23, 2022 License: MIT

README

Flexera Credentials SDK

Experimental SDK and command line tool for the Credentials capability

fct

Usage: fct oauth2 refresh-token three-leg --client-user=CLIENT-USER --token-url=TOKEN-URL --authorize-url=AUTHORIZE-URL <id> [<tags> ...]

Use the three-legged OAuth2 flow to get and store a refresh token with a client ID and secret

Arguments:
  <id>            The Credentials ID (this can also be a name and will be transformed to an ID).
  [<tags> ...]    The Credentials tags.

Flags:
  -h, --help                                     Show context-sensitive help.
  -d, --debug                                    Enable debug mode.
  -c, --config="/home/douglas/.fct.yml"          Set the configuration file path.
  -p, --project=PROJECT                          Set the project from the configuration file to use.
  -v, --version                                  Print version information and exit.

  -u, --update                                   Update the Credentials instead of (re)creating.
  -n, --name=NAME                                Set the Credentials name (if unspecified ID will be used instead).
  -D, --description=DESCRIPTION                  Set the Credentials description.
  -H, --additional-headers=KEY=VALUE;...         Set the Credentials additional headers.
  -U, --client-user=CLIENT-USER                  Set the Credentials client user to use ($FCT_CLIENT_USER).
  -P, --client-password=CLIENT-PASSWORD          Set the Credentials client password to use instead of prompting for it
                                                 ($FCT_CLIENT_PASSWORD).
  -m, --client-password-multi                    Use a multi-line prompt for the client password to use.
  -s, --scopes=SCOPES,...                        Set the Credentials scopes.
  -S, --authorize-scopes=AUTHORIZE-SCOPES,...    Set the authorize scopes (these will be appended to any Credentials
                                                 scopes in the authorization, but not stored in the Credentials).
  -t, --token-url=TOKEN-URL                      Set the token URL to use.
  -a, --authorize-url=AUTHORIZE-URL              Set the authorize URL to use.
  -r, --redirect-url=http://localhost:8080/oauth2/callback
                                                 Set the redirect URL to use.
  -b, --browser=BROWSER                          Set the browser to open the authorization URL ($BROWSER).
  -o, --output                                   Output the authorization URL instead of opening a browser.
  -C, --open-credentials                         Open the Credentials in a browser after they are created or updated.
Configuration

The fct looks for its configuration in ~/.fct.yml (or %APPDATA%\Flexera\.fct.yml on Windows) and it looks something like:

login:
  projects:
    awesome-team-sandbox:
      host: cloud-3.rightscale.com
      id: 12345
      refresh_token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  default_project: awesome-team-sandbox
Examples

These are a few examples of how to use the fct tool to set up credentials:

Microsoft Azure

This examples covers setting up credentials for Microsoft Azure (this includes the Microsoft Graph API) using the OAuth2 three-legged flow with client credentials (ID and secret) that gets a refresh token. These are the steps you would need to take to get the Flexera Credentials set up with fct:

  1. Log in to the Microsoft Azure portal and search for App registrations and select it: Microsoft Azure App registrations

  2. Select New registration and fill out the name and redirect URI (fct defaults to http://localhost:8080/oauth2/callback) and select Register: Microsoft Azure App registration details

  3. Select the Manage \ API Permissions section and add any permissions you may need (User.Read comes by default and you should not remove it), in this example we have added Files.ReadWrite.All: Microsoft Azure API permissions

  4. Select the Overview section and grab the Application (client) ID and Directory (tenant) ID to use as client_id and tenant_id respectively later.

  5. Select the Manage \ Certificates & secrets section and select New client secret, fill out the name, select an expiry period, select Add, and grab the secret value: Microsoft Azure Add client secret

  6. Run the fct tool:

    client_id='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' # replace with the Application (client) ID
tenant_id='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' # replace with the Directory (tenant) ID

# for the scopes you should include any of the additional scopes you added above separated by commas
fct oauth2 refresh-token three-leg --client-user="$client_id" \
  --scopes='Files.ReadWrite.All' \
  --authorize-scopes='offline_access' \
  --token-url="https://login.microsoftonline.com/$tenant_id/oauth2/v2.0/token" \
  --authorize-url="https://login.microsoftonline.com/$tenant_id/oauth2/v2.0/authorize" \
  'Azure Graph Awesome Flexera Automation OAuth2' 'provider=azure_graph'

    When you run the command, it will prompt for the client password (the secret value). After you enter the client password and a newline, it will open your browser where you will be asked to authorize the application. Once you authorize the application, fct will obtain the refresh token and create the Flexera Credentials with it as well as the client ID and secret.

Terraform Provider

There is also a Terraform Provider for Flexera Credentials which builds upon this SDK, but it lives in its own repository in order to be registerable in the Terraform Registry.

Directories

Path Synopsis
client
credentials
grs
cmd
fct command
sdk
credentials
credentials/views
http/credentials/client

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.