Documentation ¶
Index ¶
- Constants
- Variables
- func NewBigQueryClient(projectID string, opts ...option.ClientOption) (*bigQueryClient, error)
- func NewCloudLoggingClient(ctx context.Context, projectID string, credentialsJSON []byte) (*cloudLoggingClient, error)
- type Activity
- type BigQueryClient
- type BigQueryResourceName
- type Config
- type Credentials
- type Dataset
- type Permission
- type Provider
- func (p *Provider) CorrelateGrantActivities(ctx context.Context, pd domain.Provider, grants []*domain.Grant, ...) error
- func (p *Provider) CreateConfig(pc *domain.ProviderConfig) error
- func (p *Provider) GetAccountTypes() []string
- func (p *Provider) GetActivities(ctx context.Context, pd domain.Provider, filter domain.ListActivitiesFilter) ([]*domain.Activity, error)
- func (p *Provider) GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, error)
- func (p *Provider) GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)
- func (p *Provider) GetType() string
- func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a domain.Grant) error
- func (p *Provider) ListAccess(ctx context.Context, pc domain.ProviderConfig, resources []*domain.Resource) (domain.MapResourceAccess, error)
- func (p *Provider) ListActivities(ctx context.Context, pd domain.Provider, filter domain.ListActivitiesFilter) ([]*domain.Activity, error)
- func (p *Provider) RevokeAccess(pc *domain.ProviderConfig, a domain.Grant) error
- type Table
Constants ¶
const ( DatasetRoleReader = "READER" DatasetRoleWriter = "WRITER" DatasetRoleOwner = "OWNER" AccountTypeUser = "user" AccountTypeServiceAccount = "serviceAccount" )
const ( // ResourceTypeDataset is the resource type name for BigQuery dataset ResourceTypeDataset = "dataset" // ResourceTypeTable is the resource type name for BigQuery table ResourceTypeTable = "table" )
const (
PrivateLogViewerPermission = "logging.privateLogEntries.list"
)
Variables ¶
var ( ErrInvalidActivityPayloadType = errors.New("payload is not of type *audit.AuditLog") ErrEmptyActivityPayload = errors.New("couldn't get payload from log entry") )
var ( // ErrInvalidCredentials is the error value for invalid credentials ErrInvalidCredentials = errors.New("invalid credentials type") // ErrInvalidPermissionConfig is the error value for invalid permission config ErrInvalidPermissionConfig = errors.New("invalid permission config type") // ErrUnableToEncryptNilCredentials is the error value if the to be encrypted credentials is nil ErrUnableToEncryptNilCredentials = errors.New("unable to encrypt nil credentials") // ErrUnableToDecryptNilCredentials is the error value if the to be decrypted credentials is nil ErrUnableToDecryptNilCredentials = errors.New("unable to decrypt nil credentials") // ErrInvalidCredentialsType is the error value if the credentials value can't be casted into the bigquery.Credentials type ErrInvalidCredentialsType = errors.New("invalid credentials type") ErrInvalidRole = errors.New("invalid role") ErrInvalidResourceType = errors.New("invalid resource type") ErrInvalidTableURN = errors.New("table URN is invalid") ErrPermissionAlreadyExists = errors.New("permission already exists") ErrPermissionNotFound = errors.New("permission not found") ErrNilProviderConfig = errors.New("provider config can't be nil") ErrNilAppeal = errors.New("appeal can't be nil") ErrNilResource = errors.New("designated resource can't be nil") ErrProviderTypeMismatch = errors.New("provider type in the config and in the appeal don't match") ErrProviderURNMismatch = errors.New("provider urn in the config and in the appeal don't match") ErrInvalidDatasetPermission = errors.New("provided permission is not supported for dataset resource") ErrInvalidTablePermission = errors.New("provided permission is not supported for table resource") ErrEmptyResource = errors.New("this bigquery project has no resources") ErrCannotVerifyTablePermission = errors.New("cannot verify the table permissions since this bigquery project does not have any tables") ErrInvalidTimeRange = errors.New("specified time range exceeds the activity log retention period") ErrPrivateLogViewerAccessNotGranted = errors.New("private log viewer access not granted") )
var ( // BigQueryAuditMetadataMethods are listed from this documentations: // https://cloud.google.com/bigquery/docs/reference/auditlogs BigQueryAuditMetadataMethods = []string{ "google.cloud.bigquery.v2.TableService.InsertTable", "google.cloud.bigquery.v2.TableService.UpdateTable", "google.cloud.bigquery.v2.TableService.PatchTable", "google.cloud.bigquery.v2.TableService.DeleteTable", "google.cloud.bigquery.v2.DatasetService.InsertDataset", "google.cloud.bigquery.v2.DatasetService.UpdateDataset", "google.cloud.bigquery.v2.DatasetService.PatchDataset", "google.cloud.bigquery.v2.DatasetService.DeleteDataset", "google.cloud.bigquery.v2.TableDataService.List", "google.cloud.bigquery.v2.JobService.InsertJob", "google.cloud.bigquery.v2.JobService.Query", "google.cloud.bigquery.v2.JobService.GetQueryResults", } )
Functions ¶
func NewBigQueryClient ¶ added in v0.7.1
func NewBigQueryClient(projectID string, opts ...option.ClientOption) (*bigQueryClient, error)
Types ¶
type BigQueryClient ¶
type BigQueryClient interface { GetDatasets(context.Context) ([]*Dataset, error) GetTables(ctx context.Context, datasetID string) ([]*Table, error) GrantDatasetAccess(ctx context.Context, d *Dataset, user, role string) error RevokeDatasetAccess(ctx context.Context, d *Dataset, user, role string) error GrantTableAccess(ctx context.Context, t *Table, accountType, accountID, role string) error RevokeTableAccess(ctx context.Context, t *Table, accountType, accountID, role string) error ListAccess(ctx context.Context, resources []*domain.Resource) (domain.MapResourceAccess, error) GetRolePermissions(context.Context, string) ([]string, error) ListRolePermissions(context.Context, []string) (map[string][]string, error) CheckGrantedPermission(context.Context, []string) ([]string, error) }
type BigQueryResourceName ¶
type BigQueryResourceName string
BigQueryResourceName is a string representation of bigquery resource's Relative Resource Name. Example: "projects/project-id/datasets/dataset_name/tables/table_name"
func (BigQueryResourceName) BigQueryResourceID ¶
func (r BigQueryResourceName) BigQueryResourceID() string
BigQueryResourceID returns bigquery resource identifier in format of: For dataset type: "project-id:dataset_name" For table type: "project-id:dataset_name.table_name"
func (BigQueryResourceName) DatasetID ¶
func (r BigQueryResourceName) DatasetID() string
func (BigQueryResourceName) ProjectID ¶
func (r BigQueryResourceName) ProjectID() string
func (BigQueryResourceName) TableID ¶
func (r BigQueryResourceName) TableID() string
type Config ¶
type Config struct { ProviderConfig *domain.ProviderConfig // contains filtered or unexported fields }
Config for bigquery provider
func NewConfig ¶
func NewConfig(pc *domain.ProviderConfig, crypto domain.Crypto) *Config
NewConfig returns bigquery config struct
func (*Config) EncryptCredentials ¶
EncryptCredentials encrypts the bigquery credentials config
func (*Config) ParseAndValidate ¶
ParseAndValidate validates bigquery config within provider config and make the interface{} config value castable into the expected bigquery config value
type Credentials ¶
type Credentials struct { ServiceAccountKey string `mapstructure:"service_account_key" json:"service_account_key" validate:"required,base64"` ResourceName string `mapstructure:"resource_name" json:"resource_name" validate:"startswith=projects/"` }
Credentials is the authentication configuration used by the bigquery client
func ParseCredentials ¶
func ParseCredentials(v interface{}, decryptor domain.Decryptor) (*Credentials, error)
func (*Credentials) Decrypt ¶
func (c *Credentials) Decrypt(decryptor domain.Decryptor) error
Decrypt decrypts BigQuery credentials
func (*Credentials) Encrypt ¶
func (c *Credentials) Encrypt(encryptor domain.Encryptor) error
Encrypt encrypts BigQuery credentials
func (Credentials) ProjectID ¶
func (c Credentials) ProjectID() string
type Provider ¶
type Provider struct { provider.PermissionManager Clients map[string]BigQueryClient LogClients map[string]cloudLoggingClientI // contains filtered or unexported fields }
Provider for bigquery
func NewProvider ¶
NewProvider returns bigquery provider
func (*Provider) CorrelateGrantActivities ¶ added in v0.7.5
func (*Provider) CreateConfig ¶
func (p *Provider) CreateConfig(pc *domain.ProviderConfig) error
CreateConfig validates provider config
func (*Provider) GetAccountTypes ¶
func (*Provider) GetActivities ¶
func (*Provider) GetResources ¶
GetResources returns BigQuery dataset and table resources
func (*Provider) GrantAccess ¶
func (*Provider) ListAccess ¶
func (p *Provider) ListAccess(ctx context.Context, pc domain.ProviderConfig, resources []*domain.Resource) (domain.MapResourceAccess, error)
func (*Provider) ListActivities ¶ added in v0.7.5
func (p *Provider) ListActivities(ctx context.Context, pd domain.Provider, filter domain.ListActivitiesFilter) ([]*domain.Activity, error)
ListActivities returns list of activities