Documentation
¶
Overview ¶
Defines a Policy type which wraps the iam.Policy object. This enables callers of the gcp package to process iam policies without needing to make additional imports.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FmtSaResourceId ¶ added in v1.0.4
Types ¶
type GcpClient ¶
type GcpClient interface {
CreateRole(context.Context, *adminpb.CreateRoleRequest) (*adminpb.Role, error)
CreateServiceAccount(ctx context.Context, request *adminpb.CreateServiceAccountRequest) (*adminpb.ServiceAccount, error)
CreateWorkloadIdentityPool(ctx context.Context, parent, poolID string, pool *iamv1.WorkloadIdentityPool) (*iamv1.Operation, error)
CreateWorkloadIdentityProvider(ctx context.Context, parent, providerID string, provider *iamv1.WorkloadIdentityPoolProvider) (*iamv1.Operation, error)
DeleteServiceAccount(ctx context.Context, saName string, project string, allowMissing bool) error
DeleteWorkloadIdentityPool(ctx context.Context, resource string) (*iamv1.Operation, error)
EnableServiceAccount(ctx context.Context, serviceAccountId string, projectId string) error
EnableWorkloadIdentityPool(ctx context.Context, poolId string) error
GetProjectIamPolicy(ctx context.Context, projectName string, request *cloudresourcemanager.GetIamPolicyRequest) (*cloudresourcemanager.Policy, error)
GetRole(context.Context, *adminpb.GetRoleRequest) (*adminpb.Role, error)
GetServiceAccount(ctx context.Context, request *adminpb.GetServiceAccountRequest) (*adminpb.ServiceAccount, error)
GetServiceAccountAccessPolicy(ctx context.Context, saId string) (Policy, error)
GetWorkloadIdentityPool(ctx context.Context, resource string) (*iamv1.WorkloadIdentityPool, error)
GetWorkloadIdentityProvider(ctx context.Context, resource string) (*iamv1.WorkloadIdentityPoolProvider, error)
ProjectNumberFromId(ctx context.Context, projectId string) (int64, error)
SetProjectIamPolicy(ctx context.Context, svcAcctResource string, request *cloudresourcemanager.SetIamPolicyRequest) (*cloudresourcemanager.Policy, error)
SetServiceAccountAccessPolicy(ctx context.Context, policy Policy) error
UndeleteRole(context.Context, *adminpb.UndeleteRoleRequest) (*adminpb.Role, error)
UndeleteWorkloadIdentityPool(ctx context.Context, resource string, request *iamv1.UndeleteWorkloadIdentityPoolRequest) (*iamv1.Operation, error)
UpdateRole(context.Context, *adminpb.UpdateRoleRequest) (*adminpb.Role, error)
UpdateWorkloadIdentityPoolOidcIdentityProvider(ctx context.Context, provider *iamv1.WorkloadIdentityPoolProvider) error
}
type Policy ¶ added in v1.0.4
type Policy interface {
HasRole(member PolicyMember, roleName RoleName) bool
AddRole(member PolicyMember, roleName RoleName)
// Getters
IamPolicy() *iam.Policy
ResourceId() string
}
type PolicyMember ¶ added in v1.0.4
type PolicyMember string
The resource name belonging to the policy.
For service accounts, this would take the forms: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}`
It is recommended that wildcard `-` form is avoided due to the potential for misleading error messages. The client helper FmtSaResourceId produces a string that may be used as a policy member.
Source Files
Click to show internal directories.
Click to hide internal directories.