iamclient

package

v1.114.1 Latest Latest Go to latest Published: Mar 26, 2024 License: Apache-2.0 Imports: 35 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/GoogleCloudPlatform/k8s-config-connector

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GetResourceConfigForExternalOnlyGVK(gvk schema.GroupVersionKind) (*corekccv1alpha1.ResourceConfig, error)
func ResolveMemberIdentity(ctx context.Context, member v1beta1.Member, memberFrom *v1beta1.MemberSource, ...) (id string, err error)
func SetGVK(iamInterface interface{})
type DCLIAMClient
type ExternalOnlyType
type IAMClient
- func New(tfProvider *tfschema.Provider, ...) *IAMClient
type TFIAMClient

Constants ¶

View Source

const (
	ProjectKind            = "Project"
	ResourceManagerGroup   = "resourcemanager.cnrm.cloud.google.com"
	ResourceManagerVersion = "v1beta1"

	SQLInstanceKind = "SQLInstance"
	SQLGroup        = "sql.cnrm.cloud.google.com"
	SQLVersion      = "v1beta1"

	LoggingLogSinkKind = "LoggingLogSink"
	LoggingGroup       = "logging.cnrm.cloud.google.com"
	LoggingVersion     = "v1beta1"

	IAMServiceAccountKind = "IAMServiceAccount"
	IAMGroup              = "iam.cnrm.cloud.google.com"
	IAMVersion            = "v1beta1"

	SerivceIdentityKind = "ServiceIdentity"
	ServiceUsageGroup   = "serviceusage.cnrm.cloud.google.com"
	ServiceUsageVersion = "v1beta1"
)

Variables ¶

View Source

var (
	ErrNotFound = fmt.Errorf("IAM resource does not exist")

	ProjectGVK = schema.GroupVersionKind{
		Group:   ResourceManagerGroup,
		Version: ResourceManagerVersion,
		Kind:    ProjectKind,
	}
	SQLInstanceGVK = schema.GroupVersionKind{
		Group:   SQLGroup,
		Version: SQLVersion,
		Kind:    SQLInstanceKind,
	}
	LoggingLogSinkGVK = schema.GroupVersionKind{
		Group:   LoggingGroup,
		Version: LoggingVersion,
		Kind:    LoggingLogSinkKind,
	}
	IAMServiceAccountGVK = schema.GroupVersionKind{
		Group:   IAMGroup,
		Version: IAMVersion,
		Kind:    IAMServiceAccountKind,
	}
	ServiceIdentityGVK = schema.GroupVersionKind{
		Group:   ServiceUsageGroup,
		Version: ServiceUsageVersion,
		Kind:    SerivceIdentityKind,
	}
)

View Source

var ExternalOnlyTypes = map[schema.GroupVersionKind]ExternalOnlyType{
	externalonlygvks.OrganizationGVK: {
		UnstructHandler: func(ref iamv1beta1.ResourceReference, u *unstructured.Unstructured) *unstructured.Unstructured {
			u.Object["spec"] = map[string]interface{}{
				"org_id": ref.External,
			}
			return u
		},
		ResourceConfig: &corekccv1alpha1.ResourceConfig{
			IAMConfig: corekccv1alpha1.IAMConfig{
				PolicyName:       "google_organization_iam_policy",
				PolicyMemberName: "google_organization_iam_member",
				AuditConfigName:  "google_organization_iam_audit_config",
				ReferenceField: corekccv1alpha1.IAMReferenceField{
					Name: "org_id",
					Type: "id",
				},
				SupportsConditions: true,
			},
		},
		ExternalFormat: "{{org_id}}",
	},
	externalonlygvks.BillingAccountGVK: {
		UnstructHandler: func(ref iamv1beta1.ResourceReference, u *unstructured.Unstructured) *unstructured.Unstructured {
			u.Object["spec"] = map[string]interface{}{
				"billing_account_id": ref.External,
			}
			return u
		},
		ResourceConfig: &corekccv1alpha1.ResourceConfig{
			IAMConfig: corekccv1alpha1.IAMConfig{
				PolicyName:       "google_billing_account_iam_policy",
				PolicyMemberName: "google_billing_account_iam_member",
				ReferenceField: corekccv1alpha1.IAMReferenceField{
					Name: "billing_account_id",
					Type: "id",
				},
				SupportsConditions: true,
			},
		},
		ExternalFormat: "{{billing_account_id}}",
	},
}

Functions ¶

func GetResourceConfigForExternalOnlyGVK ¶

func GetResourceConfigForExternalOnlyGVK(gvk schema.GroupVersionKind) (*corekccv1alpha1.ResourceConfig, error)

func ResolveMemberIdentity ¶

func ResolveMemberIdentity(ctx context.Context, member v1beta1.Member,
	memberFrom *v1beta1.MemberSource, namespace string, tfIAMClient *TFIAMClient) (id string, err error)

ResolveMemberIdentity checks only one of Member/MemberFrom is provided, and then tries to resolve identity. MemberFrom can only have oneOf a ServiceAccountRef, a LogSinkRef, a SQLInstanceRef, so to resolve these values, it is necessary to call on the TFIAMClient

func SetGVK ¶

func SetGVK(iamInterface interface{})

An unfortunate reality is that the GVK is not always properly filled in when reading a resource from the K8s API server, and there are functions that need the Kind to be filled in to work (e.g. krmtotf.NewResource, k8s.MarshalAsUnstructured, etc.). The Kind is not set because the TypeMeta is empty. The reason why the TypeMeta is empty is because in k8s.io/apimachinery/pkg/runtime/serializer/versioning/versioning.go the GVK is cleared inside of Decode(...)

Types ¶

type DCLIAMClient ¶

type DCLIAMClient struct {
	// contains filtered or unexported fields
}

func (*DCLIAMClient) DeletePolicy ¶

func (d *DCLIAMClient) DeletePolicy(ctx context.Context, policy *v1beta1.IAMPolicy) error

func (*DCLIAMClient) DeletePolicyMember ¶

func (d *DCLIAMClient) DeletePolicyMember(ctx context.Context, tfIAMClient *TFIAMClient, policyMember *v1beta1.IAMPolicyMember) error

func (*DCLIAMClient) GetPolicy ¶

func (d *DCLIAMClient) GetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)

func (*DCLIAMClient) GetPolicyMember ¶

func (d *DCLIAMClient) GetPolicyMember(ctx context.Context, tfIAMClient *TFIAMClient, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)

func (*DCLIAMClient) SetPolicy ¶

func (d *DCLIAMClient) SetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)

func (*DCLIAMClient) SetPolicyMember ¶

func (d *DCLIAMClient) SetPolicyMember(ctx context.Context, tfIAMClient *TFIAMClient, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)

type ExternalOnlyType ¶

type ExternalOnlyType struct {
	// UnstuctHandler is a function that fills in the external field information
	// from the given reference into the given unstructured object.
	UnstructHandler func(ref iamv1beta1.ResourceReference, u *unstructured.Unstructured) *unstructured.Unstructured

	// ResourceConfig is a skeleton resource config that includes IAM configuration
	// needed to map to the proper Terraform resource.
	ResourceConfig *corekccv1alpha1.ResourceConfig

	// ExternalFormat is the format the external field is expected to match. This
	// is used for documentation only. Ex. "{{org_id}}"
	ExternalFormat string
}

ExternalOnlyType is a KCC resource type that KCC does not support as a core resource, but does support referencing externally in IAM.

type IAMClient ¶

type IAMClient struct {
	TFIAMClient  *TFIAMClient
	DCLIAMClient *DCLIAMClient
}

func New ¶

func New(tfProvider *tfschema.Provider,
	smLoader *servicemappingloader.ServiceMappingLoader,
	kubeClient client.Client,
	converter *conversion.Converter,
	dclConfig *mmdcl.Config) *IAMClient

func (*IAMClient) DeleteAuditConfig ¶

func (c *IAMClient) DeleteAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) error

func (*IAMClient) DeletePolicy ¶

func (c *IAMClient) DeletePolicy(ctx context.Context, policy *v1beta1.IAMPolicy) error

func (*IAMClient) DeletePolicyMember ¶

func (c *IAMClient) DeletePolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) error

func (*IAMClient) GetAuditConfig ¶

func (c *IAMClient) GetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)

func (*IAMClient) GetPolicy ¶

func (c *IAMClient) GetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)

func (*IAMClient) GetPolicyMember ¶

func (c *IAMClient) GetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)

func (*IAMClient) SetAuditConfig ¶

func (c *IAMClient) SetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)

func (*IAMClient) SetPolicy ¶

func (c *IAMClient) SetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)

func (*IAMClient) SetPolicyMember ¶

func (c *IAMClient) SetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)

type TFIAMClient ¶

type TFIAMClient struct {
	// contains filtered or unexported fields
}

func (*TFIAMClient) DeleteAuditConfig ¶

func (t *TFIAMClient) DeleteAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) error

func (*TFIAMClient) DeletePolicy ¶

func (t *TFIAMClient) DeletePolicy(ctx context.Context, policy *v1beta1.IAMPolicy) error

func (*TFIAMClient) DeletePolicyMember ¶

func (t *TFIAMClient) DeletePolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) error

func (*TFIAMClient) GetAuditConfig ¶

func (t *TFIAMClient) GetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)

func (*TFIAMClient) GetPolicy ¶

func (t *TFIAMClient) GetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)

func (*TFIAMClient) GetPolicyMember ¶

func (t *TFIAMClient) GetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)

func (*TFIAMClient) SetAuditConfig ¶

func (t *TFIAMClient) SetAuditConfig(ctx context.Context, auditConfig *v1beta1.IAMAuditConfig) (*v1beta1.IAMAuditConfig, error)

func (*TFIAMClient) SetPolicy ¶

func (t *TFIAMClient) SetPolicy(ctx context.Context, policy *v1beta1.IAMPolicy) (*v1beta1.IAMPolicy, error)

func (*TFIAMClient) SetPolicyMember ¶

func (t *TFIAMClient) SetPolicyMember(ctx context.Context, policyMember *v1beta1.IAMPolicyMember) (*v1beta1.IAMPolicyMember, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL