package main
import(
"context"
"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
"log"
)
func main() {
ctx := context.Background()
s := conductoronesdkgo.New(
conductoronesdkgo.WithSecurity(shared.Security{
BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
Oauth: "<YOUR_OAUTH_HERE>",
}),
)
res, err := s.WorkloadFederation.GetTrust(ctx, operations.C1APIWorkloadFederationV1WorkloadFederationServiceGetTrustRequest{
ClientID: "<id>",
ServicePrincipalID: "<id>",
})
if err != nil {
log.Fatal(err)
}
if res.WorkloadFederationServiceGetTrustResponse != nil {
// handle response
}
}import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript";
const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
security: {
bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
oauth: "<YOUR_OAUTH_HERE>",
},
});
async function run() {
const result = await conductoroneSDKTypescript.workloadFederation.getTrust({
servicePrincipalId: "<id>",
clientId: "<id>",
});
console.log(result);
}
run();curl --request GET \
--url https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id} \
--header 'Authorization: Bearer <token>'import requests
url = "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}"
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
fetch('https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}HttpResponse<String> response = Unirest.get("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}")
.header("Authorization", "Bearer <token>")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
response = http.request(request)
puts response.read_body{
"trust": {
"allowSourceCidrs": [
"<string>"
],
"clientId": "<string>",
"conditionExpression": "<string>",
"createdAt": "2023-11-07T05:31:56Z",
"description": "<string>",
"disabled": true,
"displayName": "<string>",
"passthroughClaims": [
"<string>"
],
"providerId": "<string>",
"scopedRoleIds": [
"<string>"
],
"servicePrincipalId": "<string>",
"updatedAt": "2023-11-07T05:31:56Z"
}
}Get Trust
GetTrust returns a trust by ID for a service principal.
package main
import(
"context"
"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
"log"
)
func main() {
ctx := context.Background()
s := conductoronesdkgo.New(
conductoronesdkgo.WithSecurity(shared.Security{
BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
Oauth: "<YOUR_OAUTH_HERE>",
}),
)
res, err := s.WorkloadFederation.GetTrust(ctx, operations.C1APIWorkloadFederationV1WorkloadFederationServiceGetTrustRequest{
ClientID: "<id>",
ServicePrincipalID: "<id>",
})
if err != nil {
log.Fatal(err)
}
if res.WorkloadFederationServiceGetTrustResponse != nil {
// handle response
}
}import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript";
const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
security: {
bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
oauth: "<YOUR_OAUTH_HERE>",
},
});
async function run() {
const result = await conductoroneSDKTypescript.workloadFederation.getTrust({
servicePrincipalId: "<id>",
clientId: "<id>",
});
console.log(result);
}
run();curl --request GET \
--url https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id} \
--header 'Authorization: Bearer <token>'import requests
url = "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}"
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
fetch('https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}HttpResponse<String> response = Unirest.get("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}")
.header("Authorization", "Bearer <token>")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
response = http.request(request)
puts response.read_body{
"trust": {
"allowSourceCidrs": [
"<string>"
],
"clientId": "<string>",
"conditionExpression": "<string>",
"createdAt": "2023-11-07T05:31:56Z",
"description": "<string>",
"disabled": true,
"displayName": "<string>",
"passthroughClaims": [
"<string>"
],
"providerId": "<string>",
"scopedRoleIds": [
"<string>"
],
"servicePrincipalId": "<string>",
"updatedAt": "2023-11-07T05:31:56Z"
}
}Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.
Path Parameters
The service principal ID (from URL path).
The trust client ID. Accepts the cutename (e.g. "clever-fox-42195") or the full client ID (e.g. "clever-fox-42195@acme.conductorone.com/wfe"). The server normalizes to the cutename portion before lookup.
Response
Successful response
The WorkloadFederationServiceGetTrustResponse message.
WorkloadFederationTrust represents a per-SP trust policy that references a tenant-level provider and defines a CEL condition for claim matching.
Show child attributes
Show child attributes
Was this page helpful?