Documentation ¶
Overview ¶
Package iamspanner provides a Spanner-based storage implementation of the IAMPolicy service.
Index ¶
- func SQLSchema() string
- type IAMServer
- func (s *IAMServer) GetIamPolicy(ctx context.Context, request *iam.GetIamPolicyRequest) (*iam.Policy, error)
- func (s *IAMServer) GetRole(ctx context.Context, request *admin.GetRoleRequest) (*admin.Role, error)
- func (s *IAMServer) ListRoles(ctx context.Context, request *admin.ListRolesRequest) (*admin.ListRolesResponse, error)
- func (s *IAMServer) QueryIamPolicyInTransaction(ctx context.Context, tx ReadTransaction, resource string) (*iam.Policy, error)
- func (s *IAMServer) QueryResourcesBoundToMemberAndPermission(ctx context.Context, member string, permission string) ([]string, error)
- func (s *IAMServer) QueryResourcesBoundToMemberAndPermissionInTransaction(ctx context.Context, tx ReadTransaction, member string, permission string) ([]string, error)
- func (s *IAMServer) ReadRolesBoundToMembersAndResources(ctx context.Context, members []string, resources []string, ...) error
- func (s *IAMServer) ReadRolesBoundToMembersAndResourcesInTransaction(ctx context.Context, tx ReadTransaction, members []string, resources []string, ...) error
- func (s *IAMServer) ReadWritePolicy(ctx context.Context, resource string, ...) (*iam.Policy, error)
- func (s *IAMServer) SetIamPolicy(ctx context.Context, request *iam.SetIamPolicyRequest) (*iam.Policy, error)
- func (s *IAMServer) TestIamPermissions(ctx context.Context, request *iam.TestIamPermissionsRequest) (*iam.TestIamPermissionsResponse, error)
- func (s *IAMServer) TestPermissionOnResource(ctx context.Context, permission string, resource string) (bool, error)
- func (s *IAMServer) TestPermissionOnResources(ctx context.Context, permission string, resources []string) (map[string]bool, error)
- func (s *IAMServer) TestResourcePermission(ctx context.Context, members []string, resource string, permission string) (bool, error)
- func (s *IAMServer) TestResourcePermissions(ctx context.Context, members []string, resourcePermissions map[string]string) (map[string]bool, error)
- func (s *IAMServer) ValidateIamPolicyFreshnessInTransaction(ctx context.Context, tx ReadTransaction, resource string, etag []byte) (bool, error)
- type ReadTransaction
- type ServerConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type IAMServer ¶ added in v0.7.0
type IAMServer struct { iam.UnimplementedIAMPolicyServer admin.UnimplementedIAMServer // contains filtered or unexported fields }
IAMServer is a Spanner implementation of the iam.IAMPolicyServer interface.
func NewIAMServer ¶ added in v0.10.0
func NewIAMServer( client *spanner.Client, roles *iamregistry.Roles, memberResolver iammember.Resolver, config ServerConfig, ) (*IAMServer, error)
NewIAMServer creates a new Spanner IAM policy server.
func (*IAMServer) GetIamPolicy ¶ added in v0.7.0
func (s *IAMServer) GetIamPolicy( ctx context.Context, request *iam.GetIamPolicyRequest, ) (*iam.Policy, error)
GetIamPolicy implements iam.IAMPolicyServer.
func (*IAMServer) GetRole ¶ added in v0.7.0
func (s *IAMServer) GetRole( ctx context.Context, request *admin.GetRoleRequest, ) (*admin.Role, error)
GetRole implements admin.IAMServer.
func (*IAMServer) ListRoles ¶ added in v0.7.0
func (s *IAMServer) ListRoles( ctx context.Context, request *admin.ListRolesRequest, ) (*admin.ListRolesResponse, error)
ListRoles implements admin.IAMServer.
func (*IAMServer) QueryIamPolicyInTransaction ¶ added in v0.7.0
func (s *IAMServer) QueryIamPolicyInTransaction( ctx context.Context, tx ReadTransaction, resource string, ) (*iam.Policy, error)
QueryIamPolicyInTransaction queries the IAM policy for a resource within the provided transaction.
func (*IAMServer) QueryResourcesBoundToMemberAndPermission ¶ added in v0.7.0
func (s *IAMServer) QueryResourcesBoundToMemberAndPermission( ctx context.Context, member string, permission string, ) ([]string, error)
QueryResourcesBoundToMemberAndPermission reads all resources bound to the member and permission.
func (*IAMServer) QueryResourcesBoundToMemberAndPermissionInTransaction ¶ added in v0.7.0
func (s *IAMServer) QueryResourcesBoundToMemberAndPermissionInTransaction( ctx context.Context, tx ReadTransaction, member string, permission string, ) ([]string, error)
QueryResourcesBoundToMemberAndPermissionInTransaction reads all resources bound to the member and permission, within the provided Spanner transaction.
func (*IAMServer) ReadRolesBoundToMembersAndResources ¶ added in v0.7.0
func (s *IAMServer) ReadRolesBoundToMembersAndResources( ctx context.Context, members []string, resources []string, fn func(ctx context.Context, member, resource string, role *admin.Role) error, ) error
ReadRolesBoundToMembersAndResources reads all roles bound to the provided members and resources.
func (*IAMServer) ReadRolesBoundToMembersAndResourcesInTransaction ¶ added in v0.7.0
func (s *IAMServer) ReadRolesBoundToMembersAndResourcesInTransaction( ctx context.Context, tx ReadTransaction, members []string, resources []string, fn func(ctx context.Context, member, resource string, role *admin.Role) error, ) error
ReadRolesBoundToMembersAndResourcesInTransaction reads all roles bound to members and resources within the provided Spanner transaction. Also considers roles bound to parent resources.
func (*IAMServer) ReadWritePolicy ¶ added in v0.22.0
func (s *IAMServer) ReadWritePolicy( ctx context.Context, resource string, fn func(*iam.Policy) (*iam.Policy, error), ) (*iam.Policy, error)
ReadWritePolicy enables the caller to modify a policy in a read-write transaction.
func (*IAMServer) SetIamPolicy ¶ added in v0.7.0
func (s *IAMServer) SetIamPolicy( ctx context.Context, request *iam.SetIamPolicyRequest, ) (*iam.Policy, error)
SetIamPolicy implements iam.IAMPolicyServer.
func (*IAMServer) TestIamPermissions ¶ added in v0.7.0
func (s *IAMServer) TestIamPermissions( ctx context.Context, request *iam.TestIamPermissionsRequest, ) (*iam.TestIamPermissionsResponse, error)
TestIamPermissions implements iam.IAMPolicyServer.
func (*IAMServer) TestPermissionOnResource ¶ added in v0.7.0
func (s *IAMServer) TestPermissionOnResource( ctx context.Context, permission string, resource string, ) (bool, error)
TestPermissionOnResource tests if the caller has the specified permission on the specified resource.
func (*IAMServer) TestPermissionOnResources ¶ added in v0.7.0
func (s *IAMServer) TestPermissionOnResources( ctx context.Context, permission string, resources []string, ) (map[string]bool, error)
TestPermissionOnResources tests if the caller has the specified permission on the specified resources.
func (*IAMServer) TestResourcePermission ¶ added in v0.15.0
func (*IAMServer) TestResourcePermissions ¶ added in v0.15.0
func (*IAMServer) ValidateIamPolicyFreshnessInTransaction ¶ added in v0.7.0
func (s *IAMServer) ValidateIamPolicyFreshnessInTransaction( ctx context.Context, tx ReadTransaction, resource string, etag []byte, ) (bool, error)
ValidateIamPolicyFreshnessInTransaction validates the freshness of an IAM policy for a resource within the provided transaction.
type ReadTransaction ¶
type ReadTransaction interface { Read(context.Context, string, spanner.KeySet, []string) *spanner.RowIterator ReadWithOptions(context.Context, string, spanner.KeySet, []string, *spanner.ReadOptions) *spanner.RowIterator }
ReadTransaction is an interface for Spanner read transactions.
type ServerConfig ¶
ServerConfig configures a Spanner IAM policy server.