package main
import(
"context"
"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
"log"
)
func main() {
ctx := context.Background()
s := conductoronesdkgo.New(
conductoronesdkgo.WithSecurity(shared.Security{
BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
Oauth: "<YOUR_OAUTH_HERE>",
}),
)
res, err := s.WorkloadFederation.UpdateTrust(ctx, operations.C1APIWorkloadFederationV1WorkloadFederationServiceUpdateTrustRequest{
ClientID: "<id>",
ServicePrincipalID: "<id>",
})
if err != nil {
log.Fatal(err)
}
if res.WorkloadFederationServiceUpdateTrustResponse != nil {
// handle response
}
}import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript";
const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
security: {
bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
oauth: "<YOUR_OAUTH_HERE>",
},
});
async function run() {
const result = await conductoroneSDKTypescript.workloadFederation.updateTrust({
servicePrincipalId: "<id>",
clientId: "<id>",
});
console.log(result);
}
run();curl --request PATCH \
--url https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id} \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"trust": {
"allowSourceCidrs": [
"<string>"
],
"conditionExpression": "<string>",
"description": "<string>",
"disabled": true,
"displayName": "<string>",
"passthroughClaims": [
"<string>"
],
"scopedRoleIds": [
"<string>"
]
},
"updateMask": "<string>"
}
'import requests
url = "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}"
payload = {
"trust": {
"allowSourceCidrs": ["<string>"],
"conditionExpression": "<string>",
"description": "<string>",
"disabled": True,
"displayName": "<string>",
"passthroughClaims": ["<string>"],
"scopedRoleIds": ["<string>"]
},
"updateMask": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.patch(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'PATCH',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
trust: {
allowSourceCidrs: ['<string>'],
conditionExpression: '<string>',
description: '<string>',
disabled: true,
displayName: '<string>',
passthroughClaims: ['<string>'],
scopedRoleIds: ['<string>']
},
updateMask: '<string>'
})
};
fetch('https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PATCH",
CURLOPT_POSTFIELDS => json_encode([
'trust' => [
'allowSourceCidrs' => [
'<string>'
],
'conditionExpression' => '<string>',
'description' => '<string>',
'disabled' => true,
'displayName' => '<string>',
'passthroughClaims' => [
'<string>'
],
'scopedRoleIds' => [
'<string>'
]
],
'updateMask' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}HttpResponse<String> response = Unirest.patch("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"trust\": {\n \"allowSourceCidrs\": [\n \"<string>\"\n ],\n \"conditionExpression\": \"<string>\",\n \"description\": \"<string>\",\n \"disabled\": true,\n \"displayName\": \"<string>\",\n \"passthroughClaims\": [\n \"<string>\"\n ],\n \"scopedRoleIds\": [\n \"<string>\"\n ]\n },\n \"updateMask\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Patch.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"trust\": {\n \"allowSourceCidrs\": [\n \"<string>\"\n ],\n \"conditionExpression\": \"<string>\",\n \"description\": \"<string>\",\n \"disabled\": true,\n \"displayName\": \"<string>\",\n \"passthroughClaims\": [\n \"<string>\"\n ],\n \"scopedRoleIds\": [\n \"<string>\"\n ]\n },\n \"updateMask\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"trust": {
"allowSourceCidrs": [
"<string>"
],
"clientId": "<string>",
"conditionExpression": "<string>",
"createdAt": "2023-11-07T05:31:56Z",
"description": "<string>",
"disabled": true,
"displayName": "<string>",
"passthroughClaims": [
"<string>"
],
"providerId": "<string>",
"scopedRoleIds": [
"<string>"
],
"servicePrincipalId": "<string>",
"updatedAt": "2023-11-07T05:31:56Z"
}
}Update Trust
UpdateTrust updates a trust’s mutable fields. The provider_id is immutable.
package main
import(
"context"
"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
"log"
)
func main() {
ctx := context.Background()
s := conductoronesdkgo.New(
conductoronesdkgo.WithSecurity(shared.Security{
BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
Oauth: "<YOUR_OAUTH_HERE>",
}),
)
res, err := s.WorkloadFederation.UpdateTrust(ctx, operations.C1APIWorkloadFederationV1WorkloadFederationServiceUpdateTrustRequest{
ClientID: "<id>",
ServicePrincipalID: "<id>",
})
if err != nil {
log.Fatal(err)
}
if res.WorkloadFederationServiceUpdateTrustResponse != nil {
// handle response
}
}import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript";
const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
security: {
bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
oauth: "<YOUR_OAUTH_HERE>",
},
});
async function run() {
const result = await conductoroneSDKTypescript.workloadFederation.updateTrust({
servicePrincipalId: "<id>",
clientId: "<id>",
});
console.log(result);
}
run();curl --request PATCH \
--url https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id} \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"trust": {
"allowSourceCidrs": [
"<string>"
],
"conditionExpression": "<string>",
"description": "<string>",
"disabled": true,
"displayName": "<string>",
"passthroughClaims": [
"<string>"
],
"scopedRoleIds": [
"<string>"
]
},
"updateMask": "<string>"
}
'import requests
url = "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}"
payload = {
"trust": {
"allowSourceCidrs": ["<string>"],
"conditionExpression": "<string>",
"description": "<string>",
"disabled": True,
"displayName": "<string>",
"passthroughClaims": ["<string>"],
"scopedRoleIds": ["<string>"]
},
"updateMask": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.patch(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'PATCH',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
trust: {
allowSourceCidrs: ['<string>'],
conditionExpression: '<string>',
description: '<string>',
disabled: true,
displayName: '<string>',
passthroughClaims: ['<string>'],
scopedRoleIds: ['<string>']
},
updateMask: '<string>'
})
};
fetch('https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PATCH",
CURLOPT_POSTFIELDS => json_encode([
'trust' => [
'allowSourceCidrs' => [
'<string>'
],
'conditionExpression' => '<string>',
'description' => '<string>',
'disabled' => true,
'displayName' => '<string>',
'passthroughClaims' => [
'<string>'
],
'scopedRoleIds' => [
'<string>'
]
],
'updateMask' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}HttpResponse<String> response = Unirest.patch("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"trust\": {\n \"allowSourceCidrs\": [\n \"<string>\"\n ],\n \"conditionExpression\": \"<string>\",\n \"description\": \"<string>\",\n \"disabled\": true,\n \"displayName\": \"<string>\",\n \"passthroughClaims\": [\n \"<string>\"\n ],\n \"scopedRoleIds\": [\n \"<string>\"\n ]\n },\n \"updateMask\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/trusts/{client_id}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Patch.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"trust\": {\n \"allowSourceCidrs\": [\n \"<string>\"\n ],\n \"conditionExpression\": \"<string>\",\n \"description\": \"<string>\",\n \"disabled\": true,\n \"displayName\": \"<string>\",\n \"passthroughClaims\": [\n \"<string>\"\n ],\n \"scopedRoleIds\": [\n \"<string>\"\n ]\n },\n \"updateMask\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"trust": {
"allowSourceCidrs": [
"<string>"
],
"clientId": "<string>",
"conditionExpression": "<string>",
"createdAt": "2023-11-07T05:31:56Z",
"description": "<string>",
"disabled": true,
"displayName": "<string>",
"passthroughClaims": [
"<string>"
],
"providerId": "<string>",
"scopedRoleIds": [
"<string>"
],
"servicePrincipalId": "<string>",
"updatedAt": "2023-11-07T05:31:56Z"
}
}Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.
Path Parameters
The service principal ID (from URL path).
The full client ID of the trust (e.g., "clever-fox-42195@acme.conductorone.com/wfe"). Used as the client_id parameter in RFC 8693 token exchange requests.
Body
Response
Successful response
The WorkloadFederationServiceUpdateTrustResponse message.
WorkloadFederationTrust represents a per-SP trust policy that references a tenant-level provider and defines a CEL condition for claim matching.
Show child attributes
Show child attributes
Was this page helpful?