From 506b7f81cddcd73d1294ff7f8e8ffc68c1eb152e Mon Sep 17 00:00:00 2001 From: katrinpolit <36443931+katrinpolit@users.noreply.github.com> Date: Mon, 12 Feb 2024 19:48:47 +0200 Subject: [PATCH] Update APIs used for user management to a new v3 version (#391) --- incapsula/client_account_user.go | 29 +++++++++++------------------ incapsula/resource_account_user.go | 18 +++++++++--------- 2 files changed, 20 insertions(+), 27 deletions(-) diff --git a/incapsula/client_account_user.go b/incapsula/client_account_user.go index c039e992..52a470d0 100644 --- a/incapsula/client_account_user.go +++ b/incapsula/client_account_user.go @@ -6,19 +6,15 @@ import ( "io/ioutil" "log" "net/http" - "net/url" ) // Endpoints (unexported consts) -const endpointAccountUserAdd = "identity-management/v3/users" -const endpointSubAccountUserAdd = "identity-management/v3/users/sub-account" -const endpointUserStatus = "identity-management/v3/users" -const endpointUserDelete = "identity-management/v3/users" -const endpointUserUpdate = "identity-management/v3/roles/assignments" + +const endpointUserOperationNew = "identity-management/v3/idm-users" // UserApisResponse contains the relevant user information when adding, getting or updating a user type UserApisResponse struct { - Data struct { + Data []struct { UserID string `json:"id"` AccountID int `json:"accountId"` FirstName string `json:"firstName"` @@ -53,9 +49,7 @@ type UserAddReq struct { } type UserUpdateReq struct { - UserEmail string `json:"email"` - AccountId int `json:"accountId"` - RoleIds []int `json:"roleIds"` + RoleIds []int `json:"roleIds"` } // AddAccountUser adds a user to Incapsula Account @@ -74,11 +68,11 @@ func (c *Client) AddAccountUser(accountID int, email, firstName, lastName string return nil, fmt.Errorf("Failed to JSON marshal IncapRule: %s", err) } - endpointUserAdd := endpointAccountUserAdd + endpointUserAdd := endpointUserOperationNew operation := CreateAccountUser accountStatusResponse, err := c.AccountStatus(accountID, ReadAccount) if accountStatusResponse != nil && accountStatusResponse.AccountType == "Sub Account" { - endpointUserAdd = endpointSubAccountUserAdd + endpointUserAdd = endpointUserOperationNew + "/" + email operation = CreateSubAccountUser } @@ -120,7 +114,7 @@ func (c *Client) GetAccountUser(accountID int, email string) (*UserApisResponse, log.Printf("[INFO] Getting Incapsula user status for email id: %s\n", email) // Get to Incapsula - reqURL := fmt.Sprintf("%s/%s?caid=%d&email=%s", c.config.BaseURLAPI, endpointUserStatus, accountID, url.QueryEscape(email)) + reqURL := fmt.Sprintf("%s/%s/%s?caid=%d", c.config.BaseURLAPI, endpointUserOperationNew, email, accountID) resp, err := c.DoJsonRequestWithHeaders(http.MethodGet, reqURL, nil, ReadAccountUser) if err != nil { @@ -152,24 +146,23 @@ func (c *Client) GetAccountUser(accountID int, email string) (*UserApisResponse, // UpdateAccountUser User Roles func (c *Client) UpdateAccountUser(accountID int, email string, roleIds []interface{}) (*UserApisUpdateResponse, error) { log.Printf("[INFO] Update Incapsula User for email: %s (account ID %d)\n", email, accountID) - listRoles := make([]int, len(roleIds)) for i, v := range roleIds { listRoles[i] = v.(int) } - userUpdateReq := []UserUpdateReq{{AccountId: accountID, UserEmail: email, RoleIds: listRoles}} + userUpdateReq := UserUpdateReq{RoleIds: listRoles} userJSON, err := json.Marshal(userUpdateReq) if err != nil { return nil, fmt.Errorf("Failed to JSON marshal IncapRule: %s", err) } - reqURL := fmt.Sprintf("%s/%s?caid=%d", c.config.BaseURLAPI, endpointUserUpdate, accountID) + reqURL := fmt.Sprintf("%s/%s/%s?caid=%d", c.config.BaseURLAPI, endpointUserOperationNew, email, accountID) log.Printf("[INFO] Req: %s\n", reqURL) log.Printf("[INFO] json: %s\n", userJSON) - resp, err := c.DoJsonRequestWithHeaders(http.MethodPut, reqURL, userJSON, UpdateAccountUser) + resp, err := c.DoJsonRequestWithHeaders(http.MethodPatch, reqURL, userJSON, UpdateAccountUser) if err != nil { return nil, fmt.Errorf("Error updating user email %s: %s", email, err) @@ -211,7 +204,7 @@ func (c *Client) DeleteAccountUser(accountID int, email string) error { // Delete form to Incapsula - reqURL := fmt.Sprintf("%s/%s?caid=%d&email=%s", c.config.BaseURLAPI, endpointUserDelete, accountID, url.QueryEscape(email)) + reqURL := fmt.Sprintf("%s/%s/%s?caid=%d", c.config.BaseURLAPI, endpointUserOperationNew, email, accountID) resp, err := c.DoJsonRequestWithHeaders(http.MethodDelete, reqURL, nil, DeleteAccountUser) if err != nil { diff --git a/incapsula/resource_account_user.go b/incapsula/resource_account_user.go index 667d45f2..2626b45f 100644 --- a/incapsula/resource_account_user.go +++ b/incapsula/resource_account_user.go @@ -136,7 +136,7 @@ func resourceUserCreate(d *schema.ResourceData, m interface{}) error { // Set the User ID d.SetId(fmt.Sprintf("%s/%s", strconv.Itoa(accountId), email)) - log.Printf("[INFO] Created Incapsula user for email: %s userid: %s\n", email, UserAddResponse.Data.UserID) + log.Printf("[INFO] Created Incapsula user for email: %s userid: %s\n", email, UserAddResponse.Data[0].UserID) // There may be a timing/race condition here // Set an arbitrary period to sleep @@ -165,17 +165,17 @@ func resourceUserRead(d *schema.ResourceData, m interface{}) error { return err } - log.Printf("[INFO]listRoles : %v\n", userStatusResponse.Data.Roles) + log.Printf("[INFO]listRoles : %v\n", userStatusResponse.Data[0].Roles) - listRolesIds := make([]int, len(userStatusResponse.Data.Roles)) - listRolesNames := make([]string, len(userStatusResponse.Data.Roles)) - for i, v := range userStatusResponse.Data.Roles { + listRolesIds := make([]int, len(userStatusResponse.Data[0].Roles)) + listRolesNames := make([]string, len(userStatusResponse.Data[0].Roles)) + for i, v := range userStatusResponse.Data[0].Roles { listRolesIds[i] = v.RoleID listRolesNames[i] = v.RoleName } - d.Set("email", userStatusResponse.Data.Email) - d.Set("account_id", userStatusResponse.Data.AccountID) + d.Set("email", userStatusResponse.Data[0].Email) + d.Set("account_id", userStatusResponse.Data[0].AccountID) accountStatusResponse, err := client.AccountStatus(accountID, ReadAccount) if accountStatusResponse != nil && accountStatusResponse.AccountType == "Sub Account" { @@ -183,8 +183,8 @@ func resourceUserRead(d *schema.ResourceData, m interface{}) error { d.Set("first_name", nil) d.Set("last_name", nil) } else { - d.Set("first_name", userStatusResponse.Data.FirstName) - d.Set("last_name", userStatusResponse.Data.LastName) + d.Set("first_name", userStatusResponse.Data[0].FirstName) + d.Set("last_name", userStatusResponse.Data[0].LastName) } d.Set("role_ids", listRolesIds) d.Set("role_names", listRolesNames)