Documentation ¶
Index ¶
- Constants
- Variables
- func NewErrPermissionDenied(message string, kv map[string]interface{}, err error) error
- func ValidateProjectIDFormat(projectID string) bool
- type Error
- type ExistsMemberCheckResult
- type ExistsMemberInheritOptions
- func WithCensoredNodes(resources []*ResourceID) ExistsMemberInheritOptions
- func WithRolesHaveOne(roles ...string) ExistsMemberInheritOptions
- func WithStep(step int) ExistsMemberInheritOptions
- func WithTopNode(resource *ResourceID) ExistsMemberInheritOptions
- func WithTopNodes(resources []*ResourceID) ExistsMemberInheritOptions
- type IamMember
- type ResourceID
- type ResourceManagerService
- func (s *ResourceManagerService) ConvertIamMember(member string) (*IamMember, error)
- func (s *ResourceManagerService) ExistsMemberInGCPProject(ctx context.Context, projectID string, email string, roles ...string) (bool, error)
- func (s *ResourceManagerService) ExistsMemberInGCPProjectWithInherit(ctx context.Context, projectID string, email string, ...) (bool, []*ExistsMemberCheckResult, error)
- func (s *ResourceManagerService) GetFolder(ctx context.Context, folder *ResourceID) (*crm.Folder, error)
- func (s *ResourceManagerService) GetFolders(ctx context.Context, parent *ResourceID) ([]*crm.Folder, error)
- func (s *ResourceManagerService) GetOrganization(ctx context.Context, organization *ResourceID) (*crm.Organization, error)
- func (s *ResourceManagerService) GetProject(ctx context.Context, projectID string) (*crm.Project, error)
- func (s *ResourceManagerService) GetProjects(ctx context.Context, parent *ResourceID) ([]*crm.Project, error)
- func (s *ResourceManagerService) GetRelatedProject(ctx context.Context, parent *ResourceID) ([]*crm.Project, error)
Constants ¶
const ( // ResourceTypeProject is projectを表すResourceType ResourceTypeProject = "project" // ResourceTypeFolder is folderを表すResourceType ResourceTypeFolder = "folder" // ResourceTypeOrganization is organizationを表すResourceType ResourceTypeOrganization = "organization" )
Variables ¶
var ErrPermissionDenied = &Error{ Code: "PermissionDenied", Message: "permission denied", KV: map[string]interface{}{}, }
ErrPermissionDenied is 権限エラーの時に返す
Functions ¶
func NewErrPermissionDenied ¶
NewErrPermissionDenied is return ErrPermissionDenied
func ValidateProjectIDFormat ¶
ValidateProjectIDFormat is ProjectIDのFormatを検証する
ProjectIDは、6〜30文字の小文字、数字、またはハイフンの一意の文字列である必要があります。 文字で始める必要があり、末尾にハイフンを付けることはできません。 https://cloud.google.com/resource-manager/docs/creating-managing-projects?hl=en#before_you_begin 仕様上、googleなどの文字を含むものは利用できないが、なんのワードが禁止なのか分からないので、チェックしていない。
Types ¶
type Error ¶
type Error struct { Code string Message string KV map[string]interface{} // contains filtered or unexported fields }
Error is Error情報を保持する struct
type ExistsMemberCheckResult ¶
type ExistsMemberCheckResult struct { Resource *ResourceID Exists bool TopNode bool CensoredNode bool StepOver bool Err error }
ExistsMemberCheckResult is 上位階層のIAMをチェックした履歴
type ExistsMemberInheritOptions ¶
type ExistsMemberInheritOptions func(*existsMemberInheritOption)
ExistsMemberInheritOptions is ExistsMemberInGCPProjectWithInherit に利用する options
func WithCensoredNodes ¶ added in v1.10.0
func WithCensoredNodes(resources []*ResourceID) ExistsMemberInheritOptions
WithCensoredNodes is 指定したResourceが現れたら、そのResourceの権限はチェックせずに遡るのをやめる
func WithRolesHaveOne ¶
func WithRolesHaveOne(roles ...string) ExistsMemberInheritOptions
WithRolesHaveOne is 指定したRoleの中のいずれか1つを持っているかを返す
func WithTopNode ¶
func WithTopNode(resource *ResourceID) ExistsMemberInheritOptions
WithTopNode is 階層を遡る時にそこまでいったらやめるポイントを指定する
func WithTopNodes ¶ added in v1.10.0
func WithTopNodes(resources []*ResourceID) ExistsMemberInheritOptions
WithTopNodes is 階層を遡る時にそこまでいったらやめるポイントを指定する
type ResourceID ¶
type ResourceID struct { // Id: Required field for the type-specific id. This should correspond // to the id // used in the type-specific API's. ID string `json:"id,omitempty"` // Type: Required field representing the resource type this id is // for. // At present, the valid types are: "organization", "folder", and // "project". Type string `json:"type,omitempty"` }
ResourceId: A container to reference an id for any resource type. A `resource` in Google Cloud Platform is a generic term for something you (a developer) may want to interact with through one of our API's. Some examples are an App Engine app, a Compute Engine instance, a Cloud SQL database, and so on.
func ConvertResourceID ¶
func ConvertResourceID(name string) (*ResourceID, error)
ConvertResourceID is "type/id" 形式の文字列をResourceIDに返還する e.g. folders/100, organizations/100
func NewResourceID ¶
func NewResourceID(resourceType string, id string) *ResourceID
NewResourceID is ResourceIDを生成する
func (*ResourceID) Name ¶
func (r *ResourceID) Name() string
Name is type/id 形式の文字列を返す e.g. organizations/1234, folders/1234
type ResourceManagerService ¶
type ResourceManagerService struct {
// contains filtered or unexported fields
}
func NewResourceManagerService ¶
func NewResourceManagerService(ctx context.Context, crmService *crm.Service) (*ResourceManagerService, error)
NewResourceManagerService is return ResourceManagerService
func (*ResourceManagerService) ConvertIamMember ¶
func (s *ResourceManagerService) ConvertIamMember(member string) (*IamMember, error)
ConvertIamMember is IAM RoleのAPIで取得できるMember文字列をIamMember structに変換して返す 削除済みのメンバーのフォーマットは https://cloud.google.com/iam/docs/policies#handle-deleted-members
func (*ResourceManagerService) ExistsMemberInGCPProject ¶
func (s *ResourceManagerService) ExistsMemberInGCPProject(ctx context.Context, projectID string, email string, roles ...string) (bool, error)
ExistsMemberInGCPProject is GCP Projectに指定したユーザが権限を持っているかを返す defaultだと何らかのroleを持っているかを返す。rolesを指定するといずれか1つ以上を持っているかを返す。
func (*ResourceManagerService) ExistsMemberInGCPProjectWithInherit ¶
func (s *ResourceManagerService) ExistsMemberInGCPProjectWithInherit(ctx context.Context, projectID string, email string, ops ...ExistsMemberInheritOptions) (bool, []*ExistsMemberCheckResult, error)
ExistsMemberInGCPProjectWithInherit is GCP Projectに指定したユーザが権限を持っているかを返す 対象のProjectの上位階層のIAMもチェックする。
func (*ResourceManagerService) GetFolder ¶
func (s *ResourceManagerService) GetFolder(ctx context.Context, folder *ResourceID) (*crm.Folder, error)
GetFolder is 指定したFolderIDのFolderを取得する
func (*ResourceManagerService) GetFolders ¶
func (s *ResourceManagerService) GetFolders(ctx context.Context, parent *ResourceID) ([]*crm.Folder, error)
Folders 指定した parent の下にあるすべてのFolderを返す 階層構造は保持せずにフラットにすべてのFolderを返す parent は `folders/{folder_id}` or `organizations/{org_id}` の形式で指定する 対象のparentの権限がない場合、 ErrPermissionDenied を返す
func (*ResourceManagerService) GetOrganization ¶
func (s *ResourceManagerService) GetOrganization(ctx context.Context, organization *ResourceID) (*crm.Organization, error)
GetOrganization is Organizationを取得する
func (*ResourceManagerService) GetProject ¶
func (s *ResourceManagerService) GetProject(ctx context.Context, projectID string) (*crm.Project, error)
GetProject is 指定したProjectIDのProjectを取得する projectID は "my-project-id" という値を渡されるのを期待している
func (*ResourceManagerService) GetProjects ¶
func (s *ResourceManagerService) GetProjects(ctx context.Context, parent *ResourceID) ([]*crm.Project, error)
Projects is 指定したリソース以下のProject一覧を返す 対象のparentの権限がない場合、 ErrPermissionDenied を返す
func (*ResourceManagerService) GetRelatedProject ¶
func (s *ResourceManagerService) GetRelatedProject(ctx context.Context, parent *ResourceID) ([]*crm.Project, error)
GetRelatedProject is 指定したParent配下のすべてのProjectを返す parentType : folders or organizations 対象のparentの権限がない場合、 ErrPermissionDenied を返す