Documentation
¶
Index ¶
- Constants
- Variables
- func BindingIsEqual(a *cloudresourcemanager.Binding, b *cloudresourcemanager.Binding) bool
- func GenerateAPIKey() (string, error)
- type APIKey
- type APIKeys
- type CRM
- type DNS
- type DatastoreClient
- type DatastoreOrgManager
- func (d *DatastoreOrgManager) CreateAPIKeyWithValue(ctx context.Context, org, value string) (string, error)
- func (d *DatastoreOrgManager) CreateOrganization(ctx context.Context, name, email string) error
- func (d *DatastoreOrgManager) GetAPIKeys(ctx context.Context, org string) ([]string, error)
- func (d *DatastoreOrgManager) GetOrganization(ctx context.Context, orgName string) (*Organization, error)
- func (d *DatastoreOrgManager) ValidateKey(ctx context.Context, key string) (string, error)
- type IAMService
- type Keys
- type KeysClient
- type Namer
- func (n *Namer) GetAPIKeyID(org string) string
- func (n *Namer) GetAPIKeyName(org string) string
- func (n *Namer) GetAPIKeyParent() string
- func (n *Namer) GetProjectsName() string
- func (n *Namer) GetSecretID(org string) string
- func (n *Namer) GetSecretName(org string) string
- func (n *Namer) GetServiceAccountEmail(org string) string
- func (n *Namer) GetServiceAccountID(org string) string
- func (n *Namer) GetServiceAccountName(org string) string
- type Org
- func (o *Org) ApplyPolicy(ctx context.Context, org string, account *iam.ServiceAccount, ...) error
- func (o *Org) CreateAPIKeyWithValue(ctx context.Context, org, val string) (string, error)
- func (o *Org) RegisterDNS(ctx context.Context, org string) error
- func (o *Org) Setup(ctx context.Context, org string, email string) error
- type Organization
- type OrganizationManager
- type SecretManager
- func (s *SecretManager) CreateSecret(ctx context.Context, org string) error
- func (s *SecretManager) LoadKey(ctx context.Context, org string) (string, error)
- func (s *SecretManager) LoadOrCreateKey(ctx context.Context, org string) (string, error)
- func (s *SecretManager) StoreKey(ctx context.Context, org string, key string) error
- type SecretManagerClient
- type ServiceAccountsManager
Constants ¶
const APIKeyKind = "APIKey"
const OrgKind = "Organization"
Variables ¶
var ( // ErrInvalidKey is returned when the API key is not found in Datastore ErrInvalidKey = errors.New("invalid API key") )
Functions ¶
func BindingIsEqual ¶
func BindingIsEqual(a *cloudresourcemanager.Binding, b *cloudresourcemanager.Binding) bool
BindingIsEqual checks wether the two provided bindings contain equal conditions, members, and roles.
func GenerateAPIKey ¶ added in v0.2.12
GenerateAPIKey generates a random string to be used as API key.
Types ¶
type APIKeys ¶ added in v0.2.7
type APIKeys struct {
// contains filtered or unexported fields
}
APIKeys maintains state for allcoating API keys.
func NewAPIKeys ¶ added in v0.2.7
func NewAPIKeys(locateProj string, c KeysClient, n *Namer) *APIKeys
NewAPIKeys creates a new APIKeys instance for allocating API keys.
type CRM ¶
type CRM interface {
GetIamPolicy(ctx context.Context, req *cloudresourcemanager.GetIamPolicyRequest) (*cloudresourcemanager.Policy, error)
SetIamPolicy(ctx context.Context, req *cloudresourcemanager.SetIamPolicyRequest) error
}
CRM is a simplified interface to the Google Cloud Resource Manager API.
type DNS ¶
type DNS interface {
RegisterZone(ctx context.Context, zone *dns.ManagedZone) (*dns.ManagedZone, error)
RegisterZoneSplit(ctx context.Context, zone *dns.ManagedZone) (*dns.ResourceRecordSet, error)
}
DNS is a simplified interface to the Google Cloud DNS API.
type DatastoreClient ¶ added in v0.2.12
type DatastoreClient interface {
Put(ctx context.Context, key *datastore.Key, src interface{}) (*datastore.Key, error)
Get(ctx context.Context, key *datastore.Key, dst interface{}) error
GetAll(ctx context.Context, q *datastore.Query, dst interface{}) ([]*datastore.Key, error)
}
DatastoreClient is an interface for interacting with Datastore.
type DatastoreOrgManager ¶ added in v0.2.12
type DatastoreOrgManager struct {
// contains filtered or unexported fields
}
DatastoreOrgManager maintains state for managing organizations and API keys in Datastore.
func NewDatastoreManager ¶ added in v0.2.12
func NewDatastoreManager(client DatastoreClient, project string) *DatastoreOrgManager
NewDatastoreManager creates a new DatastoreOrgManager instance.
func (*DatastoreOrgManager) CreateAPIKeyWithValue ¶ added in v0.2.15
func (d *DatastoreOrgManager) CreateAPIKeyWithValue(ctx context.Context, org, value string) (string, error)
CreateAPIKeyWithValue creates a new API key as a child entity of the organization.
func (*DatastoreOrgManager) CreateOrganization ¶ added in v0.2.12
func (d *DatastoreOrgManager) CreateOrganization(ctx context.Context, name, email string) error
CreateOrganization creates a new organization entity in Datastore.
func (*DatastoreOrgManager) GetAPIKeys ¶ added in v0.2.12
GetAPIKeys retrieves all API keys for an organization
func (*DatastoreOrgManager) GetOrganization ¶ added in v0.2.13
func (d *DatastoreOrgManager) GetOrganization(ctx context.Context, orgName string) (*Organization, error)
GetOrganization retrieves an organization by its name.
func (*DatastoreOrgManager) ValidateKey ¶ added in v0.2.12
ValidateKey checks if the API key exists and returns the associated organization name.
type IAMService ¶
type IAMService interface {
GetServiceAccount(ctx context.Context, saName string) (*iam.ServiceAccount, error)
CreateServiceAccount(ctx context.Context, projName string, req *iam.CreateServiceAccountRequest) (*iam.ServiceAccount, error)
CreateKey(ctx context.Context, saName string, req *iam.CreateServiceAccountKeyRequest) (*iam.ServiceAccountKey, error)
}
IAMService defines the interface used to access the Google Cloud IAM Service.
type KeysClient ¶ added in v0.2.7
type KeysClient interface {
GetKeyString(ctx context.Context, req *apikeyspb.GetKeyStringRequest, opts ...gax.CallOption) (*apikeyspb.GetKeyStringResponse, error)
CreateKey(ctx context.Context, req *apikeyspb.CreateKeyRequest, opts ...gax.CallOption) (*apikeyspb.Key, error)
}
KeysClient defines the interface used by the APIKeys type to allocate API keys.
type Namer ¶
type Namer struct {
Project string
}
Namer contains metadata needed for resource naming.
func (*Namer) GetAPIKeyID ¶ added in v0.2.7
GetAPIKeyID returns the API key resource ID for the given org. e.g. autojoin-key-foo
func (*Namer) GetAPIKeyName ¶ added in v0.2.7
GetAPIKeyName returns the API key resource name for the given org. e.g. projects/mlab-foo/locations/global/keys/autojoin-key-foo
func (*Namer) GetAPIKeyParent ¶ added in v0.2.7
GetAPIKeyParent returns the parent API key resource name for this project. e.g. projects/mlab-foo/locations/global
func (*Namer) GetProjectsName ¶
GetProjectsPrefix returns a google cloud project resource name, e.g. projects/mlab-foo
func (*Namer) GetSecretID ¶
GetSecretID returns a secret ID for this org, e.g. autojoin-serviceaccount-key-org.
func (*Namer) GetSecretName ¶
GetSecretName returns the google cloud secret resource name, e.g. projects/mlab-foo/secrets/autojoin-serviceaccount-key-org
func (*Namer) GetServiceAccountEmail ¶
GetServiceAccountEmail returns a service account email for this org, e.g. autonode-org@mlab-foo.iam.gserviceaccount.com
func (*Namer) GetServiceAccountID ¶
GetServiceAccountID returns a service account ID for this org, e.g. autonode-org.
func (*Namer) GetServiceAccountName ¶
GetServiceAccountName returns a google cloud service account resource name, e.g. projects/mlab-foo/serviceAccounts/autonode-foo@mlab-foo.iam.gserviceaccount.com
type Org ¶
type Org struct {
Project string
// contains filtered or unexported fields
}
Org contains fields needed to setup a new organization for Autojoined nodes.
func NewOrg ¶
func NewOrg(project string, crm CRM, sam *ServiceAccountsManager, sm *SecretManager, dns DNS, k Keys, orgm OrganizationManager, updateTables bool) *Org
NewOrg creates a new Org instance for setting up a new organization.
func (*Org) ApplyPolicy ¶
func (o *Org) ApplyPolicy(ctx context.Context, org string, account *iam.ServiceAccount, updateTables bool) error
ApplyPolicy adds write restrictions for shared GCS buckets. NOTE: By operating on project IAM policies, this method modifies project wide state.
func (*Org) CreateAPIKeyWithValue ¶ added in v0.2.15
func (*Org) RegisterDNS ¶
RegisterDNS creates the organization zone and the zone split within the project zone.
type Organization ¶ added in v0.2.12
type Organization struct {
Name string `datastore:"name"`
Email string `datastore:"email"`
CreatedAt time.Time `datastore:"created_at"`
ProbabilityMultiplier *float64 `datastore:"probability_multiplier"`
}
Organization represents a Datastore entity for storing organization metadata.
type OrganizationManager ¶ added in v0.2.12
type OrganizationManager interface {
CreateOrganization(ctx context.Context, name, email string) error
CreateAPIKeyWithValue(ctx context.Context, org, value string) (string, error)
GetAPIKeys(ctx context.Context, org string) ([]string, error)
}
OrganizationManager defines the interface for managing organizations and their API keys
type SecretManager ¶
type SecretManager struct {
Namer *Namer
// contains filtered or unexported fields
}
SecretManager manages operations on secrets.
func NewSecretManager ¶
func NewSecretManager(smc SecretManagerClient, n *Namer, sam *ServiceAccountsManager) *SecretManager
NewSecretManager creates a new secret manager instance.
func (*SecretManager) CreateSecret ¶
func (s *SecretManager) CreateSecret(ctx context.Context, org string) error
CreateSecret creates a new secret for the given org using the naming convention of the instance Namer.
func (*SecretManager) LoadKey ¶
LoadKey loads a key from the org's secret. LoadKey returns error if the key is not found.
func (*SecretManager) LoadOrCreateKey ¶
LoadOrCreateKey is a single method to either create and store a key or read an existing key from SecretManager.
type SecretManagerClient ¶
type SecretManagerClient interface {
GetSecret(ctx context.Context, req *secretmanagerpb.GetSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error)
CreateSecret(ctx context.Context, req *secretmanagerpb.CreateSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error)
GetSecretVersion(ctx context.Context, req *secretmanagerpb.GetSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error)
AddSecretVersion(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error)
AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
}
SecretManagerClient is an interface describing operations on the Google Cloud Secret Manager API.
type ServiceAccountsManager ¶
type ServiceAccountsManager struct {
Namer *Namer
// contains filtered or unexported fields
}
ServiceAccountsManager contains resources needed for managing service accounts.
func NewServiceAccountsManager ¶
func NewServiceAccountsManager(ic IAMService, n *Namer) *ServiceAccountsManager
NewServiceAccountsManager creates a new ServiceAccountManager instance.
func (*ServiceAccountsManager) CreateKey ¶
func (s *ServiceAccountsManager) CreateKey(ctx context.Context, org string) (*iam.ServiceAccountKey, error)
CreateKey creates and returns a key for the service account associated with org.
func (*ServiceAccountsManager) CreateServiceAccount ¶
func (s *ServiceAccountsManager) CreateServiceAccount(ctx context.Context, org string) (*iam.ServiceAccount, error)
CreateServiceAccount returns a new service account for the given org. If the SA already exists, the existing resource is returned.
Source Files
Directories