Documentation ¶
Index ¶
- Constants
- Variables
- type Config
- type Credentials
- type GcloudIamClient
- type Provider
- func (p *Provider) CreateConfig(pc *domain.ProviderConfig) error
- func (p *Provider) GetAccountTypes() []string
- func (p *Provider) GetPermissions(_pc *domain.ProviderConfig, _resourceType, role string) ([]interface{}, error)
- func (p *Provider) GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, error)
- func (p *Provider) GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)
- func (p *Provider) GetType() string
- func (p *Provider) GrantAccess(pc *domain.ProviderConfig, g domain.Grant) error
- func (p *Provider) ListAccess(ctx context.Context, pc domain.ProviderConfig, resources []*domain.Resource) (domain.MapResourceAccess, error)
- func (p *Provider) RevokeAccess(pc *domain.ProviderConfig, g domain.Grant) error
- type Role
Constants ¶
View Source
const ( ResourceNameOrganizationPrefix = "organizations/" ResourceNameProjectPrefix = "projects/" )
View Source
const ( AccountTypeUser = "user" AccountTypeServiceAccount = "serviceAccount" AccountTypeGroup = "group" )
View Source
const ( ResourceTypeProject = "project" ResourceTypeOrganization = "organization" ResourceTypeServiceAccount = "service_account" )
Variables ¶
View Source
var ( ErrUnableToEncryptNilCredentials = errors.New("unable to encrypt nil credentials") ErrUnableToDecryptNilCredentials = errors.New("unable to decrypt nil credentials") ErrInvalidPermissionConfig = errors.New("invalid permission config type") ErrInvalidCredentials = errors.New("invalid credentials type") ErrPermissionAlreadyExists = errors.New("permission already exists") ErrPermissionNotFound = errors.New("permission not found") ErrInvalidResourceType = errors.New("invalid resource type") ErrInvalidRole = errors.New("invalid role") ErrShouldHaveOneResource = errors.New("gcloud_iam should have one resource") ErrInvalidResourceName = errors.New("invalid resource name: resource name should be projects/{{project-id}} or organizations/{{org-id}}") ErrRolesShouldNotBeEmpty = errors.New("gcloud_iam provider should not have empty roles") ErrInvalidProjectRole = errors.New("provided role is not supported for project in gcloud") )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { ProviderConfig *domain.ProviderConfig // contains filtered or unexported fields }
func (*Config) EncryptCredentials ¶
func (*Config) ParseAndValidate ¶
type Credentials ¶
type GcloudIamClient ¶
type GcloudIamClient interface { GetGrantableRoles(ctx context.Context, resourceType string) ([]*iam.Role, error) GrantAccess(accountType, accountID, role string) error RevokeAccess(accountType, accountID, role string) error ListAccess(ctx context.Context, resources []*domain.Resource) (domain.MapResourceAccess, error) ListServiceAccounts(context.Context) ([]*iam.ServiceAccount, error) GrantServiceAccountAccess(ctx context.Context, sa, accountType, accountID, roles string) error RevokeServiceAccountAccess(ctx context.Context, sa, accountType, accountID, role string) error }
type Provider ¶
type Provider struct { provider.PermissionManager provider.UnimplementedClient Clients map[string]GcloudIamClient // contains filtered or unexported fields }
func NewProvider ¶
func (*Provider) CreateConfig ¶
func (p *Provider) CreateConfig(pc *domain.ProviderConfig) error
func (*Provider) GetAccountTypes ¶
func (*Provider) GetPermissions ¶
func (p *Provider) GetPermissions(_pc *domain.ProviderConfig, _resourceType, role string) ([]interface{}, error)
func (*Provider) GetResources ¶
func (*Provider) GrantAccess ¶
func (*Provider) ListAccess ¶
func (p *Provider) ListAccess(ctx context.Context, pc domain.ProviderConfig, resources []*domain.Resource) (domain.MapResourceAccess, error)
func (*Provider) RevokeAccess ¶
Click to show internal directories.
Click to hide internal directories.