Documentation ¶
Index ¶
- Constants
- Variables
- func GetResourceConfigForExternalOnlyGVK(gvk schema.GroupVersionKind) (*corekccv1alpha1.ResourceConfig, error)
- func ResolveMemberIdentity(ctx context.Context, member v1beta1.Member, memberFrom *v1beta1.MemberSource, ...) (id string, err error)
- func SetGVK(iamInterface interface{})
- type DCLIAMClient
- func (d *DCLIAMClient) DeletePolicy(ctx context.Context, policy *v1beta1.IAMPolicy) error
- func (d *DCLIAMClient) DeletePolicyMember(ctx context.Context, tfIAMClient *TFIAMClient, ...) error
- func (d *DCLIAMClient) GetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)
- func (d *DCLIAMClient) GetPolicyMember(ctx context.Context, tfIAMClient *TFIAMClient, ...) (*v1beta1.IAMPolicyMember, error)
- func (d *DCLIAMClient) SetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)
- func (d *DCLIAMClient) SetPolicyMember(ctx context.Context, tfIAMClient *TFIAMClient, ...) (*v1beta1.IAMPolicyMember, error)
- type ExternalOnlyType
- type IAMClient
- func (c *IAMClient) DeleteAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) error
- func (c *IAMClient) DeletePolicy(ctx context.Context, policy *v1beta1.IAMPolicy) error
- func (c *IAMClient) DeletePolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) error
- func (c *IAMClient) GetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)
- func (c *IAMClient) GetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)
- func (c *IAMClient) GetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)
- func (c *IAMClient) SetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)
- func (c *IAMClient) SetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)
- func (c *IAMClient) SetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)
- type TFIAMClient
- func (t *TFIAMClient) DeleteAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) error
- func (t *TFIAMClient) DeletePolicy(ctx context.Context, policy *v1beta1.IAMPolicy) error
- func (t *TFIAMClient) DeletePolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) error
- func (t *TFIAMClient) GetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)
- func (t *TFIAMClient) GetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)
- func (t *TFIAMClient) GetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)
- func (t *TFIAMClient) SetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)
- func (t *TFIAMClient) SetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)
- func (t *TFIAMClient) SetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)
Constants ¶
const ( ProjectKind = "Project" ResourceManagerGroup = "resourcemanager.cnrm.cloud.google.com" ResourceManagerVersion = "v1beta1" SQLInstanceKind = "SQLInstance" SQLGroup = "sql.cnrm.cloud.google.com" SQLVersion = "v1beta1" LoggingLogSinkKind = "LoggingLogSink" LoggingGroup = "logging.cnrm.cloud.google.com" LoggingVersion = "v1beta1" IAMServiceAccountKind = "IAMServiceAccount" IAMGroup = "iam.cnrm.cloud.google.com" IAMVersion = "v1beta1" )
Variables ¶
var ( NotFoundError = fmt.Errorf("IAM resource does not exist") ProjectGVK = schema.GroupVersionKind{ Group: ResourceManagerGroup, Version: ResourceManagerVersion, Kind: ProjectKind, } SQLInstanceGVK = schema.GroupVersionKind{ Group: SQLGroup, Version: SQLVersion, Kind: SQLInstanceKind, } LoggingLogSinkGVK = schema.GroupVersionKind{ Group: LoggingGroup, Version: LoggingVersion, Kind: LoggingLogSinkKind, } IAMServiceAccountGVK = schema.GroupVersionKind{ Group: IAMGroup, Version: IAMVersion, Kind: IAMServiceAccountKind, } )
var ExternalOnlyTypes = map[schema.GroupVersionKind]ExternalOnlyType{ externalonlygvks.OrganizationGVK: { UnstructHandler: func(ref iamv1beta1.ResourceReference, u *unstructured.Unstructured) *unstructured.Unstructured { u.Object["spec"] = map[string]interface{}{ "org_id": ref.External, } return u }, ResourceConfig: &corekccv1alpha1.ResourceConfig{ IAMConfig: corekccv1alpha1.IAMConfig{ PolicyName: "google_organization_iam_policy", PolicyMemberName: "google_organization_iam_member", AuditConfigName: "google_organization_iam_audit_config", ReferenceField: corekccv1alpha1.IAMReferenceField{ Name: "org_id", Type: "id", }, SupportsConditions: true, }, }, ExternalFormat: "{{org_id}}", }, externalonlygvks.BillingAccountGVK: { UnstructHandler: func(ref iamv1beta1.ResourceReference, u *unstructured.Unstructured) *unstructured.Unstructured { u.Object["spec"] = map[string]interface{}{ "billing_account_id": ref.External, } return u }, ResourceConfig: &corekccv1alpha1.ResourceConfig{ IAMConfig: corekccv1alpha1.IAMConfig{ PolicyName: "google_billing_account_iam_policy", PolicyMemberName: "google_billing_account_iam_member", ReferenceField: corekccv1alpha1.IAMReferenceField{ Name: "billing_account_id", Type: "id", }, SupportsConditions: true, }, }, ExternalFormat: "{{billing_account_id}}", }, }
Functions ¶
func GetResourceConfigForExternalOnlyGVK ¶
func GetResourceConfigForExternalOnlyGVK(gvk schema.GroupVersionKind) (*corekccv1alpha1.ResourceConfig, error)
func ResolveMemberIdentity ¶
func ResolveMemberIdentity(ctx context.Context, member v1beta1.Member, memberFrom *v1beta1.MemberSource, namespace string, tfIAMClient *TFIAMClient) (id string, err error)
ResolveMemberIdentity checks only one of Member/MemberFrom is provided, and then tries to resolve identity. MemberFrom can only have oneOf a ServiceAccountRef, a LogSinkRef, a SQLInstanceRef, so to resolve these values, it is necessary to call on the TFIAMClient
func SetGVK ¶
func SetGVK(iamInterface interface{})
An unfortunate reality is that the GVK is not always properly filled in when reading a resource from the K8s API server, and there are functions that need the Kind to be filled in to work (e.g. krmtotf.NewResource, k8s.MarshalAsUnstructured, etc.). The Kind is not set because the TypeMeta is empty. The reason why the TypeMeta is empty is because in k8s.io/apimachinery/pkg/runtime/serializer/versioning/versioning.go the GVK is cleared inside of Decode(...)
Types ¶
type DCLIAMClient ¶
type DCLIAMClient struct {
// contains filtered or unexported fields
}
func (*DCLIAMClient) DeletePolicy ¶
func (*DCLIAMClient) DeletePolicyMember ¶
func (d *DCLIAMClient) DeletePolicyMember(ctx context.Context, tfIAMClient *TFIAMClient, policyMember *v1beta1.IAMPolicyMember) error
func (*DCLIAMClient) GetPolicyMember ¶
func (d *DCLIAMClient) GetPolicyMember(ctx context.Context, tfIAMClient *TFIAMClient, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)
func (*DCLIAMClient) SetPolicyMember ¶
func (d *DCLIAMClient) SetPolicyMember(ctx context.Context, tfIAMClient *TFIAMClient, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)
type ExternalOnlyType ¶
type ExternalOnlyType struct { // UnstuctHandler is a function that fills in the external field information // from the given reference into the given unstructured object. UnstructHandler func(ref iamv1beta1.ResourceReference, u *unstructured.Unstructured) *unstructured.Unstructured // ResourceConfig is a skeleton resource config that includes IAM configuration // needed to map to the proper Terraform resource. ResourceConfig *corekccv1alpha1.ResourceConfig // ExternalFormat is the format the external field is expected to match. This // is used for documentation only. Ex. "{{org_id}}" ExternalFormat string }
ExternalOnlyType is a KCC resource type that KCC does not support as a core resource, but does support referencing externally in IAM.
type IAMClient ¶
type IAMClient struct { TFIAMClient *TFIAMClient DCLIAMClient *DCLIAMClient }
func New ¶
func New(tfProvider *tfschema.Provider, smLoader *servicemappingloader.ServiceMappingLoader, kubeClient client.Client, converter *conversion.Converter, dclConfig *mmdcl.Config) *IAMClient
func (*IAMClient) DeleteAuditConfig ¶
func (*IAMClient) DeletePolicy ¶
func (*IAMClient) DeletePolicyMember ¶
func (*IAMClient) GetAuditConfig ¶
func (c *IAMClient) GetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)
func (*IAMClient) GetPolicyMember ¶
func (c *IAMClient) GetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)
func (*IAMClient) SetAuditConfig ¶
func (c *IAMClient) SetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)
func (*IAMClient) SetPolicyMember ¶
func (c *IAMClient) SetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)
type TFIAMClient ¶
type TFIAMClient struct {
// contains filtered or unexported fields
}
func (*TFIAMClient) DeleteAuditConfig ¶
func (t *TFIAMClient) DeleteAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) error
func (*TFIAMClient) DeletePolicy ¶
func (*TFIAMClient) DeletePolicyMember ¶
func (t *TFIAMClient) DeletePolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) error
func (*TFIAMClient) GetAuditConfig ¶
func (t *TFIAMClient) GetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)
func (*TFIAMClient) GetPolicyMember ¶
func (t *TFIAMClient) GetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)
func (*TFIAMClient) SetAuditConfig ¶
func (t *TFIAMClient) SetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)
func (*TFIAMClient) SetPolicyMember ¶
func (t *TFIAMClient) SetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)