Documentation ¶
Overview ¶
Package iamspanner provides a Spanner-based storage implementation of the IAMPolicy service.
Index ¶
- func SQLSchema() string
- type IAMServer
- func (s *IAMServer) GetIamPolicy(ctx context.Context, request *iam.GetIamPolicyRequest) (*iam.Policy, error)
- func (s *IAMServer) GetRole(ctx context.Context, request *admin.GetRoleRequest) (*admin.Role, error)
- func (s *IAMServer) ListRoles(ctx context.Context, request *admin.ListRolesRequest) (*admin.ListRolesResponse, error)
- func (s *IAMServer) ReadBindingsByMembersAndPermissions(ctx context.Context, members []string, permissions []string, ...) error
- func (s *IAMServer) ReadBindingsByMembersAndPermissionsInTransaction(ctx context.Context, tx ReadTransaction, members []string, ...) error
- func (s *IAMServer) ReadBindingsByResourcesAndMembers(ctx context.Context, resources []string, members []string, ...) error
- func (s *IAMServer) ReadBindingsByResourcesAndMembersInTransaction(ctx context.Context, tx ReadTransaction, resources []string, members []string, ...) error
- func (s *IAMServer) ReadPolicyInTransaction(ctx context.Context, tx ReadTransaction, resource string) (*iam.Policy, error)
- func (s *IAMServer) ReadWritePolicy(ctx context.Context, resource string, ...) (*iam.Policy, error)
- func (s *IAMServer) SetIamPolicy(ctx context.Context, request *iam.SetIamPolicyRequest) (*iam.Policy, error)
- func (s *IAMServer) TestIamPermissions(ctx context.Context, request *iam.TestIamPermissionsRequest) (*iam.TestIamPermissionsResponse, error)
- func (s *IAMServer) TestPermissionOnResource(ctx context.Context, permission string, resource string) (bool, error)
- func (s *IAMServer) TestPermissionOnResources(ctx context.Context, permission string, resources []string) (map[string]bool, error)
- func (s *IAMServer) TestResourcePermission(ctx context.Context, members []string, resource string, permission string) (bool, error)
- func (s *IAMServer) TestResourcePermissions(ctx context.Context, members []string, resourcePermissions map[string]string) (map[string]bool, error)
- func (s *IAMServer) ValidatePolicyFreshnessInTransaction(ctx context.Context, tx ReadTransaction, resource string, etag []byte) (bool, error)
- type ReadTransaction
- type ServerConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type IAMServer ¶ added in v0.7.0
type IAMServer struct { iam.UnimplementedIAMPolicyServer admin.UnimplementedIAMServer // contains filtered or unexported fields }
IAMServer is a Spanner implementation of the iam.IAMPolicyServer interface.
func NewIAMServer ¶ added in v0.10.0
func NewIAMServer( client *spanner.Client, roles []*admin.Role, memberResolver iammember.Resolver, config ServerConfig, ) (*IAMServer, error)
NewIAMServer creates a new Spanner IAM policy server.
func (*IAMServer) GetIamPolicy ¶ added in v0.7.0
func (s *IAMServer) GetIamPolicy( ctx context.Context, request *iam.GetIamPolicyRequest, ) (*iam.Policy, error)
GetIamPolicy implements iam.IAMPolicyServer.
func (*IAMServer) GetRole ¶ added in v0.7.0
func (s *IAMServer) GetRole( ctx context.Context, request *admin.GetRoleRequest, ) (*admin.Role, error)
GetRole implements admin.IAMServer.
func (*IAMServer) ListRoles ¶ added in v0.7.0
func (s *IAMServer) ListRoles( ctx context.Context, request *admin.ListRolesRequest, ) (*admin.ListRolesResponse, error)
ListRoles implements admin.IAMServer.
func (*IAMServer) ReadBindingsByMembersAndPermissions ¶ added in v0.24.0
func (s *IAMServer) ReadBindingsByMembersAndPermissions( ctx context.Context, members []string, permissions []string, fn func(ctx context.Context, resource string, role *admin.Role, member string) error, ) error
ReadBindingsByMembersAndPermissions reads all bindings for the provided members and permissions.
func (*IAMServer) ReadBindingsByMembersAndPermissionsInTransaction ¶ added in v0.24.0
func (s *IAMServer) ReadBindingsByMembersAndPermissionsInTransaction( ctx context.Context, tx ReadTransaction, members []string, permissions []string, fn func(ctx context.Context, resource string, role *admin.Role, member string) error, ) error
ReadBindingsByMembersAndPermissionsInTransaction reads all bindings for the provided members and permissions, within the provided Spanner transaction.
func (*IAMServer) ReadBindingsByResourcesAndMembers ¶ added in v0.24.0
func (s *IAMServer) ReadBindingsByResourcesAndMembers( ctx context.Context, resources []string, members []string, fn func(ctx context.Context, resource string, role *admin.Role, member string) error, ) error
ReadBindingsByResourcesAndMembers reads all roles bound to the provided members and resources.
func (*IAMServer) ReadBindingsByResourcesAndMembersInTransaction ¶ added in v0.24.0
func (s *IAMServer) ReadBindingsByResourcesAndMembersInTransaction( ctx context.Context, tx ReadTransaction, resources []string, members []string, fn func(ctx context.Context, resource string, role *admin.Role, member string) error, ) error
ReadBindingsByResourcesAndMembersInTransaction reads all roles bound to members and resources within the provided Spanner transaction. Also considers roles bound to parent resources.
func (*IAMServer) ReadPolicyInTransaction ¶ added in v0.24.0
func (s *IAMServer) ReadPolicyInTransaction( ctx context.Context, tx ReadTransaction, resource string, ) (*iam.Policy, error)
ReadPolicyInTransaction reads the IAM policy for a resource within the provided transaction.
func (*IAMServer) ReadWritePolicy ¶ added in v0.22.0
func (s *IAMServer) ReadWritePolicy( ctx context.Context, resource string, fn func(*iam.Policy) (*iam.Policy, error), ) (*iam.Policy, error)
ReadWritePolicy enables the caller to modify a policy in a read-write transaction.
func (*IAMServer) SetIamPolicy ¶ added in v0.7.0
func (s *IAMServer) SetIamPolicy( ctx context.Context, request *iam.SetIamPolicyRequest, ) (*iam.Policy, error)
SetIamPolicy implements iam.IAMPolicyServer.
func (*IAMServer) TestIamPermissions ¶ added in v0.7.0
func (s *IAMServer) TestIamPermissions( ctx context.Context, request *iam.TestIamPermissionsRequest, ) (*iam.TestIamPermissionsResponse, error)
TestIamPermissions implements iam.IAMPolicyServer.
func (*IAMServer) TestPermissionOnResource ¶ added in v0.7.0
func (s *IAMServer) TestPermissionOnResource( ctx context.Context, permission string, resource string, ) (bool, error)
TestPermissionOnResource tests if the caller has the specified permission on the specified resource.
func (*IAMServer) TestPermissionOnResources ¶ added in v0.7.0
func (s *IAMServer) TestPermissionOnResources( ctx context.Context, permission string, resources []string, ) (map[string]bool, error)
TestPermissionOnResources tests if the caller has the specified permission on the specified resources.
func (*IAMServer) TestResourcePermission ¶ added in v0.15.0
func (*IAMServer) TestResourcePermissions ¶ added in v0.15.0
func (*IAMServer) ValidatePolicyFreshnessInTransaction ¶ added in v0.24.0
func (s *IAMServer) ValidatePolicyFreshnessInTransaction( ctx context.Context, tx ReadTransaction, resource string, etag []byte, ) (bool, error)
ValidatePolicyFreshnessInTransaction validates the freshness of an IAM policy for a resource within the provided transaction.
type ReadTransaction ¶
type ReadTransaction interface { Read(context.Context, string, spanner.KeySet, []string) *spanner.RowIterator ReadWithOptions(context.Context, string, spanner.KeySet, []string, *spanner.ReadOptions) *spanner.RowIterator }
ReadTransaction is an interface for Spanner read transactions.
type ServerConfig ¶
ServerConfig configures a Spanner IAM policy server.