Documentation
¶
Overview ¶
Package iamspanner provides a Spanner-based storage implementation of the IAMPolicy service.
Index ¶
- func SQLSchema() string
- type IAMServer
- func (s *IAMServer) GetIamPolicy(ctx context.Context, request *iampb.GetIamPolicyRequest) (*iampb.Policy, error)
- func (s *IAMServer) GetRole(ctx context.Context, request *adminpb.GetRoleRequest) (*adminpb.Role, error)
- func (s *IAMServer) ListRoles(ctx context.Context, request *adminpb.ListRolesRequest) (*adminpb.ListRolesResponse, error)
- func (s *IAMServer) ReadBindingsByMembersAndPermissions(ctx context.Context, members []string, permissions []string, ...) error
- func (s *IAMServer) ReadBindingsByMembersAndPermissionsInTransaction(ctx context.Context, tx ReadTransaction, members []string, ...) error
- func (s *IAMServer) ReadBindingsByResourcesAndMembers(ctx context.Context, resources []string, members []string, ...) error
- func (s *IAMServer) ReadBindingsByResourcesAndMembersInTransaction(ctx context.Context, tx ReadTransaction, resources []string, members []string, ...) error
- func (s *IAMServer) ReadPolicyInTransaction(ctx context.Context, tx ReadTransaction, resource string) (*iampb.Policy, error)
- func (s *IAMServer) ReadWritePolicy(ctx context.Context, resource string, ...) (*iampb.Policy, error)
- func (s *IAMServer) SetIamPolicy(ctx context.Context, request *iampb.SetIamPolicyRequest) (*iampb.Policy, error)
- func (s *IAMServer) SetIamPolicyWithFunctionsInTransaction(ctx context.Context, request *iampb.SetIamPolicyRequest, ...) (*iampb.Policy, error)
- func (s *IAMServer) TestIamPermissions(ctx context.Context, request *iampb.TestIamPermissionsRequest) (*iampb.TestIamPermissionsResponse, error)
- func (s *IAMServer) TestPermissions(ctx context.Context, caller *iamv1.Caller, ...) (map[string]bool, error)
- func (s *IAMServer) ValidatePolicyFreshnessInTransaction(ctx context.Context, tx ReadTransaction, resource string, etag []byte) (bool, error)
- type InsideSetIamPolicyTransaction
- type ReadTransaction
- type ServerConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type IAMServer ¶ added in v0.7.0
type IAMServer struct {
iampb.UnimplementedIAMPolicyServer
adminpb.UnimplementedIAMServer
// contains filtered or unexported fields
}
IAMServer is a Spanner implementation of the iampb.IAMPolicyServer interface.
func NewIAMServer ¶ added in v0.10.0
func NewIAMServer( client *spanner.Client, roles []*adminpb.Role, callerResolver iamcaller.Resolver, config ServerConfig, ) (*IAMServer, error)
NewIAMServer creates a new Spanner IAM policy server.
func (*IAMServer) GetIamPolicy ¶ added in v0.7.0
func (s *IAMServer) GetIamPolicy( ctx context.Context, request *iampb.GetIamPolicyRequest, ) (*iampb.Policy, error)
GetIamPolicy implements iampb.IAMPolicyServer.
func (*IAMServer) GetRole ¶ added in v0.7.0
func (s *IAMServer) GetRole( ctx context.Context, request *adminpb.GetRoleRequest, ) (*adminpb.Role, error)
GetRole implements adminpb.IAMServer.
func (*IAMServer) ListRoles ¶ added in v0.7.0
func (s *IAMServer) ListRoles( ctx context.Context, request *adminpb.ListRolesRequest, ) (*adminpb.ListRolesResponse, error)
ListRoles implements adminpb.IAMServer.
func (*IAMServer) ReadBindingsByMembersAndPermissions ¶ added in v0.24.0
func (s *IAMServer) ReadBindingsByMembersAndPermissions( ctx context.Context, members []string, permissions []string, fn func(ctx context.Context, resource string, role *adminpb.Role, member string) error, ) error
ReadBindingsByMembersAndPermissions reads all bindings for the provided members and permissions.
func (*IAMServer) ReadBindingsByMembersAndPermissionsInTransaction ¶ added in v0.24.0
func (s *IAMServer) ReadBindingsByMembersAndPermissionsInTransaction( ctx context.Context, tx ReadTransaction, members []string, permissions []string, fn func(ctx context.Context, resource string, role *adminpb.Role, member string) error, ) error
ReadBindingsByMembersAndPermissionsInTransaction reads all bindings for the provided members and permissions, within the provided Spanner transaction.
func (*IAMServer) ReadBindingsByResourcesAndMembers ¶ added in v0.24.0
func (s *IAMServer) ReadBindingsByResourcesAndMembers( ctx context.Context, resources []string, members []string, fn func(ctx context.Context, resource string, role *adminpb.Role, member string) error, ) error
ReadBindingsByResourcesAndMembers reads all roles bound to the provided members and resources.
func (*IAMServer) ReadBindingsByResourcesAndMembersInTransaction ¶ added in v0.24.0
func (s *IAMServer) ReadBindingsByResourcesAndMembersInTransaction( ctx context.Context, tx ReadTransaction, resources []string, members []string, fn func(ctx context.Context, resource string, role *adminpb.Role, member string) error, ) error
ReadBindingsByResourcesAndMembersInTransaction reads all roles bound to members and resources within the provided Spanner transaction. Also considers roles bound to parent resources.
func (*IAMServer) ReadPolicyInTransaction ¶ added in v0.24.0
func (s *IAMServer) ReadPolicyInTransaction( ctx context.Context, tx ReadTransaction, resource string, ) (*iampb.Policy, error)
ReadPolicyInTransaction reads the IAM policy for a resource within the provided transaction.
func (*IAMServer) ReadWritePolicy ¶ added in v0.22.0
func (s *IAMServer) ReadWritePolicy( ctx context.Context, resource string, fn func(*iampb.Policy) (*iampb.Policy, error), ) (*iampb.Policy, error)
ReadWritePolicy enables the caller to modify a policy in a read-write transaction.
func (*IAMServer) SetIamPolicy ¶ added in v0.7.0
func (s *IAMServer) SetIamPolicy( ctx context.Context, request *iampb.SetIamPolicyRequest, ) (*iampb.Policy, error)
SetIamPolicy implements iampb.IAMPolicyServer.
func (*IAMServer) SetIamPolicyWithFunctionsInTransaction ¶ added in v0.47.0
func (s *IAMServer) SetIamPolicyWithFunctionsInTransaction( ctx context.Context, request *iampb.SetIamPolicyRequest, fns ...InsideSetIamPolicyTransaction, ) (*iampb.Policy, error)
SetIamPolicyWithFunctionsInTransaction handles a SetIamPolicy request but allows for functions to be called within the spanner.ReadWriteTransaction.
func (*IAMServer) TestIamPermissions ¶ added in v0.7.0
func (s *IAMServer) TestIamPermissions( ctx context.Context, request *iampb.TestIamPermissionsRequest, ) (*iampb.TestIamPermissionsResponse, error)
TestIamPermissions implements iampb.IAMPolicyServer.
func (*IAMServer) TestPermissions ¶ added in v0.36.0
func (s *IAMServer) TestPermissions( ctx context.Context, caller *iamv1.Caller, resourcePermissions map[string]string, ) (map[string]bool, error)
TestPermissions implements iamcel.PermissionTester.
func (*IAMServer) ValidatePolicyFreshnessInTransaction ¶ added in v0.24.0
func (s *IAMServer) ValidatePolicyFreshnessInTransaction( ctx context.Context, tx ReadTransaction, resource string, etag []byte, ) (bool, error)
ValidatePolicyFreshnessInTransaction validates the freshness of an IAM policy for a resource within the provided transaction.
type InsideSetIamPolicyTransaction ¶ added in v0.47.0
type InsideSetIamPolicyTransaction func(context.Context, *spanner.ReadWriteTransaction, *iampb.Policy) error
InsideSetIamPolicyTransaction describes a function that is called within the spanner.ReadWriteTransaction in IAMServer.SetIamPolicyWithFunctionsInTransaction. The policy provided is the request policy that is applied afterwards. If the function returns a non-nil error, the transaction will not be committed.
type ReadTransaction ¶
type ReadTransaction interface {
Read(context.Context, string, spanner.KeySet, []string) *spanner.RowIterator
ReadWithOptions(context.Context, string, spanner.KeySet, []string, *spanner.ReadOptions) *spanner.RowIterator
}
ReadTransaction is an interface for Spanner read transactions.
type ServerConfig ¶
type ServerConfig struct {
// ErrorHook is called when errors occur in the IAMServer.
ErrorHook func(context.Context, error)
// ValidateMember is a custom IAM member validator.
// When not provided, iammember.Validate will be used.
ValidateMember func(string) error
}
ServerConfig configures a Spanner IAM policy server.
Source Files
Directories