permissions

package

v0.0.0-...-e5ec0a4 Latest Latest Go to latest Published: Feb 27, 2026 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation ¶

Overview ¶

Package permissions provides functions to check IAM permissions for workload agent platform services.

Index ¶

Constants
type Checker
- func NewPermissionsChecker(iamPermissionsYAML []byte) (*Checker, error)
- func (pc *Checker) FetchServicePermissionsStatus(ctx context.Context, iamService IAMService, serviceName string, ...) (map[string]bool, error)
type EntityPermissions
type IAMService
type ResourceDetails

Constants ¶

View Source

const (
	// ProjectResourceType is the resource type for Project.
	ProjectResourceType = "Project"
	// BucketResourceType is the resource type for Bucket.
	BucketResourceType = "Bucket"
	// DiskResourceType is the resource type for Disk.
	DiskResourceType = "Disk"
	// InstanceResourceType is the resource type for Instance.
	InstanceResourceType = "Instance"
	// SecretResourceType is the resource type for Secret.
	SecretResourceType = "Secret"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Checker ¶

type Checker struct {
	// contains filtered or unexported fields
}

Checker holds the parsed permissions configuration.

func NewPermissionsChecker ¶

func NewPermissionsChecker(iamPermissionsYAML []byte) (*Checker, error)

NewPermissionsChecker parses the YAML data and returns a new Checker.

func (*Checker) FetchServicePermissionsStatus ¶

func (pc *Checker) FetchServicePermissionsStatus(ctx context.Context, iamService IAMService, serviceName string, resDetails *ResourceDetails) (map[string]bool, error)

FetchServicePermissionsStatus checks if the required IAM permissions for a service/functionality are granted on the specified resource, and returns a map of permissions to granted/not granted. Assumes that the permissions are unique across all resource types for a service.

type EntityPermissions ¶

type EntityPermissions struct {
	Type        string   `yaml:"type"`
	Permissions []string `yaml:"permissions"`
}

EntityPermissions is a struct to hold the permissions for an entity.

type IAMService ¶

type IAMService interface {
	CheckIAMPermissionsOnProject(ctx context.Context, projectID string, permissions []string) ([]string, error)
	CheckIAMPermissionsOnBucket(ctx context.Context, bucketName string, permissions []string) ([]string, error)
	CheckIAMPermissionsOnDisk(ctx context.Context, projectID, zone, diskName string, permissions []string) ([]string, error)
	CheckIAMPermissionsOnInstance(ctx context.Context, projectID, zone, instanceName string, permissions []string) ([]string, error)
	CheckIAMPermissionsOnSecret(ctx context.Context, projectID, secretName string, permissions []string) ([]string, error)
}

IAMService is an interface for an IAM service.

type ResourceDetails ¶

type ResourceDetails struct {
	ProjectID    string
	Zone         string
	BucketName   string
	DiskName     string
	InstanceName string
	SecretName   string
}

ResourceDetails is a struct to hold the details of the resources (project/disk etc) on which the permissions are checked.

Source Files ¶

View all Source files

permissions.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL