diff --git a/cmd/scw/testdata/test-all-usage-iam-security-settings-get-usage.golden b/cmd/scw/testdata/test-all-usage-iam-security-settings-get-usage.golden new file mode 100644 index 0000000000..c7e3c4cf20 --- /dev/null +++ b/cmd/scw/testdata/test-all-usage-iam-security-settings-get-usage.golden @@ -0,0 +1,18 @@ +🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲 +πŸŸ₯πŸŸ₯πŸŸ₯ STDERR️️ πŸŸ₯πŸŸ₯πŸŸ₯️ +Retrieve information about the security settings of an Organization, specified by the `organization_id` parameter. + +USAGE: + scw iam security-settings get [arg=value ...] + +ARGS: + [organization-id] Organization ID to use. If none is passed the default organization ID will be used + +FLAGS: + -h, --help help for get + +GLOBAL FLAGS: + -c, --config string The path to the config file + -D, --debug Enable debug mode + -o, --output string Output format: json or human, see 'scw help output' for more info (default "human") + -p, --profile string The config profile to use diff --git a/cmd/scw/testdata/test-all-usage-iam-security-settings-update-usage.golden b/cmd/scw/testdata/test-all-usage-iam-security-settings-update-usage.golden new file mode 100644 index 0000000000..a95a879de3 --- /dev/null +++ b/cmd/scw/testdata/test-all-usage-iam-security-settings-update-usage.golden @@ -0,0 +1,23 @@ +🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲 +πŸŸ₯πŸŸ₯πŸŸ₯ STDERR️️ πŸŸ₯πŸŸ₯πŸŸ₯️ +Update the security settings of an Organization. + +USAGE: + scw iam security-settings update [arg=value ...] + +ARGS: + [enforce-password-renewal] Defines whether password renewal is enforced during first login + [grace-period-duration] Duration of the grace period to renew password or enable MFA. + [login-attempts-before-locked] Number of login attempts before the account is locked + [max-login-session-duration] Maximum duration a login session will stay active before needing to relogin. + [max-api-key-expiration-duration] Maximum duration the `expires_at` field of an API key can represent. A value of 0 means there is no maximum duration. + [organization-id] Organization ID to use. If none is passed the default organization ID will be used + +FLAGS: + -h, --help help for update + +GLOBAL FLAGS: + -c, --config string The path to the config file + -D, --debug Enable debug mode + -o, --output string Output format: json or human, see 'scw help output' for more info (default "human") + -p, --profile string The config profile to use diff --git a/cmd/scw/testdata/test-all-usage-iam-security-settings-usage.golden b/cmd/scw/testdata/test-all-usage-iam-security-settings-usage.golden new file mode 100644 index 0000000000..d13f3f5317 --- /dev/null +++ b/cmd/scw/testdata/test-all-usage-iam-security-settings-usage.golden @@ -0,0 +1,21 @@ +🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲 +πŸŸ₯πŸŸ₯πŸŸ₯ STDERR️️ πŸŸ₯πŸŸ₯πŸŸ₯️ +Security settings management commands. + +USAGE: + scw iam security-settings + +AVAILABLE COMMANDS: + get Get security settings of an Organization + update Update the security settings of an Organization + +FLAGS: + -h, --help help for security-settings + +GLOBAL FLAGS: + -c, --config string The path to the config file + -D, --debug Enable debug mode + -o, --output string Output format: json or human, see 'scw help output' for more info (default "human") + -p, --profile string The config profile to use + +Use "scw iam security-settings [command] --help" for more information about a command. diff --git a/cmd/scw/testdata/test-all-usage-iam-usage.golden b/cmd/scw/testdata/test-all-usage-iam-usage.golden index e1121d6c8e..373cf0649a 100644 --- a/cmd/scw/testdata/test-all-usage-iam-usage.golden +++ b/cmd/scw/testdata/test-all-usage-iam-usage.golden @@ -17,6 +17,7 @@ AVAILABLE COMMANDS: rule Rules management commands saml SAML management commands saml-certificates SAML Certificates management commands + security-settings Security settings management commands ssh-key SSH keys management commands user Users management commands diff --git a/docs/commands/iam.md b/docs/commands/iam.md index 2921fe1b10..08c5fd99cf 100644 --- a/docs/commands/iam.md +++ b/docs/commands/iam.md @@ -55,6 +55,9 @@ This API allows you to manage Identity and Access Management (IAM) across your S - [Add a SAML certificate](#add-a-saml-certificate) - [Delete a SAML certificate](#delete-a-saml-certificate) - [List SAML certificates](#list-saml-certificates) +- [Security settings management commands](#security-settings-management-commands) + - [Get security settings of an Organization](#get-security-settings-of-an-organization) + - [Update the security settings of an Organization](#update-the-security-settings-of-an-organization) - [SSH keys management commands](#ssh-keys-management-commands) - [Create an SSH key](#create-an-ssh-key) - [Delete an SSH key](#delete-an-ssh-key) @@ -1064,6 +1067,54 @@ scw iam saml-certificates list [arg=value ...] +## Security settings management commands + +Security settings management commands. + + +### Get security settings of an Organization + +Retrieve information about the security settings of an Organization, specified by the `organization_id` parameter. + +**Usage:** + +``` +scw iam security-settings get [arg=value ...] +``` + + +**Args:** + +| Name | | Description | +|------|---|-------------| +| organization-id | | Organization ID to use. If none is passed the default organization ID will be used | + + + +### Update the security settings of an Organization + +Update the security settings of an Organization. + +**Usage:** + +``` +scw iam security-settings update [arg=value ...] +``` + + +**Args:** + +| Name | | Description | +|------|---|-------------| +| enforce-password-renewal | | Defines whether password renewal is enforced during first login | +| grace-period-duration | | Duration of the grace period to renew password or enable MFA. | +| login-attempts-before-locked | | Number of login attempts before the account is locked | +| max-login-session-duration | | Maximum duration a login session will stay active before needing to relogin. | +| max-api-key-expiration-duration | | Maximum duration the `expires_at` field of an API key can represent. A value of 0 means there is no maximum duration. | +| organization-id | | Organization ID to use. If none is passed the default organization ID will be used | + + + ## SSH keys management commands SSH keys management commands. diff --git a/go.mod b/go.mod index c7ca6cf8a3..d9477ab949 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/mattn/go-isatty v0.0.20 github.com/moby/buildkit v0.26.2 github.com/opencontainers/go-digest v1.0.0 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35.0.20251201083602-34ad6e238d5e + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35.0.20251202131048-1c7b2248aaba github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/go.sum b/go.sum index 0814f40ab1..a2e71e0125 100644 --- a/go.sum +++ b/go.sum @@ -464,8 +464,8 @@ github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35.0.20251201083602-34ad6e238d5e h1:GdOB9k6UI1zh3nOLmW4v/EYzK4GaWLbAsb/PixYrTts= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35.0.20251201083602-34ad6e238d5e/go.mod h1:h/elW4JdNo225GP5FZHJ/RPyCNz79lxaeub3PyGzE9o= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35.0.20251202131048-1c7b2248aaba h1:uROS5GNQhplrMMeuuSHC47/Nztx4CWP07JoQMykzPxQ= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35.0.20251202131048-1c7b2248aaba/go.mod h1:h/elW4JdNo225GP5FZHJ/RPyCNz79lxaeub3PyGzE9o= github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= github.com/secure-systems-lab/go-securesystemslib v0.9.1 h1:nZZaNz4DiERIQguNy0cL5qTdn9lR8XKHf4RUyG1Sx3g= diff --git a/internal/namespaces/iam/v1alpha1/iam_cli.go b/internal/namespaces/iam/v1alpha1/iam_cli.go index c32fd0908e..4984769e1a 100644 --- a/internal/namespaces/iam/v1alpha1/iam_cli.go +++ b/internal/namespaces/iam/v1alpha1/iam_cli.go @@ -33,6 +33,7 @@ func GetGeneratedCommands() *core.Commands { iamOrganization(), iamSaml(), iamSamlCertificates(), + iamSecuritySettings(), iamSSHKeyList(), iamSSHKeyCreate(), iamSSHKeyGet(), @@ -80,6 +81,8 @@ func GetGeneratedCommands() *core.Commands { iamJwtDelete(), iamLogList(), iamLogGet(), + iamSecuritySettingsGet(), + iamSecuritySettingsUpdate(), iamOrganizationGetSaml(), iamOrganizationEnableSaml(), iamSamlUpdate(), @@ -215,6 +218,15 @@ func iamSamlCertificates() *core.Command { } } +func iamSecuritySettings() *core.Command { + return &core.Command{ + Short: `Security settings management commands`, + Long: `Security settings management commands.`, + Namespace: "iam", + Resource: "security-settings", + } +} + func iamSSHKeyList() *core.Command { return &core.Command{ Short: `List SSH keys`, @@ -2730,6 +2742,87 @@ func iamLogGet() *core.Command { } } +func iamSecuritySettingsGet() *core.Command { + return &core.Command{ + Short: `Get security settings of an Organization`, + Long: `Retrieve information about the security settings of an Organization, specified by the ` + "`" + `organization_id` + "`" + ` parameter.`, + Namespace: "iam", + Resource: "security-settings", + Verb: "get", + // Deprecated: false, + ArgsType: reflect.TypeOf(iam.GetOrganizationSecuritySettingsRequest{}), + ArgSpecs: core.ArgSpecs{ + core.OrganizationIDArgSpec(), + }, + Run: func(ctx context.Context, args any) (i any, e error) { + request := args.(*iam.GetOrganizationSecuritySettingsRequest) + + client := core.ExtractClient(ctx) + api := iam.NewAPI(client) + + return api.GetOrganizationSecuritySettings(request) + }, + } +} + +func iamSecuritySettingsUpdate() *core.Command { + return &core.Command{ + Short: `Update the security settings of an Organization`, + Long: `Update the security settings of an Organization.`, + Namespace: "iam", + Resource: "security-settings", + Verb: "update", + // Deprecated: false, + ArgsType: reflect.TypeOf(iam.UpdateOrganizationSecuritySettingsRequest{}), + ArgSpecs: core.ArgSpecs{ + { + Name: "enforce-password-renewal", + Short: `Defines whether password renewal is enforced during first login`, + Required: false, + Deprecated: false, + Positional: false, + }, + { + Name: "grace-period-duration", + Short: `Duration of the grace period to renew password or enable MFA.`, + Required: false, + Deprecated: false, + Positional: false, + }, + { + Name: "login-attempts-before-locked", + Short: `Number of login attempts before the account is locked`, + Required: false, + Deprecated: false, + Positional: false, + }, + { + Name: "max-login-session-duration", + Short: `Maximum duration a login session will stay active before needing to relogin.`, + Required: false, + Deprecated: false, + Positional: false, + }, + { + Name: "max-api-key-expiration-duration", + Short: `Maximum duration the ` + "`" + `expires_at` + "`" + ` field of an API key can represent. A value of 0 means there is no maximum duration.`, + Required: false, + Deprecated: false, + Positional: false, + }, + core.OrganizationIDArgSpec(), + }, + Run: func(ctx context.Context, args any) (i any, e error) { + request := args.(*iam.UpdateOrganizationSecuritySettingsRequest) + + client := core.ExtractClient(ctx) + api := iam.NewAPI(client) + + return api.UpdateOrganizationSecuritySettings(request) + }, + } +} + func iamOrganizationGetSaml() *core.Command { return &core.Command{ Short: `Get SAML Identity Provider configuration of an Organization`,