gcloudiam

package
v0.12.8-alpha.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 10, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ResourceNameOrganizationPrefix = "organizations/"
	ResourceNameProjectPrefix      = "projects/"
)
View Source
const (
	AccountTypeUser           = "user"
	AccountTypeServiceAccount = "serviceAccount"
	AccountTypeGroup          = "group"
)
View Source
const (
	ResourceTypeProject        = "project"
	ResourceTypeOrganization   = "organization"
	ResourceTypeServiceAccount = "service_account"
)

Variables

View Source
var (
	ErrUnableToEncryptNilCredentials = errors.New("unable to encrypt nil credentials")
	ErrUnableToDecryptNilCredentials = errors.New("unable to decrypt nil credentials")
	ErrInvalidPermissionConfig       = errors.New("invalid permission config type")
	ErrInvalidCredentials            = errors.New("invalid credentials type")
	ErrPermissionAlreadyExists       = errors.New("permission already exists")
	ErrPermissionNotFound            = errors.New("permission not found")
	ErrInvalidResourceType           = errors.New("invalid resource type")
	ErrInvalidRole                   = errors.New("invalid role")
	ErrShouldHaveOneResource         = errors.New("gcloud_iam should have one resource")
	ErrInvalidResourceName           = errors.New("invalid resource name: resource name should be projects/{{project-id}} or organizations/{{org-id}}")
	ErrRolesShouldNotBeEmpty         = errors.New("gcloud_iam provider should not have empty roles")
	ErrInvalidProjectRole            = errors.New("provided role is not supported for project in gcloud")
)

Functions

This section is empty.

Types

type Config

type Config struct {
	ProviderConfig *domain.ProviderConfig
	// contains filtered or unexported fields
}

func NewConfig

func NewConfig(pc *domain.ProviderConfig, crypto domain.Crypto) *Config

func (*Config) EncryptCredentials

func (c *Config) EncryptCredentials() error

func (*Config) ParseAndValidate

func (c *Config) ParseAndValidate() error

type Credentials

type Credentials struct {
	ServiceAccountKey string `mapstructure:"service_account_key" json:"service_account_key" validate:"required,base64"`
	ResourceName      string `mapstructure:"resource_name" json:"resource_name" validate:"startswith=projects/|startswith=organizations/"`
}

func (*Credentials) Decrypt

func (c *Credentials) Decrypt(decryptor domain.Decryptor) error

func (*Credentials) Encrypt

func (c *Credentials) Encrypt(encryptor domain.Encryptor) error

type GcloudIamClient

type GcloudIamClient interface {
	GetGrantableRoles(ctx context.Context, resourceType string) ([]*iam.Role, error)
	GrantAccess(ctx context.Context, accountType, accountID, role string) error
	RevokeAccess(ctx context.Context, accountType, accountID, role string) error
	ListAccess(ctx context.Context, resources []*domain.Resource) (domain.MapResourceAccess, error)
	ListServiceAccounts(context.Context) ([]*iam.ServiceAccount, error)
	GrantServiceAccountAccess(ctx context.Context, sa, accountType, accountID, roles string) error
	RevokeServiceAccountAccess(ctx context.Context, sa, accountType, accountID, role string) error
}

type Provider

type Provider struct {
	provider.PermissionManager
	provider.UnimplementedClient

	Clients map[string]GcloudIamClient
	// contains filtered or unexported fields
}

func NewProvider

func NewProvider(typeName string, crypto encryptor, logger log.Logger) *Provider

func (*Provider) CreateConfig

func (p *Provider) CreateConfig(pc *domain.ProviderConfig) error

func (*Provider) GetAccountTypes

func (p *Provider) GetAccountTypes() []string

func (*Provider) GetPermissions

func (p *Provider) GetPermissions(_pc *domain.ProviderConfig, _resourceType, role string) ([]interface{}, error)

func (*Provider) GetResources

func (p *Provider) GetResources(ctx context.Context, pc *domain.ProviderConfig) ([]*domain.Resource, error)

func (*Provider) GetRoles

func (p *Provider) GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)

func (*Provider) GetType

func (p *Provider) GetType() string

func (*Provider) GrantAccess

func (p *Provider) GrantAccess(ctx context.Context, pc *domain.ProviderConfig, g domain.Grant) error

func (*Provider) ListAccess

func (p *Provider) ListAccess(ctx context.Context, pc domain.ProviderConfig, resources []*domain.Resource) (domain.MapResourceAccess, error)

func (*Provider) RevokeAccess

func (p *Provider) RevokeAccess(ctx context.Context, pc *domain.ProviderConfig, g domain.Grant) error

type Role

type Role struct {
	Name        string
	Title       string
	Description string
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL