iam

package
v0.10.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 12, 2022 License: MPL-2.0 Imports: 23 Imported by: 0

Documentation

Overview

iam package is for identity access management of boundary. It includes typical iam resources like Orgs, Projects, Users, Groups, etc.

Index

Constants

View Source
const (
	UserPrefix      = "u"
	GroupPrefix     = "g"
	RolePrefix      = "r"
	RoleGrantPrefix = "rg"
)

Variables

View Source
var ErrMetadataScopeNotFound = errors.NewDeprecated(errors.RecordNotFound, "iam", "scope not found for metadata", errors.WithoutEvent())

Functions

func CrudActions

func CrudActions() map[string]action.Type

CrudActions returns a standard set of actions for resources that support a CRUD API

func CrudlActions

func CrudlActions() map[string]action.Type

CrudlActions adds list to the standard set of actions for resources that support a CRUD API

func TestScopes

func TestScopes(t testing.TB, repo *Repository, opt ...Option) (org *Scope, prj *Scope)

TestScopes creates an org and project suitable for testing.

func TestSetPrimaryAuthMethod added in v0.2.0

func TestSetPrimaryAuthMethod(t testing.TB, repo *Repository, s *Scope, authMethodId string)

TestSetPrimaryAuthMethod will set the PrimaryAuthMethodId for a scope.

Types

type Cloneable

type Cloneable interface {
	Clone() interface{}
}

type Group

type Group struct {
	*store.Group
	// contains filtered or unexported fields
}

Group is made up of principals which are scoped to an org.

func NewGroup

func NewGroup(scopeId string, opt ...Option) (*Group, error)

NewGroup creates a new in memory group with a scope (project/org) and allowed options include: withDescripion, WithName.

func TestGroup

func TestGroup(t testing.TB, conn *db.DB, scopeId string, opt ...Option) *Group

TestGroup creates a group suitable for testing.

func (*Group) Actions

func (*Group) Actions() map[string]action.Type

Actions returns the available actions for Group

func (*Group) Clone

func (g *Group) Clone() interface{}

Clone creates a clone of the Group.

func (*Group) GetScope

func (g *Group) GetScope(ctx context.Context, r db.Reader) (*Scope, error)

GetScope returns the scope for the Group.

func (*Group) ResourceType

func (*Group) ResourceType() resource.Type

ResourceType returns the type of the Group.

func (*Group) SetTableName

func (g *Group) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*Group) TableName

func (g *Group) TableName() string

TableName returns the tablename to override the default gorm table name.

func (*Group) VetForWrite

func (g *Group) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the group before it's written.

type GroupMember

type GroupMember struct {
	*store.GroupMemberView
	// contains filtered or unexported fields
}

GroupMember provides a common way to return members.

func (*GroupMember) SetTableName

func (v *GroupMember) SetTableName(n string)

SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*GroupMember) TableName

func (v *GroupMember) TableName() string

TableName provides an overridden gorm table name for group members.

type GroupMemberUser

type GroupMemberUser struct {
	*store.GroupMemberUser
	// contains filtered or unexported fields
}

GroupMemberUser is a group member that's a User

func NewGroupMemberUser

func NewGroupMemberUser(groupId, userId string, _ ...Option) (*GroupMemberUser, error)

NewGroupMemberUser creates a new in memory user member of the group. No options are currently supported.

func TestGroupMember

func TestGroupMember(t testing.TB, conn *db.DB, groupId, userId string, opt ...Option) *GroupMemberUser

func (*GroupMemberUser) Clone

func (m *GroupMemberUser) Clone() interface{}

Clone creates a clone of the GroupMember

func (*GroupMemberUser) SetTableName

func (m *GroupMemberUser) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface

func (*GroupMemberUser) TableName

func (m *GroupMemberUser) TableName() string

TableName returns the tablename to override the default gorm table name

func (*GroupMemberUser) VetForWrite

func (m *GroupMemberUser) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface for group members.

type GroupRole

type GroupRole struct {
	*store.GroupRole
	// contains filtered or unexported fields
}

GroupRole is a group assigned to a role

func NewGroupRole

func NewGroupRole(roleId, groupId string, opt ...Option) (*GroupRole, error)

NewGroupRole creates a new group role in memory. No options are supported currently.

func TestGroupRole

func TestGroupRole(t testing.TB, conn *db.DB, roleId, grpId string, opt ...Option) *GroupRole

func (*GroupRole) Clone

func (r *GroupRole) Clone() interface{}

Clone creates a clone of the GroupRole.

func (*GroupRole) SetTableName

func (r *GroupRole) SetTableName(n string)

SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*GroupRole) TableName

func (r *GroupRole) TableName() string

TableName returns the tablename to override the default gorm table name for group roles.

func (*GroupRole) VetForWrite

func (role *GroupRole) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface for group roles.

type ManagedGroupRole added in v0.3.0

type ManagedGroupRole struct {
	*store.ManagedGroupRole
	// contains filtered or unexported fields
}

ManagedGroupRole is a managed group assigned to a role

func AllocManagedGroupRole added in v0.3.0

func AllocManagedGroupRole() ManagedGroupRole

AllocManagedGroupRole returns a new ManagedGroupRole with an initialized store.

func NewManagedGroupRole added in v0.3.0

func NewManagedGroupRole(roleId, managedGroupId string, opt ...Option) (*ManagedGroupRole, error)

NewGroupRole creates a new group role in memory. No options are supported currently.

func TestManagedGroupRole added in v0.3.0

func TestManagedGroupRole(t testing.TB, conn *db.DB, roleId, managedGrpId string, opt ...Option) *ManagedGroupRole

func (*ManagedGroupRole) Clone added in v0.3.0

func (r *ManagedGroupRole) Clone() interface{}

Clone creates a clone of the ManagedGroupRole.

func (*ManagedGroupRole) SetTableName added in v0.3.0

func (r *ManagedGroupRole) SetTableName(n string)

SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*ManagedGroupRole) TableName added in v0.3.0

func (r *ManagedGroupRole) TableName() string

TableName returns the tablename to override the default gorm table name for managed group roles.

func (ManagedGroupRole) VetForWrite added in v0.3.0

func (role ManagedGroupRole) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface for managed group roles.

type MemberType

type MemberType uint32

MemberType defines the possible membership types for groups. We don't surface this in the API as of yet as it's always user and we don't have plans for others currently.

const (
	UnknownMemberType MemberType = 0
	UserMemberType    MemberType = 1
)

func (MemberType) String

func (m MemberType) String() string

type Option

type Option func(*options)

Option - how Options are passed as arguments

func WithAccountIds added in v0.2.0

func WithAccountIds(id ...string) Option

WithAccountIds provides an option for specifying account ids to add to a user.

func WithDescription

func WithDescription(desc string) Option

WithDescription provides an optional description

func WithDisassociate

func WithDisassociate(enable bool) Option

WithDisassociate provides an option to allow the combining of disassociating and associating a user in one operation.

func WithGrantScopeId

func WithGrantScopeId(id string) Option

WithGrantScopeId provides an option to specify the scope ID for grants in roles.

func WithLimit

func WithLimit(limit int) Option

WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

func WithName

func WithName(name string) Option

WithName provides an option to search by a friendly name

func WithPrimaryAuthMethodId added in v0.2.0

func WithPrimaryAuthMethodId(id string) Option

WithPrimaryAuthMethodId provides an option to specify the primary auth method for the scope.

func WithPublicId

func WithPublicId(id string) Option

WithPublicId provides an optional public id

func WithRandomReader

func WithRandomReader(reader io.Reader) Option

WithRandomReader provides an option to specify a random reader.

func WithSkipAdminRoleCreation

func WithSkipAdminRoleCreation(enable bool) Option

WithSkipAdminRoleCreation provides an option to disable the automatic creation of an admin role when a new scope is created.

func WithSkipDefaultRoleCreation

func WithSkipDefaultRoleCreation(enable bool) Option

WithSkipDefaultRoleCreation provides an option to disable the automatic creation of a default role when a new scope is created.

func WithSkipVetForWrite

func WithSkipVetForWrite(enable bool) Option

WithSkipVetForWrite provides an option to allow skipping vet checks to allow testing lower-level SQL triggers and constraints

func WithUserId

func WithUserId(id string) Option

WithUserId provides an option to specify the user ID to use when creating roles with new scopes.

type PrincipalRole

type PrincipalRole struct {
	*store.PrincipalRoleView
	// contains filtered or unexported fields
}

PrincipalRole provides a common way to return roles regardless of their underlying type.

func (*PrincipalRole) SetTableName

func (v *PrincipalRole) SetTableName(n string)

SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*PrincipalRole) TableName

func (v *PrincipalRole) TableName() string

TableName provides an overridden gorm table name for principal roles.

type PrincipalSet added in v0.3.0

type PrincipalSet struct {
	AddUserRoles            []interface{}
	AddGroupRoles           []interface{}
	AddManagedGroupRoles    []interface{}
	DeleteUserRoles         []interface{}
	DeleteGroupRoles        []interface{}
	DeleteManagedGroupRoles []interface{}
	// unchangedPrincipalRoles is set iff there are no changes, that is, the
	// length of all other members is zero
	UnchangedPrincipalRoles []*PrincipalRole
}

type Repository

type Repository struct {
	// contains filtered or unexported fields
}

Repository is the iam database repository

func NewRepository

func NewRepository(r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*Repository, error)

NewRepository creates a new iam Repository. Supports the options: WithLimit which sets a default limit on results returned by repo operations.

func TestRepo

func TestRepo(t testing.TB, conn *db.DB, rootWrapper wrapping.Wrapper, opt ...Option) *Repository

TestRepo creates a repo that can be used for various purposes. Crucially, it ensures that the global scope contains a valid root key.

func (*Repository) AddGroupMembers

func (r *Repository) AddGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, _ ...Option) ([]*GroupMember, error)

AddGroupMembers provides the ability to add members (userIds) to a group (groupId). The group's current db version must match the groupVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) AddPrincipalRoles

func (r *Repository) AddPrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, _ ...Option) ([]*PrincipalRole, error)

AddPrincipalRoles provides the ability to add principals (userIds and groupIds) to a role (roleId). The role's current db version must match the roleVersion or an error will be returned. The list of current PrincipalRoles after the adds will be returned on success. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) AddRoleGrants

func (r *Repository) AddRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, _ ...Option) ([]*RoleGrant, error)

AddRoleGrant will add role grants associated with the role ID in the repository. No options are currently supported. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) AddUserAccounts

func (r *Repository) AddUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, _ ...Option) ([]string, error)

AddUserAccounts will associate a user with existing accounts and return a list of all associated account ids for the user. The accounts must not already be associated with different users. No options are currently supported.

func (*Repository) CreateGroup

func (r *Repository) CreateGroup(ctx context.Context, group *Group, _ ...Option) (*Group, error)

CreateGroup will create a group in the repository and return the written group. No options are currently supported.

func (*Repository) CreateRole

func (r *Repository) CreateRole(ctx context.Context, role *Role, _ ...Option) (*Role, error)

CreateRole will create a role in the repository and return the written role. No options are currently supported.

func (*Repository) CreateScope

func (r *Repository) CreateScope(ctx context.Context, s *Scope, userId string, opt ...Option) (*Scope, error)

CreateScope will create a scope in the repository and return the written scope. Supported options include: WithPublicId and WithRandomReader.

func (*Repository) CreateUser

func (r *Repository) CreateUser(ctx context.Context, user *User, opt ...Option) (*User, error)

CreateUser will create a user in the repository and return the written user

func (*Repository) DeleteGroup

func (r *Repository) DeleteGroup(ctx context.Context, withPublicId string, _ ...Option) (int, error)

DeleteGroup will delete a group from the repository.

func (*Repository) DeleteGroupMembers

func (r *Repository) DeleteGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, _ ...Option) (int, error)

DeleteGroupMembers (userIds) from a group (groupId). The group's current db version must match the groupVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) DeletePrincipalRoles

func (r *Repository) DeletePrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, _ ...Option) (int, error)

DeletePrincipalRoles principals (userIds and/or groupIds) from a role (roleId). The role's current db version must match the roleVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) DeleteRole

func (r *Repository) DeleteRole(ctx context.Context, withPublicId string, _ ...Option) (int, error)

DeleteRole will delete a role from the repository.

func (*Repository) DeleteRoleGrants

func (r *Repository) DeleteRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, _ ...Option) (int, error)

DeleteRoleGrants deletes grants (as strings) from a role (roleId). The role's current db version must match the roleVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) DeleteScope

func (r *Repository) DeleteScope(ctx context.Context, withPublicId string, _ ...Option) (int, error)

DeleteScope will delete a scope from the repository

func (*Repository) DeleteUser

func (r *Repository) DeleteUser(ctx context.Context, withPublicId string, _ ...Option) (int, error)

DeleteUser will delete a user from the repository

func (*Repository) DeleteUserAccounts

func (r *Repository) DeleteUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, _ ...Option) ([]string, error)

DeleteUserAccounts will disassociate a user from existing accounts and return a list of all associated account ids for the user. The accounts must not be associated with different users. No options are currently supported.

func (*Repository) GrantsForUser

func (r *Repository) GrantsForUser(ctx context.Context, userId string, _ ...Option) ([]perms.GrantTuple, error)

func (*Repository) ListGroupMembers

func (r *Repository) ListGroupMembers(ctx context.Context, withGroupId string, opt ...Option) ([]*GroupMember, error)

ListGroupMembers of a group and supports WithLimit option.

func (*Repository) ListGroups

func (r *Repository) ListGroups(ctx context.Context, withScopeIds []string, opt ...Option) ([]*Group, error)

ListGroups lists groups in the given scopes and supports WithLimit option.

func (*Repository) ListPrincipalRoles

func (r *Repository) ListPrincipalRoles(ctx context.Context, roleId string, opt ...Option) ([]*PrincipalRole, error)

ListPrincipalRoles returns the principal roles for the roleId and supports the WithLimit option.

func (*Repository) ListRoleGrants

func (r *Repository) ListRoleGrants(ctx context.Context, roleId string, opt ...Option) ([]*RoleGrant, error)

ListRoleGrants returns the grants for the roleId and supports the WithLimit option.

func (*Repository) ListRoles

func (r *Repository) ListRoles(ctx context.Context, withScopeIds []string, opt ...Option) ([]*Role, error)

ListRoles lists roles in the given scopes and supports WithLimit option.

func (*Repository) ListScopes added in v0.1.5

func (r *Repository) ListScopes(ctx context.Context, withParentIds []string, opt ...Option) ([]*Scope, error)

ListScopes with the parent IDs, supports the WithLimit option.

func (*Repository) ListScopesRecursively added in v0.1.5

func (r *Repository) ListScopesRecursively(ctx context.Context, rootScopeId string, opt ...Option) ([]*Scope, error)

ListScopesRecursively allows for recursive listing of scopes based on a root scope ID. It returns the root scope ID as a part of the set.

func (*Repository) ListUserAccounts

func (r *Repository) ListUserAccounts(ctx context.Context, userId string, opt ...Option) ([]string, error)

ListUserAccounts returns the account ids for the userId and supports the WithLimit option. Returns nil, nil when no associated accounts are found.

func (*Repository) ListUsers

func (r *Repository) ListUsers(ctx context.Context, withScopeIds []string, opt ...Option) ([]*User, error)

ListUsers lists users in the given scopes and supports the WithLimit option.

func (*Repository) LookupGroup

func (r *Repository) LookupGroup(ctx context.Context, withPublicId string, _ ...Option) (*Group, []*GroupMember, error)

LookupGroup will look up a group in the repository. If the group is not found, it will return nil, nil.

func (*Repository) LookupRole

func (r *Repository) LookupRole(ctx context.Context, withPublicId string, _ ...Option) (*Role, []*PrincipalRole, []*RoleGrant, error)

LookupRole will look up a role in the repository. If the role is not found, it will return nil, nil.

func (*Repository) LookupScope

func (r *Repository) LookupScope(ctx context.Context, withPublicId string, _ ...Option) (*Scope, error)

LookupScope will look up a scope in the repository. If the scope is not found, it will return nil, nil.

func (*Repository) LookupUser

func (r *Repository) LookupUser(ctx context.Context, userId string, _ ...Option) (*User, []string, error)

LookupUser will look up a user and its associated account ids in the repository. If the user is not found, it will return nil, nil, nil.

func (*Repository) LookupUserWithLogin

func (r *Repository) LookupUserWithLogin(ctx context.Context, accountId string, opt ...Option) (*User, error)

LookupUserWithLogin will attempt to lookup the user with a matching account id and return the user if found. If a user is not found and the account's scope is not the PrimaryAuthMethod, then an error is returned. If the account's scope is the PrimaryAuthMethod, then a new iam User will be created (autovivified) in the scope of the account, and associated with the account. If a new user is auto vivified, then the WithName and WithDescription options are supported as well.

func (*Repository) PrincipalsToSet added in v0.3.0

func (r *Repository) PrincipalsToSet(ctx context.Context, role *Role, userIds, groupIds, managedGroupIds []string) (*PrincipalSet, error)

TODO: Should this be moved inside the transaction, at this point? PrincipalsToSet sets principals on a role from the given lists.

func (*Repository) SetGroupMembers

func (r *Repository) SetGroupMembers(ctx context.Context, groupId string, groupVersion uint32, userIds []string, _ ...Option) ([]*GroupMember, int, error)

SetGroupMembers will set the group's members. If userIds is empty, the members will be cleared. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) SetPrincipalRoles

func (r *Repository) SetPrincipalRoles(ctx context.Context, roleId string, roleVersion uint32, principalIds []string, _ ...Option) ([]*PrincipalRole, int, error)

SetPrincipalRoles will set the role's principals. Set add and/or delete principals as need to reconcile the existing principals with the principals requested. If both userIds and groupIds are empty, the principal roles will be cleared. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) SetRoleGrants

func (r *Repository) SetRoleGrants(ctx context.Context, roleId string, roleVersion uint32, grants []string, _ ...Option) ([]*RoleGrant, int, error)

SetRoleGrants sets grants on a role (roleId). The role's current db version must match the roleVersion or an error will be returned. Zero is not a valid value for the WithVersion option and will return an error.

func (*Repository) SetUserAccounts

func (r *Repository) SetUserAccounts(ctx context.Context, userId string, userVersion uint32, accountIds []string, _ ...Option) ([]string, error)

SetUserAccounts will associate a user with existing accounts and return a list of all associated account ids for the user. The accounts must not already be associated with different users. No options are currently supported.

func (*Repository) UpdateGroup

func (r *Repository) UpdateGroup(ctx context.Context, group *Group, version uint32, fieldMaskPaths []string, _ ...Option) (*Group, []*GroupMember, int, error)

UpdateGroup will update a group in the repository and return the written group. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name and Description are the only updatable fields, If no updatable fields are included in the fieldMaskPaths, then an error is returned.

func (*Repository) UpdateRole

func (r *Repository) UpdateRole(ctx context.Context, role *Role, version uint32, fieldMaskPaths []string, _ ...Option) (*Role, []*PrincipalRole, []*RoleGrant, int, error)

UpdateRole will update a role in the repository and return the written role. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name, Description, and GrantScopeId are the only updatable fields, If no updatable fields are included in the fieldMaskPaths, then an error is returned.

func (*Repository) UpdateScope

func (r *Repository) UpdateScope(ctx context.Context, scope *Scope, version uint32, fieldMaskPaths []string, _ ...Option) (*Scope, int, error)

UpdateScope will update a scope in the repository and return the written scope. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name and Description are the only updatable fields, and everything else is ignored. If no updatable fields are included in the fieldMaskPaths, then an error is returned.

func (*Repository) UpdateUser

func (r *Repository) UpdateUser(ctx context.Context, user *User, version uint32, fieldMaskPaths []string, opt ...Option) (*User, []string, int, error)

UpdateUser will update a user in the repository and return the written user plus its associated account ids. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name and Description are the only updatable fields, if no updatable fields are included in the fieldMaskPaths, then an error is returned.

type Resource

type Resource interface {
	// GetPublicId is the resource ID used to access the resource via an API
	GetPublicId() string

	// GetName is the optional friendly name used to
	// access the resource via an API
	GetName() string

	// GetDescription is the optional description of the resource
	GetDescription() string

	// GetScope is the Scope that owns the Resource
	GetScope(ctx context.Context, r db.Reader) (*Scope, error)

	// Type of Resource (Target, Policy, User, Group, etc)
	ResourceType() resource.Type

	// Actions that can be assigned permissions for
	// the Resource in Policies. Action String() is key for
	// the map of Actions returned.
	Actions() map[string]action.Type
}

Resource declares the shared behavior of IAM Resources

type ResourceWithScope

type ResourceWithScope interface {
	GetPublicId() string
	GetScopeId() string
	// contains filtered or unexported methods
}

ResourceWithScope defines an interface for Resources that have a scope

type Role

type Role struct {
	*store.Role
	// contains filtered or unexported fields
}

Roles are granted permissions and assignable to Users and Groups.

func NewRole

func NewRole(scopeId string, opt ...Option) (*Role, error)

NewRole creates a new in memory role with a scope (project/org) allowed options include: withDescripion, WithName, withGrantScopeId.

func TestRole

func TestRole(t testing.TB, conn *db.DB, scopeId string, opt ...Option) *Role

TestRole creates a role suitable for testing.

func (*Role) Actions

func (*Role) Actions() map[string]action.Type

Actions returns the available actions for Role.

func (*Role) Clone

func (r *Role) Clone() interface{}

Clone creates a clone of the Role.

func (*Role) GetScope

func (role *Role) GetScope(ctx context.Context, r db.Reader) (*Scope, error)

Getscope returns the scope for the Role.

func (*Role) ResourceType

func (*Role) ResourceType() resource.Type

ResourceType returns the type of the Role.

func (*Role) SetTableName

func (r *Role) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*Role) TableName

func (r *Role) TableName() string

TableName returns the tablename to override the default gorm table name.

func (*Role) VetForWrite

func (role *Role) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface.

type RoleGrant

type RoleGrant struct {
	*store.RoleGrant
	// contains filtered or unexported fields
}

RoleGrant defines the grants that are assigned to a role

func NewRoleGrant

func NewRoleGrant(roleId string, grant string, _ ...Option) (*RoleGrant, error)

NewRoleGrant creates a new in memory role grant

func TestRoleGrant

func TestRoleGrant(t testing.TB, conn *db.DB, roleId, grant string, opt ...Option) *RoleGrant

func (*RoleGrant) Clone

func (g *RoleGrant) Clone() interface{}

Clone creates a clone of the RoleGrant

func (*RoleGrant) SetTableName

func (g *RoleGrant) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*RoleGrant) TableName

func (g *RoleGrant) TableName() string

TableName returns the tablename to override the default gorm table name

func (*RoleGrant) VetForWrite

func (g *RoleGrant) VetForWrite(ctx context.Context, _ db.Reader, _ db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface

type RoleType

type RoleType uint32

RoleType defines the possible types for roles.

const (
	UnknownRoleType      RoleType = 0
	UserRoleType         RoleType = 1
	GroupRoleType        RoleType = 2
	ManagedGroupRoleType RoleType = 3
)

func (RoleType) String

func (r RoleType) String() string

String returns a string representation of the role type.

type Scope

type Scope struct {
	*store.Scope
	// contains filtered or unexported fields
}

Scope is used to create a hierarchy of "containers" that encompass the scope of an IAM resource. Scopes are Global, Orgs and Projects.

func AllocScope added in v0.2.0

func AllocScope() Scope

func LookupScope

func LookupScope(ctx context.Context, reader db.Reader, resource ResourceWithScope) (*Scope, error)

LookupScope looks up the resource's scope

func NewOrg

func NewOrg(opt ...Option) (*Scope, error)

func NewProject

func NewProject(orgPublicId string, opt ...Option) (*Scope, error)

func TestOrg

func TestOrg(t testing.TB, repo *Repository, opt ...Option) *Scope

func TestProject added in v0.7.4

func TestProject(t testing.TB, repo *Repository, orgId string, opt ...Option) *Scope

func (*Scope) Actions

func (*Scope) Actions() map[string]action.Type

Actions returns the available actions for Scopes

func (*Scope) Clone

func (s *Scope) Clone() interface{}

Clone creates a clone of the Scope

func (*Scope) GetScope

func (s *Scope) GetScope(ctx context.Context, r db.Reader) (*Scope, error)

GetScope returns the scope for the "scope" if there is one defined

func (*Scope) ResourceType

func (s *Scope) ResourceType() resource.Type

ResourceType returns the type of scope

func (*Scope) SetTableName

func (s *Scope) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*Scope) TableName

func (s *Scope) TableName() string

TableName returns the tablename to override the default gorm table name

func (*Scope) VetForWrite

func (s *Scope) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface for scopes this function is intended to be callled by a db.Writer (Create and Update) to validate the scope before writing it to the db.

type User

type User struct {
	*store.User
	// contains filtered or unexported fields
}

User defines boundary users which are scoped to an Org

func AllocUser added in v0.2.1

func AllocUser() User

AllocUser will allocate an empty user

func NewUser

func NewUser(scopeId string, opt ...Option) (*User, error)

NewUser creates a new in memory user and allows options: WithName - to specify the user's friendly name and WithDescription - to specify a user description

func TestUser

func TestUser(t testing.TB, repo *Repository, scopeId string, opt ...Option) *User

TestUser creates a user suitable for testing. Supports the options: WithName, WithDescription and WithAccountIds.

func (*User) Actions

func (*User) Actions() map[string]action.Type

Actions returns the available actions for Users

func (*User) Clone

func (u *User) Clone() interface{}

Clone creates a clone of the User

func (*User) GetScope

func (u *User) GetScope(ctx context.Context, r db.Reader) (*Scope, error)

GetScope returns the scope for the User

func (*User) ResourceType

func (*User) ResourceType() resource.Type

ResourceType returns the type of the User

func (*User) SetTableName

func (u *User) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*User) TableName

func (u *User) TableName() string

TableName returns the tablename to override the default gorm table name

func (*User) VetForWrite

func (u *User) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the user before it's written.

type UserRole

type UserRole struct {
	*store.UserRole
	// contains filtered or unexported fields
}

UserRole is a user assigned to a role

func NewUserRole

func NewUserRole(roleId, userId string, _ ...Option) (*UserRole, error)

NewUserRole creates a new user role in memory. No options are supported currently.

func TestUserRole

func TestUserRole(t testing.TB, conn *db.DB, roleId, userId string, opt ...Option) *UserRole

func (*UserRole) Clone

func (r *UserRole) Clone() interface{}

Clone creates a clone of the UserRole.

func (*UserRole) SetTableName

func (r *UserRole) SetTableName(n string)

SetTableName sets the table name for the resource. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*UserRole) TableName

func (r *UserRole) TableName() string

TableName returns the tablename to override the default gorm table name for user roles.

func (*UserRole) VetForWrite

func (role *UserRole) VetForWrite(ctx context.Context, _ db.Reader, _ db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface for user roles.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL