Documentation ¶
Overview ¶
iam package is for identity access management of boundary. It includes typical iam resources like Orgs, Projects, Users, Groups, etc.
Index ¶
- Constants
- Variables
- func CrudActions() map[string]action.Type
- func CrudlActions() map[string]action.Type
- func TestScopes(t *testing.T, repo *Repository, opt ...Option) (org *Scope, prj *Scope)
- type Cloneable
- type Group
- func (*Group) Actions() map[string]action.Type
- func (g *Group) Clone() interface{}
- func (g *Group) GetScope(ctx context.Context, r db.Reader) (*Scope, error)
- func (*Group) ResourceType() resource.Type
- func (g *Group) SetTableName(n string)
- func (g *Group) TableName() string
- func (g *Group) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error
- type GroupMember
- type GroupMemberUser
- type GroupRole
- type MemberType
- type Option
- func WithAutoVivify(enable bool) Option
- func WithDescription(desc string) Option
- func WithDisassociate(enable bool) Option
- func WithGrantScopeId(id string) Option
- func WithGroupGrants(enable bool) Option
- func WithLimit(limit int) Option
- func WithName(name string) Option
- func WithPublicId(id string) Option
- func WithRandomReader(reader io.Reader) Option
- func WithSkipAdminRoleCreation(enable bool) Option
- func WithSkipDefaultRoleCreation(enable bool) Option
- func WithSkipVetForWrite(enable bool) Option
- func WithUserId(id string) Option
- type PrincipalRole
- type Repository
- func (r *Repository) AddGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, ...) ([]*GroupMember, error)
- func (r *Repository) AddPrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, ...) ([]PrincipalRole, error)
- func (r *Repository) AddRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, ...) ([]*RoleGrant, error)
- func (r *Repository) AddUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, ...) ([]string, error)
- func (r *Repository) CreateGroup(ctx context.Context, group *Group, opt ...Option) (*Group, error)
- func (r *Repository) CreateRole(ctx context.Context, role *Role, opt ...Option) (*Role, error)
- func (r *Repository) CreateScope(ctx context.Context, s *Scope, userId string, opt ...Option) (*Scope, error)
- func (r *Repository) CreateUser(ctx context.Context, user *User, opt ...Option) (*User, error)
- func (r *Repository) DeleteGroup(ctx context.Context, withPublicId string, opt ...Option) (int, error)
- func (r *Repository) DeleteGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, ...) (int, error)
- func (r *Repository) DeletePrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, ...) (int, error)
- func (r *Repository) DeleteRole(ctx context.Context, withPublicId string, opt ...Option) (int, error)
- func (r *Repository) DeleteRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, ...) (int, error)
- func (r *Repository) DeleteScope(ctx context.Context, withPublicId string, opt ...Option) (int, error)
- func (r *Repository) DeleteUser(ctx context.Context, withPublicId string, opt ...Option) (int, error)
- func (r *Repository) DeleteUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, ...) ([]string, error)
- func (r *Repository) GrantsForUser(ctx context.Context, userId string, opt ...Option) ([]perms.GrantPair, error)
- func (r *Repository) ListGroupMembers(ctx context.Context, withGroupId string, opt ...Option) ([]*GroupMember, error)
- func (r *Repository) ListGroups(ctx context.Context, withScopeId string, opt ...Option) ([]*Group, error)
- func (r *Repository) ListOrgs(ctx context.Context, opt ...Option) ([]*Scope, error)
- func (r *Repository) ListPrincipalRoles(ctx context.Context, roleId string, opt ...Option) ([]PrincipalRole, error)
- func (r *Repository) ListProjects(ctx context.Context, withOrgId string, opt ...Option) ([]*Scope, error)
- func (r *Repository) ListRoleGrants(ctx context.Context, roleId string, opt ...Option) ([]*RoleGrant, error)
- func (r *Repository) ListRoles(ctx context.Context, withScopeId string, opt ...Option) ([]*Role, error)
- func (r *Repository) ListUserAccounts(ctx context.Context, userId string, opt ...Option) ([]string, error)
- func (r *Repository) ListUsers(ctx context.Context, withOrgId string, opt ...Option) ([]*User, error)
- func (r *Repository) LookupGroup(ctx context.Context, withPublicId string, opt ...Option) (*Group, []*GroupMember, error)
- func (r *Repository) LookupRole(ctx context.Context, withPublicId string, opt ...Option) (*Role, []PrincipalRole, []*RoleGrant, error)
- func (r *Repository) LookupScope(ctx context.Context, withPublicId string, opt ...Option) (*Scope, error)
- func (r *Repository) LookupUser(ctx context.Context, userId string, opt ...Option) (*User, []string, error)
- func (r *Repository) LookupUserWithLogin(ctx context.Context, accountId string, opt ...Option) (*User, error)
- func (r *Repository) SetGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, ...) ([]*GroupMember, int, error)
- func (r *Repository) SetPrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, ...) ([]PrincipalRole, int, error)
- func (r *Repository) SetRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, ...) ([]*RoleGrant, int, error)
- func (r *Repository) SetUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, ...) ([]string, error)
- func (r *Repository) UpdateGroup(ctx context.Context, group *Group, version uint32, fieldMaskPaths []string, ...) (*Group, []*GroupMember, int, error)
- func (r *Repository) UpdateRole(ctx context.Context, role *Role, version uint32, fieldMaskPaths []string, ...) (*Role, []PrincipalRole, []*RoleGrant, int, error)
- func (r *Repository) UpdateScope(ctx context.Context, scope *Scope, version uint32, fieldMaskPaths []string, ...) (*Scope, int, error)
- func (r *Repository) UpdateUser(ctx context.Context, user *User, version uint32, fieldMaskPaths []string, ...) (*User, []string, int, error)
- type Resource
- type ResourceWithScope
- type Role
- func (*Role) Actions() map[string]action.Type
- func (r *Role) Clone() interface{}
- func (role *Role) GetScope(ctx context.Context, r db.Reader) (*Scope, error)
- func (*Role) ResourceType() resource.Type
- func (r *Role) SetTableName(n string)
- func (r *Role) TableName() string
- func (role *Role) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error
- type RoleGrant
- type RoleType
- type Scope
- func (*Scope) Actions() map[string]action.Type
- func (s *Scope) Clone() interface{}
- func (s *Scope) GetScope(ctx context.Context, r db.Reader) (*Scope, error)
- func (s *Scope) ResourceType() resource.Type
- func (s *Scope) SetTableName(n string)
- func (s *Scope) TableName() string
- func (s *Scope) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error
- type User
- func (*User) Actions() map[string]action.Type
- func (u *User) Clone() interface{}
- func (u *User) GetScope(ctx context.Context, r db.Reader) (*Scope, error)
- func (*User) ResourceType() resource.Type
- func (u *User) SetTableName(n string)
- func (u *User) TableName() string
- func (u *User) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error
- type UserRole
Constants ¶
const ( UserPrefix = "u" GroupPrefix = "g" RolePrefix = "r" RoleGrantPrefix = "rg" )
Variables ¶
var (
ErrMetadataScopeNotFound = errors.New("scope not found for metadata")
)
Functions ¶
func CrudActions ¶
CrudActions returns a standard set of actions for resources that support a CRUD API
func CrudlActions ¶
CrudlActions adds list to the standard set of actions for resources that support a CRUD API
func TestScopes ¶
TestScopes creates an org and project suitable for testing.
Types ¶
type Group ¶
Group is made up of principals which are scoped to an org.
func NewGroup ¶
NewGroup creates a new in memory group with a scope (project/org) and allowed options include: withDescripion, WithName.
func (*Group) ResourceType ¶
ResourceType returns the type of the Group.
func (*Group) SetTableName ¶
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
type GroupMember ¶
type GroupMember struct { *store.GroupMemberView // contains filtered or unexported fields }
GroupMember provides a common way to return members.
func (*GroupMember) SetTableName ¶
func (v *GroupMember) SetTableName(n string)
SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*GroupMember) TableName ¶
func (v *GroupMember) TableName() string
TableName provides an overridden gorm table name for group members.
type GroupMemberUser ¶
type GroupMemberUser struct { *store.GroupMemberUser // contains filtered or unexported fields }
GroupMemberUser is a group member that's a User
func NewGroupMemberUser ¶
func NewGroupMemberUser(groupId, userId string, opt ...Option) (*GroupMemberUser, error)
NewGroupMemberUser creates a new in memory user member of the group. No options are currently supported.
func TestGroupMember ¶
func (*GroupMemberUser) Clone ¶
func (m *GroupMemberUser) Clone() interface{}
Clone creates a clone of the GroupMember
func (*GroupMemberUser) SetTableName ¶
func (m *GroupMemberUser) SetTableName(n string)
SetTableName sets the tablename and satisfies the ReplayableMessage interface
func (*GroupMemberUser) TableName ¶
func (m *GroupMemberUser) TableName() string
TableName returns the tablename to override the default gorm table name
type GroupRole ¶
GroupRole is a group assigned to a role
func NewGroupRole ¶
NewGroupRole creates a new group role in memory. No options are supported currently.
func TestGroupRole ¶
func (*GroupRole) Clone ¶
func (r *GroupRole) Clone() interface{}
Clone creates a clone of the GroupRole.
func (*GroupRole) SetTableName ¶
SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.
type MemberType ¶
type MemberType uint32
MemberType defines the possible membership types for groups. We don't surface this in the API as of yet as it's always user and we don't have plans for others currently.
const ( UnknownMemberType MemberType = 0 UserMemberType MemberType = 1 )
func (MemberType) String ¶
func (m MemberType) String() string
type Option ¶
type Option func(*options)
Option - how Options are passed as arguments
func WithAutoVivify ¶
WithAutoVivify provides an option to enable user auto vivification when calling repo.LookupUserWithLogin().
func WithDescription ¶
WithDescription provides an optional description
func WithDisassociate ¶
WithDisassociate provides an option to allow the combining of disassociating and associating a user in one operation.
func WithGrantScopeId ¶
WithGrantScopeId provides an option to specify the scope ID for grants in roles.
func WithGroupGrants ¶
WithGroupGrants provides and option to include group grants
func WithLimit ¶
WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.
func WithRandomReader ¶
WithRandomReader provides and option to specify a random reader.
func WithSkipAdminRoleCreation ¶
WithSkipAdminRoleCreation provides an option to disable the automatic creation of an admin role when a new scope is created.
func WithSkipDefaultRoleCreation ¶
WithSkipDefaultRoleCreation provides an option to disable the automatic creation of a default role when a new scope is created.
func WithSkipVetForWrite ¶
WithSkipVetForWrite provides an option to allow skipping vet checks to allow testing lower-level SQL triggers and constraints
func WithUserId ¶
WithUserId provides an option to specify the user ID to use when creating roles with new scopes.
type PrincipalRole ¶
type PrincipalRole struct { *store.PrincipalRoleView // contains filtered or unexported fields }
PrincipalRole provides a common way to return roles regardless of their underlying type.
func (*PrincipalRole) SetTableName ¶
func (v *PrincipalRole) SetTableName(n string)
SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*PrincipalRole) TableName ¶
func (v *PrincipalRole) TableName() string
TableName provides an overridden gorm table name for principal roles.
type Repository ¶
type Repository struct {
// contains filtered or unexported fields
}
Repository is the iam database repository
func NewRepository ¶
NewRepository creates a new iam Repository. Supports the options: WithLimit which sets a default limit on results returned by repo operations.
func TestRepo ¶
TestRepo creates a repo that can be used for various purposes. Crucially, it ensures that the global scope contains a valid root key.
func (*Repository) AddGroupMembers ¶
func (r *Repository) AddGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, opt ...Option) ([]*GroupMember, error)
AddGroupMembers provides the ability to add members (userIds) to a group (groupId). The group's current db version must match the groupVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.
func (*Repository) AddPrincipalRoles ¶
func (r *Repository) AddPrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, opt ...Option) ([]PrincipalRole, error)
AddPrincipalRoles provides the ability to add principals (userIds and groupIds) to a role (roleId). The role's current db version must match the roleVersion or an error will be returned. The list of current PrincipalRoles after the adds will be returned on success. Zero is not a valid value for the WithVersion option and will return an error.
func (*Repository) AddRoleGrants ¶
func (r *Repository) AddRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, opt ...Option) ([]*RoleGrant, error)
AddRoleGrant will add role grants associated with the role ID in the repository. No options are currently supported. Zero is not a valid value for the WithVersion option and will return an error.
func (*Repository) AddUserAccounts ¶
func (r *Repository) AddUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, opt ...Option) ([]string, error)
AddUserAccounts will associate a user with existing accounts and return a list of all associated account ids for the user. The accounts must not already be associated with different users. No options are currently supported.
func (*Repository) CreateGroup ¶
CreateGroup will create a group in the repository and return the written group. No options are currently supported.
func (*Repository) CreateRole ¶
CreateRole will create a role in the repository and return the written role. No options are currently supported.
func (*Repository) CreateScope ¶
func (r *Repository) CreateScope(ctx context.Context, s *Scope, userId string, opt ...Option) (*Scope, error)
CreateScope will create a scope in the repository and return the written scope. Supported options include: WithPublicId and WithRandomReader.
func (*Repository) CreateUser ¶
CreateUser will create a user in the repository and return the written user
func (*Repository) DeleteGroup ¶
func (r *Repository) DeleteGroup(ctx context.Context, withPublicId string, opt ...Option) (int, error)
DeleteGroup will delete a group from the repository.
func (*Repository) DeleteGroupMembers ¶
func (r *Repository) DeleteGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, opt ...Option) (int, error)
DeleteGroupMembers (userIds) from a group (groupId). The group's current db version must match the groupVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.
func (*Repository) DeletePrincipalRoles ¶
func (r *Repository) DeletePrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, opt ...Option) (int, error)
DeletePrincipalRoles principals (userIds and/or groupIds) from a role (roleId). The role's current db version must match the roleVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.
func (*Repository) DeleteRole ¶
func (r *Repository) DeleteRole(ctx context.Context, withPublicId string, opt ...Option) (int, error)
DeleteRole will delete a role from the repository.
func (*Repository) DeleteRoleGrants ¶
func (r *Repository) DeleteRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, opt ...Option) (int, error)
DeleteRoleGrants deletes grants (as strings) from a role (roleId). The role's current db version must match the roleVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.
func (*Repository) DeleteScope ¶
func (r *Repository) DeleteScope(ctx context.Context, withPublicId string, opt ...Option) (int, error)
DeleteScope will delete a scope from the repository
func (*Repository) DeleteUser ¶
func (r *Repository) DeleteUser(ctx context.Context, withPublicId string, opt ...Option) (int, error)
DeleteUser will delete a user from the repository
func (*Repository) DeleteUserAccounts ¶
func (r *Repository) DeleteUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, opt ...Option) ([]string, error)
DeleteUserAccounts will disassociate a user from existing accounts and return a list of all associated account ids for the user. The accounts must not be associated with different users. No options are currently supported.
func (*Repository) GrantsForUser ¶
func (*Repository) ListGroupMembers ¶
func (r *Repository) ListGroupMembers(ctx context.Context, withGroupId string, opt ...Option) ([]*GroupMember, error)
ListGroupMembers of a group and supports WithLimit option.
func (*Repository) ListGroups ¶
func (r *Repository) ListGroups(ctx context.Context, withScopeId string, opt ...Option) ([]*Group, error)
ListGroups in a scope and supports WithLimit option.
func (*Repository) ListPrincipalRoles ¶
func (r *Repository) ListPrincipalRoles(ctx context.Context, roleId string, opt ...Option) ([]PrincipalRole, error)
ListPrincipalRoles returns the principal roles for the roleId and supports the WithLimit option.
func (*Repository) ListProjects ¶
func (r *Repository) ListProjects(ctx context.Context, withOrgId string, opt ...Option) ([]*Scope, error)
ListProjects in an org and supports the WithLimit option.
func (*Repository) ListRoleGrants ¶
func (r *Repository) ListRoleGrants(ctx context.Context, roleId string, opt ...Option) ([]*RoleGrant, error)
ListRoleGrants returns the grants for the roleId and supports the WithLimit option.
func (*Repository) ListRoles ¶
func (r *Repository) ListRoles(ctx context.Context, withScopeId string, opt ...Option) ([]*Role, error)
ListRoles in a scope and supports WithLimit option.
func (*Repository) ListUserAccounts ¶
func (r *Repository) ListUserAccounts(ctx context.Context, userId string, opt ...Option) ([]string, error)
ListUserAccounts returns the account ids for the userId and supports the WithLimit option. Returns nil, nil when no associated accounts are found.
func (*Repository) ListUsers ¶
func (r *Repository) ListUsers(ctx context.Context, withOrgId string, opt ...Option) ([]*User, error)
ListUsers in an org and supports the WithLimit option.
func (*Repository) LookupGroup ¶
func (r *Repository) LookupGroup(ctx context.Context, withPublicId string, opt ...Option) (*Group, []*GroupMember, error)
LookupGroup will look up a group in the repository. If the group is not found, it will return nil, nil.
func (*Repository) LookupRole ¶
func (r *Repository) LookupRole(ctx context.Context, withPublicId string, opt ...Option) (*Role, []PrincipalRole, []*RoleGrant, error)
LookupRole will look up a role in the repository. If the role is not found, it will return nil, nil.
func (*Repository) LookupScope ¶
func (r *Repository) LookupScope(ctx context.Context, withPublicId string, opt ...Option) (*Scope, error)
LookupScope will look up a scope in the repository. If the scope is not found, it will return nil, nil.
func (*Repository) LookupUser ¶
func (r *Repository) LookupUser(ctx context.Context, userId string, opt ...Option) (*User, []string, error)
LookupUser will look up a user and its associated account ids in the repository. If the user is not found, it will return nil, nil, nil.
func (*Repository) LookupUserWithLogin ¶
func (r *Repository) LookupUserWithLogin(ctx context.Context, accountId string, opt ...Option) (*User, error)
LookupUserWithLogin will attempt to lookup the user with a matching account id and return the user if found. If a user is not found and the WithAutoVivify() option is true, then a new iam User will be created in the scope of the account, and associated with the account. If a new user is auto vivified, then the WithName and WithDescription options are supported as well.
func (*Repository) SetGroupMembers ¶
func (r *Repository) SetGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, opt ...Option) ([]*GroupMember, int, error)
SetGroupMembers will set the group's members. If userIds is empty, the members will be cleared. Zero is not a valid value for the WithVersion option and will return an error.
func (*Repository) SetPrincipalRoles ¶
func (r *Repository) SetPrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, opt ...Option) ([]PrincipalRole, int, error)
SetPrincipalRoles will set the role's principals. Set add and/or delete principals as need to reconcile the existing principals with the principals requested. If both userIds and groupIds are empty, the principal roles will be cleared. Zero is not a valid value for the WithVersion option and will return an error.
func (*Repository) SetRoleGrants ¶
func (r *Repository) SetRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, opt ...Option) ([]*RoleGrant, int, error)
SetRoleGrants sets grants on a role (roleId). The role's current db version must match the roleVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.
func (*Repository) SetUserAccounts ¶
func (r *Repository) SetUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, opt ...Option) ([]string, error)
SetUserAccounts will associate a user with existing accounts and return a list of all associated account ids for the user. The accounts must not already be associated with different users. No options are currently supported.
func (*Repository) UpdateGroup ¶
func (r *Repository) UpdateGroup(ctx context.Context, group *Group, version uint32, fieldMaskPaths []string, opt ...Option) (*Group, []*GroupMember, int, error)
UpdateGroup will update a group in the repository and return the written group. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name and Description are the only updatable fields, If no updatable fields are included in the fieldMaskPaths, then an error is returned.
func (*Repository) UpdateRole ¶
func (r *Repository) UpdateRole(ctx context.Context, role *Role, version uint32, fieldMaskPaths []string, opt ...Option) (*Role, []PrincipalRole, []*RoleGrant, int, error)
UpdateRole will update a role in the repository and return the written role. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name, Description, and GrantScopeId are the only updatable fields, If no updatable fields are included in the fieldMaskPaths, then an error is returned.
func (*Repository) UpdateScope ¶
func (r *Repository) UpdateScope(ctx context.Context, scope *Scope, version uint32, fieldMaskPaths []string, opt ...Option) (*Scope, int, error)
UpdateScope will update a scope in the repository and return the written scope. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name and Description are the only updatable fields, and everything else is ignored. If no updatable fields are included in the fieldMaskPaths, then an error is returned.
func (*Repository) UpdateUser ¶
func (r *Repository) UpdateUser(ctx context.Context, user *User, version uint32, fieldMaskPaths []string, opt ...Option) (*User, []string, int, error)
UpdateUser will update a user in the repository and return the written user plus its associated account ids. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name and Description are the only updatable fields, if no updatable fields are included in the fieldMaskPaths, then an error is returned.
type Resource ¶
type Resource interface { // GetPublicId is the resource ID used to access the resource via an API GetPublicId() string // GetName is the optional friendly name used to // access the resource via an API GetName() string // GetDescription is the optional description of the resource GetDescription() string // GetScope is the Scope that owns the Resource GetScope(ctx context.Context, r db.Reader) (*Scope, error) // Type of Resource (Target, Policy, User, Group, etc) ResourceType() resource.Type // Actions that can be assigned permissions for // the Resource in Policies. Action String() is key for // the map of Actions returned. Actions() map[string]action.Type }
Resource declares the shared behavior of IAM Resources
type ResourceWithScope ¶
type ResourceWithScope interface { GetPublicId() string GetScopeId() string // contains filtered or unexported methods }
ResourceWithScope defines an interface for Resources that have a scope
type Role ¶
Roles are granted permissions and assignable to Users and Groups.
func NewRole ¶
NewRole creates a new in memory role with a scope (project/org) allowed options include: withDescripion, WithName, withGrantScopeId.
func (*Role) ResourceType ¶
ResourceType returns the type of the Role.
func (*Role) SetTableName ¶
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
type RoleGrant ¶
RoleGrant defines the grants that are assigned to a role
func NewRoleGrant ¶
NewRoleGrant creates a new in memory role grant
func TestRoleGrant ¶
func (*RoleGrant) Clone ¶
func (g *RoleGrant) Clone() interface{}
Clone creates a clone of the RoleGrant
func (*RoleGrant) SetTableName ¶
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
type Scope ¶
Scope is used to create a hierarchy of "containers" that encompass the scope of an IAM resource. Scopes are Global, Orgs and Projects.
func LookupScope ¶
LookupScope looks up the resource's scope
func (*Scope) ResourceType ¶
ResourceType returns the type of scope
func (*Scope) SetTableName ¶
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*Scope) VetForWrite ¶
func (s *Scope) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error
VetForWrite implements db.VetForWrite() interface for scopes this function is intended to be callled by a db.Writer (Create and Update) to validate the scope before writing it to the db.
type User ¶
User defines boundary users which are scoped to an Org
func NewUser ¶
NewUser creates a new in memory user and allows options: WithName - to specify the user's friendly name and WithDescription - to specify a user description
func (*User) ResourceType ¶
ResourceType returns the type of the User
func (*User) SetTableName ¶
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
type UserRole ¶
UserRole is a user assigned to a role
func NewUserRole ¶
NewUserRole creates a new user role in memory. No options are supported currently.
func TestUserRole ¶
func (*UserRole) Clone ¶
func (r *UserRole) Clone() interface{}
Clone creates a clone of the UserRole.
func (*UserRole) SetTableName ¶
SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.
Source Files ¶
- account.go
- action.go
- docs.go
- group.go
- group_member.go
- ids.go
- options.go
- principal_role.go
- query.go
- repository.go
- repository_group.go
- repository_principal_role.go
- repository_role.go
- repository_role_grant.go
- repository_scope.go
- repository_user.go
- resource.go
- role.go
- role_grant.go
- scope.go
- testing.go
- user.go