iam

module

v0.9.0 Latest Latest Go to latest Published: May 9, 2021 License: MIT

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/einride/iam-go

Links

Open Source Insights

README ¶

IAM Go

An opinionated Open Source implementation of the google.iam.v1.IAMPolicy service API, using Cloud Spanner for storage.

Usage

1) Install

$ go get go.einride.tech/iam

2) Include the IAMPolicy mixin in your gRPC service

See google.iam.v1.IAMPolicy.

/* ... */
package your.pkg;

/* ... */

import "google/iam/v1/iam_policy.proto";
import "google/iam/v1/policy.proto";

/* ... */

service YourService {
  /* ... */

  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
    returns (google.iam.v1.Policy);
  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
    returns (google.iam.v1.Policy);
  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
    returns (google.iam.v1.TestIamPermissionsResponse);
}

3) Embed the IAMServer implementation in your server

See iamspanner.IAMServer.

// Server implements your gRPC API.
type Server struct {
	*iamspanner.IAMServer
	// ...
}

// Server now also implements the iam.IAMPolicyServer mixin.
var _ iam.IAMPolicyServer = &Server{}

4) Include the IAM policy bindings table in your Spanner SQL schema

See schema.sql.

5) Annotate your gRPC methods

Coming soon.

6) Generate authorization middleware

Coming soon.

Directories ¶

Path	Synopsis
cmd
iamctl Module
iamexample
iamexampledata Package iamexampledata provides predefined example data for the IAM example service.	Package iamexampledata provides predefined example data for the IAM example service.
iamexampledb
iammember Package iammember provides primitives for IAM member identifiers.	Package iammember provides primitives for IAM member identifiers.
iamgooglemember Package iamgooglemember provides primitives for resolving IAM members from Google ID tokens.	Package iamgooglemember provides primitives for resolving IAM members from Google ID tokens.
iampermission Package iampermission provides primitives for working with IAM permissions.	Package iampermission provides primitives for working with IAM permissions.
iampolicy
iamregistry Package iamregistry provides data structures to register lookup and resolve IAM roles and permissions.	Package iamregistry provides data structures to register lookup and resolve IAM roles and permissions.
iamresource
iamrole Package iamrole provides primitives and operations on IAM roles.	Package iamrole provides primitives and operations on IAM roles.
iamspanner Package iamspanner provides a Spanner-based storage implementation of the iam.IAMPolicyService API.	Package iamspanner provides a Spanner-based storage implementation of the iam.IAMPolicyService API.
iamspannerdb
iamtest Package iamtest provides primitives for unit testing IAM implementations.	Package iamtest provides primitives for unit testing IAM implementations.
proto
gen/einride/iam/example/v1
gen/einride/iam/v1

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL