iamspanner

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2021 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

Package iamspanner provides a Spanner-based storage implementation of the iam.IAMPolicyService API.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SQLSchema added in v0.4.0 

func SQLSchema() string

SQLSchema returns the example Spanner SQL schema.

Types

type IAMServer added in v0.7.0 

type IAMServer struct {
	iam.UnimplementedIAMPolicyServer
	admin.UnimplementedIAMServer
	// contains filtered or unexported fields
}

IAMServer is a Spanner implementation of the iam.IAMPolicyServer interface.

func NewServer 

func NewServer(
	client *spanner.Client,
	roles *iamregistry.Roles,
	memberResolver iammember.Resolver,
	config ServerConfig,
) (*IAMServer, error)

NewServer creates a new Spanner IAM policy server.

func (*IAMServer) GetIamPolicy added in v0.7.0 

func (s *IAMServer) GetIamPolicy(
	ctx context.Context,
	request *iam.GetIamPolicyRequest,
) (*iam.Policy, error)

GetIamPolicy implements iam.IAMPolicyServer.

func (*IAMServer) GetRole added in v0.7.0 

func (s *IAMServer) GetRole(
	ctx context.Context,
	request *admin.GetRoleRequest,
) (*admin.Role, error)

GetRole implements admin.IAMServer.

func (*IAMServer) ListRoles added in v0.7.0 

func (s *IAMServer) ListRoles(
	ctx context.Context,
	request *admin.ListRolesRequest,
) (*admin.ListRolesResponse, error)

ListRoles implements admin.IAMServer.

func (*IAMServer) QueryIamPolicyInTransaction added in v0.7.0 

func (s *IAMServer) QueryIamPolicyInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	resource string,
) (*iam.Policy, error)

QueryIamPolicyInTransaction queries the IAM policy for a resource within the provided transaction.

func (*IAMServer) QueryResourcesBoundToMemberAndPermission added in v0.7.0 

func (s *IAMServer) QueryResourcesBoundToMemberAndPermission(
	ctx context.Context,
	member string,
	permission string,
) ([]string, error)

QueryResourcesBoundToMemberAndPermission reads all resources bound to the member and permission.

func (*IAMServer) QueryResourcesBoundToMemberAndPermissionInTransaction added in v0.7.0 

func (s *IAMServer) QueryResourcesBoundToMemberAndPermissionInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	member string,
	permission string,
) ([]string, error)

QueryResourcesBoundToMemberAndPermissionInTransaction reads all resources bound to the member and permission, within the provided Spanner transaction.

func (*IAMServer) ReadRolesBoundToMembersAndResources added in v0.7.0 

func (s *IAMServer) ReadRolesBoundToMembersAndResources(
	ctx context.Context,
	members []string,
	resources []string,
	fn func(ctx context.Context, member, resource string, role *admin.Role) error,
) error

ReadRolesBoundToMembersAndResources reads all roles bound to the provided members and resources.

func (*IAMServer) ReadRolesBoundToMembersAndResourcesInTransaction added in v0.7.0 

func (s *IAMServer) ReadRolesBoundToMembersAndResourcesInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	members []string,
	resources []string,
	fn func(ctx context.Context, member, resource string, role *admin.Role) error,
) error

ReadRolesBoundToMembersAndResourcesInTransaction reads all roles bound to members and resources within the provided Spanner transaction. Also considers roles bound to parent resources.

func (*IAMServer) SetIamPolicy added in v0.7.0 

func (s *IAMServer) SetIamPolicy(
	ctx context.Context,
	request *iam.SetIamPolicyRequest,
) (*iam.Policy, error)

SetIamPolicy implements iam.IAMPolicyServer.

func (*IAMServer) TestIamPermissions added in v0.7.0 

func (s *IAMServer) TestIamPermissions(
	ctx context.Context,
	request *iam.TestIamPermissionsRequest,
) (*iam.TestIamPermissionsResponse, error)

TestIamPermissions implements iam.IAMPolicyServer.

func (*IAMServer) TestPermissionOnResource added in v0.7.0 

func (s *IAMServer) TestPermissionOnResource(
	ctx context.Context,
	permission string,
	resource string,
) (bool, error)

TestPermissionOnResource tests if the caller has the specified permission on the specified resource.

func (*IAMServer) TestPermissionOnResources added in v0.7.0 

func (s *IAMServer) TestPermissionOnResources(
	ctx context.Context,
	permission string,
	resources []string,
) (map[string]bool, error)

TestPermissionOnResources tests if the caller has the specified permission on the specified resources.

func (*IAMServer) ValidateIamPolicyFreshnessInTransaction added in v0.7.0 

func (s *IAMServer) ValidateIamPolicyFreshnessInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	resource string,
	etag []byte,
) (bool, error)

ValidateIamPolicyFreshnessInTransaction validates the freshness of an IAM policy for a resource within the provided transaction.

type ReadTransaction 

type ReadTransaction interface {
	Read(context.Context, string, spanner.KeySet, []string) *spanner.RowIterator
	ReadWithOptions(context.Context, string, spanner.KeySet, []string, *spanner.ReadOptions) *spanner.RowIterator
}

ReadTransaction is an interface for Spanner read transactions.

type ServerConfig 

type ServerConfig struct {
	ErrorHook func(context.Context, error)
}

ServerConfig configures a Spanner IAM policy server.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.