iamspanner

package
v0.36.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2021 License: MIT Imports: 23 Imported by: 0

Documentation

Overview

Package iamspanner provides a Spanner-based storage implementation of the IAMPolicy service.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SQLSchema added in v0.4.0

func SQLSchema() string

SQLSchema returns the example Spanner SQL schema.

Types

type IAMServer added in v0.7.0

type IAMServer struct {
	iam.UnimplementedIAMPolicyServer
	admin.UnimplementedIAMServer
	// contains filtered or unexported fields
}

IAMServer is a Spanner implementation of the iam.IAMPolicyServer interface.

func NewIAMServer added in v0.10.0

func NewIAMServer(
	client *spanner.Client,
	roles []*admin.Role,
	callerResolver iamcaller.Resolver,
	config ServerConfig,
) (*IAMServer, error)

NewIAMServer creates a new Spanner IAM policy server.

func (*IAMServer) GetIamPolicy added in v0.7.0

func (s *IAMServer) GetIamPolicy(
	ctx context.Context,
	request *iam.GetIamPolicyRequest,
) (*iam.Policy, error)

GetIamPolicy implements iam.IAMPolicyServer.

func (*IAMServer) GetRole added in v0.7.0

func (s *IAMServer) GetRole(
	ctx context.Context,
	request *admin.GetRoleRequest,
) (*admin.Role, error)

GetRole implements admin.IAMServer.

func (*IAMServer) ListRoles added in v0.7.0

func (s *IAMServer) ListRoles(
	ctx context.Context,
	request *admin.ListRolesRequest,
) (*admin.ListRolesResponse, error)

ListRoles implements admin.IAMServer.

func (*IAMServer) ReadBindingsByMembersAndPermissions added in v0.24.0

func (s *IAMServer) ReadBindingsByMembersAndPermissions(
	ctx context.Context,
	members []string,
	permissions []string,
	fn func(ctx context.Context, resource string, role *admin.Role, member string) error,
) error

ReadBindingsByMembersAndPermissions reads all bindings for the provided members and permissions.

func (*IAMServer) ReadBindingsByMembersAndPermissionsInTransaction added in v0.24.0

func (s *IAMServer) ReadBindingsByMembersAndPermissionsInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	members []string,
	permissions []string,
	fn func(ctx context.Context, resource string, role *admin.Role, member string) error,
) error

ReadBindingsByMembersAndPermissionsInTransaction reads all bindings for the provided members and permissions, within the provided Spanner transaction.

func (*IAMServer) ReadBindingsByResourcesAndMembers added in v0.24.0

func (s *IAMServer) ReadBindingsByResourcesAndMembers(
	ctx context.Context,
	resources []string,
	members []string,
	fn func(ctx context.Context, resource string, role *admin.Role, member string) error,
) error

ReadBindingsByResourcesAndMembers reads all roles bound to the provided members and resources.

func (*IAMServer) ReadBindingsByResourcesAndMembersInTransaction added in v0.24.0

func (s *IAMServer) ReadBindingsByResourcesAndMembersInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	resources []string,
	members []string,
	fn func(ctx context.Context, resource string, role *admin.Role, member string) error,
) error

ReadBindingsByResourcesAndMembersInTransaction reads all roles bound to members and resources within the provided Spanner transaction. Also considers roles bound to parent resources.

func (*IAMServer) ReadPolicyInTransaction added in v0.24.0

func (s *IAMServer) ReadPolicyInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	resource string,
) (*iam.Policy, error)

ReadPolicyInTransaction reads the IAM policy for a resource within the provided transaction.

func (*IAMServer) ReadWritePolicy added in v0.22.0

func (s *IAMServer) ReadWritePolicy(
	ctx context.Context,
	resource string,
	fn func(*iam.Policy) (*iam.Policy, error),
) (*iam.Policy, error)

ReadWritePolicy enables the caller to modify a policy in a read-write transaction.

func (*IAMServer) SetIamPolicy added in v0.7.0

func (s *IAMServer) SetIamPolicy(
	ctx context.Context,
	request *iam.SetIamPolicyRequest,
) (*iam.Policy, error)

SetIamPolicy implements iam.IAMPolicyServer.

func (*IAMServer) TestIamPermissions added in v0.7.0

func (s *IAMServer) TestIamPermissions(
	ctx context.Context,
	request *iam.TestIamPermissionsRequest,
) (*iam.TestIamPermissionsResponse, error)

TestIamPermissions implements iam.IAMPolicyServer.

func (*IAMServer) TestPermissions added in v0.36.0

func (s *IAMServer) TestPermissions(
	ctx context.Context,
	caller *iamv1.Caller,
	resourcePermissions map[string]string,
) (map[string]bool, error)

TestPermissions implements iamcel.PermissionTester.

func (*IAMServer) ValidatePolicyFreshnessInTransaction added in v0.24.0

func (s *IAMServer) ValidatePolicyFreshnessInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	resource string,
	etag []byte,
) (bool, error)

ValidatePolicyFreshnessInTransaction validates the freshness of an IAM policy for a resource within the provided transaction.

type ReadTransaction

type ReadTransaction interface {
	Read(context.Context, string, spanner.KeySet, []string) *spanner.RowIterator
	ReadWithOptions(context.Context, string, spanner.KeySet, []string, *spanner.ReadOptions) *spanner.RowIterator
}

ReadTransaction is an interface for Spanner read transactions.

type ServerConfig

type ServerConfig struct {
	ErrorHook func(context.Context, error)
}

ServerConfig configures a Spanner IAM policy server.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL