Documentation ¶
Index ¶
- Constants
- Variables
- type Bucket
- type Config
- type Credentials
- type Crypto
- type GCSClient
- type HTTPClient
- type Permission
- type Provider
- func (p *Provider) CreateConfig(pc *domain.ProviderConfig) error
- func (p *Provider) GetAccountTypes() []string
- func (p *Provider) GetResources(ctx context.Context, pc *domain.ProviderConfig) ([]*domain.Resource, error)
- func (p *Provider) GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)
- func (p *Provider) GetType() string
- func (p *Provider) GrantAccess(ctx context.Context, pc *domain.ProviderConfig, a domain.Grant) error
- func (p *Provider) ListAccess(ctx context.Context, pc domain.ProviderConfig, resources []*domain.Resource) (domain.MapResourceAccess, error)
- func (p *Provider) RevokeAccess(ctx context.Context, pc *domain.ProviderConfig, a domain.Grant) error
Constants ¶
View Source
const ( BucketRoleAdmin = "roles/storage.admin" BucketRoleOwner = "roles/storage.legacyBucketOwner " BucketRoleReader = "roles/storage.legacyBucketReader" BucketRoleWriter = "roles/storage.legacyBucketWriter" BucketRoleObjectOwner = "roles/storage.legacyObjectOwner" BucketRoleObjectReader = "roles/storage.legacyObjectReader" BucketRoleObjectAdmin = "roles/storage.objectAdmin" BucketRoleObjectCreator = "roles/storage.objectCreator" BucketRoleObjectViewer = "roles/storage.objectViewer" AccountTypeUser = "user" AccountTypeServiceAccount = "serviceAccount" AccountTypeGroup = "group" AccountTypeDomain = "domain" )
View Source
const (
ResourceTypeBucket = "bucket"
)
Variables ¶
View Source
var ( ErrInvalidPermissionConfig = errors.New("invalid permission config type") ErrUnableToDecryptNilCredentials = errors.New("unable to decrypt nil credentials") ErrInvalidResourceType = errors.New("invalid resource type") ErrUnableToEncryptNilCredentials = errors.New("unable to encrypt nil credentials") ErrInvalidCredentialsType = errors.New("invalid credentials type") ErrNilProviderConfig = errors.New("provider config can't be nil") ErrNilAppeal = errors.New("appeal can't be nil") ErrNilResource = errors.New("designated resource can't be nil") ErrProviderTypeMismatch = errors.New("provider type in the config and in the appeal don't match") ErrProviderURNMismatch = errors.New("provider urn in the config and in the appeal don't match") ErrInvalidRole = errors.New("invalid role") ErrPermissionAlreadyExists = errors.New("permission already exists") )
View Source
var ( AllowedAccountTypes = []string{ AccountTypeUser, AccountTypeServiceAccount, AccountTypeGroup, AccountTypeDomain, } )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { ProviderConfig *domain.ProviderConfig // contains filtered or unexported fields }
type Credentials ¶
type GCSClient ¶
type GCSClient interface { GetBuckets(context.Context) ([]*Bucket, error) GrantBucketAccess(ctx context.Context, b Bucket, identity string, roleName iam.RoleName) error RevokeBucketAccess(ctx context.Context, b Bucket, identity string, roleName iam.RoleName) error ListAccess(context.Context, []*domain.Resource) (domain.MapResourceAccess, error) }
type Permission ¶
type Permission string
type Provider ¶
type Provider struct { provider.UnimplementedClient provider.PermissionManager Clients map[string]GCSClient // contains filtered or unexported fields }
func NewProvider ¶
func (*Provider) CreateConfig ¶
func (p *Provider) CreateConfig(pc *domain.ProviderConfig) error
func (*Provider) GetAccountTypes ¶
func (*Provider) GetResources ¶
func (*Provider) GrantAccess ¶
func (*Provider) ListAccess ¶
func (p *Provider) ListAccess(ctx context.Context, pc domain.ProviderConfig, resources []*domain.Resource) (domain.MapResourceAccess, error)
func (*Provider) RevokeAccess ¶
Click to show internal directories.
Click to hide internal directories.