s3datarepository

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 19, 2020 License: AGPL-3.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ErrCode 

func ErrCode(msg string, err error) error

Types

type PolicyDoc 

type PolicyDoc struct {
	Version   string
	Statement []PolicyStatement
}

PolicyDoc collects the policy statements

type PolicyStatement 

type PolicyStatement struct {
	Effect    string
	Action    []string
	Resource  []string            `json:",omitempty"`
	Principal map[string][]string `json:",omitempty"`
}

PolicyStatement is an individual IAM Policy statement

type S3Repository 

type S3Repository struct {
	NamePrefix          string
	IAMPathPrefix       string
	LoggingBucket       string
	LoggingBucketPrefix string
	EC2                 ec2iface.EC2API
	IAM                 iamiface.IAMAPI
	S3                  s3iface.S3API
	S3Uploader          s3manageriface.UploaderAPI
	STS                 stsiface.STSAPI
	// contains filtered or unexported fields
}

S3Repository is an implementation of a data respository in S3

func New 

func New(opts ...S3RepositoryOption) (*S3Repository, error)

New creates an S3Repository from a list of S3RepositoryOption functions

func NewDefaultRepository 

func NewDefaultRepository(config map[string]interface{}) (*S3Repository, error)

NewDefaultRepository creates a new repository from the default config data

func (*S3Repository) CreateAttachment added in v0.5.0 

func (s *S3Repository) CreateAttachment(ctx context.Context, id, attachmentName string, attachmentBody multipart.File) error

CreateAttachment uploads a new attachment to the data repository

func (*S3Repository) CreateUser added in v0.4.0 

func (s *S3Repository) CreateUser(ctx context.Context, id string) (interface{}, error)

CreateUser creates a dataset user. - generates and creates the temporary access policy - create the temporary access group - attach the created policy to the created group - create the temporary user - create a set of access keys - add the user to the group

func (*S3Repository) Delete 

func (s *S3Repository) Delete(ctx context.Context, id string) error

Delete deletes a data repository in S3 and its associated IAM policy

func (*S3Repository) DeleteAttachment added in v0.6.0 

func (s *S3Repository) DeleteAttachment(ctx context.Context, id, attachmentName string) error

DeleteAttachment deletes an attachment from the data repository

func (*S3Repository) DeleteUser added in v0.4.0 

func (s *S3Repository) DeleteUser(ctx context.Context, id string) error

DeleteUser cleans up a dataset user.

  • gets the group we manage
  • detaches any policies from the group
  • delete the policy we manage
  • remove all of the users from the group
  • deletes the credentials and the user we manage
  • deletes the group

func (*S3Repository) Deprovision 

func (s *S3Repository) Deprovision(ctx context.Context, id string) error

Deprovision satisfies the ability to deprovision a data repository

func (*S3Repository) Describe 

func (s *S3Repository) Describe(ctx context.Context, id string) (*dataset.Repository, error)

Describe returns information about the data repository

func (*S3Repository) GrantAccess 

func (s *S3Repository) GrantAccess(ctx context.Context, id, instanceID string) (dataset.Access, error)

GrantAccess gives an instance access to the data repository by setting up a role (instance profile) If the instance already has an associated instance profile, it will copy all of its policies to the new instance profile and swap out the profiles Returns the instance id and the arn of the instance profile

func (*S3Repository) ListAccess added in v0.3.0 

func (s *S3Repository) ListAccess(ctx context.Context, id string) (dataset.Access, error)

ListAccess lists all instances that have access to the data repository Returns a map with the instance id's and their assigned instance profile, e.g. { "instance_id": "instance_profile_name" }

func (*S3Repository) ListAttachments added in v0.5.0 

func (s *S3Repository) ListAttachments(ctx context.Context, id string, showURL bool) ([]dataset.Attachment, error)

ListAttachments lists all attachments for the data repository

func (*S3Repository) ListUsers added in v0.4.0 

func (s *S3Repository) ListUsers(ctx context.Context, id string) (map[string]interface{}, error)

ListUsers lists the users of a dataset with their key ids

func (*S3Repository) Provision 

func (s *S3Repository) Provision(ctx context.Context, id string, datasetTags []*dataset.Tag) (string, error)

Provision creates and configures a data repository in S3, and creates a default IAM policy 1. Check if the requested bucket already exists in S3 2. Create the bucket and wait for it to be successfully created 3. Block all public access to the bucket 4. Enable AWS managed serverside encryption (AES-256) for the bucket 5. Enable server access logging for the bucket, if LoggingBucket specified 6. Add tags to the bucket

func (*S3Repository) RevokeAccess 

func (s *S3Repository) RevokeAccess(ctx context.Context, id, instanceID string) error

RevokeAccess revokes instance access from the data repository by removing the dataset access policy from the instance profile (role) Note this will leave the instance role in place, since it may contain other policies

func (*S3Repository) SetPolicy added in v0.7.0 

func (s *S3Repository) SetPolicy(ctx context.Context, id string, derivative bool) error

SetPolicy sets (or updates) the IAM access policy for the data repository, depending if it's a derivative or not

func (*S3Repository) UpdateUser added in v0.4.0 

func (s *S3Repository) UpdateUser(ctx context.Context, id string) (map[string]interface{}, error)

UpdateUser manages the user keys. This function should step through the lifecycle of a user's keys for a dataset... Provision key1 --> Provision key2, Make key1 Inactive --> Make key2 Inactive, Lock key generation.

If there are no keys, one is created and made active. If there is one key, a new 'Active' key is generated. If there are 'Active keys all are made 'Inactive'. If there are two 'Inactive' keys, an error is returned to the caller. At any time, a user *should* only have one Active key. Once the limit of two (2) keys is reached, manual intervention is required to regain access to the dataset via these credentials.

type S3RepositoryOption 

type S3RepositoryOption func(*S3Repository)

S3RepositoryOption is a function to set repository options

func WithEndpoint 

func WithEndpoint(endpoint string) S3RepositoryOption

WithEndpoint sets the endpoint for the S3Repository

func WithIAMPathPrefix 

func WithIAMPathPrefix(prefix string) S3RepositoryOption

WithIAMPathPrefix sets the IAMPathPrefix for the S3Repository This is used as the Path prefix for IAM resources

func WithLoggingBucket added in v0.8.0 

func WithLoggingBucket(bucket string) S3RepositoryOption

WithLoggingBucket sets the access logs bucket for the S3Repository

func WithLoggingBucketPrefix added in v0.8.0 

func WithLoggingBucketPrefix(prefix string) S3RepositoryOption

WithLoggingBucketPrefix sets the access logs bucket prefix for the S3Repository

func WithRegion 

func WithRegion(region string) S3RepositoryOption

WithRegion sets the region for the S3Repository

func WithStaticCredentials 

func WithStaticCredentials(akid, secret, token string) S3RepositoryOption

WithStaticCredentials authenticates with AWS static credentials (key, secret, token)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.