Merge branch 'beta' (#182)

* Add support specifying Azure resource groups for RSC features (#160)
* Add retry to allVpcsByRegion request (#162)
* Move the retry handling into the Request function (#165)
* Expose account name and FQDN (#166)
* Add support for Azure shared exocompute (#167)
* Fix an issue with AWS exocompute customer supplied security groups (#168)
* Add support for Azure archival locations (#169)
* Fix Azure permission upgrade issue (#170)
* Increase the korg job wait attempts to 50 (#171)
* Skip disabling AWS Exocompute for non-CFT workflow (#172)
* Fix CreateStorageSetting's NativeID field (#173)
* Use RSC_MANAGED_CLUSTER permission group (#174)
* Extend AddClusterToExocomputeConfig to return setup YAML (#175)
* Disable S3 protection before removing the feature (#176)
* Fix failing Azure integration tests (#177)
* Work around an AWS multiple features removal issue (#178)
* Add functions to look up cloud accounts by native ID and name (#180)
* Add support for updating AWS archival location bucket tags (#179)

examples/aws_exocompute/main.go

@@ -34,7 +34,7 @@ import (
 func main() {
 	ctx := context.Background()
 
-	// Load configuration and create client.
+	// Load configuration and create a client.
 	polAccount, err := polaris.DefaultServiceAccount(true)
 	if err != nil {
 		log.Fatal(err)

examples/aws_shared_exocompute/main.go

@@ -1,4 +1,4 @@
-// Copyright 2021 Rubrik, Inc.
+// Copyright 2024 Rubrik, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to
@@ -36,13 +36,15 @@ import (
 func main() {
 	ctx := context.Background()
 
-	// Load configuration and create client.
+	// Load configuration and create a client.
 	polAccount, err := polaris.DefaultServiceAccount(true)
 	if err != nil {
 		log.Fatal(err)
 	}
 	logger := polaris_log.NewStandardLogger()
-	polaris.SetLogLevelFromEnv(logger)
+	if err := polaris.SetLogLevelFromEnv(logger); err != nil {
+		log.Fatal(err)
+	}
 	client, err := polaris.NewClientWithLogger(polAccount, logger)
 	if err != nil {
 		log.Fatal(err)
@@ -57,12 +59,11 @@ func main() {
 	// Add the AWS default account to Polaris. Usually resolved using the
 	// environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
 	// AWS_DEFAULT_REGION.
-	accountID, err := awsClient.AddAccount(ctx, aws.Default(),
-		[]core.Feature{core.FeatureCloudNativeProtection, core.FeatureExocompute}, aws.Regions("us-east-2"))
+	accountID, err := awsClient.AddAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection},
+		aws.Regions("us-east-2"))
 	if err != nil {
 		log.Fatal(err)
 	}
-
 	fmt.Printf("Account ID: %v\n", accountID)
 
 	// Map the application account to an existing exocompute host account.
@@ -76,30 +77,16 @@ func main() {
 	if err != nil {
 		log.Fatal(err)
 	}
-
 	fmt.Printf("Exocompute Host Account: %v\n", hostID)
 
-	// Retrieve the exocompute application accounts for the exocompute host
-	// account.
-	appIDs, err := awsClient.ExocomputeApplicationAccounts(ctx, hostAccountID)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Println("Exocompute Application Accounts:")
-	for _, appID := range appIDs {
-		fmt.Println(appID)
-	}
-
 	// Unmap the application account from the shared exocompute host account.
 	err = awsClient.UnmapExocompute(ctx, aws.CloudAccountID(accountID))
 	if err != nil {
 		log.Fatal(err)
 	}
 
 	// Remove the AWS account from Polaris.
-	err = awsClient.RemoveAccount(ctx, aws.Default(),
-		[]core.Feature{core.FeatureCloudNativeProtection, core.FeatureExocompute}, false)
+	err = awsClient.RemoveAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection}, false)
 	if err != nil {
 		log.Fatal(err)
 	}

examples/aws_storage_setting/main.go

@@ -72,7 +72,7 @@ func main() {
 	fmt.Printf("ID: %v, Name: %s\n", targetMapping.ID, targetMapping.Name)
 
 	// Update the AWS archival location.
-	err = awsClient.UpdateStorageSetting(ctx, targetMappingID, "TestUpdated", "", "")
+	err = awsClient.UpdateStorageSetting(ctx, targetMappingID, "TestUpdated", "", "", nil)
 	if err != nil {
 		log.Fatal(err)
 	}

examples/azure_exocompute/main.go

@@ -35,7 +35,7 @@ import (
 func main() {
 	ctx := context.Background()
 
-	// Load configuration and create client.
+	// Load configuration and create a client.
 	polAccount, err := polaris.DefaultServiceAccount(true)
 	if err != nil {
 		log.Fatal(err)

examples/azure_permissions/main.go

@@ -25,7 +25,6 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/google/uuid"
 	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris"
 	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/azure"
 	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/graphql/core"
@@ -41,7 +40,7 @@ import (
 func main() {
 	ctx := context.Background()
 
-	// Load configuration and create client.
+	// Load configuration and create a client.
 	polAccount, err := polaris.DefaultServiceAccount(true)
 	if err != nil {
 		log.Fatal(err)
@@ -53,36 +52,42 @@ func main() {
 
 	azureClient := azure.Wrap(client)
 
-	// List Azure permissions needed for features.
-	features := []core.Feature{core.FeatureCloudNativeProtection}
-	perms, err := azureClient.Permissions(ctx, features)
+	// List Azure permissions needed for the Cloud Native Protection feature.
+	perms, permGroups, err := azureClient.ScopedPermissions(ctx, core.FeatureCloudNativeProtection)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	fmt.Println("Permissions requried for Cloud Native Protection:")
-	for _, perm := range perms.Actions {
+	fmt.Println("Subscription level permissions required for Cloud Native Protection:")
+	for _, perm := range perms[azure.ScopeSubscription].Actions {
 		fmt.Println(perm)
 	}
-	for _, perm := range perms.NotActions {
+	for _, perm := range perms[azure.ScopeSubscription].NotActions {
 		fmt.Println(perm)
 	}
-	for _, perm := range perms.DataActions {
+	for _, perm := range perms[azure.ScopeSubscription].DataActions {
 		fmt.Println(perm)
 	}
-	for _, perm := range perms.NotDataActions {
+	for _, perm := range perms[azure.ScopeSubscription].NotDataActions {
 		fmt.Println(perm)
 	}
 
-	// Notify Polaris about updated permissions for the Cloud Native Protection
-	// feature of the already added subscription.
-	account, err := azureClient.Subscription(ctx,
-		azure.SubscriptionID(uuid.MustParse("27dce22c-1b84-11ec-9992-a3d4a0eb7b90")), core.FeatureCloudNativeProtection)
-	if err != nil {
-		log.Fatal(err)
+	fmt.Println("Resource group level permissions required for Cloud Native Protection:")
+	for _, perm := range perms[azure.ScopeResourceGroup].Actions {
+		fmt.Println(perm)
 	}
-	err = azureClient.PermissionsUpdated(ctx, azure.CloudAccountID(account.ID), features)
-	if err != nil {
-		log.Fatal(err)
+	for _, perm := range perms[azure.ScopeResourceGroup].NotActions {
+		fmt.Println(perm)
+	}
+	for _, perm := range perms[azure.ScopeResourceGroup].DataActions {
+		fmt.Println(perm)
+	}
+	for _, perm := range perms[azure.ScopeResourceGroup].NotDataActions {
+		fmt.Println(perm)
+	}
+
+	fmt.Println("Permission groups available for Cloud Native Protection:")
+	for _, permGroup := range permGroups {
+		fmt.Printf("Permission group %s: %d\n", permGroup.Name, permGroup.Version)
 	}
 }

examples/azure_shared_exocompute/main.go

@@ -0,0 +1,95 @@
+// Copyright 2024 Rubrik, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to
+// deal in the Software without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+// sell copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+// DEALINGS IN THE SOFTWARE.
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/google/uuid"
+	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris"
+	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/azure"
+	"github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/graphql/core"
+	polaris_log "github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/log"
+)
+
+// Note: This example requires an existing Azure account with exocompute
+// configured in RSC.
+func main() {
+	ctx := context.Background()
+
+	// Load configuration and create a client.
+	polAccount, err := polaris.DefaultServiceAccount(true)
+	if err != nil {
+		log.Fatal(err)
+	}
+	logger := polaris_log.NewStandardLogger()
+	if err := polaris.SetLogLevelFromEnv(logger); err != nil {
+		log.Fatal(err)
+	}
+	client, err := polaris.NewClientWithLogger(polAccount, logger)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	azureClient := azure.Wrap(client)
+
+	// The AWS account ID of the existing AWS account with exocompute
+	// configured.
+	hostAccountID := azure.SubscriptionID(uuid.MustParse("3cad3091-a1b3-4e0e-823d-84589568983e"))
+
+	// Add the AWS default account to Polaris. Usually resolved using the
+	// environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
+	// AWS_DEFAULT_REGION.
+	subscription := azure.Subscription(uuid.MustParse("e4b247e7-66c5-4f10-9042-1eeac424c7a4"),
+		"my-domain.onmicrosoft.com")
+	accountID, err := azureClient.AddSubscription(ctx, subscription, core.FeatureCloudNativeProtection, azure.Regions("us-east-2"))
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Account ID: %v\n", accountID)
+
+	// Map the application account to an existing exocompute host account.
+	err = azureClient.MapExocompute(ctx, hostAccountID, azure.CloudAccountID(accountID))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Retrieve the exocompute host account for the application account.
+	hostID, err := azureClient.ExocomputeHostAccount(ctx, azure.CloudAccountID(accountID))
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Exocompute Host Account: %v\n", hostID)
+
+	// Unmap the application account from the shared exocompute host account.
+	err = azureClient.UnmapExocompute(ctx, azure.CloudAccountID(accountID))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Remove the AWS account from Polaris.
+	err = azureClient.RemoveSubscription(ctx, azure.CloudAccountID(accountID), core.FeatureCloudNativeProtection, false)
+	if err != nil {
+		log.Fatal(err)
+	}
+}

examples/azure_subscription/main.go

@@ -40,7 +40,7 @@ import (
 func main() {
 	ctx := context.Background()
 
-	// Load configuration and create client.
+	// Load configuration and create the client.
 	polAccount, err := polaris.DefaultServiceAccount(true)
 	if err != nil {
 		log.Fatal(err)

go.mod

@@ -48,7 +48,7 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect

go.sum

@@ -180,8 +180,8 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=

internal/testsetup/testsetup.go

@@ -9,7 +9,7 @@ import (
 )
 
 // testAwsAccount hold AWS account information used in the integration tests.
-// Normally used to assert that the information read from Polaris is correct.
+// Normally used to assert that the information read from RSC is correct.
 type testAwsAccount struct {
 	Profile          string `json:"profile"`
 	AccountID        string `json:"accountId"`
@@ -49,24 +49,38 @@ func AWSAccount() (testAwsAccount, error) {
 
 // testAzureSubscription hold Azure subscription information used in the
 // integration tests. Normally used to assert that the information read from
-// Polaris is correct.
+// RSC is correct.
 type testAzureSubscription struct {
 	SubscriptionID   uuid.UUID `json:"subscriptionId"`
 	SubscriptionName string    `json:"subscriptionName"`
+	TenantID         uuid.UUID `json:"tenantId"`
 	TenantDomain     string    `json:"tenantDomain"`
+	PrincipalID      uuid.UUID `json:"principalId"`
+	PrincipalName    string    `json:"principalName"`
+	PrincipalSecret  string    `json:"principalSecret"`
 
-	Exocompute struct {
-		SubnetID string `json:"subnetId"`
-	} `json:"exocompute"`
-
-	// should be in EastUS2 region
-	// for integration test
-	// as region is hardcoded there.
+	// Should be in EastUS2 region for integration test as the region is
+	// hardcoded there.
 	Archival struct {
-		ManagedIdentityName string `json:"managedIdentityName"`
-		PrincipalID         string `json:"managedIdentityPrincipalId"`
-		ResourceGroupName   string `json:"resourceGroupName"`
+		Regions             []string `json:"regions"`
+		ManagedIdentityName string   `json:"managedIdentityName"`
+		PrincipalID         string   `json:"managedIdentityPrincipalId"`
+		ResourceGroupName   string   `json:"resourceGroupName"`
+		ResourceGroupRegion string   `json:"resourceGroupRegion"`
 	} `json:"archival"`
+
+	CloudNativeProtection struct {
+		Regions             []string `json:"regions"`
+		ResourceGroupName   string   `json:"resourceGroupName"`
+		ResourceGroupRegion string   `json:"resourceGroupRegion"`
+	} `json:"cloudNativeProtection"`
+
+	Exocompute struct {
+		Regions             []string `json:"regions"`
+		ResourceGroupName   string   `json:"resourceGroupName"`
+		ResourceGroupRegion string   `json:"resourceGroupRegion"`
+		SubnetID            string   `json:"subnetId"`
+	} `json:"exocompute"`
 }
 
 // AzureSubscription loads test project information from the file pointed to by
@@ -86,7 +100,7 @@ func AzureSubscription() (testAzureSubscription, error) {
 }
 
 // testGcpProject hold GCP project information used in the integration tests.
-// Normally used to assert that the information read from Polaris is correct.
+// Normally used to assert that the information read from RSC is correct.
 type testGcpProject struct {
 	ProjectName      string `json:"projectName"`
 	ProjectID        string `json:"projectId"`
@@ -109,7 +123,7 @@ func GCPProject() (testGcpProject, error) {
 }
 
 // testRSCConfig hold configuration information used in the integration tests.
-// Normally used to assert that the information read from Polaris is correct.
+// Normally used to assert that the information read from RSC is correct.
 type testRSCConfig struct {
 	ExistingUserEmail string `json:"existingUserEmail"`
 	NewUserEmail      string `json:"newUserEmail"`