saw

package
v0.9.15 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2021 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Overview

Package saw abstracts interacting with certain aspects of Google Cloud Platform, such as creating service account keys and access tokens.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccountResourceName added in v0.8.6 

func AccountResourceName(projectID, accountID string) string

AccountResourceName returns name of a service account given its project ID name and account ID.

func EmailID added in v0.8.6 

func EmailID(project, id string) string

EmailID returns the resource ID (email) of a given external id. "HASH(ID)@PROJECT.iam.gserviceaccount.com"

func HashExternalID added in v0.8.6 

func HashExternalID(id string) string

HashExternalID hashes an external ID.

func KeyResourceName added in v0.8.6 

func KeyResourceName(projectID, accountID, keyID string) string

KeyResourceName returns name of a service account key given its project ID and service accounts ID and key ID.

Types

type AccountWarehouse 

type AccountWarehouse struct {
	// contains filtered or unexported fields
}

AccountWarehouse is used to create Google Cloud Platform Service Account keys and access tokens associated with a specific identity.

func MustNew 

func MustNew(ctx context.Context, store storage.Store, opts ...option.ClientOption) *AccountWarehouse

MustNew builds a *AccountWarehouse. It panics on failure.

func New 

func New(store storage.Store, iamc *iamadmin.IamClient, credsc *iamcreds.IamCredentialsClient, crmc CRMPolicy, gcsc GCSPolicy, bqdsc BQPolicy, kgcp *processgc.KeyGC) *AccountWarehouse

New creates a new AccountWarehouse using the provided client and options.

func (*AccountWarehouse) DeleteTokens 

func (wh *AccountWarehouse) DeleteTokens(ctx context.Context, project, id string, keyNames []string) error

DeleteTokens removes tokens belonging to 'id' with given names. If 'names' is empty, delete all tokens belonging to 'id'.

func (*AccountWarehouse) GetAccessToken 

func (wh *AccountWarehouse) GetAccessToken(ctx context.Context, id string, ttl time.Duration, params *clouds.ResourceTokenCreationParams) (*clouds.ResourceTokenResult, error)

GetAccessToken returns an access token for the service account uniquely associated with id.

func (*AccountWarehouse) GetAccountKey 

func (wh *AccountWarehouse) GetAccountKey(ctx context.Context, id string, ttl, maxTTL time.Duration, numKeys int, params *clouds.ResourceTokenCreationParams) (*clouds.ResourceTokenResult, error)

GetAccountKey returns a service account key associated with id.

func (*AccountWarehouse) GetServiceAccounts 

func (wh *AccountWarehouse) GetServiceAccounts(ctx context.Context, project string) (<-chan *clouds.Account, error)

GetServiceAccounts gets the list of service accounts.

func (*AccountWarehouse) GetTokenMetadata 

func (wh *AccountWarehouse) GetTokenMetadata(ctx context.Context, project, id, keyName string) (*cpb.TokenMetadata, error)

GetTokenMetadata returns an access token based on its key.

func (*AccountWarehouse) ListTokenMetadata 

func (wh *AccountWarehouse) ListTokenMetadata(ctx context.Context, project, id string) ([]*cpb.TokenMetadata, error)

ListTokenMetadata returns a list of outstanding access tokens.

func (*AccountWarehouse) ManageAccountKeys 

func (wh *AccountWarehouse) ManageAccountKeys(ctx context.Context, project, email string, ttl, maxTTL time.Duration, now time.Time, keysPerAccount int64) (int, int, error)

ManageAccountKeys maintains or removes keys on a clean-up cycle. 

maxTTL is the maximum TTL for keys. Keys which which have expired (key.ValidAfter+maxTTL < now) will be removed.
ttl is the TTL provided by user. It is not used currently, will be used later for providing better control later.
keysPerAccount is the maximum number of keys allowed per account. If too many keys exists, older keys will be removed.

Returns: 

the number of remaining active keys and removed keys for the account.

func (*AccountWarehouse) MintTokenWithTTL 

func (wh *AccountWarehouse) MintTokenWithTTL(ctx context.Context, id string, ttl, maxTTL time.Duration, numKeys int, params *clouds.ResourceTokenCreationParams) (*clouds.ResourceTokenResult, error)

MintTokenWithTTL returns an AccountKey or an AccessToken depending on the TTL requested.

func (*AccountWarehouse) RegisterAccountProject 

func (wh *AccountWarehouse) RegisterAccountProject(project string, tx storage.Tx) error

RegisterAccountProject adds a project to the state for workers to process.

func (*AccountWarehouse) RemoveServiceAccount 

func (wh *AccountWarehouse) RemoveServiceAccount(ctx context.Context, project, id string) error

RemoveServiceAccount remvoes a service account.

func (*AccountWarehouse) Run 

func (wh *AccountWarehouse) Run(ctx context.Context)

Run starts background processes of AccountWarehouse.

func (*AccountWarehouse) UnregisterAccountProject 

func (wh *AccountWarehouse) UnregisterAccountProject(project string, tx storage.Tx) error

UnregisterAccountProject (eventually) removes a project from the active state, and allows cleanup work to be performed.

func (*AccountWarehouse) UpdateSettings 

func (wh *AccountWarehouse) UpdateSettings(maxRequestedTTL time.Duration, keysPerAccount int, tx storage.Tx) error

UpdateSettings alters resource management settings.

type BQPolicy 

type BQPolicy interface {
	Get(ctx context.Context, project string, dataset string) (*bigquery.Dataset, error)
	Set(ctx context.Context, project string, dataset string, ds *bigquery.Dataset) error
}

BQPolicy is used to manage IAM policy on BQ Datasets.

type BQPolicyClient 

type BQPolicyClient struct {
	// contains filtered or unexported fields
}

BQPolicyClient is used to manage IAM policy on BQ Datasets.

func (*BQPolicyClient) Get 

func (c *BQPolicyClient) Get(ctx context.Context, project string, dataset string) (*bigquery.Dataset, error)

func (*BQPolicyClient) Set 

func (c *BQPolicyClient) Set(ctx context.Context, project string, dataset string, ds *bigquery.Dataset) error

type CRMPolicy 

type CRMPolicy interface {
	Get(ctx context.Context, project string) (*cloudresourcemanager.Policy, error)
	Set(ctx context.Context, project string, policy *cloudresourcemanager.Policy) error
}

CRMPolicy is used to manage IAM policy on CRM projects.

type CRMPolicyClient 

type CRMPolicyClient struct {
	// contains filtered or unexported fields
}

CRMPolicyClient is used to manage IAM policy on CRM projects.

func (*CRMPolicyClient) Get 

func (c *CRMPolicyClient) Get(ctx context.Context, project string) (*cloudresourcemanager.Policy, error)

func (*CRMPolicyClient) Set 

func (c *CRMPolicyClient) Set(ctx context.Context, project string, policy *cloudresourcemanager.Policy) error

type GCSPolicy 

type GCSPolicy interface {
	Get(ctx context.Context, bkt string, billingProject string) (*gcs.Policy, error)
	Set(ctx context.Context, bkt string, billingProject string, policy *gcs.Policy) error
}

GCSPolicy is used to manage IAM policy on GCS buckets.

type GCSPolicyClient 

type GCSPolicyClient struct {
	// contains filtered or unexported fields
}

GCSPolicyClient is used to manage IAM policy on GCS buckets.

func (*GCSPolicyClient) Get 

func (c *GCSPolicyClient) Get(ctx context.Context, bkt string, billingProject string) (*gcs.Policy, error)

func (*GCSPolicyClient) Set 

func (c *GCSPolicyClient) Set(ctx context.Context, bkt string, billingProject string, policy *gcs.Policy) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.