Documentation ¶
Overview ¶
Package v1alpha1 contains versioned access-on-demand(AOD) contracts, e.g. AOD request definition.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ValidateIAMRequest ¶
func ValidateIAMRequest(r *IAMRequest) (retErr error)
ValidateIAMRequest checks if the IAMRequest is valid.
func ValidateToolRequest ¶
func ValidateToolRequest(r *ToolRequest) (retErr error)
ValidateToolRequest checks if the ToolRequest is valid.
Types ¶
type Binding ¶
type Binding struct { // Members is a list of IAM principals, limited to list of users. // For example ["user:alice@example.com"]. Members []string `yaml:"members,omitempty"` // Role to be assigned to Members. Basic roles, including Owner (roles/owner), // Editor (roles/editor), and Viewer (roles/viewer) are not allowed since // conditional role bindings do not work with basic roles. Role string `yaml:"role,omitempty"` }
Binding associates IAM principals/members with a role.
type IAMRequest ¶
type IAMRequest struct { // List of ResourcePolicy, each specifies the IAM principals/members to role // bindings to be added for a GCP resource IAM policy. ResourcePolicies []*ResourcePolicy `yaml:"policies,omitempty"` }
IAMRequest represents a request to update IAM policies.
type IAMRequestWrapper ¶
type IAMRequestWrapper struct { // IAMRequest contains IAM binding information. *IAMRequest // Duration feild used as IAM binding condition to specify expiration. // This will not override role bindings with no conditions. Duration time.Duration // Start time of the IAM permission lifecycle, StartTime + Duration is when // the permission will expire. StartTime time.Time }
IAMRequestWrapper wraps the IAMRequest and adds additional fields such as duration.
type IAMResponse ¶
type IAMResponse struct { // IAM policy of the resource. Policy *iampb.Policy // Resource represents one of GCP organization, folder, and project. Resource string }
IAMResponse contains the IAM policy returned and its resource information.
type ResourcePolicy ¶
type ResourcePolicy struct { // Resource represents one of GCP organization, folder, and project. Resource string `yaml:"resource,omitempty"` // Bindings contains a list of IAM principals/members to role bindings. Bindings []*Binding `yaml:"bindings,omitempty"` }
ResourcePolicy specifies the IAM principals/members to role bindings to be added for a GCP resource IAM policy.
type ToolRequest ¶
type ToolRequest struct { // Tool name such as gcloud. Tool string `yaml:"tool,omitempty"` // List of commands without tool name. Do []string `yaml:"do,omitempty"` }
ToolRequest represents a request to run tool commands.
Click to show internal directories.
Click to hide internal directories.