cloudresourcemanager

package
v1.23.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 19, 2024 License: MIT Imports: 11 Imported by: 2

Documentation

Index

Constants

View Source
const (
	// ResourceTypeProject is projectを表すResourceType
	ResourceTypeProject = "project"

	// ResourceTypeFolder is folderを表すResourceType
	ResourceTypeFolder = "folder"

	// ResourceTypeOrganization is organizationを表すResourceType
	ResourceTypeOrganization = "organization"
)

Variables

View Source
var ErrPermissionDenied = &Error{
	Code:    "PermissionDenied",
	Message: "permission denied",
	KV:      map[string]interface{}{},
}

ErrPermissionDenied is 権限エラーの時に返す

Functions

func NewErrPermissionDenied

func NewErrPermissionDenied(message string, kv map[string]interface{}, err error) error

NewErrPermissionDenied is return ErrPermissionDenied

func ValidateProjectIDFormat

func ValidateProjectIDFormat(projectID string) bool

ValidateProjectIDFormat is ProjectIDのFormatを検証する

ProjectIDは、6〜30文字の小文字、数字、またはハイフンの一意の文字列である必要があります。 文字で始める必要があり、末尾にハイフンを付けることはできません。 https://cloud.google.com/resource-manager/docs/creating-managing-projects?hl=en#before_you_begin 仕様上、googleなどの文字を含むものは利用できないが、なんのワードが禁止なのか分からないので、チェックしていない。

Types

type Error

type Error struct {
	Code    string
	Message string
	KV      map[string]interface{}
	// contains filtered or unexported fields
}

Error is Error情報を保持する struct

func (*Error) Error

func (e *Error) Error() string

Error is error interface func

func (*Error) Is

func (e *Error) Is(target error) bool

Is is err equal check

func (*Error) Unwrap

func (e *Error) Unwrap() error

Unwrap is return unwrap error

type ExistsMemberCheckResult

type ExistsMemberCheckResult struct {
	Resource     *ResourceID
	Exists       bool
	TopNode      bool
	CensoredNode bool
	StepOver     bool
	Err          error
}

ExistsMemberCheckResult is 上位階層のIAMをチェックした履歴

type ExistsMemberInheritOptions

type ExistsMemberInheritOptions func(*existsMemberInheritOption)

ExistsMemberInheritOptions is ExistsMemberInGCPProjectWithInherit に利用する options

func WithCensoredNodes added in v1.10.0

func WithCensoredNodes(resources ...*ResourceID) ExistsMemberInheritOptions

WithCensoredNodes is 指定したResourceが現れたら、そのResourceの権限はチェックせずに遡るのをやめる

func WithRolesHaveOne

func WithRolesHaveOne(roles ...string) ExistsMemberInheritOptions

WithRolesHaveOne is 指定したRoleの中のいずれか1つを持っているかを返す

func WithStep

func WithStep(step int) ExistsMemberInheritOptions

WithStep is 階層を遡る段数の限界を指定する

func WithTopNode

func WithTopNode(resource *ResourceID) ExistsMemberInheritOptions

WithTopNode is 階層を遡る時にそこまでいったらやめるポイントを指定する

func WithTopNodes added in v1.10.0

func WithTopNodes(resources ...*ResourceID) ExistsMemberInheritOptions

WithTopNodes is 階層を遡る時にそこまでいったらやめるポイントを指定する

type GetRelatedProjectOptions added in v1.12.0

type GetRelatedProjectOptions func(*getRelatedProjectOptions)

GetRelatedProjectOptions is GetRelatedProject()のOptions

func WithAPICallInterval added in v1.12.0

func WithAPICallInterval(apiCallCount int, interval time.Duration) GetRelatedProjectOptions

WithAPICallInterval is Cloud Resource Manager APIを実行する時にIntervalを置くようになる apiCallCountの回数実行後、interval待つ apiCallCountに0を指定すると、毎回interval待つ

func WithSkipResources added in v1.19.0

func WithSkipResources(resources ...*ResourceID) GetRelatedProjectOptions

WithSkipResources is SkipするResourceを指定する folderを指定した場合はfolder配下すべてをSkipする

type IamMember

type IamMember struct {
	Type    string
	Email   string
	Deleted bool
	UID     string
}

IamMember is GCP IAMのMember struct

type ResourceID

type ResourceID struct {
	// Id: Required field for the type-specific id. This should correspond
	// to the id
	// used in the type-specific API's.
	ID string `json:"id,omitempty"`

	// Type: Required field representing the resource type this id is
	// for.
	// At present, the valid types are: "organization", "folder", and
	// "project".
	Type string `json:"type,omitempty"`
}

ResourceId: A container to reference an id for any resource type. A `resource` in Google Cloud Platform is a generic term for something you (a developer) may want to interact with through one of our API's. Some examples are an App Engine app, a Compute Engine instance, a Cloud SQL database, and so on.

func ConvertResourceID

func ConvertResourceID(name string) (*ResourceID, error)

ConvertResourceID is "type/id" 形式の文字列をResourceIDに返還する e.g. folders/100, organizations/100

func NewResourceID

func NewResourceID(resourceType string, id string) *ResourceID

NewResourceID is ResourceIDを生成する

func (*ResourceID) Name

func (r *ResourceID) Name() string

Name is type/id 形式の文字列を返す e.g. organizations/1234, folders/1234

type ResourceManagerService

type ResourceManagerService struct {
	// contains filtered or unexported fields
}

func NewResourceManagerService

func NewResourceManagerService(ctx context.Context, crmService *crm.Service) (*ResourceManagerService, error)

NewResourceManagerService is return ResourceManagerService

func (*ResourceManagerService) ConvertIamMember

func (s *ResourceManagerService) ConvertIamMember(member string) (*IamMember, error)

ConvertIamMember is IAM RoleのAPIで取得できるMember文字列をIamMember structに変換して返す 削除済みのメンバーのフォーマットは https://cloud.google.com/iam/docs/policies#handle-deleted-members

func (*ResourceManagerService) ExistsMemberInGCPProject

func (s *ResourceManagerService) ExistsMemberInGCPProject(ctx context.Context, projectID string, email string, roles ...string) (exists bool, err error)

ExistsMemberInGCPProject is GCP Projectに指定したユーザが権限を持っているかを返す defaultだと何らかのroleを持っているかを返す。rolesを指定するといずれか1つ以上を持っているかを返す。

func (*ResourceManagerService) ExistsMemberInGCPProjectWithInherit

func (s *ResourceManagerService) ExistsMemberInGCPProjectWithInherit(ctx context.Context, projectID string, email string, ops ...ExistsMemberInheritOptions) (exists bool, results []*ExistsMemberCheckResult, err error)

ExistsMemberInGCPProjectWithInherit is GCP Projectに指定したユーザが権限を持っているかを返す 対象のProjectの上位階層のIAMもチェックする。

func (*ResourceManagerService) GetFolder

func (s *ResourceManagerService) GetFolder(ctx context.Context, folder *ResourceID) (fol *crm.Folder, err error)

GetFolder is 指定したFolderIDのFolderを取得する

func (*ResourceManagerService) GetFolders

func (s *ResourceManagerService) GetFolders(ctx context.Context, parent *ResourceID) (folders []*crm.Folder, err error)

Folders 指定した parent の下にあるすべてのFolderを返す 階層構造は保持せずにフラットにすべてのFolderを返す parent は `folders/{folder_id}` or `organizations/{org_id}` の形式で指定する 対象のparentの権限がない場合、 ErrPermissionDenied を返す

func (*ResourceManagerService) GetOrganization

func (s *ResourceManagerService) GetOrganization(ctx context.Context, organization *ResourceID) (org *crm.Organization, err error)

GetOrganization is Organizationを取得する

func (*ResourceManagerService) GetProject

func (s *ResourceManagerService) GetProject(ctx context.Context, projectID string) (project *crm.Project, err error)

GetProject is 指定したProjectIDのProjectを取得する projectID は "my-project-id" という値を渡されるのを期待している

func (*ResourceManagerService) GetProjects

func (s *ResourceManagerService) GetProjects(ctx context.Context, parent *ResourceID) (projects []*crm.Project, err error)

Projects is 指定したリソース以下のProject一覧を返す 対象のparentの権限がない場合、 ErrPermissionDenied を返す

func (*ResourceManagerService) GetRelatedProject

func (s *ResourceManagerService) GetRelatedProject(ctx context.Context, parent *ResourceID, ops ...GetRelatedProjectOptions) (projects []*crm.Project, err error)

GetRelatedProject is 指定したParent配下のすべてのProjectを返す parentType : folders or organizations 対象のparentの権限がない場合、 ErrPermissionDenied を返す

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL