adminx

package
v0.2.12 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2025 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const APIKeyKind = "APIKey"
View Source 
const OrgKind = "Organization"

Variables

View Source 
var (
	// ErrInvalidKey is returned when the API key is not found in Datastore
	ErrInvalidKey = errors.New("invalid API key")
)

Functions

func BindingIsEqual 

func BindingIsEqual(a *cloudresourcemanager.Binding, b *cloudresourcemanager.Binding) bool

BindingIsEqual checks wether the two provided bindings contain equal conditions, members, and roles.

func GenerateAPIKey added in v0.2.12 

func GenerateAPIKey() (string, error)

GenerateAPIKey generates a random string to be used as API key.

Types

type APIKey added in v0.2.12 

type APIKey struct {
	CreatedAt time.Time `datastore:"created_at"`
	Key       string    `datastore:"key"`
}

APIKey represents a Datastore entity for storing API key metadata.

type APIKeys added in v0.2.7 

type APIKeys struct {
	// contains filtered or unexported fields
}

APIKeys maintains state for allocating API keys.

func NewAPIKeys added in v0.2.7 

func NewAPIKeys(ds *DatastoreOrgManager) *APIKeys

NewAPIKeys creates a new APIKeys instance for allocating API keys.

func (*APIKeys) CreateKey added in v0.2.7 

func (a *APIKeys) CreateKey(ctx context.Context, org string) (string, error)

CreateKey returns an API key for use by the named org. CreateKey can be called multiple times safely.

type CRM 

type CRM interface {
	GetIamPolicy(ctx context.Context, req *cloudresourcemanager.GetIamPolicyRequest) (*cloudresourcemanager.Policy, error)
	SetIamPolicy(ctx context.Context, req *cloudresourcemanager.SetIamPolicyRequest) error
}

CRM is a simplified interface to the Google Cloud Resource Manager API.

type DNS 

type DNS interface {
	RegisterZone(ctx context.Context, zone *dns.ManagedZone) (*dns.ManagedZone, error)
	RegisterZoneSplit(ctx context.Context, zone *dns.ManagedZone) (*dns.ResourceRecordSet, error)
}

DNS is a simplified interface to the Google Cloud DNS API.

type DatastoreClient added in v0.2.12 

type DatastoreClient interface {
	Put(ctx context.Context, key *datastore.Key, src interface{}) (*datastore.Key, error)
	Get(ctx context.Context, key *datastore.Key, dst interface{}) error
	GetAll(ctx context.Context, q *datastore.Query, dst interface{}) ([]*datastore.Key, error)
}

type DatastoreOrgManager added in v0.2.12 

type DatastoreOrgManager struct {
	// contains filtered or unexported fields
}

DatastoreOrgManager maintains state for managing organizations and API keys in Datastore

func NewDatastoreManager added in v0.2.12 

func NewDatastoreManager(client DatastoreClient, project string) *DatastoreOrgManager

Add constructor

func (*DatastoreOrgManager) CreateAPIKey added in v0.2.12 

func (d *DatastoreOrgManager) CreateAPIKey(ctx context.Context, org string) (string, error)

CreateAPIKey creates a new API key as a child entity of the organization

func (*DatastoreOrgManager) CreateOrganization added in v0.2.12 

func (d *DatastoreOrgManager) CreateOrganization(ctx context.Context, name, email string) error

Add CreateOrganization method

func (*DatastoreOrgManager) GetAPIKeys added in v0.2.12 

func (d *DatastoreOrgManager) GetAPIKeys(ctx context.Context, org string) ([]string, error)

GetAPIKeys retrieves all API keys for an organization

func (*DatastoreOrgManager) ValidateKey added in v0.2.12 

func (d *DatastoreOrgManager) ValidateKey(ctx context.Context, key string) (string, error)

ValidateKey checks if the API key exists and returns the associated organization name.

type IAMService 

type IAMService interface {
	GetServiceAccount(ctx context.Context, saName string) (*iam.ServiceAccount, error)
	CreateServiceAccount(ctx context.Context, projName string, req *iam.CreateServiceAccountRequest) (*iam.ServiceAccount, error)
	CreateKey(ctx context.Context, saName string, req *iam.CreateServiceAccountKeyRequest) (*iam.ServiceAccountKey, error)
}

IAMService defines the interface used to access the Google Cloud IAM Service.

type Keys added in v0.2.7 

type Keys interface {
	CreateKey(ctx context.Context, org string) (string, error)
}

Keys is the interface used to manage organization API keys.

type Namer 

type Namer struct {
	Project string
}

Namer contains metadata needed for resource naming.

func NewNamer 

func NewNamer(proj string) *Namer

NewNamer creates a new Namer instance for the given project.

func (*Namer) GetAPIKeyID added in v0.2.7 

func (n *Namer) GetAPIKeyID(org string) string

GetAPIKeyID returns the API key resource ID for the given org. e.g. autojoin-key-foo

func (*Namer) GetAPIKeyName added in v0.2.7 

func (n *Namer) GetAPIKeyName(org string) string

GetAPIKeyName returns the API key resource name for the given org. e.g. projects/mlab-foo/locations/global/keys/autojoin-key-foo

func (*Namer) GetAPIKeyParent added in v0.2.7 

func (n *Namer) GetAPIKeyParent() string

GetAPIKeyParent returns the parent API key resource name for this project. e.g. projects/mlab-foo/locations/global

func (*Namer) GetProjectsName 

func (n *Namer) GetProjectsName() string

GetProjectsPrefix returns a google cloud project resource name, e.g. projects/mlab-foo

func (*Namer) GetSecretID 

func (n *Namer) GetSecretID(org string) string

GetSecretID returns a secret ID for this org, e.g. autojoin-serviceaccount-key-org.

func (*Namer) GetSecretName 

func (n *Namer) GetSecretName(org string) string

GetSecretName returns the google cloud secret resource name, e.g. projects/mlab-foo/secrets/autojoin-serviceaccount-key-org

func (*Namer) GetServiceAccountEmail 

func (n *Namer) GetServiceAccountEmail(org string) string

GetServiceAccountEmail returns a service account email for this org, e.g. autonode-org@mlab-foo.iam.gserviceaccount.com

func (*Namer) GetServiceAccountID 

func (n *Namer) GetServiceAccountID(org string) string

GetServiceAccountID returns a service account ID for this org, e.g. autonode-org.

func (*Namer) GetServiceAccountName 

func (n *Namer) GetServiceAccountName(org string) string

GetServiceAccountName returns a google cloud service account resource name, e.g. projects/mlab-foo/serviceAccounts/autonode-foo@mlab-foo.iam.gserviceaccount.com

type Org 

type Org struct {
	Project string
	// contains filtered or unexported fields
}

Org contains fields needed to setup a new organization for Autojoined nodes.

func NewOrg 

func NewOrg(project string, crm CRM, sam *ServiceAccountsManager, sm *SecretManager, dns DNS, k Keys,
	orgm OrganizationManager, updateTables bool) *Org

NewOrg creates a new Org instance for setting up a new organization.

func (*Org) ApplyPolicy 

func (o *Org) ApplyPolicy(ctx context.Context, org string, account *iam.ServiceAccount, updateTables bool) error

ApplyPolicy adds write restrictions for shared GCS buckets. NOTE: By operating on project IAM policies, this method modifies project wide state.

func (*Org) CreateAPIKey added in v0.2.12 

func (o *Org) CreateAPIKey(ctx context.Context, org string) (string, error)

CreateAPIKey creates a new API key for this organization.

func (*Org) RegisterDNS 

func (o *Org) RegisterDNS(ctx context.Context, org string) error

RegisterDNS creates the organization zone and the zone split within the project zone.

func (*Org) Setup 

func (o *Org) Setup(ctx context.Context, org string, email string) error

Setup should be run once on org creation to create all Google Cloud resources needed by the Autojoin API.

type Organization added in v0.2.12 

type Organization struct {
	Name      string    `datastore:"name"`
	Email     string    `datastore:"email"`
	CreatedAt time.Time `datastore:"created_at"`
}

Organization represents a Datastore entity for storing organization metadata

type OrganizationManager added in v0.2.12 

type OrganizationManager interface {
	CreateOrganization(ctx context.Context, name, email string) error
	CreateAPIKey(ctx context.Context, org string) (string, error)
	GetAPIKeys(ctx context.Context, org string) ([]string, error)
}

OrganizationManager defines the interface for managing organizations and their API keys

type SecretManager 

type SecretManager struct {
	Namer *Namer
	// contains filtered or unexported fields
}

SecretManager manages operations on secrets.

func NewSecretManager 

func NewSecretManager(smc SecretManagerClient, n *Namer, sam *ServiceAccountsManager) *SecretManager

NewSecretManager creates a new secret manager instance.

func (*SecretManager) CreateSecret 

func (s *SecretManager) CreateSecret(ctx context.Context, org string) error

CreateSecret creates a new secret for the given org using the naming convention of the instance Namer.

func (*SecretManager) LoadKey 

func (s *SecretManager) LoadKey(ctx context.Context, org string) (string, error)

LoadKey loads a key from the org's secret. LoadKey returns error if the key is not found.

func (*SecretManager) LoadOrCreateKey 

func (s *SecretManager) LoadOrCreateKey(ctx context.Context, org string) (string, error)

LoadOrCreateKey is a single method to either create and store a key or read an existing key from SecretManager.

func (*SecretManager) StoreKey 

func (s *SecretManager) StoreKey(ctx context.Context, org string, key string) error

StoreKey saves the given key in the org's secret.

type SecretManagerClient 

type SecretManagerClient interface {
	GetSecret(ctx context.Context, req *secretmanagerpb.GetSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error)
	CreateSecret(ctx context.Context, req *secretmanagerpb.CreateSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error)
	GetSecretVersion(ctx context.Context, req *secretmanagerpb.GetSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error)
	AddSecretVersion(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error)
	AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
}

SecretManagerClient is an interface describing operations on the Google Cloud Secret Manager API.

type ServiceAccountsManager 

type ServiceAccountsManager struct {
	Namer *Namer
	// contains filtered or unexported fields
}

ServiceAccountsManager contains resources needed for managing service accounts.

func NewServiceAccountsManager 

func NewServiceAccountsManager(ic IAMService, n *Namer) *ServiceAccountsManager

NewServiceAccountsManager creates a new ServiceAccountManager instance.

func (*ServiceAccountsManager) CreateKey 

func (s *ServiceAccountsManager) CreateKey(ctx context.Context, org string) (*iam.ServiceAccountKey, error)

CreateKey creates and returns a key for the service account associated with org.

func (*ServiceAccountsManager) CreateServiceAccount 

func (s *ServiceAccountsManager) CreateServiceAccount(ctx context.Context, org string) (*iam.ServiceAccount, error)

CreateServiceAccount returns a new service account for the given org. If the SA already exists, the existing resource is returned.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.