iampermission

Documentation

Overview

Package iampermission provides primitives for working with IAM permissions. See: https://cloud.google.com/iam/docs/overview#permissions

Index

• func HasWildcard(permission string) bool
• func Match(lhs, rhs string) bool
• func Valid(permission string) bool
• func Validate(permission string) error
• type Scanner
  • func (s *Scanner) Init(permission string)
  • func (s *Scanner) Scan() bool
  • func (s *Scanner) Segment() string
  • func (s *Scanner) Wildcard() bool

Functions

func HasWildcard

func HasWildcard(permission string) bool

HasWildcard reports whether an IAM permission contains a wildcard '*' segment.

func Match

func Match(lhs, rhs string) bool

Match reports whether the lhs permission name matches the rhs permission. The lhs permission may contain a wildcard. The result will always be false when any of lhs or rhs are invalid, or if rhs contains a wildcard.

func Valid

func Valid(permission string) bool

Valid checks whether the provided permission is valid. See Validate for what constitutes a valid permission.

func Validate

func Validate(permission string) error

Validate a permission.

A permission is valid on the format `<service>.<resource>.<verb>`.

- It contains at most 3 segments. - When no segment is a wildcard, it contains exactly 3 segments. - All segments are non-empty. - All segments are lower-case. - The first (service) segment is not a wildcard. - A wildcard only occurs in the last segment.

Types

type Scanner

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner scans an IAM permission.

func (*Scanner) Init

func (s *Scanner) Init(permission string)

Init initializes the scanner.

func (*Scanner) Scan

func (s *Scanner) Scan() bool

Scan to the next segment.

func (*Scanner) Segment

func (s *Scanner) Segment() string

Segment returns the current segment.

func (*Scanner) Wildcard

func (s *Scanner) Wildcard() bool

Wildcard reports whether the current segment is a wildcard.