bigquery

package
v0.7.5-alpha.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2023 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DatasetRoleReader = "READER"
	DatasetRoleWriter = "WRITER"
	DatasetRoleOwner  = "OWNER"

	AccountTypeUser           = "user"
	AccountTypeServiceAccount = "serviceAccount"
)
View Source
const (
	// ResourceTypeDataset is the resource type name for BigQuery dataset
	ResourceTypeDataset = "dataset"
	// ResourceTypeTable is the resource type name for BigQuery table
	ResourceTypeTable = "table"
)
View Source
const (
	PrivateLogViewerPermission = "logging.privateLogEntries.list"
)

Variables

View Source
var (
	ErrInvalidActivityPayloadType = errors.New("payload is not of type *audit.AuditLog")
	ErrEmptyActivityPayload       = errors.New("couldn't get payload from log entry")
)
View Source
var (
	// ErrInvalidCredentials is the error value for invalid credentials
	ErrInvalidCredentials = errors.New("invalid credentials type")
	// ErrInvalidPermissionConfig is the error value for invalid permission config
	ErrInvalidPermissionConfig = errors.New("invalid permission config type")
	// ErrUnableToEncryptNilCredentials is the error value if the to be encrypted credentials is nil
	ErrUnableToEncryptNilCredentials = errors.New("unable to encrypt nil credentials")
	// ErrUnableToDecryptNilCredentials is the error value if the to be decrypted credentials is nil
	ErrUnableToDecryptNilCredentials = errors.New("unable to decrypt nil credentials")
	// ErrInvalidCredentialsType is the error value if the credentials value can't be casted into the bigquery.Credentials type
	ErrInvalidCredentialsType      = errors.New("invalid credentials type")
	ErrInvalidRole                 = errors.New("invalid role")
	ErrInvalidResourceType         = errors.New("invalid resource type")
	ErrInvalidTableURN             = errors.New("table URN is invalid")
	ErrPermissionAlreadyExists     = errors.New("permission already exists")
	ErrPermissionNotFound          = errors.New("permission not found")
	ErrNilProviderConfig           = errors.New("provider config can't be nil")
	ErrNilAppeal                   = errors.New("appeal can't be nil")
	ErrNilResource                 = errors.New("designated resource can't be nil")
	ErrProviderTypeMismatch        = errors.New("provider type in the config and in the appeal don't match")
	ErrProviderURNMismatch         = errors.New("provider urn in the config and in the appeal don't match")
	ErrInvalidDatasetPermission    = errors.New("provided permission is not supported for dataset resource")
	ErrInvalidTablePermission      = errors.New("provided permission is not supported for table resource")
	ErrEmptyResource               = errors.New("this bigquery project has no resources")
	ErrCannotVerifyTablePermission = errors.New("cannot verify the table permissions since this bigquery project does not have any tables")

	ErrInvalidTimeRange                 = errors.New("specified time range exceeds the activity log retention period")
	ErrPrivateLogViewerAccessNotGranted = errors.New("private log viewer access not granted")
)
View Source
var (
	// BigQueryAuditMetadataMethods are listed from this documentations:
	// https://cloud.google.com/bigquery/docs/reference/auditlogs
	BigQueryAuditMetadataMethods = []string{
		"google.cloud.bigquery.v2.TableService.InsertTable",
		"google.cloud.bigquery.v2.TableService.UpdateTable",
		"google.cloud.bigquery.v2.TableService.PatchTable",
		"google.cloud.bigquery.v2.TableService.DeleteTable",
		"google.cloud.bigquery.v2.DatasetService.InsertDataset",
		"google.cloud.bigquery.v2.DatasetService.UpdateDataset",
		"google.cloud.bigquery.v2.DatasetService.PatchDataset",
		"google.cloud.bigquery.v2.DatasetService.DeleteDataset",
		"google.cloud.bigquery.v2.TableDataService.List",
		"google.cloud.bigquery.v2.JobService.InsertJob",
		"google.cloud.bigquery.v2.JobService.Query",
		"google.cloud.bigquery.v2.JobService.GetQueryResults",
	}
)

Functions

func NewBigQueryClient added in v0.7.1

func NewBigQueryClient(projectID string, opts ...option.ClientOption) (*bigQueryClient, error)

func NewCloudLoggingClient

func NewCloudLoggingClient(ctx context.Context, projectID string, credentialsJSON []byte) (*cloudLoggingClient, error)

Types

type Activity

type Activity struct {
	*logging.LogEntry
}

func (Activity) ToDomainActivity

func (a Activity) ToDomainActivity(p domain.Provider) (*domain.Activity, error)

type BigQueryClient

type BigQueryClient interface {
	GetDatasets(context.Context) ([]*Dataset, error)
	GetTables(ctx context.Context, datasetID string) ([]*Table, error)
	GrantDatasetAccess(ctx context.Context, d *Dataset, user, role string) error
	RevokeDatasetAccess(ctx context.Context, d *Dataset, user, role string) error
	GrantTableAccess(ctx context.Context, t *Table, accountType, accountID, role string) error
	RevokeTableAccess(ctx context.Context, t *Table, accountType, accountID, role string) error
	ResolveDatasetRole(role string) (bq.AccessRole, error)
	ListAccess(ctx context.Context, resources []*domain.Resource) (domain.MapResourceAccess, error)
	GetRolePermissions(context.Context, string) ([]string, error)
	ListRolePermissions(context.Context, []string) (map[string][]string, error)
	CheckGrantedPermission(context.Context, []string) ([]string, error)
}

type BigQueryResourceName

type BigQueryResourceName string

BigQueryResourceName is a string representation of bigquery resource's Relative Resource Name. Example: "projects/project-id/datasets/dataset_name/tables/table_name"

func (BigQueryResourceName) BigQueryResourceID

func (r BigQueryResourceName) BigQueryResourceID() string

BigQueryResourceID returns bigquery resource identifier in format of: For dataset type: "project-id:dataset_name" For table type: "project-id:dataset_name.table_name"

func (BigQueryResourceName) DatasetID

func (r BigQueryResourceName) DatasetID() string

func (BigQueryResourceName) ProjectID

func (r BigQueryResourceName) ProjectID() string

func (BigQueryResourceName) TableID

func (r BigQueryResourceName) TableID() string

type Config

type Config struct {
	ProviderConfig *domain.ProviderConfig
	// contains filtered or unexported fields
}

Config for bigquery provider

func NewConfig

func NewConfig(pc *domain.ProviderConfig, crypto domain.Crypto) *Config

NewConfig returns bigquery config struct

func (*Config) EncryptCredentials

func (c *Config) EncryptCredentials() error

EncryptCredentials encrypts the bigquery credentials config

func (*Config) ParseAndValidate

func (c *Config) ParseAndValidate() error

ParseAndValidate validates bigquery config within provider config and make the interface{} config value castable into the expected bigquery config value

type Credentials

type Credentials struct {
	ServiceAccountKey string `mapstructure:"service_account_key" json:"service_account_key" validate:"required,base64"`
	ResourceName      string `mapstructure:"resource_name" json:"resource_name" validate:"startswith=projects/"`
}

Credentials is the authentication configuration used by the bigquery client

func ParseCredentials

func ParseCredentials(v interface{}, decryptor domain.Decryptor) (*Credentials, error)

func (*Credentials) Decrypt

func (c *Credentials) Decrypt(decryptor domain.Decryptor) error

Decrypt decrypts BigQuery credentials

func (*Credentials) Encrypt

func (c *Credentials) Encrypt(encryptor domain.Encryptor) error

Encrypt encrypts BigQuery credentials

func (Credentials) ProjectID

func (c Credentials) ProjectID() string

type Dataset

type Dataset struct {
	ProjectID string
	DatasetID string
	Labels    map[string]string
}

Dataset is a reference to a BigQuery dataset

func (*Dataset) FromDomain

func (d *Dataset) FromDomain(r *domain.Resource) error

func (*Dataset) ToDomain

func (d *Dataset) ToDomain() *domain.Resource

type Permission

type Permission string

Permission is for mapping role into bigquery permissions

type Provider

type Provider struct {
	provider.PermissionManager

	Clients    map[string]BigQueryClient
	LogClients map[string]cloudLoggingClientI
	// contains filtered or unexported fields
}

Provider for bigquery

func NewProvider

func NewProvider(typeName string, c encryptor, logger log.Logger) *Provider

NewProvider returns bigquery provider

func (*Provider) CorrelateGrantActivities added in v0.7.5

func (p *Provider) CorrelateGrantActivities(ctx context.Context, pd domain.Provider, grants []*domain.Grant, activities []*domain.Activity) error

func (*Provider) CreateConfig

func (p *Provider) CreateConfig(pc *domain.ProviderConfig) error

CreateConfig validates provider config

func (*Provider) GetAccountTypes

func (p *Provider) GetAccountTypes() []string

func (*Provider) GetActivities

func (p *Provider) GetActivities(ctx context.Context, pd domain.Provider, filter domain.ListActivitiesFilter) ([]*domain.Activity, error)

func (*Provider) GetResources

func (p *Provider) GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, error)

GetResources returns BigQuery dataset and table resources

func (*Provider) GetRoles

func (p *Provider) GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)

func (*Provider) GetType

func (p *Provider) GetType() string

GetType returns the provider type

func (*Provider) GrantAccess

func (p *Provider) GrantAccess(pc *domain.ProviderConfig, a domain.Grant) error

func (*Provider) ListAccess

func (p *Provider) ListAccess(ctx context.Context, pc domain.ProviderConfig, resources []*domain.Resource) (domain.MapResourceAccess, error)

func (*Provider) ListActivities added in v0.7.5

func (p *Provider) ListActivities(ctx context.Context, pd domain.Provider, filter domain.ListActivitiesFilter) ([]*domain.Activity, error)

ListActivities returns list of activities

func (*Provider) RevokeAccess

func (p *Provider) RevokeAccess(pc *domain.ProviderConfig, a domain.Grant) error

type Table

type Table struct {
	ProjectID string
	DatasetID string
	TableID   string
	Labels    map[string]string
}

Table is a reference to a BigQuery table

func (*Table) FromDomain

func (t *Table) FromDomain(r *domain.Resource) error

func (*Table) ToDomain

func (t *Table) ToDomain() *domain.Resource

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL