provider

package

v0.12.4 Latest Latest Go to latest Published: Sep 19, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/goto/guardian

Documentation ¶

Index ¶

Constants
Variables
func GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)
func WithDryRun(ctx context.Context) context.Context
type Client
type PermissionManager
- func (m PermissionManager) GetPermissions(pc *domain.ProviderConfig, resourceType, role string) ([]interface{}, error)
type Service
- func NewService(deps ServiceDeps) *Service
type ServiceDeps
type UnimplementedClient

Constants ¶

View Source

const (
	AuditKeyCreate = "provider.create"
	AuditKeyUpdate = "provider.update"
	AuditKeyDelete = "provider.delete"
)

Variables ¶

View Source

var (
	// ErrInvalidProviderType is the error value if provider is unable to find the matching provider type
	ErrInvalidProviderType = errors.New("unable to find provider based on provider type")
	// ErrEmptyIDParam is the error value if the policy id is empty
	ErrEmptyIDParam = errors.New("id can't be empty")
	// ErrRecordNotFound is the error value if the designated record id is not exists
	ErrRecordNotFound      = errors.New("record not found")
	ErrEmptyProviderType   = errors.New("provider type can't be nil")
	ErrEmptyProviderURN    = errors.New("provider urn can't be nil")
	ErrNilAppeal           = errors.New("appeal can't be nil")
	ErrNilResource         = errors.New("resource can't be nil")
	ErrInvalidResourceType = errors.New("invalid resource type")
	ErrInvalidRole         = errors.New("invalid role")

	ErrUnimplementedMethod                = errors.New("method is not yet implemented")
	ErrImportActivitiesMethodNotSupported = errors.New("import activities is not supported for this provider type")
	ErrGetActivityMethodNotSupported      = errors.New("get activity is not supported for this provider type")

	ErrAppealValidationInvalidAccountType       = errors.New("invalid account type")
	ErrAppealValidationInvalidRole              = errors.New("invalid role")
	ErrAppealValidationDurationNotSpecified     = errors.New("appeal duration is required")
	ErrAppealValidationEmptyDuration            = errors.New("permanent access is not allowed")
	ErrAppealValidationInvalidDurationValue     = errors.New("invalid duration value")
	ErrAppealValidationMissingRequiredParameter = errors.New("missing required parameter")
	ErrAppealValidationMissingRequiredQuestion  = errors.New("missing required question")
)

Functions ¶

func GetRoles ¶

func GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)

func WithDryRun ¶

func WithDryRun(ctx context.Context) context.Context

Types ¶

type Client ¶

type Client interface {
	providers.PermissionManager
	providers.Client
}

type PermissionManager ¶

type PermissionManager struct{}

func (PermissionManager) GetPermissions ¶

func (m PermissionManager) GetPermissions(pc *domain.ProviderConfig, resourceType, role string) ([]interface{}, error)

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

Service handling the business logics

func NewService ¶

func NewService(deps ServiceDeps) *Service

NewService returns service struct

func (*Service) CorrelateGrantActivities ¶ added in v0.7.5

func (s *Service) CorrelateGrantActivities(ctx context.Context, p domain.Provider, grants []*domain.Grant, activities []*domain.Activity) error

func (*Service) Create ¶

func (s *Service) Create(ctx context.Context, p *domain.Provider) error

Create record

func (*Service) Delete ¶

func (s *Service) Delete(ctx context.Context, id string) error

func (*Service) FetchResources ¶

func (s *Service) FetchResources(ctx context.Context) error

FetchResources fetches all resources for all registered providers

func (*Service) Find ¶

func (s *Service) Find(ctx context.Context) ([]*domain.Provider, error)

Find records

func (*Service) GetByID ¶

func (s *Service) GetByID(ctx context.Context, id string) (*domain.Provider, error)

func (*Service) GetOne ¶

func (s *Service) GetOne(ctx context.Context, pType, urn string) (*domain.Provider, error)

func (*Service) GetPermissions ¶

func (s *Service) GetPermissions(_ context.Context, pc *domain.ProviderConfig, resourceType, role string) ([]interface{}, error)

func (*Service) GetRoles ¶

func (s *Service) GetRoles(ctx context.Context, id string, resourceType string) ([]*domain.Role, error)

func (*Service) GetTypes ¶

func (s *Service) GetTypes(ctx context.Context) ([]domain.ProviderType, error)

func (*Service) GrantAccess ¶

func (s *Service) GrantAccess(ctx context.Context, a domain.Grant) error

func (*Service) ImportActivities ¶

func (s *Service) ImportActivities(ctx context.Context, filter domain.ListActivitiesFilter) ([]*domain.Activity, error)

func (*Service) IsExclusiveRoleAssignment ¶ added in v0.9.0

func (s *Service) IsExclusiveRoleAssignment(ctx context.Context, providerType, resourceType string) bool

IsExclusiveRoleAssignment returns true if the provider only supports exclusive role assignment i.e. a user can only have one role per resource

func (*Service) ListAccess ¶

func (s *Service) ListAccess(ctx context.Context, p domain.Provider, resources []*domain.Resource) (domain.MapResourceAccess, error)

func (*Service) ListActivities ¶ added in v0.7.5

func (s *Service) ListActivities(ctx context.Context, p domain.Provider, filter domain.ListActivitiesFilter) ([]*domain.Activity, error)

func (*Service) RevokeAccess ¶

func (s *Service) RevokeAccess(ctx context.Context, a domain.Grant) error

func (*Service) Update ¶

func (s *Service) Update(ctx context.Context, p *domain.Provider) error

Update updates the non-zero value(s) only

func (*Service) ValidateAppeal ¶

func (s *Service) ValidateAppeal(ctx context.Context, a *domain.Appeal, p *domain.Provider, policy *domain.Policy) error

type ServiceDeps ¶

type ServiceDeps struct {
	Repository      repository
	ResourceService resourceService
	Clients         []Client

	Validator   *validator.Validate
	Logger      log.Logger
	AuditLogger auditLogger
}

type UnimplementedClient ¶

type UnimplementedClient struct{}

func (*UnimplementedClient) CreateConfig ¶

func (c *UnimplementedClient) CreateConfig(*domain.ProviderConfig) error

func (*UnimplementedClient) GetResources ¶

func (c *UnimplementedClient) GetResources(*domain.ProviderConfig) ([]*domain.Resource, error)

func (*UnimplementedClient) GetRoles ¶

func (c *UnimplementedClient) GetRoles(*domain.ProviderConfig, string) ([]*domain.Role, error)

func (*UnimplementedClient) GrantAccess ¶

func (c *UnimplementedClient) GrantAccess(*domain.ProviderConfig, *domain.Appeal) error

func (*UnimplementedClient) ListAccess ¶

func (c *UnimplementedClient) ListAccess(context.Context, domain.ProviderConfig, []*domain.Resource) (domain.MapResourceAccess, error)

func (*UnimplementedClient) RevokeAccess ¶

func (c *UnimplementedClient) RevokeAccess(*domain.ProviderConfig, *domain.Appeal) error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL