adminx

package

v0.2.4 Latest Latest Go to latest Published: Sep 11, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/m-lab/autojoin

Links

Open Source Insights

Documentation ¶

Index ¶

func BindingIsEqual(a *cloudresourcemanager.Binding, b *cloudresourcemanager.Binding) bool
type CRM
type DNS
type IAMService
type Namer
- func NewNamer(proj string) *Namer
type Org
- func NewOrg(project string, crm CRM, sam *ServiceAccountsManager, sm *SecretManager, ...) *Org
type SecretManager
- func NewSecretManager(smc SecretManagerClient, n *Namer, sam *ServiceAccountsManager) *SecretManager
type SecretManagerClient
type ServiceAccountsManager
- func NewServiceAccountsManager(ic IAMService, n *Namer) *ServiceAccountsManager
- func (s *ServiceAccountsManager) CreateKey(ctx context.Context, org string) (*iam.ServiceAccountKey, error)
- func (s *ServiceAccountsManager) CreateServiceAccount(ctx context.Context, org string) (*iam.ServiceAccount, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BindingIsEqual ¶

func BindingIsEqual(a *cloudresourcemanager.Binding, b *cloudresourcemanager.Binding) bool

BindingIsEqual checks wether the two provided bindings contain equal conditions, members, and roles.

Types ¶

type CRM ¶

type CRM interface {
	GetIamPolicy(ctx context.Context, req *cloudresourcemanager.GetIamPolicyRequest) (*cloudresourcemanager.Policy, error)
	SetIamPolicy(ctx context.Context, req *cloudresourcemanager.SetIamPolicyRequest) error
}

CRM is a simplified interface to the Google Cloud Resource Manager API.

type DNS ¶

type DNS interface {
	RegisterZone(ctx context.Context, zone *dns.ManagedZone) (*dns.ManagedZone, error)
	RegisterZoneSplit(ctx context.Context, zone *dns.ManagedZone) (*dns.ResourceRecordSet, error)
}

DNS is a simplified interface to the Google Cloud DNS API.

type IAMService ¶

type IAMService interface {
	GetServiceAccount(ctx context.Context, saName string) (*iam.ServiceAccount, error)
	CreateServiceAccount(ctx context.Context, projName string, req *iam.CreateServiceAccountRequest) (*iam.ServiceAccount, error)
	CreateKey(ctx context.Context, saName string, req *iam.CreateServiceAccountKeyRequest) (*iam.ServiceAccountKey, error)
}

IAMService defines the interface used to access the Google Cloud IAM Service.

type Namer ¶

type Namer struct {
	Project string
}

Namer contains metadata needed for resource naming.

func NewNamer ¶

func NewNamer(proj string) *Namer

NewNamer creates a new Namer instance for the given project.

func (*Namer) GetProjectsName ¶

func (n *Namer) GetProjectsName() string

GetProjectsPrefix returns a google cloud project resource name, e.g. projects/mlab-foo

func (*Namer) GetSecretID ¶

func (n *Namer) GetSecretID(org string) string

GetSecretID returns a secret ID for this org, e.g. autojoin-serviceaccount-key-org.

func (*Namer) GetSecretName ¶

func (n *Namer) GetSecretName(org string) string

GetSecretName returns the google cloud secret resource name, e.g. projects/mlab-foo/secrets/autojoin-serviceaccount-key-org

func (*Namer) GetServiceAccountEmail ¶

func (n *Namer) GetServiceAccountEmail(org string) string

GetServiceAccountEmail returns a service account email for this org, e.g. autonode-org@mlab-foo.iam.gserviceaccount.com

func (*Namer) GetServiceAccountID ¶

func (n *Namer) GetServiceAccountID(org string) string

GetServiceAccountID returns a service account ID for this org, e.g. autonode-org.

func (*Namer) GetServiceAccountName ¶

func (n *Namer) GetServiceAccountName(org string) string

GetServiceAccountName returns a google cloud service account resource name, e.g. projects/mlab-foo/serviceAccounts/autonode-foo@mlab-foo.iam.gserviceaccount.com

type Org ¶

type Org struct {
	Project string
	// contains filtered or unexported fields
}

Org contains fields needed to setup a new organization for Autojoined nodes.

func NewOrg ¶

func NewOrg(project string, crm CRM, sam *ServiceAccountsManager, sm *SecretManager, dns DNS) *Org

NewOrg creates a new Org instance for setting up a new organization.

func (*Org) ApplyPolicy ¶

func (o *Org) ApplyPolicy(ctx context.Context, org string, account *iam.ServiceAccount) error

ApplyPolicy adds write restrictions for shared GCS buckets. NOTE: By operating on project IAM policies, this method modifies project wide state.

func (*Org) RegisterDNS ¶

func (o *Org) RegisterDNS(ctx context.Context, org string) error

RegisterDNS creates the organization zone and the zone split within the project zone.

func (*Org) Setup ¶

func (o *Org) Setup(ctx context.Context, org string) error

Setup should be run once on org creation to create all Google Cloud resources needed by the Autojoin API.

type SecretManager ¶

type SecretManager struct {
	Namer *Namer
	// contains filtered or unexported fields
}

SecretManager manages operations on secrets.

func NewSecretManager ¶

func NewSecretManager(smc SecretManagerClient, n *Namer, sam *ServiceAccountsManager) *SecretManager

NewSecretManager creates a new secret manager instance.

func (*SecretManager) CreateSecret ¶

func (s *SecretManager) CreateSecret(ctx context.Context, org string) error

CreateSecret creates a new secret for the given org using the naming convention of the instance Namer.

func (*SecretManager) LoadKey ¶

func (s *SecretManager) LoadKey(ctx context.Context, org string) (string, error)

LoadKey loads a key from the org's secret. LoadKey returns error if the key is not found.

func (*SecretManager) LoadOrCreateKey ¶

func (s *SecretManager) LoadOrCreateKey(ctx context.Context, org string) (string, error)

LoadOrCreateKey is a single method to either create and store a key or read an existing key from SecretManager.

func (*SecretManager) StoreKey ¶

func (s *SecretManager) StoreKey(ctx context.Context, org string, key string) error

StoreKey saves the given key in the org's secret.

type SecretManagerClient ¶

type SecretManagerClient interface {
	GetSecret(ctx context.Context, req *secretmanagerpb.GetSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error)
	CreateSecret(ctx context.Context, req *secretmanagerpb.CreateSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error)
	GetSecretVersion(ctx context.Context, req *secretmanagerpb.GetSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error)
	AddSecretVersion(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error)
	AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
}

SecretManagerClient is an interface describing operations on the Google Cloud Secret Manager API.

type ServiceAccountsManager ¶

type ServiceAccountsManager struct {
	Namer *Namer
	// contains filtered or unexported fields
}

ServiceAccountsManager contains resources needed for managing service accounts.

func NewServiceAccountsManager ¶

func NewServiceAccountsManager(ic IAMService, n *Namer) *ServiceAccountsManager

NewServiceAccountsManager creates a new ServiceAccountManager instance.

func (*ServiceAccountsManager) CreateKey ¶

func (s *ServiceAccountsManager) CreateKey(ctx context.Context, org string) (*iam.ServiceAccountKey, error)

CreateKey creates and returns a key for the service account associated with org.

func (*ServiceAccountsManager) CreateServiceAccount ¶

func (s *ServiceAccountsManager) CreateServiceAccount(ctx context.Context, org string) (*iam.ServiceAccount, error)

CreateServiceAccount returns a new service account for the given org. If the SA already exists, the existing resource is returned.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
crmiface
iamiface

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL