►
From YouTube: GitLab Access Manager (Project FastPass) - v1.11.11 Demo
Description
GitLab Access Manager (GLAM) is the next generation of IAM and RBAC access request automation being built by GitLab IT Engineering. This is a weekly demo for the v1.11.11 iteration (CalVer).
https://about.gitlab.com/handbook/business-technology/engineering/#access-manager-engineering
DRI: Jeff Martin, Dillon Wheeler, Peter Kaldis
00:00 - First Marker
01:40 - High-Level Concept
02:38 - SaaS Namespace Relationships
03:17 - Approval Chains vs Flows
13:13 - SaaS Provider Services
16:03 - ActionChainScript Types
17:45 - CLI Demo
23:28 - Code Demo
A
Here,
welcome
to
this
week's
demo
for
gitlab
access
manager,
project
fastpass
for
version
1.11.11,
let's
get
started
so
this
week
we
are
looking
at
our
vendor
apis
and
how
we're
going
to
do
our
api
calls
to
make
most
of
our
automations.
We
did
a
little
bit
of
pre-work
for
this
in
our
it
ops
scripts.
A
So
today
we're
going
to
look
at
the
itops
scripts,
we'll
look
a
little
bit
at
octa
because
of
the
personal
identifiable
information
in
it.
We're
not
going
to
go
into
some
of
the
pieces
of
the
demo,
but
I
do
want
to
show
you
some
of
the
power
and
flexibility
we
do
have
with
what
we
can
share
on
the
video
today.
A
We
also
going
to
look
for
a
little
bit
deeper
at
the
gitlab
api,
and
I
think
this
is
going
to
be
pretty
cool
and
showing
how
we
can
manage
users,
groups
roles
and,
more
specifically,
how
we
can
block
and
unblock
users
during
the
provisioning
and
de-provisioning
process
right.
So
that's
what
we're
going
to
look
at
today,
there's
other
pieces
that
are
intermingled
here,
but
that
should
give
us
a
good
start
and
kind
of
show
you
what's
going
on
here.
A
So
last
week
we
talked
a
little
bit
about
sas
names,
the
sas
namespace
and
how
that
works
with.
What
are
we
trying
to
grant
access
to
right,
and
so
we
talked
about
sas
providers
sas
instances,
groups,
users
roles,
things
of
that
nature.
What
we're
going
to
look
at
now
is
when
we
double
click
on
when
a
user
gets
added
to
that
group,
or
you
want
to
grant
a
user
access
to
that
entity.
What's
the
approval
flow
that
happens
which
we're
not
going
to
dive
into
deep
today,
but
once
the
approval
flow
is
completed.
A
Where
does
the
action
namespace
take
over
for
actually
doing
that
provisioning
work?
Doing
that
automation?
That's
what
we're
going
to
focus
on,
so
I
want
to
show
you
a
flow
chart,
and
this
is
going
to
scroll
down
the
page
as
we
go.
It's
a
little
bit
weird
because
of
how
the
slides
format,
but
just
keep
thinking
from
a
top-down
approach.
A
So,
at
the
very
top
here,
we've
got
two
little
kind
of
call-out
bubbles
right.
The
left
side
of
the
screen
is
defining
the
template,
and
this
is
saying
what
do
we
expect
to
have
happen
when
we
want
to
run
this
and
the
right
side
is
doing
all
the
records,
the
resources
and
the
activities
of
when
we
actually
run
it?
What
are
we
actually
doing
so?
The
left
is
the
template
and
the
right
is
the
actual
transaction.
A
If
you
will
so
the
first
orange
box,
there
is
looking
at
a
sas
instance
group
and
what
we're
defining
there
is
saying
for
this
sas
instance
group.
It
can
have
one
or
more
approval
chains
and
when
a
user
is
eligible
for
that
approval
chain,
it's
going
to
have
multiple
approval
policies
that
are
tied
to
it.
We're
not
going
to
spend
any
time
on
the
details
of
that.
Only
that
some
users
may
have
easier
access
to
a
system.
A
If
they've
already
belonged
to
a
certain
group,
or
they
have
a
certain
role-based
entitlement,
if
you
will,
whereas
others
might
have
a
more
difficult
one,
the
goal
being
is
regardless.
When
you
go
through
an
approval
chain,
that's
defining
who
needs
to
approve
if
it's
a
user,
if
it's
a
group
and
all
the
other
criteria-
and
you
can
see
the
documentation
for
more
information-
we'll
do
a
demo
on
that
at
a
later
time.
A
But
on
the
right
hand,
side
is
we're
looking
at
when
it's
time
to
actually
grant
that
user
access.
The
approval
flow
is
essentially
the
audit
trail,
and
that
is
the
grouping
of
multiple
transactions
for
person.
A
approving
person
b,
approving
a
member
of
person
in
a
person
in
group
c
approving
and
basically,
once
that
approval
flow
has
been
completed.
We
move
down
to
the
action
sequences,
so
keep
that
in
mind
left
side
is
the
template.
Right
side
is
actually
running
the
template,
so
this
is
what
happens
with
it.
A
A
Now
we're
going
to
talk
more
in
detail
to
clarify
what
that
means,
but
for
the
sake
of
discussion
for
the
moment,
the
action
chain
is
saying
when
I'm
ready
to
provision
a
user
for
this
group
and
the
sas
provider.
What
are
the
series
of
scripts
that
I
need
to
run?
The
action
chain
is
defining
the
series.
The
action
chain
script
is
exactly
all
the
little
itemized
pieces,
all
this
all
the
scripts
or
sections
of
scripts
that
need
to
run
all
the
methods.
A
If
you
will
the
service
class
methods
that
need
to
run
to
make
the
provisioning
possible.
So
remember,
the
left
side
is
our
template,
so
defining
what
a
creating
group
and
a
user.
What
scripts
do?
I
need
to
run
to
make
that
possible
on
the
right
hand,
side.
This
is
where
the
action
flows
are
so
following
that
process
of
when
it's
actually
time
to
provision
that
user.
This
is
taking
the
action
of
saying:
okay,
we're
going
to
start
an
action
flow.
A
Think
of
this
a
little
bit
like
a
cron
job,
where
it's
trying
to
kick
off
multiple
sequence
of
things
happening
or
if
you
have
your
own
script
and
it's
trying
to
call
other
scripts,
that's
what
the
action
flow
is
doing.
The
action
flow
script
is
the
pulling
all
the
metadata
for
which
service
method
am
I
going
to
run
and
then
what
metadata
do
I
provide
to
it?
So
we
now
know
what
that
user
is.
We
know
what
group
they're
going
into.
We
have
all
that
metadata.
A
The
script
that
never
knew
about
it
doesn't
know
it
needs
that
data
as
an
input
in
order
to
make
all
the
all
the
automation
work
right.
So
that's
the
way
that
this
works,
and
so
each
of
the
boxes
here
are
actually
database
records,
and
so
the
action
flow
is
our
audit
trail
of
saying,
hey.
We
started
the
process
of
provisioning,
this
user
at
this
date
and
time
and
it
has
child
relationships.
These
are
all
the
scripts
that
we
ran
and
each
of
those
has
transaction
logs
of
what
happened.
The
audit
trail
any
errors
that
happened.
A
A
Now
remember
we
talked
about
some
users
will
have
an
easier
time.
Some
users
will
have
a
harder
time
depending
on
what
it
is,
each
doesn't
matter
which
approval
chain
you
do,
there's
only
one
way
to
provision
the
user
right,
there's
only
one
script:
you
need
to
run
to
provision
it,
and
so
all
the
approval
chains
will
point
to
a
single
action
chain
and
that
action
chain
is
what
handles
the
provisioning
process
with
all
the
action
chain.
Scripts.
A
Underneath
of
it,
defining
which
scripts
am
I
running,
ninety
percent
of
the
time
there's
only
one
script
right,
sometimes
there's
a
second
one
where
it
needs
to
create
it
and
then
send
a
different
piece
of
it
or
maybe
it
creates
a
user.
Then
it
grants
the
role
to
that
user.
Then
it
grants
access
to
a
group
or
a
membership.
A
There's
different
pieces
and
every
sas
provider
is
a
little
bit
different.
So
it
gives
us
the
flexibility
to
daisy
chain.
If
you
will
those
different
components
together.
So
every
time
that
you
do
you
look
at
one
action
chain
will
be
the
user
provision
method
for
that
sas
provider.
So
that's
what
we're
looking
at
right.
So
with
that
in
mind,
let's
continue
the
way
down
our
diagram
and
so
inside
of
each
action
chain.
Script,
you're,
defining
what
service
method
to
run
and
a
service
message
in
the
programming
world
is
what
function?
A
Are
you
running
and
you're,
giving
it
inputs
and
getting
outputs
if
you're,
not
technical,
or
this
is
a
little
bit.
You
know
too
deep
for
you
looking
at
it.
It's
simply
saying
if
you
have
a
series
of
run
books
and
you
have
a
run
books
or
in
a
folder
and
in
that
folder
says
I
want
to
run
run
book
a
runebook
b
and
run
book
c,
and
it's
a
marked
in
file
or
a
text
file
with
a
set
of
one
through
ten
instructions.
A
Your
action
chain
is
the
file
that
has
one
through
ten.
The
action
chain
script
is
step,
one
step,
two
step
three
in
ten
different
sections.
So
in
this
case,
if
you
have
a
ten
step
run
book
action
chain
is
your
run
book
action
chain
script
is
each
step
in
that
run
book
and
what
it's
saying
is:
these
are
the
instructions
that
a
human
administrator
system
administrator
would
follow.
That
script
is
then
moved
off
to
a
service
method
where
we're
making
an
api
call.
A
So,
instead
of
sign
in
to
the
ui
click
on
the
user's
menu
click,
add
user
and
type
in
their
email
address.
That's
now
an
api
call,
and
so
we've
specified.
What
is
the
api
call
that
we're
making?
What
data
do
we
need
to
pass
in
their
email
address,
for
example,
and
then
what
are
we
expecting
it
back
once
their
user
account
is
created,
go
to
step
two
grant
user
rights
to
this
group
or
to
this
membership
or
to
any
different
component.
A
It
all
varies
right,
but
that's
what
we're
defining
here
is
all
the
steps
that
you
normally
have
in
a
manual
run
book
we're
defining
with
scripts.
So
this
is
what's
setting
it
up
on
the
right
hand,
side
remember
that
left
side
is
the
template.
The
right
side
is
the
actual
thing
that
we're
running
is
when
we
run
through
the
action
flow.
A
This
is
the
audit
trail
and
saying
I'm
going
to
run
this
run
book,
but
since
a
human
is
not
running
the
run
book,
we
don't
know
if
it's
working
or
not
so
there's
audit,
logs
and
other
components
that
go
into
tracking
the
progress
of
this
and
that'll
say
it.
Does
all
the
input
output
again
right,
where
what
is
the
email
address?
A
We
need
that's
going
to
go
into
the
action
flow
script,
using
the
metadata
from
what
group
and
users
going
into
it
and,
as
you
go
down
the
stack,
it's
simply
going
to
handle
all
that
automation
for
you.
So
all
this
is
a
glorified
run
book
that
we've
automated
using
scripts
and
some
of
the
ways
that
you
have
to
do
in
the
programming
world
to
make
that
possible
right.
A
So
if
that
was
confusing,
that's
totally
okay,
we're
kind
of
we're
teetering
here
between
too
deep
and
just
deep
enough
right.
So
the
action
chain
is
the
template
for
an
action
flow
and
each
action
chain
is
going
to
have
one
or
more
scripts
that
are
going
to
run
and
they're.
The
templates
for
the
action
flow
scripts
remember
the
left
and
the
right
side.
So
in
here
the
left
is
in
pink.
The
right
is
in
blue
right.
A
So
when
we
create
that
sas
provider
relationship,
that's
a
group,
if
that's
a
user
when
that's
created
and
the
approval
flow
is
completed,
the
action
flow
kicks
off
and
all
those
action
flow
scripts
and
it's
going
to
work
its
way
through
those
scripts
and
it's
using
action
chain
scripts
as
its
metadata.
What
am
I
calling?
What
script
am
I
running?
That's
all
it's
doing
just
setting
up
the
template
to
be
able
to
run
those
scripts
right
now,
if
you
want
any
additional
clarity,
I'm
just
going
to
give
you
one
more
piece
of
it.
A
Just
to
help
you
know,
paint
a
picture
is
the
action
chain
script.
Is
that
template
right?
We
talked
about
that
for
a
task
to
run,
specifies
which
service,
class
and
method-
and
what's
inside
of
that
is
the
api
endpoint.
It's
the
api
call
saying
talk
to
the
vendors
api
provision,
this
resource
or
create
that
or
get
metadata
right,
so
you're
what
you're
calling
what
data
you're
going
to
pass
to
it
and
then
an
action
chain
script
is
going
to
exist
for
each
of
the
steps
in
the
process.
A
So
this
is
allowing
us
to
unify
all
the
variations,
all
the
complexities,
instead
of
having
to
write
a
separate
script
for
every
team,
with
all
the
static
variables
that
any
variation
could
be,
we
don't
need
that
we'd
only
need
one.
So
this
does
the
don't
repeat
yourself
methodology
and
brings
it
all
together
for
us.
A
So
when
the
action
flow
is
created
using
the
action
chain,
template
we'll
create
those
scripts
using
the
action
chain.
Scripts
that
are
associated
feel
free
to
go
back
and
forward.
In
this
video
look
at
some
of
the
diagrams
try
to
connect
the
dots
you
don't
need
to
spend
too
much
time
on
it.
If
it's
confusing
it's
not
worth
getting
into
the
dirty
details,
it's
really
not
leave
that
to
the
engineers
we'll
take
care
of
it
for
you,
but
this
kind
of
paints
the
holistic
picture
of
well.
A
A
What
that
really
comes
down
to
is
an
alternative
name
for,
create,
read,
update
and
delete,
which
is
just
a
fancy
term
of
manipulated
database
record.
I
want
to
see
a
database
record.
I
want
to
create
it.
I
want
to
update
it.
I
want
to
delete
it
right,
and
so
we
end
up
doing
is
aligning
our
architecture
to
how
the
vendors
api
is
when
we
create
each
of
these
classes.
It's
a
file
and
I'll
show
you
what
it
looks
like
in
just
a
few
minutes.
A
We
create
each
of
these
classes
and
specify
which
methods
are
available
as
api
endpoints.
It's
usually
a
one-to-one
mapping
there's
a
little
variation
depending
on
what
we
have
to
provision
once
that's
in
place.
We
can
then
specify
that
in
an
action
chain
script,
all
the
action
chain
script
is
seeing
is
what
service
class
am
I
using,
and
what
method
am
I
using
and
what
are
the
parameters
I
need
to
be
able
to
get
and
what
parameters
am
I
mapping
to
so
as
an
example?
A
If
it's
the
group
service,
I'm
going
to
know
the
group
id
if
I'm
going
to
create
a
creator
user
for
that
group
right
and
so
those
are
the
different
things
that
we're
specifying
so
we're
connecting
from
a
frontend
user
interface.
We
see
all
the
applications,
the
database,
that's
mapping,
all
the
approval
flows,
the
database
also
maps
what
scripts
I
need
to
run
and
then
it
calls
the
files
inside
of
our
application
to
run
those
scripts.
Passing
in
that
metadata
that
we
told
it
to
that's
the
flow
that
we're
working
on.
A
A
Yet
we
can
use
those
manual
administration
scripts,
and
we
talked
about
this
a
little
bit
earlier
with
the
ability
of
creating
git
lab
issues,
adding
comments
to
issues.
We
can
do
slack
notifications
to
the
system,
administrators,
there's
different
pieces
that
we
can
do
in
order
to
offset
that
right.
So
that's
what
we
end
up
looking
at
now
for
a
simpler
view
of
this.
We
can
also
look
at
this
and
it
basically
says
whenever
we're
doing
our
intake
process,
for
we
want
to
add
a
new
sas
provider
to
glam.
A
What
we
simply
say
is
these
are
the
things
that
we
normally
do.
We
need
to
be
able
to
manipulate
entities,
create
them
delete
them.
We
need
to
manipulate
groups,
roles,
users,
add
users
to
those
entities,
add
users
to
those
groups,
and
so
we
look
for
is:
does
the
sas
providers
api
support
these
different
endpoints
or
methods
if
they
support
all
of
them
great?
If
it's
an
easy
to
use
api,
even
better,
sometimes
there's
complexity
systems.
We
can't
do
at
all
a
lot
of
times.
A
Some
of
the
more
complex
functionality
in
some
services
is
either
not
available
or
in
a
very
limited
scope
that
we
just
have
to
work
around,
in
which
case
we
can
use
a
hybrid
where
we
may
be
able
to
create
users
on
a
service,
but
in
order
to
grant
them
to
a
group,
we
have
to
kick
off
a
manual
administration
task.
Instead,
that's
just
the
name
of
the
game
when
we're
trying
to
integrate
with
things,
not
everything
integrates
nicely.
A
So
we're
preparing
for
all
those
different
variations
and
contingencies
right,
and
so
that's
where
those
slack
notifications
come
in.
That's
where
those
gitlab
issues
come
in
there's
a
lot
of
different
variations.
This
is
not
an
exhaustive
list.
This
will
grow
organically
as
we
grow,
but
it
kind
of
gives
you
a
sense
and
a
taste
of
how
we're
working
with
from
the
front
end.
You
simply
see
you're
getting
access.
A
How
does
it
work
in
the
back
and
how
are
we
provisioning
all
these
resources,
and
so,
if
you're
a
system
owner
or
if
you
are
a
security
analyst,
you
can
kind
of
get
a
taste
of
how
we
onboard
our
different
users,
how
we
handle
those
integrations
and
how
we
can
iterate
without
having
to
build
a
monolith.
We
can
build
everything
in
small
component
iterations
right,
so
that's
the
benefit
that
we
have
here.
A
A
The
benefits
of
working
from
home,
your
children,
fur
or
otherwise
come
join
you
and,
while
you're
working.
So
let's
have
a
look
inside
of
here.
So
if
we
do
itcli
help,
this
is
going
to
give
us
all
the
commands
that
we
have
available
for
us
right,
and
so,
if
we
scroll
up
a
little
bit,
we're
going
to
see
that
we
do
different
database
commands
we,
this
is
for
sql
manipulation
of
some
of
the
things
that
we
import.
A
Fastly
with
onboard
is
one
of
the
vendors
in
here.
We
also
have
some
gitlab
commands
in
here
we're
going
to
spend
a
little
more
time
in
that
today,
but
it
does
showcase
that
we've
implemented
a
lot
of
the
google
api
for
groups,
members,
users
etc,
as
well
as
octa
and
since
octa
is
kind
of
our
single
source
of
truth
for
a
lot
of
our
user
identity.
A
We
have
all
the
integration
built
already,
and
so
all
we
need
to
do
is
simply
import
some
of
it
over.
So
with
that
in
mind,
let's
have
a
look
explicitly
at
the
gitlab
side
of
it.
So
if
we
look
at
the
itcli
specifically
for
a
gitlab
user,
is
we
want
to
find
out?
Does
that
user
exist
right?
So
let's
have
a
look
at
the
gitlab
user.
Username
exists
command
and
I'm
going
to
throw
the
help
flag
on
here,
and
what
this
is
going
to
say
is.
A
I
need
to
know,
which
instance,
to
check
with
in
the
back
end
of
our
it
scripts.
We
don't
want
to
type
in
what
cert
what
gitlab
instance
we're
connecting
every
time
we've
pre-configured,
gitlab.com
and
obstacle.net
right
today,
we're
going
to
look
at
the
obscatlab.net
and
where
that
user
is
and
we're
going
to
manipulate
a
user
off
and
on
here.
So
let's
start
with
doing
that
now.
A
A
Yes,
it
exists.
There's
an
id
does
a
different
user
exist.
Nope
doesn't
exist
right.
So
now
that
we
know
it
exists,
can
we
get
more
information
about
that
user,
and
so
we
can
do
is
we'll
change.
Username
exists
here
to
get
and
if
you
recall
from
our
commands
that
we
saw
earlier
I'll
scroll
up
a
little
bit
and
we
can
look
at
that-
we're
gonna
we're
looking
off
of
these
commands
here.
A
A
So
I'm
going
to
replace
that
put
this
in
and
now
I
should
get
details
of
everything
about
this,
so
this
itself
is
actually
going
to
the
gitlab
api
documentation
and
saying
what
are
all
the
fields
I'm
going
to
return.
So
if
I
go
and
look
at
that
and
I'm
on
the
gitlab
api
there's
a
whole
bunch
of
things
in
the
sidebar
of
things
that
could
be
now,
if
I'm
looking
at
from
a
user
perspective,
I'm
running
that
get
command,
and
this
is
the
response
that
I'm
getting
back
most
apis
return.
Json.
A
We
can
manipulate
that
json
into
objects
arrays.
We
can
handle
in
different
ways
right
what
we've
done
in
our
cli
scripts
is.
We
simply
format
it
as
a
table
to
make
it
easier
for
us
to
visually
see
in
a
terminal
window,
so
I've
simply
parsed
out
what
are
all
those
different
pieces
and
we'll
look
at
how
that
works
in
just
a
minute.
But
before
we
go
further,
I
want
to
show
you
the
memberships
as
well,
and
then
we'll
have
a
look
at
that.
A
A
We
actually
detected,
which
groups
that
were
top
level
groups
that
we
wanted
to
do,
provision
from,
for
example,
gitlab.com
or
gitlab.org,
and
we
could
set
it
up
to
audit
through
a
provision
flag
on
it,
for
when
it
blocks
the
user,
it
gets
them
out
of
there.
It
does.
It
takes
different
actions
right,
so
we
can
do
detection
of
some
groups
we're
wanting
to
get
them
out
of
during
off-boarding.
A
So
that's
how
memberships
work!
Let's
have
a
look
if
I
want
to
actually
block
this
user,
and
so
with
that
I'll
simply
pass
this
in
and
I'll
say,
gitlab
user
block
boom
gate
lab
user
has
been
blocked.
As
of
that
time
stamp,
it's
kicked
out.
There's
nothing
more
to
it
right.
I
can
also
unblock
if
I
made
a
mistake,
obviously
we're
going
to
do
audit
logging
and
trailing
for
all
these
different
actions
and
the
users
have
been
unblocked
easy
enough
right.
A
So
that's
the
way
that
the
different
scripts
work
that's
what's
going
on
if
we're
working
our
way
through
this
process.
Now,
if
we
have
a
look
at
the
code,
let's
ask
ourselves:
how
does
this
work
behind
the
scenes
we're
going
to
dive
deep
for
a
few
minutes?
It's
not
it's!
Okay,
don't
worry
it's
not
too
technical.
You
won't
be
able
to
read
some
of
the
code
just
if
you're
not
familiar
with
it,
but
you'll
follow
the
concepts
of
it
and
I'll.
A
Show
you
why
in
just
a
few
minutes,
so
when
we
look
at
the
command
that
we
just
ran
is
this:
is
the
gitlab
user
get
service?
This
is
where
we
define
here's.
What
the
cli
command
is.
These
are
the
arguments
that
I'm
expecting
to
be
passed.
You
saw
that
in
the
terminal
window,
when
it
parsed
it
out,
it's
also
it
has
the
ability
to
make
an
api
call.
A
We
can
do
that
right
here
inside
of
a
cli
command,
but
we
need
to
actually
use
a
service
if
we
want
it
to
be
reusable
repeatable
testable
and
the
big
thing
is
depending
on
where
you're
using
it
at
it
allows
you
to
extend
a
lot
easier
and
so
we're
going
to
create
a
new
cli
community
which
we're
going
to
create
two
of
them.
We're
going
to
create
them
in
a
few
seconds
and
show
you
how
easy
it
is
to
add
api
endpoints
once
you
have
the
base
scaffolding
set
up.
A
So
in
this
case,
what
we're
actually
doing
is
make
an
api
call
we're
doing
a
get
request,
which
is
one
of
the
ways
that
you
do:
api
get
requests,
http
request
to
the
gitlab
user
service
and
what
that's
actually
going
to
call.
If
I
go
over
to
the
gate
lab
user
service,
let's
find
it
here
so
get
by.
So
here's
the
get
request.
It's
going
to
call
that
user,
slash
id
endpoint!
A
We
create
a
method
for
each
endpoint,
so
in
our
user
service
today
we've
got
the
get
we've
got
get
by
username,
get
by
email.
You
saw
those
as
other
coi
commands
that
we
can
do.
We
got
the
list.
Memberships
delete,
block
and
unblock
well,
that's
great,
but
if
we
look
at
the
sidebar
of
the
api
documentation,
there's
a
lot
of
other
endpoints
that
we
can
do
so.
One
thing
that
we
realize
is
we
may
yeah:
we
can
walk
in
and
block
a
user.
A
What,
if
we
just
want
to
deactivate
them,
we
want
to
take
a
different
action.
Is
let's
look
at
what
the
api
docs
are
for
deactivating,
a
user,
and
we
can
see?
This
is
what
the
endpoint
is.
It's
a
post.
I
just
need
the
id
and
I'm
expecting
a
pretty
simple
response.
It's
pretty
standard,
nothing
scary
there.
A
A
So
this
is
how
we
add
a
method
or
a
function
to
our
service.
So
we
can
use
this
anywhere
else
in
our
application
that
may
be
at
our
cli.
It
may
be
in
our
web.
Ui,
maybe
from
action
chain
scripts,
it's
all
these
different
pieces
where
we
can
use
it
in
a
very
simple
approach,
and
so
you
notice
that
all
I've
done
here
is
port.
This
user's
id
deactivate
into
that.
We
now
have
a
deactivate
method.
That's
all
there
is
to
it,
so
I
cannot
use
this
endpoint
anywhere
in
our
application.
A
A
A
And,
let's
see,
okay,
we
want
to
change
this
to
the
deactivate
method.
That
argument
is
still
the
same
deactivate,
and
that
is
all
we
have
to
do.
We
can
now
use
this
new
cli
command.
So
if
I
then
go
back
to
our
terminal,
we'll
clear
this
out,
make
our
lives
a
little
bit
easier
and
we're
going
to
do
the
itcli
help
and
we're
just
going
to
grab
gitlab
commands
and
we're
going
to
see
that
now
is
that
user
there
that
one
is
not
there.
A
A
A
And
it's
throwing
an
error
message:
what
message
is
it
throwing
and
why
is
it
throwing
that
message?
That
is
a
really
good
question.
This
is
where
demos
come
in.
We
can
triage
this.
We
can
spend
a
little
bit
of
time,
I'm
just
going
to
do
a
dye
and
dump
just
so.
You
can
see
how
we
on
the
engineering
side
deal
with
this.
A
Obviously,
in
your
live
demo-
and
you
never
know
what's
going
to
happen
right,
and
so
if
we
go
into
the
gitlab
user
deactivate
method
here,
this
is
where
it's
throwing
the
error
at
it's
saying
that
this
doesn't
exist.
What
we're
going
to
do
is
let's
just
dd
and
see
what
this
user
is
and
more
than
likely,
this
user
actually
did
deactivate.
A
It
just
threw
an
error
message
on
it,
so
to
make
our
lives
easy,
I'm
actually
going
to
very
quickly,
I'm
not
going
to
do
too
much
explanation,
I'm
going
to
make
it
activate
method,
so
we
can
reactivate
them
and
we're
going
to
deactivate
them
again
right,
because
we
don't
want
to
throw
the
system
off
too
much,
so
we're
just
going
to
have
a
little
bit
of
fun.
We're
on
a
demo
we're
here:
why
not,
let's
have
a
little
bit
of
fun
it'll,
take
about
30
seconds
to
do
so
duplicate
this
real
quick!
A
A
All
right
and
on
our
user
service,
we
do
need
to
add
the
activate
method.
It
is
the
same
syntax,
and
so,
if
we
jump
over
here,
we'll
have
a
look
and
look
at
the
activate.
It
is
another
post
for
activation,
no
problem
whatsoever
great
and
fix
our
message.
Real
quick
here,
activate,
activate,
activate
and
get
rid
of
that
perfect.
A
We've
got
that
in
now
now
we
should
actually
be
able
to
see
that
same
cli
command
that
we
just
added,
and
we
do
see
activate
now
so
we're
going
to
do
the
same
command
that
we
ran
a
moment
ago
and
just
activate
that
up
and
it
is
throwing
another
error.
What
is
this
error
this
time?
So
activate
is
not
a
valid
method.
A
Obviously,
in
the
case
of
this
demo,
this
is
going
to
take
us
a
little
bit
longer
to
debug,
and
so
we're
not
going
to
do
that
in
the
case
of
interest
of
time,
but
I
think
you
kind
of
get
the
idea
of
it's
pretty
quick
and
easy
to
create
these
things.
A
few
things
throw
an
error
message
here
there.
It
really
varies
on.
A
What's
going
on
more
than
likely
it's
something
really
silly
like
I
didn't
save
the
file
or
I
misspelled
it
because
I
can't
type
so
it's
something
as
simple
as
that:
gitlab
user
is
successfully
activated.
I
can
deactivate
and
see
what
the
response
is
and
deal
with
that
right.
So
there
we
go.
That's
what
the
actual
api
is
returning.
Is
there?
Actually
a
problem?
Hey
what's
going
on.
This
is
a
gitlab
error.
A
Hey
the
user
has
been
trying
to
activate
it's
been
active
in
the
last
90
days
and
cannot
be
deactivated,
so
this
actually
is
checking
from
the
api
side.
So
when
we
put
in
our
error
handling
that
allows
us
to
catch,
we
want
to
try
this,
but
the
audit
logs
for
that
user
when
we
actually
run
the
action
flow
script.
This
is
a
really
good
use
case.
If
it's
going
to
fail
and
it's
going
to
spit
back,
here's
why
it
failed.
That
then
goes
into
our
back.
A
You
know
basically
creates
an
alert
for
us
in
it
and
says:
hey,
there's
a
problem,
here's
what
it
is
and
we
can
assist
admin
level
deal
with
it.
So
that's
how
we
consume
apis.
This
is
a
really
good.
You
know
kind
of
shows
you
it's
quick
and
easy
to
do.
You
run
into
a
couple
hiccups
and
speed
bumps
you
quickly,
debug
them.
It's
not
a
big
deal.
We
know
what
the
problem
is.
We
can
now
figure
out
okay.
A
A
So,
if
you
have
any
questions,
feel
free
to
reach
out,
but
it
kind
of
gives
a
taste
of
how
we're
using
the
different
service
class
methods,
the
different
api
calls
and
integrating
in
how
we're
actually
doing
the
provisioning
work
of
glam
and
iterating
through
that.
So
with
that
we'll
call
it
a
day.
Thank
you
so
much
for
taking
the
time
and
feel
free
to
reach
out.
Thank
you
have
a
great.