[CLI-3479] Union of Pools Identity Provider (#3065)

Author: cqin-confluent

cmd/lint/main.go

@@ -252,6 +252,7 @@ var vocabWords = []string{
 	"jit",
 	"jsonschema",
 	"jwks",
+	"JWT",
 	"kafka",
 	"kek",
 	"keychain",

internal/iam/command_provider.go

@@ -14,11 +14,12 @@ type identityProviderCommand struct {
 }
 
 type identityProviderOut struct {
-	Id          string `human:"ID" serialized:"id"`
-	Name        string `human:"Name" serialized:"name"`
-	Description string `human:"Description" serialized:"description"`
-	IssuerUri   string `human:"Issuer URI" serialized:"issuer_uri"`
-	JwksUri     string `human:"JWKS URI" serialized:"jwks_uri"`
+	Id            string `human:"ID" serialized:"id"`
+	Name          string `human:"Name" serialized:"name"`
+	Description   string `human:"Description" serialized:"description"`
+	IdentityClaim string `human:"Identity Claim,omitempty" serialized:"identity_claim,omitempty"`
+	IssuerUri     string `human:"Issuer URI" serialized:"issuer_uri"`
+	JwksUri       string `human:"JWKS URI" serialized:"jwks_uri"`
 }
 
 func newProviderCommand(prerunner pcmd.PreRunner) *cobra.Command {
@@ -42,11 +43,12 @@ func newProviderCommand(prerunner pcmd.PreRunner) *cobra.Command {
 func printIdentityProvider(cmd *cobra.Command, provider identityproviderv2.IamV2IdentityProvider) error {
 	table := output.NewTable(cmd)
 	table.Add(&identityProviderOut{
-		Id:          provider.GetId(),
-		Name:        provider.GetDisplayName(),
-		Description: provider.GetDescription(),
-		IssuerUri:   provider.GetIssuer(),
-		JwksUri:     provider.GetJwksUri(),
+		Id:            provider.GetId(),
+		Name:          provider.GetDisplayName(),
+		Description:   provider.GetDescription(),
+		IdentityClaim: provider.GetIdentityClaim(),
+		IssuerUri:     provider.GetIssuer(),
+		JwksUri:       provider.GetJwksUri(),
 	})
 	return table.Print()
 }

internal/iam/command_provider_create.go

@@ -26,6 +26,7 @@ func (c *identityProviderCommand) newCreateCommand() *cobra.Command {
 	cmd.Flags().String("issuer-uri", "", "URI of the identity provider issuer.")
 	cmd.Flags().String("jwks-uri", "", "JWKS (JSON Web Key Set) URI of the identity provider.")
 	cmd.Flags().String("description", "", "Description of the identity provider.")
+	cmd.Flags().String("identity-claim", "", "The JSON Web Token (JWT) claim to extract the authenticating identity to Confluent resources from Registered Claim Names.")
 	pcmd.AddContextFlag(cmd, c.CLICommand)
 	pcmd.AddOutputFlag(cmd)
 
@@ -51,11 +52,17 @@ func (c *identityProviderCommand) create(cmd *cobra.Command, args []string) erro
 		return err
 	}
 
+	identityClaim, err := cmd.Flags().GetString("identity-claim")
+	if err != nil {
+		return err
+	}
+
 	createIdentityProvider := identityproviderv2.IamV2IdentityProvider{
-		DisplayName: identityproviderv2.PtrString(args[0]),
-		Description: identityproviderv2.PtrString(description),
-		Issuer:      identityproviderv2.PtrString(issuerUri),
-		JwksUri:     identityproviderv2.PtrString(jwksUri),
+		DisplayName:   identityproviderv2.PtrString(args[0]),
+		Description:   identityproviderv2.PtrString(description),
+		IdentityClaim: identityproviderv2.PtrString(identityClaim),
+		Issuer:        identityproviderv2.PtrString(issuerUri),
+		JwksUri:       identityproviderv2.PtrString(jwksUri),
 	}
 	provider, err := c.V2Client.CreateIdentityProvider(createIdentityProvider)
 	if err != nil {

internal/iam/command_provider_list.go

@@ -30,11 +30,12 @@ func (c *identityProviderCommand) list(cmd *cobra.Command, _ []string) error {
 	list := output.NewList(cmd)
 	for _, provider := range identityProviders {
 		list.Add(&identityProviderOut{
-			Id:          provider.GetId(),
-			Name:        provider.GetDisplayName(),
-			Description: provider.GetDescription(),
-			IssuerUri:   provider.GetIssuer(),
-			JwksUri:     provider.GetJwksUri(),
+			Id:            provider.GetId(),
+			Name:          provider.GetDisplayName(),
+			Description:   provider.GetDescription(),
+			IdentityClaim: provider.GetIdentityClaim(),
+			IssuerUri:     provider.GetIssuer(),
+			JwksUri:       provider.GetJwksUri(),
 		})
 	}
 	return list.Print()

internal/iam/command_provider_update.go

@@ -26,10 +26,11 @@ func (c *identityProviderCommand) newUpdateCommand() *cobra.Command {
 
 	cmd.Flags().String("name", "", "Name of the identity provider.")
 	cmd.Flags().String("description", "", "Description of the identity provider.")
+	cmd.Flags().String("identity-claim", "", "The JSON Web Token (JWT) claim to extract the authenticating identity to Confluent resources from Registered Claim Names.")
 	pcmd.AddContextFlag(cmd, c.CLICommand)
 	pcmd.AddOutputFlag(cmd)
 
-	cmd.MarkFlagsOneRequired("name", "description")
+	cmd.MarkFlagsOneRequired("name", "description", "identity-claim")
 
 	return cmd
 }
@@ -45,10 +46,18 @@ func (c *identityProviderCommand) update(cmd *cobra.Command, args []string) erro
 		return err
 	}
 
+	identityClaim, err := cmd.Flags().GetString("identity-claim")
+	if err != nil {
+		return err
+	}
+
 	update := identityproviderv2.IamV2IdentityProvider{Id: identityproviderv2.PtrString(args[0])}
 	if name != "" {
 		update.DisplayName = identityproviderv2.PtrString(name)
 	}
+	if identityClaim != "" {
+		update.IdentityClaim = identityproviderv2.PtrString(identityClaim)
+	}
 	if description != "" {
 		update.Description = identityproviderv2.PtrString(description)
 	}

test/fixtures/output/iam/identity-provider/create-with-identity-claim.golden

@@ -0,0 +1,8 @@
++----------------+-------------------------------------------------+
+| ID             | op-67890                                        |
+| Name           | okta-with-identity-claim                        |
+| Description    | new description.                                |
+| Identity Claim | claims.sub                                      |
+| Issuer URI     | https://company.new-provider.com                |
+| JWKS URI       | https://company.new-provider.com/oauth2/v1/keys |
++----------------+-------------------------------------------------+

test/fixtures/output/iam/identity-provider/describe-autocomplete.golden

@@ -1,4 +1,5 @@
 op-12345	identity-provider: providing identities.
 op-abc	another-provider: providing identities.
+op-67890	okta-with-identity-claim: new description.
 :4
 Completion ended with directive: ShellCompDirectiveNoFileComp

test/fixtures/output/iam/identity-provider/describe-with-identity-claim.golden

@@ -0,0 +1,8 @@
++----------------+-------------------------------------------------+
+| ID             | op-67890                                        |
+| Name           | okta-with-identity-claim                        |
+| Description    | new description.                                |
+| Identity Claim | claims.sub                                      |
+| Issuer URI     | https://company.new-provider.com                |
+| JWKS URI       | https://company.new-provider.com/oauth2/v1/keys |
++----------------+-------------------------------------------------+

test/fixtures/output/iam/identity-provider/list.golden

@@ -1,4 +1,5 @@
-     ID    |       Name        |      Description      |          Issuer URI          |                  JWKS URI                    
------------+-------------------+-----------------------+------------------------------+----------------------------------------------
-  op-12345 | identity-provider | providing identities. | https://company.provider.com | https://company.provider.com/oauth2/v1/keys  
-  op-abc   | another-provider  | providing identities. | https://company.provider.com | https://company.provider.com/oauth2/v1/keys  
+     ID    |           Name           |      Description      | Identity Claim |            Issuer URI            |                    JWKS URI                      
+-----------+--------------------------+-----------------------+----------------+----------------------------------+--------------------------------------------------
+  op-12345 | identity-provider        | providing identities. |                | https://company.provider.com     | https://company.provider.com/oauth2/v1/keys      
+  op-67890 | okta-with-identity-claim | new description.      | claims.sub     | https://company.new-provider.com | https://company.new-provider.com/oauth2/v1/keys  
+  op-abc   | another-provider         | providing identities. |                | https://company.provider.com     | https://company.provider.com/oauth2/v1/keys      

test/fixtures/output/iam/identity-provider/update-with-identity-claim.golden

@@ -0,0 +1,9 @@
++----------------+-------------------------------------------------+
+| ID             | op-67890                                        |
+| Name           | okta-with-identity-claim                        |
+| Description    | providing identities with                       |
+|                | identity claim.                                 |
+| Identity Claim | claims.sub.updated                              |
+| Issuer URI     | https://company.new-provider.com                |
+| JWKS URI       | https://company.new-provider.com/oauth2/v1/keys |
++----------------+-------------------------------------------------+