iam

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 15, 2021 License: MPL-2.0 Imports: 24 Imported by: 0

Documentation

Overview

iam package is for identity access management of boundary. It includes typical iam resources like Orgs, Projects, Users, Groups, etc.

Index

Constants

View Source 
const (
	UserPrefix      = "u"
	GroupPrefix     = "g"
	RolePrefix      = "r"
	RoleGrantPrefix = "rg"
)

Variables

View Source 
var ErrMetadataScopeNotFound = errors.NewDeprecated(errors.RecordNotFound, "iam", "scope not found for metadata", errors.WithoutEvent())

Functions

func CrudActions 

func CrudActions() map[string]action.Type

CrudActions returns a standard set of actions for resources that support a CRUD API

func CrudlActions 

func CrudlActions() map[string]action.Type

CrudlActions adds list to the standard set of actions for resources that support a CRUD API

func TestScopes 

func TestScopes(t *testing.T, repo *Repository, opt ...Option) (org *Scope, prj *Scope)

TestScopes creates an org and project suitable for testing.

func TestSetPrimaryAuthMethod added in v0.2.0 

func TestSetPrimaryAuthMethod(t *testing.T, repo *Repository, s *Scope, authMethodId string)

TestSetPrimaryAuthMethod will set the PrimaryAuthMethodId for a scope.

Types

type Cloneable 

type Cloneable interface {
	Clone() interface{}
}

type Group 

type Group struct {
	*store.Group
	// contains filtered or unexported fields
}

Group is made up of principals which are scoped to an org.

func NewGroup 

func NewGroup(scopeId string, opt ...Option) (*Group, error)

NewGroup creates a new in memory group with a scope (project/org) and allowed options include: withDescripion, WithName.

func TestGroup 

func TestGroup(t *testing.T, conn *gorm.DB, scopeId string, opt ...Option) *Group

TestGroup creates a group suitable for testing.

func (*Group) Actions 

func (*Group) Actions() map[string]action.Type

Actions returns the available actions for Group

func (*Group) Clone 

func (g *Group) Clone() interface{}

Clone creates a clone of the Group.

func (*Group) GetScope 

func (g *Group) GetScope(ctx context.Context, r db.Reader) (*Scope, error)

GetScope returns the scope for the Group.

func (*Group) ResourceType 

func (*Group) ResourceType() resource.Type

ResourceType returns the type of the Group.

func (*Group) SetTableName 

func (g *Group) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*Group) TableName 

func (g *Group) TableName() string

TableName returns the tablename to override the default gorm table name.

func (*Group) VetForWrite 

func (g *Group) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the group before it's written.

type GroupMember 

type GroupMember struct {
	*store.GroupMemberView
	// contains filtered or unexported fields
}

GroupMember provides a common way to return members.

func (*GroupMember) SetTableName 

func (v *GroupMember) SetTableName(n string)

SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*GroupMember) TableName 

func (v *GroupMember) TableName() string

TableName provides an overridden gorm table name for group members.

type GroupMemberUser 

type GroupMemberUser struct {
	*store.GroupMemberUser
	// contains filtered or unexported fields
}

GroupMemberUser is a group member that's a User

func NewGroupMemberUser 

func NewGroupMemberUser(groupId, userId string, _ ...Option) (*GroupMemberUser, error)

NewGroupMemberUser creates a new in memory user member of the group. No options are currently supported.

func TestGroupMember 

func TestGroupMember(t *testing.T, conn *gorm.DB, groupId, userId string, opt ...Option) *GroupMemberUser

func (*GroupMemberUser) Clone 

func (m *GroupMemberUser) Clone() interface{}

Clone creates a clone of the GroupMember

func (*GroupMemberUser) SetTableName 

func (m *GroupMemberUser) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface

func (*GroupMemberUser) TableName 

func (m *GroupMemberUser) TableName() string

TableName returns the tablename to override the default gorm table name

func (*GroupMemberUser) VetForWrite 

func (m *GroupMemberUser) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface for group members.

type GroupRole 

type GroupRole struct {
	*store.GroupRole
	// contains filtered or unexported fields
}

GroupRole is a group assigned to a role

func NewGroupRole 

func NewGroupRole(roleId, groupId string, opt ...Option) (*GroupRole, error)

NewGroupRole creates a new group role in memory. No options are supported currently.

func TestGroupRole 

func TestGroupRole(t *testing.T, conn *gorm.DB, roleId, grpId string, opt ...Option) *GroupRole

func (*GroupRole) Clone 

func (r *GroupRole) Clone() interface{}

Clone creates a clone of the GroupRole.

func (*GroupRole) SetTableName 

func (r *GroupRole) SetTableName(n string)

SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*GroupRole) TableName 

func (r *GroupRole) TableName() string

TableName returns the tablename to override the default gorm table name for group roles.

func (*GroupRole) VetForWrite 

func (role *GroupRole) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface for group roles.

type ManagedGroupRole added in v0.3.0 

type ManagedGroupRole struct {
	*store.ManagedGroupRole
	// contains filtered or unexported fields
}

ManagedGroupRole is a managed group assigned to a role

func AllocManagedGroupRole added in v0.3.0 

func AllocManagedGroupRole() ManagedGroupRole

AllocManagedGroupRole returns a new ManagedGroupRole with an initialized store.

func NewManagedGroupRole added in v0.3.0 

func NewManagedGroupRole(roleId, managedGroupId string, opt ...Option) (*ManagedGroupRole, error)

NewGroupRole creates a new group role in memory. No options are supported currently.

func TestManagedGroupRole added in v0.3.0 

func TestManagedGroupRole(t *testing.T, conn *gorm.DB, roleId, managedGrpId string, opt ...Option) *ManagedGroupRole

func (*ManagedGroupRole) Clone added in v0.3.0 

func (r *ManagedGroupRole) Clone() interface{}

Clone creates a clone of the ManagedGroupRole.

func (*ManagedGroupRole) SetTableName added in v0.3.0 

func (r *ManagedGroupRole) SetTableName(n string)

SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*ManagedGroupRole) TableName added in v0.3.0 

func (r *ManagedGroupRole) TableName() string

TableName returns the tablename to override the default gorm table name for managed group roles.

func (ManagedGroupRole) VetForWrite added in v0.3.0 

func (role ManagedGroupRole) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface for managed group roles.

type MemberType 

type MemberType uint32

MemberType defines the possible membership types for groups. We don't surface this in the API as of yet as it's always user and we don't have plans for others currently. 

const (
	UnknownMemberType MemberType = 0
	UserMemberType    MemberType = 1
)

func (MemberType) String 

func (m MemberType) String() string

type Option 

type Option func(*options)

Option - how Options are passed as arguments

func WithAccountIds added in v0.2.0 

func WithAccountIds(id ...string) Option

WithAccountIds provides an option for specifying account ids to add to a user.

func WithDescription 

func WithDescription(desc string) Option

WithDescription provides an optional description

func WithDisassociate 

func WithDisassociate(enable bool) Option

WithDisassociate provides an option to allow the combining of disassociating and associating a user in one operation.

func WithGrantScopeId 

func WithGrantScopeId(id string) Option

WithGrantScopeId provides an option to specify the scope ID for grants in roles.

func WithLimit 

func WithLimit(limit int) Option

WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

func WithName 

func WithName(name string) Option

WithName provides an option to search by a friendly name

func WithPrimaryAuthMethodId added in v0.2.0 

func WithPrimaryAuthMethodId(id string) Option

WithPrimaryAuthMethodId provides an option to specify the primary auth method for the scope.

func WithPublicId 

func WithPublicId(id string) Option

WithPublicId provides an optional public id

func WithRandomReader 

func WithRandomReader(reader io.Reader) Option

WithRandomReader provides an option to specify a random reader.

func WithSkipAdminRoleCreation 

func WithSkipAdminRoleCreation(enable bool) Option

WithSkipAdminRoleCreation provides an option to disable the automatic creation of an admin role when a new scope is created.

func WithSkipDefaultRoleCreation 

func WithSkipDefaultRoleCreation(enable bool) Option

WithSkipDefaultRoleCreation provides an option to disable the automatic creation of a default role when a new scope is created.

func WithSkipVetForWrite 

func WithSkipVetForWrite(enable bool) Option

WithSkipVetForWrite provides an option to allow skipping vet checks to allow testing lower-level SQL triggers and constraints

func WithUserId 

func WithUserId(id string) Option

WithUserId provides an option to specify the user ID to use when creating roles with new scopes.

type PrincipalRole 

type PrincipalRole struct {
	*store.PrincipalRoleView
	// contains filtered or unexported fields
}

PrincipalRole provides a common way to return roles regardless of their underlying type.

func (*PrincipalRole) SetTableName 

func (v *PrincipalRole) SetTableName(n string)

SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*PrincipalRole) TableName 

func (v *PrincipalRole) TableName() string

TableName provides an overridden gorm table name for principal roles.

type PrincipalSet added in v0.3.0 

type PrincipalSet struct {
	AddUserRoles            []interface{}
	AddGroupRoles           []interface{}
	AddManagedGroupRoles    []interface{}
	DeleteUserRoles         []interface{}
	DeleteGroupRoles        []interface{}
	DeleteManagedGroupRoles []interface{}
	// unchangedPrincipalRoles is set iff there are no changes, that is, the
	// length of all other members is zero
	UnchangedPrincipalRoles []PrincipalRole
}

type Repository 

type Repository struct {
	// contains filtered or unexported fields
}

Repository is the iam database repository

func NewRepository 

func NewRepository(r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*Repository, error)

NewRepository creates a new iam Repository. Supports the options: WithLimit which sets a default limit on results returned by repo operations.

func TestRepo 

func TestRepo(t *testing.T, conn *gorm.DB, rootWrapper wrapping.Wrapper, opt ...Option) *Repository

TestRepo creates a repo that can be used for various purposes. Crucially, it ensures that the global scope contains a valid root key.

func (*Repository) AddGroupMembers 

func (r *Repository) AddGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, _ ...Option) ([]*GroupMember, error)

AddGroupMembers provides the ability to add members (userIds) to a group (groupId). The group's current db version must match the groupVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) AddPrincipalRoles 

func (r *Repository) AddPrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, _ ...Option) ([]PrincipalRole, error)

AddPrincipalRoles provides the ability to add principals (userIds and groupIds) to a role (roleId). The role's current db version must match the roleVersion or an error will be returned. The list of current PrincipalRoles after the adds will be returned on success. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) AddRoleGrants 

func (r *Repository) AddRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, _ ...Option) ([]*RoleGrant, error)

AddRoleGrant will add role grants associated with the role ID in the repository. No options are currently supported. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) AddUserAccounts 

func (r *Repository) AddUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, _ ...Option) ([]string, error)

AddUserAccounts will associate a user with existing accounts and return a list of all associated account ids for the user. The accounts must not already be associated with different users. No options are currently supported.

func (*Repository) CreateGroup 

func (r *Repository) CreateGroup(ctx context.Context, group *Group, _ ...Option) (*Group, error)

CreateGroup will create a group in the repository and return the written group. No options are currently supported.

func (*Repository) CreateRole 

func (r *Repository) CreateRole(ctx context.Context, role *Role, _ ...Option) (*Role, error)

CreateRole will create a role in the repository and return the written role. No options are currently supported.

func (*Repository) CreateScope 

func (r *Repository) CreateScope(ctx context.Context, s *Scope, userId string, opt ...Option) (*Scope, error)

CreateScope will create a scope in the repository and return the written scope. Supported options include: WithPublicId and WithRandomReader.

func (*Repository) CreateUser 

func (r *Repository) CreateUser(ctx context.Context, user *User, opt ...Option) (*User, error)

CreateUser will create a user in the repository and return the written user

func (*Repository) DeleteGroup 

func (r *Repository) DeleteGroup(ctx context.Context, withPublicId string, _ ...Option) (int, error)

DeleteGroup will delete a group from the repository.

func (*Repository) DeleteGroupMembers 

func (r *Repository) DeleteGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, _ ...Option) (int, error)

DeleteGroupMembers (userIds) from a group (groupId). The group's current db version must match the groupVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) DeletePrincipalRoles 

func (r *Repository) DeletePrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, _ ...Option) (int, error)

DeletePrincipalRoles principals (userIds and/or groupIds) from a role (roleId). The role's current db version must match the roleVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) DeleteRole 

func (r *Repository) DeleteRole(ctx context.Context, withPublicId string, _ ...Option) (int, error)

DeleteRole will delete a role from the repository.

func (*Repository) DeleteRoleGrants 

func (r *Repository) DeleteRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, _ ...Option) (int, error)

DeleteRoleGrants deletes grants (as strings) from a role (roleId). The role's current db version must match the roleVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) DeleteScope 

func (r *Repository) DeleteScope(ctx context.Context, withPublicId string, _ ...Option) (int, error)

DeleteScope will delete a scope from the repository

func (*Repository) DeleteUser 

func (r *Repository) DeleteUser(ctx context.Context, withPublicId string, _ ...Option) (int, error)

DeleteUser will delete a user from the repository

func (*Repository) DeleteUserAccounts 

func (r *Repository) DeleteUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, _ ...Option) ([]string, error)

DeleteUserAccounts will disassociate a user from existing accounts and return a list of all associated account ids for the user. The accounts must not be associated with different users. No options are currently supported.

func (*Repository) GrantsForUser 

func (r *Repository) GrantsForUser(ctx context.Context, userId string, _ ...Option) ([]perms.GrantTuple, error)

func (*Repository) ListGroupMembers 

func (r *Repository) ListGroupMembers(ctx context.Context, withGroupId string, opt ...Option) ([]*GroupMember, error)

ListGroupMembers of a group and supports WithLimit option.

func (*Repository) ListGroups 

func (r *Repository) ListGroups(ctx context.Context, withScopeIds []string, opt ...Option) ([]*Group, error)

ListGroups lists groups in the given scopes and supports WithLimit option.

func (*Repository) ListPrincipalRoles 

func (r *Repository) ListPrincipalRoles(ctx context.Context, roleId string, opt ...Option) ([]PrincipalRole, error)

ListPrincipalRoles returns the principal roles for the roleId and supports the WithLimit option.

func (*Repository) ListRoleGrants 

func (r *Repository) ListRoleGrants(ctx context.Context, roleId string, opt ...Option) ([]*RoleGrant, error)

ListRoleGrants returns the grants for the roleId and supports the WithLimit option.

func (*Repository) ListRoles 

func (r *Repository) ListRoles(ctx context.Context, withScopeIds []string, opt ...Option) ([]*Role, error)

ListRoles lists roles in the given scopes and supports WithLimit option.

func (*Repository) ListScopes added in v0.1.5 

func (r *Repository) ListScopes(ctx context.Context, withParentIds []string, opt ...Option) ([]*Scope, error)

ListScopes with the parent IDs, supports the WithLimit option.

func (*Repository) ListScopesRecursively added in v0.1.5 

func (r *Repository) ListScopesRecursively(ctx context.Context, rootScopeId string, opt ...Option) ([]*Scope, error)

ListScopesRecursively allows for recursive listing of scopes based on a root scope ID. It returns the root scope ID as a part of the set.

func (*Repository) ListUserAccounts 

func (r *Repository) ListUserAccounts(ctx context.Context, userId string, opt ...Option) ([]string, error)

ListUserAccounts returns the account ids for the userId and supports the WithLimit option. Returns nil, nil when no associated accounts are found.

func (*Repository) ListUsers 

func (r *Repository) ListUsers(ctx context.Context, withScopeIds []string, opt ...Option) ([]*User, error)

ListUsers lists users in the given scopes and supports the WithLimit option.

func (*Repository) LookupGroup 

func (r *Repository) LookupGroup(ctx context.Context, withPublicId string, _ ...Option) (*Group, []*GroupMember, error)

LookupGroup will look up a group in the repository. If the group is not found, it will return nil, nil.

func (*Repository) LookupRole 

func (r *Repository) LookupRole(ctx context.Context, withPublicId string, _ ...Option) (*Role, []PrincipalRole, []*RoleGrant, error)

LookupRole will look up a role in the repository. If the role is not found, it will return nil, nil.

func (*Repository) LookupScope 

func (r *Repository) LookupScope(ctx context.Context, withPublicId string, _ ...Option) (*Scope, error)

LookupScope will look up a scope in the repository. If the scope is not found, it will return nil, nil.

func (*Repository) LookupUser 

func (r *Repository) LookupUser(ctx context.Context, userId string, _ ...Option) (*User, []string, error)

LookupUser will look up a user and its associated account ids in the repository. If the user is not found, it will return nil, nil, nil.

func (*Repository) LookupUserWithLogin 

func (r *Repository) LookupUserWithLogin(ctx context.Context, accountId string, opt ...Option) (*User, error)

LookupUserWithLogin will attempt to lookup the user with a matching account id and return the user if found. If a user is not found and the account's scope is not the PrimaryAuthMethod, then an error is returned. If the account's scope is the PrimaryAuthMethod, then a new iam User will be created (autovivified) in the scope of the account, and associated with the account. If a new user is auto vivified, then the WithName and WithDescription options are supported as well.

func (*Repository) PrincipalsToSet added in v0.3.0 

func (r *Repository) PrincipalsToSet(ctx context.Context, role *Role, userIds, groupIds, managedGroupIds []string) (*PrincipalSet, error)

TODO: Should this be moved inside the transaction, at this point? PrincipalsToSet sets principals on a role from the given lists.

func (*Repository) SetGroupMembers 

func (r *Repository) SetGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, _ ...Option) ([]*GroupMember, int, error)

SetGroupMembers will set the group's members. If userIds is empty, the members will be cleared. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) SetPrincipalRoles 

func (r *Repository) SetPrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, _ ...Option) ([]PrincipalRole, int, error)

SetPrincipalRoles will set the role's principals. Set add and/or delete principals as need to reconcile the existing principals with the principals requested. If both userIds and groupIds are empty, the principal roles will be cleared. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) SetRoleGrants 

func (r *Repository) SetRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, _ ...Option) ([]*RoleGrant, int, error)

SetRoleGrants sets grants on a role (roleId). The role's current db version must match the roleVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) SetUserAccounts 

func (r *Repository) SetUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, _ ...Option) ([]string, error)

SetUserAccounts will associate a user with existing accounts and return a list of all associated account ids for the user. The accounts must not already be associated with different users. No options are currently supported.

func (*Repository) UpdateGroup 

func (r *Repository) UpdateGroup(ctx context.Context, group *Group, version uint32, fieldMaskPaths []string, _ ...Option) (*Group, []*GroupMember, int, error)

UpdateGroup will update a group in the repository and return the written group. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name and Description are the only updatable fields, If no updatable fields are included in the fieldMaskPaths, then an error is returned.

func (*Repository) UpdateRole 

func (r *Repository) UpdateRole(ctx context.Context, role *Role, version uint32, fieldMaskPaths []string, _ ...Option) (*Role, []PrincipalRole, []*RoleGrant, int, error)

UpdateRole will update a role in the repository and return the written role. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name, Description, and GrantScopeId are the only updatable fields, If no updatable fields are included in the fieldMaskPaths, then an error is returned.

func (*Repository) UpdateScope 

func (r *Repository) UpdateScope(ctx context.Context, scope *Scope, version uint32, fieldMaskPaths []string, _ ...Option) (*Scope, int, error)

UpdateScope will update a scope in the repository and return the written scope. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name and Description are the only updatable fields, and everything else is ignored. If no updatable fields are included in the fieldMaskPaths, then an error is returned.

func (*Repository) UpdateUser 

func (r *Repository) UpdateUser(ctx context.Context, user *User, version uint32, fieldMaskPaths []string, opt ...Option) (*User, []string, int, error)

UpdateUser will update a user in the repository and return the written user plus its associated account ids. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name and Description are the only updatable fields, if no updatable fields are included in the fieldMaskPaths, then an error is returned.

type Resource 

type Resource interface {
	// GetPublicId is the resource ID used to access the resource via an API
	GetPublicId() string

	// GetName is the optional friendly name used to
	// access the resource via an API
	GetName() string

	// GetDescription is the optional description of the resource
	GetDescription() string

	// GetScope is the Scope that owns the Resource
	GetScope(ctx context.Context, r db.Reader) (*Scope, error)

	// Type of Resource (Target, Policy, User, Group, etc)
	ResourceType() resource.Type

	// Actions that can be assigned permissions for
	// the Resource in Policies. Action String() is key for
	// the map of Actions returned.
	Actions() map[string]action.Type
}

Resource declares the shared behavior of IAM Resources

type ResourceWithScope 

type ResourceWithScope interface {
	GetPublicId() string
	GetScopeId() string
	// contains filtered or unexported methods
}

ResourceWithScope defines an interface for Resources that have a scope

type Role 

type Role struct {
	*store.Role
	// contains filtered or unexported fields
}

Roles are granted permissions and assignable to Users and Groups.

func NewRole 

func NewRole(scopeId string, opt ...Option) (*Role, error)

NewRole creates a new in memory role with a scope (project/org) allowed options include: withDescripion, WithName, withGrantScopeId.

func TestRole 

func TestRole(t *testing.T, conn *gorm.DB, scopeId string, opt ...Option) *Role

TestRole creates a role suitable for testing.

func (*Role) Actions 

func (*Role) Actions() map[string]action.Type

Actions returns the available actions for Role.

func (*Role) Clone 

func (r *Role) Clone() interface{}

Clone creates a clone of the Role.

func (*Role) GetScope 

func (role *Role) GetScope(ctx context.Context, r db.Reader) (*Scope, error)

Getscope returns the scope for the Role.

func (*Role) ResourceType 

func (*Role) ResourceType() resource.Type

ResourceType returns the type of the Role.

func (*Role) SetTableName 

func (r *Role) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*Role) TableName 

func (r *Role) TableName() string

TableName returns the tablename to override the default gorm table name.

func (*Role) VetForWrite 

func (role *Role) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface.

type RoleGrant 

type RoleGrant struct {
	*store.RoleGrant
	// contains filtered or unexported fields
}

RoleGrant defines the grants that are assigned to a role

func NewRoleGrant 

func NewRoleGrant(roleId string, grant string, _ ...Option) (*RoleGrant, error)

NewRoleGrant creates a new in memory role grant

func TestRoleGrant 

func TestRoleGrant(t *testing.T, conn *gorm.DB, roleId, grant string, opt ...Option) *RoleGrant

func (*RoleGrant) Clone 

func (g *RoleGrant) Clone() interface{}

Clone creates a clone of the RoleGrant

func (*RoleGrant) SetTableName 

func (g *RoleGrant) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*RoleGrant) TableName 

func (g *RoleGrant) TableName() string

TableName returns the tablename to override the default gorm table name

func (*RoleGrant) VetForWrite 

func (g *RoleGrant) VetForWrite(ctx context.Context, _ db.Reader, _ db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface

type RoleType 

type RoleType uint32

RoleType defines the possible types for roles. 

const (
	UnknownRoleType      RoleType = 0
	UserRoleType         RoleType = 1
	GroupRoleType        RoleType = 2
	ManagedGroupRoleType RoleType = 3
)

func (RoleType) String 

func (r RoleType) String() string

String returns a string representation of the role type.

type Scope 

type Scope struct {
	*store.Scope
	// contains filtered or unexported fields
}

Scope is used to create a hierarchy of "containers" that encompass the scope of an IAM resource. Scopes are Global, Orgs and Projects.

func AllocScope added in v0.2.0 

func AllocScope() Scope

func LookupScope 

func LookupScope(ctx context.Context, reader db.Reader, resource ResourceWithScope) (*Scope, error)

LookupScope looks up the resource's scope

func NewOrg 

func NewOrg(opt ...Option) (*Scope, error)

func NewProject 

func NewProject(orgPublicId string, opt ...Option) (*Scope, error)

func TestOrg 

func TestOrg(t *testing.T, repo *Repository, opt ...Option) (org *Scope)

func (*Scope) Actions 

func (*Scope) Actions() map[string]action.Type

Actions returns the available actions for Scopes

func (*Scope) Clone 

func (s *Scope) Clone() interface{}

Clone creates a clone of the Scope

func (*Scope) GetScope 

func (s *Scope) GetScope(ctx context.Context, r db.Reader) (*Scope, error)

GetScope returns the scope for the "scope" if there is one defined

func (*Scope) ResourceType 

func (s *Scope) ResourceType() resource.Type

ResourceType returns the type of scope

func (*Scope) SetTableName 

func (s *Scope) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*Scope) TableName 

func (s *Scope) TableName() string

TableName returns the tablename to override the default gorm table name

func (*Scope) VetForWrite 

func (s *Scope) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface for scopes this function is intended to be callled by a db.Writer (Create and Update) to validate the scope before writing it to the db.

type User 

type User struct {
	*store.User
	// contains filtered or unexported fields
}

User defines boundary users which are scoped to an Org

func AllocUser added in v0.2.1 

func AllocUser() User

AllocUser will allocate an empty user

func NewUser 

func NewUser(scopeId string, opt ...Option) (*User, error)

NewUser creates a new in memory user and allows options: WithName - to specify the user's friendly name and WithDescription - to specify a user description

func TestUser 

func TestUser(t *testing.T, repo *Repository, scopeId string, opt ...Option) *User

TestUser creates a user suitable for testing. Supports the options: WithName, WithDescription and WithAccountIds.

func (*User) Actions 

func (*User) Actions() map[string]action.Type

Actions returns the available actions for Users

func (*User) Clone 

func (u *User) Clone() interface{}

Clone creates a clone of the User

func (*User) GetScope 

func (u *User) GetScope(ctx context.Context, r db.Reader) (*Scope, error)

GetScope returns the scope for the User

func (*User) ResourceType 

func (*User) ResourceType() resource.Type

ResourceType returns the type of the User

func (*User) SetTableName 

func (u *User) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*User) TableName 

func (u *User) TableName() string

TableName returns the tablename to override the default gorm table name

func (*User) VetForWrite 

func (u *User) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the user before it's written.

type UserRole 

type UserRole struct {
	*store.UserRole
	// contains filtered or unexported fields
}

UserRole is a user assigned to a role

func NewUserRole 

func NewUserRole(roleId, userId string, _ ...Option) (*UserRole, error)

NewUserRole creates a new user role in memory. No options are supported currently.

func TestUserRole 

func TestUserRole(t *testing.T, conn *gorm.DB, roleId, userId string, opt ...Option) *UserRole

func (*UserRole) Clone 

func (r *UserRole) Clone() interface{}

Clone creates a clone of the UserRole.

func (*UserRole) SetTableName 

func (r *UserRole) SetTableName(n string)

SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*UserRole) TableName 

func (r *UserRole) TableName() string

TableName returns the tablename to override the default gorm table name for user roles.

func (*UserRole) VetForWrite 

func (role *UserRole) VetForWrite(ctx context.Context, _ db.Reader, _ db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface for user roles.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.