iampermission

package
v0.41.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 24, 2022 License: MIT Imports: 7 Imported by: 1

Documentation

Overview

Package iampermission provides primitives for working with IAM permissions. See: https://cloud.google.com/iam/docs/overview#permissions

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HasWildcard

func HasWildcard(permission string) bool

HasWildcard reports whether an IAM permission contains a wildcard '*' segment.

func Match

func Match(lhs, rhs string) bool

Match reports whether the lhs permission name matches the rhs permission. The lhs permission may contain a wildcard. The result will always be false when any of lhs or rhs are invalid, or if rhs contains a wildcard.

func ResolveLongRunningOperationPermission added in v0.32.0

func ResolveLongRunningOperationPermission(
	operationsPermissions []*iamv1.LongRunningOperationPermissions,
	operationRequest LongRunningOperationRequest,
) (string, bool)

ResolveLongRunningOperationPermission resolves a permission for a long-running operation.

func ResolveMethodPermission added in v0.32.0

func ResolveMethodPermission(
	options *iamv1.MethodAuthorizationOptions,
	resourceName string,
) (string, bool)

ResolveMethodPermission resolves a permission for a method, given the requested resource.

func ResolveResourcePermission added in v0.32.0

func ResolveResourcePermission(
	resourcePermissions []*iamv1.ResourcePermission,
	resourceName string,
) (string, bool)

ResolveResourcePermission resolves a permission for a resource name, given a set of resource permissions.

func Valid

func Valid(permission string) bool

Valid checks whether the provided permission is valid. See Validate for what constitutes a valid permission.

func Validate

func Validate(permission string) error

Validate a permission.

A permission is valid on the format `<service>.<resource>.<verb>`.

- It contains at most 3 segments. - When no segment is a wildcard, it contains exactly 3 segments. - All segments are non-empty. - All segments are lower-case. - The first (service) segment is not a wildcard. - A wildcard only occurs in the last segment.

Types

type LongRunningOperationRequest added in v0.32.0

type LongRunningOperationRequest interface {
	GetName() string
}

LongRunningOperationRequest is an interface for long-running operation requests.

type Scanner

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner scans an IAM permission.

func (*Scanner) Init

func (s *Scanner) Init(permission string)

Init initializes the scanner.

func (*Scanner) Scan

func (s *Scanner) Scan() bool

Scan to the next segment.

func (*Scanner) Segment

func (s *Scanner) Segment() string

Segment returns the current segment.

func (*Scanner) Wildcard

func (s *Scanner) Wildcard() bool

Wildcard reports whether the current segment is a wildcard.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL