iamspanner

package

v0.3.0 Latest Latest Go to latest Published: May 4, 2021 License: MIT Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/einride/iam-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package iamspanner provides a Spanner-based storage implementation of the iam.IAMPolicyService API.

Index ¶

type ReadTransaction
type Server
- func NewServer(client *spanner.Client, roles *iamregistry.Roles, ...) (*Server, error)
type ServerConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ReadTransaction ¶

type ReadTransaction interface {
	Read(context.Context, string, spanner.KeySet, []string) *spanner.RowIterator
	ReadWithOptions(context.Context, string, spanner.KeySet, []string, *spanner.ReadOptions) *spanner.RowIterator
}

ReadTransaction is an interface for Spanner read transactions.

type Server ¶

type Server struct {
	iam.UnimplementedIAMPolicyServer
	admin.UnimplementedIAMServer
	// contains filtered or unexported fields
}

Server is a Spanner implementation of the iam.IAMPolicyServer interface.

func NewServer ¶

func NewServer(
	client *spanner.Client,
	roles *iamregistry.Roles,
	memberResolver iammember.Resolver,
	config ServerConfig,
) (*Server, error)

NewServer creates a new Spanner IAM policy server.

func (*Server) GetIamPolicy ¶

func (s *Server) GetIamPolicy(
	ctx context.Context,
	request *iam.GetIamPolicyRequest,
) (*iam.Policy, error)

GetIamPolicy implements iam.IAMPolicyServer.

func (*Server) GetRole ¶

func (s *Server) GetRole(
	ctx context.Context,
	request *admin.GetRoleRequest,
) (*admin.Role, error)

GetRole implements admin.IAMServer.

func (*Server) ListRoles ¶

func (s *Server) ListRoles(
	ctx context.Context,
	request *admin.ListRolesRequest,
) (*admin.ListRolesResponse, error)

ListRoles implements admin.IAMServer.

func (*Server) QueryIamPolicyInTransaction ¶

func (s *Server) QueryIamPolicyInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	resource string,
) (*iam.Policy, error)

QueryIamPolicyInTransaction queries the IAM policy for a resource within the provided transaction.

func (*Server) QueryResourcesBoundToMemberAndPermission ¶

func (s *Server) QueryResourcesBoundToMemberAndPermission(
	ctx context.Context,
	member string,
	permission string,
) ([]string, error)

QueryResourcesBoundToMemberAndPermission reads all resources bound to the member and permission.

func (*Server) QueryResourcesBoundToMemberAndPermissionInTransaction ¶

func (s *Server) QueryResourcesBoundToMemberAndPermissionInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	member string,
	permission string,
) ([]string, error)

QueryResourcesBoundToMemberAndPermissionInTransaction reads all resources bound to the member and permission, within the provided Spanner transaction.

func (*Server) ReadRolesBoundToMembersAndResources ¶ added in v0.3.0

func (s *Server) ReadRolesBoundToMembersAndResources(
	ctx context.Context,
	members []string,
	resources []string,
	fn func(ctx context.Context, member, resource string, role *admin.Role) error,
) error

ReadRolesBoundToMembersAndResources reads all roles bound to the provided members and resources.

func (*Server) ReadRolesBoundToMembersAndResourcesInTransaction ¶ added in v0.3.0

func (s *Server) ReadRolesBoundToMembersAndResourcesInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	members []string,
	resources []string,
	fn func(ctx context.Context, member, resource string, role *admin.Role) error,
) error

ReadRolesBoundToMembersAndResourcesInTransaction reads all roles bound to members and resources within the provided Spanner transaction. Also considers roles bound to parent resources.

func (*Server) SetIamPolicy ¶

func (s *Server) SetIamPolicy(
	ctx context.Context,
	request *iam.SetIamPolicyRequest,
) (*iam.Policy, error)

SetIamPolicy implements iam.IAMPolicyServer.

func (*Server) TestIamPermissions ¶

func (s *Server) TestIamPermissions(
	ctx context.Context,
	request *iam.TestIamPermissionsRequest,
) (*iam.TestIamPermissionsResponse, error)

TestIamPermissions implements iam.IAMPolicyServer.

func (*Server) TestPermissionOnResource ¶

func (s *Server) TestPermissionOnResource(
	ctx context.Context,
	permission string,
	resource string,
) (bool, error)

TestPermissionOnResource tests if the caller has the specified permission on the specified resource.

func (*Server) TestPermissionOnResources ¶

func (s *Server) TestPermissionOnResources(
	ctx context.Context,
	permission string,
	resources []string,
) (map[string]bool, error)

TestPermissionOnResources tests if the caller has the specified permission on the specified resources.

func (*Server) ValidateIamPolicyFreshnessInTransaction ¶

func (s *Server) ValidateIamPolicyFreshnessInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	resource string,
	etag []byte,
) (bool, error)

ValidateIamPolicyFreshnessInTransaction validates the freshness of an IAM policy for a resource within the provided transaction.

type ServerConfig ¶

type ServerConfig struct {
	ErrorHook func(context.Context, error)
}

ServerConfig configures a Spanner IAM policy server.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
iamspannerdb

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL