Documentation
¶
Index ¶
- func BindingIsEqual(a *cloudresourcemanager.Binding, b *cloudresourcemanager.Binding) bool
- type APIKeys
- type CRM
- type DNS
- type IAMService
- type Keys
- type KeysClient
- type Namer
- func (n *Namer) GetAPIKeyID(org string) string
- func (n *Namer) GetAPIKeyName(org string) string
- func (n *Namer) GetAPIKeyParent() string
- func (n *Namer) GetProjectsName() string
- func (n *Namer) GetSecretID(org string) string
- func (n *Namer) GetSecretName(org string) string
- func (n *Namer) GetServiceAccountEmail(org string) string
- func (n *Namer) GetServiceAccountID(org string) string
- func (n *Namer) GetServiceAccountName(org string) string
- type Org
- type SecretManager
- func (s *SecretManager) CreateSecret(ctx context.Context, org string) error
- func (s *SecretManager) LoadKey(ctx context.Context, org string) (string, error)
- func (s *SecretManager) LoadOrCreateKey(ctx context.Context, org string) (string, error)
- func (s *SecretManager) StoreKey(ctx context.Context, org string, key string) error
- type SecretManagerClient
- type ServiceAccountsManager
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BindingIsEqual ¶
func BindingIsEqual(a *cloudresourcemanager.Binding, b *cloudresourcemanager.Binding) bool
BindingIsEqual checks wether the two provided bindings contain equal conditions, members, and roles.
Types ¶
type APIKeys ¶ added in v0.2.7
type APIKeys struct {
// contains filtered or unexported fields
}
APIKeys maintains state for allcoating API keys.
func NewAPIKeys ¶ added in v0.2.7
func NewAPIKeys(locateProj string, c KeysClient, n *Namer) *APIKeys
NewAPIKeys creates a new APIKeys instance for allocating API keys.
type CRM ¶
type CRM interface {
GetIamPolicy(ctx context.Context, req *cloudresourcemanager.GetIamPolicyRequest) (*cloudresourcemanager.Policy, error)
SetIamPolicy(ctx context.Context, req *cloudresourcemanager.SetIamPolicyRequest) error
}
CRM is a simplified interface to the Google Cloud Resource Manager API.
type DNS ¶
type DNS interface {
RegisterZone(ctx context.Context, zone *dns.ManagedZone) (*dns.ManagedZone, error)
RegisterZoneSplit(ctx context.Context, zone *dns.ManagedZone) (*dns.ResourceRecordSet, error)
}
DNS is a simplified interface to the Google Cloud DNS API.
type IAMService ¶
type IAMService interface {
GetServiceAccount(ctx context.Context, saName string) (*iam.ServiceAccount, error)
CreateServiceAccount(ctx context.Context, projName string, req *iam.CreateServiceAccountRequest) (*iam.ServiceAccount, error)
CreateKey(ctx context.Context, saName string, req *iam.CreateServiceAccountKeyRequest) (*iam.ServiceAccountKey, error)
}
IAMService defines the interface used to access the Google Cloud IAM Service.
type KeysClient ¶ added in v0.2.7
type KeysClient interface {
GetKeyString(ctx context.Context, req *apikeyspb.GetKeyStringRequest, opts ...gax.CallOption) (*apikeyspb.GetKeyStringResponse, error)
CreateKey(ctx context.Context, req *apikeyspb.CreateKeyRequest, opts ...gax.CallOption) (*apikeyspb.Key, error)
}
KeysClient defines the interface used by the APIKeys type to allocate API keys.
type Namer ¶
type Namer struct {
Project string
}
Namer contains metadata needed for resource naming.
func (*Namer) GetAPIKeyID ¶ added in v0.2.7
GetAPIKeyID returns the API key resource ID for the given org. e.g. autojoin-key-foo
func (*Namer) GetAPIKeyName ¶ added in v0.2.7
GetAPIKeyName returns the API key resource name for the given org. e.g. projects/mlab-foo/locations/global/keys/autojoin-key-foo
func (*Namer) GetAPIKeyParent ¶ added in v0.2.7
GetAPIKeyParent returns the parent API key resource name for this project. e.g. projects/mlab-foo/locations/global
func (*Namer) GetProjectsName ¶
GetProjectsPrefix returns a google cloud project resource name, e.g. projects/mlab-foo
func (*Namer) GetSecretID ¶
GetSecretID returns a secret ID for this org, e.g. autojoin-serviceaccount-key-org.
func (*Namer) GetSecretName ¶
GetSecretName returns the google cloud secret resource name, e.g. projects/mlab-foo/secrets/autojoin-serviceaccount-key-org
func (*Namer) GetServiceAccountEmail ¶
GetServiceAccountEmail returns a service account email for this org, e.g. autonode-org@mlab-foo.iam.gserviceaccount.com
func (*Namer) GetServiceAccountID ¶
GetServiceAccountID returns a service account ID for this org, e.g. autonode-org.
func (*Namer) GetServiceAccountName ¶
GetServiceAccountName returns a google cloud service account resource name, e.g. projects/mlab-foo/serviceAccounts/autonode-foo@mlab-foo.iam.gserviceaccount.com
type Org ¶
type Org struct {
Project string
// contains filtered or unexported fields
}
Org contains fields needed to setup a new organization for Autojoined nodes.
func NewOrg ¶
func NewOrg(project string, crm CRM, sam *ServiceAccountsManager, sm *SecretManager, dns DNS, k Keys, updateTables bool) *Org
NewOrg creates a new Org instance for setting up a new organization.
func (*Org) ApplyPolicy ¶
func (o *Org) ApplyPolicy(ctx context.Context, org string, account *iam.ServiceAccount, updateTables bool) error
ApplyPolicy adds write restrictions for shared GCS buckets. NOTE: By operating on project IAM policies, this method modifies project wide state.
func (*Org) RegisterDNS ¶
RegisterDNS creates the organization zone and the zone split within the project zone.
type SecretManager ¶
type SecretManager struct {
Namer *Namer
// contains filtered or unexported fields
}
SecretManager manages operations on secrets.
func NewSecretManager ¶
func NewSecretManager(smc SecretManagerClient, n *Namer, sam *ServiceAccountsManager) *SecretManager
NewSecretManager creates a new secret manager instance.
func (*SecretManager) CreateSecret ¶
func (s *SecretManager) CreateSecret(ctx context.Context, org string) error
CreateSecret creates a new secret for the given org using the naming convention of the instance Namer.
func (*SecretManager) LoadKey ¶
LoadKey loads a key from the org's secret. LoadKey returns error if the key is not found.
func (*SecretManager) LoadOrCreateKey ¶
LoadOrCreateKey is a single method to either create and store a key or read an existing key from SecretManager.
type SecretManagerClient ¶
type SecretManagerClient interface {
GetSecret(ctx context.Context, req *secretmanagerpb.GetSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error)
CreateSecret(ctx context.Context, req *secretmanagerpb.CreateSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error)
GetSecretVersion(ctx context.Context, req *secretmanagerpb.GetSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error)
AddSecretVersion(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error)
AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
}
SecretManagerClient is an interface describing operations on the Google Cloud Secret Manager API.
type ServiceAccountsManager ¶
type ServiceAccountsManager struct {
Namer *Namer
// contains filtered or unexported fields
}
ServiceAccountsManager contains resources needed for managing service accounts.
func NewServiceAccountsManager ¶
func NewServiceAccountsManager(ic IAMService, n *Namer) *ServiceAccountsManager
NewServiceAccountsManager creates a new ServiceAccountManager instance.
func (*ServiceAccountsManager) CreateKey ¶
func (s *ServiceAccountsManager) CreateKey(ctx context.Context, org string) (*iam.ServiceAccountKey, error)
CreateKey creates and returns a key for the service account associated with org.
func (*ServiceAccountsManager) CreateServiceAccount ¶
func (s *ServiceAccountsManager) CreateServiceAccount(ctx context.Context, org string) (*iam.ServiceAccount, error)
CreateServiceAccount returns a new service account for the given org. If the SA already exists, the existing resource is returned.
Source Files
Directories