alicloudiam

package

v0.12.6-alpha.11 Latest Latest Go to latest Published: Nov 18, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/goto/guardian

Documentation ¶

Index ¶

Constants
Variables
type AliCloudIamClient
- func NewIamClient(accessKeyID, accessKeySecret, resourceName string) (AliCloudIamClient, error)
type Config
- func NewConfig(pc *domain.ProviderConfig, crypto domain.Crypto) *Config
- func (c *Config) EncryptCredentials() error
- func (c *Config) ParseAndValidate() error
type Credentials
- func (c *Credentials) Decrypt(decryptor domain.Decryptor) error
- func (c *Credentials) Encrypt(encryptor domain.Encryptor) error
type Provider
- func NewProvider(typeName string, crypto encryptor, logger log.Logger) *Provider

Constants ¶

View Source

const (
	PolicyTypeSystem = "System"
	PolicyTypeCustom = "Custom"
)

View Source

const (
	AccountTypeRamUser = "ramUser"
	AccountTypeRamRole = "ramRole"
)

View Source

const (
	ResourceTypeAccount = "account"
)

Variables ¶

View Source

var (
	ErrUnableToEncryptNilCredentials = errors.New("unable to encrypt nil credentials")
	ErrUnableToDecryptNilCredentials = errors.New("unable to decrypt nil credentials")
	ErrInvalidCredentials            = errors.New("invalid credentials type")
	ErrPermissionAlreadyExists       = errors.New("permission already exists")
	ErrPermissionNotExist            = errors.New("permission not exist")
	ErrInvalidResourceType           = errors.New("invalid resource type")
	ErrInvalidAccountType            = fmt.Errorf("invalid account type. account type must be one of: %v\n", getAccountTypes())
	ErrGrantRoleNotFoundAtResource   = errors.New("grant role not found at resource")
	ErrEmptyGrantRole                = errors.New("empty grant role")
	ErrInvalidPolicyType             = fmt.Errorf("invalid policy type. policy type must be one of: %v\n", getPolicyTypes())
	ErrInvalidAliAccountUserID       = errors.New("invalid ali account user id. see: https://github.com/goto/guardian/tree/main/plugins/providers/alicloudiam/docs/ali-account-user-id-example.png")
	ErrEmptyResourceConfig           = errors.New("empty resource config")
)

Functions ¶

This section is empty.

Types ¶

type AliCloudIamClient ¶

type AliCloudIamClient interface {
	GrantAccess(ctx context.Context, policyName, policyType, username string) error
	RevokeAccess(ctx context.Context, policyName, policyType, username string) error
	GrantAccessToRole(ctx context.Context, policyName, policyType, roleName string) error
	RevokeAccessFromRole(ctx context.Context, policyName, policyType, roleName string) error
	ListAccess(ctx context.Context, pc domain.ProviderConfig, resources []*domain.Resource) (domain.MapResourceAccess, error)
	GetAllPoliciesByType(_ context.Context, policyType string, maxItems int32) ([]*ram.ListPoliciesResponseBodyPoliciesPolicy, error)
}

func NewIamClient ¶

func NewIamClient(accessKeyID, accessKeySecret, resourceName string) (AliCloudIamClient, error)

type Config ¶

type Config struct {
	ProviderConfig *domain.ProviderConfig
	// contains filtered or unexported fields
}

func NewConfig ¶

func NewConfig(pc *domain.ProviderConfig, crypto domain.Crypto) *Config

func (*Config) EncryptCredentials ¶

func (c *Config) EncryptCredentials() error

func (*Config) ParseAndValidate ¶

func (c *Config) ParseAndValidate() error

type Credentials ¶

type Credentials struct {
	AccessKeyID     string `mapstructure:"access_key_id" json:"access_key_id" validate:"required,base64"`
	AccessKeySecret string `mapstructure:"access_key_secret" json:"access_key_secret" validate:"required,base64"`
	ResourceName    string `mapstructure:"resource_name" json:"resource_name" validate:"required"`
}

func (*Credentials) Decrypt ¶

func (c *Credentials) Decrypt(decryptor domain.Decryptor) error

func (*Credentials) Encrypt ¶

func (c *Credentials) Encrypt(encryptor domain.Encryptor) error

type Provider ¶

type Provider struct {
	provider.PermissionManager

	Clients map[string]AliCloudIamClient
	// contains filtered or unexported fields
}

func NewProvider ¶

func NewProvider(typeName string, crypto encryptor, logger log.Logger) *Provider

func (*Provider) CreateConfig ¶

func (p *Provider) CreateConfig(pc *domain.ProviderConfig) error

func (*Provider) GetAccountTypes ¶

func (p *Provider) GetAccountTypes() []string

func (*Provider) GetPermissions ¶

func (p *Provider) GetPermissions(_pc *domain.ProviderConfig, _resourceType, role string) ([]interface{}, error)

func (*Provider) GetResources ¶

func (p *Provider) GetResources(_ context.Context, pc *domain.ProviderConfig) ([]*domain.Resource, error)

func (*Provider) GetRoles ¶

func (p *Provider) GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)

func (*Provider) GetType ¶

func (p *Provider) GetType() string

func (*Provider) GrantAccess ¶

func (p *Provider) GrantAccess(ctx context.Context, pc *domain.ProviderConfig, g domain.Grant) error

func (*Provider) ListAccess ¶

func (p *Provider) ListAccess(ctx context.Context, pc domain.ProviderConfig, resources []*domain.Resource) (domain.MapResourceAccess, error)

func (*Provider) RevokeAccess ¶

func (p *Provider) RevokeAccess(ctx context.Context, pc *domain.ProviderConfig, g domain.Grant) error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL