Add FedRAMP example (#1000)

Author: tylercreller

README.md

@@ -289,3 +289,7 @@ and copying the internal representation into it.
 
 See also the command-line tool https://github.com/openshift-online/ocm-cli built
 on top of this SDK.
+
+## FedRAMP
+
+The OCM SDK fully supports the OCM FedRAMP environment. Additional `TokenURL`, `URL`, and `Client` configuration is required in order to make the connection. An example implementation for the OCM FedRAMP environment can be found in the [examples](examples/fedramp_auth.go) directory.

authentication/transport_wrapper.go

@@ -48,6 +48,9 @@ const (
 	DefaultTokenURL     = "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token"
 	DefaultClientID     = "cloud-services"
 	DefaultClientSecret = ""
+
+	FedRAMPTokenURL = "https://sso.openshiftusgov.com/realms/redhat-external/protocol/openid-connect/token"
+	FedRAMPClientID = "console-dot"
 )
 
 // DefaultScopes is the ser of scopes used by default:

connection.go

@@ -57,6 +57,7 @@ const (
 	DefaultClientSecret = authentication.DefaultClientSecret
 	DefaultURL          = "https://api.openshift.com"
 	DefaultAgent        = "OCM-SDK/" + Version
+	FedRAMPURL          = "https://api.openshiftusgov.com"
 )
 
 // DefaultScopes is the ser of scopes used by default:

examples/fedramp_auth.go

@@ -0,0 +1,79 @@
+/*
+Copyright (c) 2024 Red Hat, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// This example shows how create a connection using the OpenID refresh token grant for
+// FedRAMP authentication.
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	sdk "github.com/openshift-online/ocm-sdk-go"
+	"github.com/openshift-online/ocm-sdk-go/authentication"
+	cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1"
+	"github.com/openshift-online/ocm-sdk-go/logging"
+)
+
+func main() {
+	// Create a context:
+	ctx := context.Background()
+
+	// Create a logger that has the debug level enabled:
+	logger, err := logging.NewGoLoggerBuilder().
+		Debug(true).
+		Build()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Can't build logger: %v\n", err)
+		os.Exit(1)
+	}
+
+	// Create the connection, and remember to close it:
+	connection, err := sdk.NewConnectionBuilder().
+		Logger(logger).
+		URL(sdk.FedRAMPURL).
+		TokenURL(authentication.FedRAMPTokenURL).
+		Tokens(os.Getenv("OCM_REFRESH_TOKEN")).
+		Client(authentication.FedRAMPClientID, "").
+		BuildContext(ctx)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Can't build connection: %v\n", err)
+		os.Exit(1)
+	}
+	defer connection.Close()
+
+	// Get the client for the service that manages the collection of clusters:
+	collection := connection.ClustersMgmt().V1().Clusters()
+
+	// Retrieve the collection of clusters:
+	response, err := collection.List().
+		Search("name like 'my%'").
+		Page(1).
+		Size(10).
+		SendContext(ctx)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Can't retrieve clusters: %v\n", err)
+		os.Exit(1)
+	}
+
+	// Print the result:
+	response.Items().Each(func(cluster *cmv1.Cluster) bool {
+		fmt.Printf("%s - %s\n", cluster.ID(), cluster.Name())
+		return true
+	})
+}