Merge branch 'beta' (#161)

* Add support for AWS account onboarding without CloudFormation (#128)
* Support relative paths for the credentials file (#130)
* Support reading credentials from current environment (#132)
* Add support for bootstrapping Rubrik clusters (#127)
* Improve error messages (#133)
* Check if vars exist when reading credentials from env (#134)
* Change ID type from uuid.UUID to string (#129)
* Add support for AWS shared exocompute (#136)
* Add support for AWS private container registry (#137)
* Add support for AWS cloud archival location (#138)
* Add aws exocompute update (#140) (#143)
* Update aws exocompute config fields (#144)
* Do not populate non-existing aws exo config subnets (#145)
* Add support for reading PCR (#146)
* Add support for permission groups to AWS features (#147)
* Add support for reading deployment IP addresses (#148)
* Add missing private container registry comments (#142)
* Cleanup now removes all AWS features (#149)
* Fix shared exocompute (#150)
* Fix AWS account list functionality (#151)
* Add support for BYOK clusters (#152)
* Fix feature permission group updates (#154)
* Fix BYOK connect cluster query (#155)
* Update AWS PCR documentation (#156)
* Add support for BYOK8s cluster disconnect (#157)
* Update dependencies and bump compiler version (#159)

.gitignore

@@ -1,19 +1,26 @@
+/access_roles
+/appliance
 /aws_account
 /aws_cross_account_role
 /aws_exocompute
+/aws_shared_exocompute
+/aws_storage_setting
 /azure_exocompute
 /azure_permissions
 /azure_subscription
 /gcp_permissions
 /gcp_project
 /gcp_project_with_set_sa
-/roles
+/examples/access_roles/access_roles
+/examples/appliance/appliance
 /examples/aws_account/aws_account
+/examples/aws_cross_account_role/aws_cross_account_role
 /examples/aws_exocompute/aws_exocompute
+/examples/aws_shared_exocompute/aws_shared_exocompute
+/examples/aws_storage_setting/aws_storage_setting
 /examples/azure_exocompute/azure_exocompute
 /examples/azure_permissions/azure_permissions
 /examples/azure_subscription/azure_subscription
 /examples/gcp_project/gcp_permissions
 /examples/gcp_project/gcp_project
 /examples/gcp_project/gcp_project_with_set_sa
-/examples/roles/roles

README.md

@@ -89,6 +89,7 @@ details on how to use them.
 #### Local User Account Environment Variables
 When using a local user account the following environmental variables can be used to override the default local user
 account behaviour:
+* *RUBRIK_POLARIS_ACCOUNT_CREDENTIALS* — Overrides the content of the local user account file.
 * *RUBRIK_POLARIS_ACCOUNT_FILE* — Overrides the name and path of the file to read local user accounts from.
 * *RUBRIK_POLARIS_ACCOUNT_NAME* — Overrides the name of the local user account given to the SDK during initialization.
 * *RUBRIK_POLARIS_ACCOUNT_USERNAME* — Overrides the username of the local user account.
@@ -122,6 +123,7 @@ for details on how to use them.
 #### Service Account Environment Variables
 When using a service account the following environmental variables can be used to override the default service account
 behavior:
+* *RUBRIK_POLARIS_SERVICEACCOUNT_CREDENTIALS* — Overrides the content of the service account credentials file.
 * *RUBRIK_POLARIS_SERVICEACCOUNT_FILE* — Overrides the name and path of the service account credentials file.
 * *RUBRIK_POLARIS_SERVICEACCOUNT_NAME* — Overrides the name of the service account.
 * *RUBRIK_POLARIS_SERVICEACCOUNT_CLIENTID* — Overrides the client id of the service account.

cmd/testenv/main.go

@@ -150,9 +150,11 @@ func clean(ctx context.Context, client *polaris.Client) error {
 				awsAccount.NativeID, testAcc.AccountID)
 		}
 
-		// TODO: we might need to iterate over awsAccount.Features to remove
-		// all of them in the future
-		return awsClient.RemoveAccount(ctx, aws.Profile(testAcc.Profile), core.FeatureCloudNativeProtection, false)
+		features := make([]core.Feature, 0, len(awsAccount.Features))
+		for _, feature := range awsAccount.Features {
+			features = append(features, feature.Feature)
+		}
+		return awsClient.RemoveAccount(ctx, aws.Profile(testAcc.Profile), features, false)
 	})
 
 	// AWS with cross account role
@@ -175,9 +177,11 @@ func clean(ctx context.Context, client *polaris.Client) error {
 				awsAccount.NativeID, testAcc.CrossAccountID)
 		}
 
-		// TODO: we might need to iterate over awsAccount.Features to remove
-		// all of them in the future
-		return awsClient.RemoveAccount(ctx, aws.DefaultWithRole(testAcc.CrossAccountRole), core.FeatureCloudNativeProtection, false)
+		features := make([]core.Feature, 0, len(awsAccount.Features))
+		for _, feature := range awsAccount.Features {
+			features = append(features, feature.Feature)
+		}
+		return awsClient.RemoveAccount(ctx, aws.DefaultWithRole(testAcc.CrossAccountRole), features, false)
 	})
 
 	// Azure
@@ -214,7 +218,7 @@ func clean(ctx context.Context, client *polaris.Client) error {
 
 		// Remove all features for the subscription.
 		for _, feature := range azureAcc.Features {
-			if err := azureClient.RemoveSubscription(ctx, azure.CloudAccountID(azureAcc.ID), feature.Name, false); err != nil {
+			if err := azureClient.RemoveSubscription(ctx, azure.CloudAccountID(azureAcc.ID), feature.Feature, false); err != nil {
 				return fmt.Errorf("failed to remove Azure cloud account fetaure: %v", pretty.Sprint(feature))
 			}
 		}

examples/aws_account/main.go

@@ -54,7 +54,7 @@ func main() {
 	// Add the AWS default account to Polaris. Usually resolved using the
 	// environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
 	// AWS_DEFAULT_REGION.
-	id, err := awsClient.AddAccount(ctx, aws.Default(), core.FeatureCloudNativeProtection, aws.Regions("us-east-2"))
+	id, err := awsClient.AddAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection}, aws.Regions("us-east-2"))
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -71,7 +71,7 @@ func main() {
 	}
 
 	// Remove the AWS account from Polaris.
-	err = awsClient.RemoveAccount(ctx, aws.Default(), core.FeatureCloudNativeProtection, false)
+	err = awsClient.RemoveAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection}, false)
 	if err != nil {
 		log.Fatal(err)
 	}

examples/aws_account_with_permission_groups/main.go

@@ -0,0 +1,86 @@
+// Copyright 2024 Rubrik, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to
+// deal in the Software without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+// sell copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+// DEALINGS IN THE SOFTWARE.
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris"
+	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/aws"
+	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/graphql/core"
+	polaris_log "github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/log"
+)
+
+// Example showing how to manage an AWS account with the Polaris Go SDK.
+//
+// The Polaris service account key file identifying the Polaris account should
+// either be placed at ~/.rubrik/polaris-service-account.json or pointed out by
+// the RUBRIK_POLARIS_SERVICEACCOUNT_FILE environment variable.
+func main() {
+	ctx := context.Background()
+
+	// Load configuration and create client.
+	polAccount, err := polaris.DefaultServiceAccount(true)
+	if err != nil {
+		log.Fatal(err)
+	}
+	logger := polaris_log.NewStandardLogger()
+	polaris.SetLogLevelFromEnv(logger)
+	client, err := polaris.NewClientWithLogger(polAccount, logger)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	awsClient := aws.Wrap(client)
+
+	// RSC features and their permission groups.
+	features := []core.Feature{
+		core.FeatureCloudNativeProtection.WithPermissionGroups(core.PermissionGroupBasic),
+		core.FeatureExocompute.WithPermissionGroups(core.PermissionGroupBasic, core.PermissionGroupRSCManagedCluster),
+	}
+
+	// Add the AWS default account to Polaris. Usually resolved using the
+	// environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
+	// AWS_DEFAULT_REGION.
+	id, err := awsClient.AddAccount(ctx, aws.Default(), features, aws.Regions("us-east-2"))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// List the AWS accounts added to Polaris.
+	account, err := awsClient.Account(ctx, aws.CloudAccountID(id), core.FeatureAll)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("ID: %v, Name: %v, NativeID: %v\n", account.ID, account.Name, account.NativeID)
+	for _, feature := range account.Features {
+		fmt.Printf("Feature: %v, Regions: %v, Status: %v\n", feature.Feature, feature.Regions, feature.Status)
+	}
+
+	// Remove the AWS account from Polaris.
+	err = awsClient.RemoveAccount(ctx, aws.Default(), features, false)
+	if err != nil {
+		log.Fatal(err)
+	}
+}

examples/aws_cross_account_role/main.go

@@ -57,7 +57,7 @@ func main() {
 	// variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_REGION.
 	id, err := awsClient.AddAccount(ctx,
 		aws.DefaultWithRole("arn:aws:iam::123456789012:role/MyCrossAccountRole"),
-		core.FeatureCloudNativeProtection, aws.Regions("us-east-2"))
+		[]core.Feature{core.FeatureCloudNativeProtection}, aws.Regions("us-east-2"))
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -76,7 +76,7 @@ func main() {
 	// Remove the AWS account from Polaris using a cross account role.
 	err = awsClient.RemoveAccount(ctx,
 		aws.DefaultWithRole("arn:aws:iam::123456789012:role/MyCrossAccountRole"),
-		core.FeatureCloudNativeProtection, false)
+		[]core.Feature{core.FeatureCloudNativeProtection}, false)
 	if err != nil {
 		log.Fatal(err)
 	}

examples/aws_exocompute/main.go

@@ -49,7 +49,7 @@ func main() {
 	// Add the AWS default account to Polaris. Usually resolved using the
 	// environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
 	// AWS_DEFAULT_REGION.
-	accountID, err := awsClient.AddAccount(ctx, aws.Default(), core.FeatureCloudNativeProtection, aws.Regions("us-east-2", "us-west-2"))
+	accountID, err := awsClient.AddAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection}, aws.Regions("us-east-2", "us-west-2"))
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -59,7 +59,7 @@ func main() {
 	// Enable the exocompute feature for the account. Note that the
 	// cnpAccountID and exoAccountID should be the same, they refer to the same
 	// Polaris cloud account.
-	exoAccountID, err := awsClient.AddAccount(ctx, aws.Default(), core.FeatureExocompute, aws.Regions("us-east-2"))
+	exoAccountID, err := awsClient.AddAccount(ctx, aws.Default(), []core.Feature{core.FeatureExocompute}, aws.Regions("us-east-2"))
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -100,13 +100,13 @@ func main() {
 	}
 
 	// Disable the exocompute feature for the account.
-	err = awsClient.RemoveAccount(ctx, aws.Default(), core.FeatureExocompute, false)
+	err = awsClient.RemoveAccount(ctx, aws.Default(), []core.Feature{core.FeatureExocompute}, false)
 	if err != nil {
 		log.Fatal(err)
 	}
 
 	// Remove the AWS account from Polaris.
-	err = awsClient.RemoveAccount(ctx, aws.Default(), core.FeatureCloudNativeProtection, false)
+	err = awsClient.RemoveAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection}, false)
 	if err != nil {
 		log.Fatal(err)
 	}

examples/aws_private_container_registry/main.go

@@ -0,0 +1,72 @@
+// Copyright 2023 Rubrik, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to
+// deal in the Software without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+// sell copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+// DEALINGS IN THE SOFTWARE.
+
+package main
+
+import (
+	"context"
+	"log"
+
+	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris"
+	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/aws"
+	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/graphql/core"
+	polaris_log "github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/log"
+)
+
+// Example showing how to set a private container registry with the RSC Go SDK.
+func main() {
+	ctx := context.Background()
+
+	// Load configuration and create client.
+	polAccount, err := polaris.DefaultServiceAccount(true)
+	if err != nil {
+		log.Fatal(err)
+	}
+	logger := polaris_log.NewStandardLogger()
+	polaris.SetLogLevelFromEnv(logger)
+	client, err := polaris.NewClientWithLogger(polAccount, logger)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	awsClient := aws.Wrap(client)
+
+	// Add the AWS default account to Polaris. Usually resolved using the
+	// environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
+	// AWS_DEFAULT_REGION.
+	id, err := awsClient.AddAccount(ctx, aws.Default(),
+		[]core.Feature{core.FeatureCloudNativeProtection}, aws.Regions("us-east-2"))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Set the private container registry for the AWS account.
+	err = awsClient.SetPrivateContainerRegistry(ctx, aws.CloudAccountID(id),
+		"123456789012.dkr.ecr.us-east-2.amazonaws.com", "123456789012")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Remove the AWS account from Polaris.
+	err = awsClient.RemoveAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection}, false)
+	if err != nil {
+		log.Fatal(err)
+	}
+}