cai

package
v0.0.0-...-0d862b9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrEmptyIdentityField = errors.New("empty identity field")

ErrEmptyIdentityField can be returned when fetching a resource is not possible due to the identity field of that resource returning empty.

View Source
var ErrNoConversion = errors.New("no conversion")

because of the current state of the system. Example: The conversion requires that the resource has already been created and is now being updated).

View Source
var ErrResourceInaccessible = errors.New("resource does not exist or service account is lacking sufficient permissions")

ErrResourceInaccessible can be returned when fetching an IAM resource on a project that has not yet been created or if the service account lacks sufficient permissions

Functions

func AssetName

func AssetName(d tpgresource.TerraformResourceData, config *transport_tpg.Config, linkTmpl string) (string, error)

AssetName templates an asset.name by looking up and replacing all instances of {{field}}. In the case where a field would resolve to an empty string, a generated unique string will be used: "placeholder-" + randomString(). This is done to preserve uniqueness of asset.name for a given asset.asset_type.

func JsonMap

func JsonMap(x interface{}) (map[string]interface{}, error)

JsonMap converts a given value to a map[string]interface{} that matches its JSON format.

func RandString

func RandString(n int) string

Types

type Asset

type Asset struct {
	// The name, in a peculiar format: `\\<api>.googleapis.com/<self_link>`
	Name string `json:"name"`
	// The type name in `google.<api>.<resourcename>` format.
	Type          string           `json:"asset_type"`
	Resource      *AssetResource   `json:"resource,omitempty"`
	IAMPolicy     *IAMPolicy       `json:"iam_policy,omitempty"`
	OrgPolicy     []*OrgPolicy     `json:"org_policy,omitempty"`
	V2OrgPolicies []*V2OrgPolicies `json:"v2_org_policies,omitempty"`
}

Asset is the CAI representation of a resource.

func FetchIamPolicy

func FetchIamPolicy(
	newUpdaterFunc tpgiamresource.NewResourceIamUpdaterFunc,
	d tpgresource.TerraformResourceData,
	config *transport_tpg.Config,
	assetNameTmpl string,
	assetType string,
) (Asset, error)

func MergeDeleteIamAssets

func MergeDeleteIamAssets(
	existing, incoming Asset,
	MergeBindings func(existing, incoming []IAMBinding) []IAMBinding,
) Asset

incoming is the last known state of an asset prior to deletion

func MergeIamAssets

func MergeIamAssets(
	existing, incoming Asset,
	MergeBindings func(existing, incoming []IAMBinding) []IAMBinding,
) Asset

MergeIamAssets merges an existing asset with the IAM bindings of an incoming Asset.

type AssetResource

type AssetResource struct {
	// Api version
	Version string `json:"version"`
	// URI including scheme for the discovery doc - assembled from
	// product name and version.
	DiscoveryDocumentURI string `json:"discovery_document_uri"`
	// Resource name.
	DiscoveryName string `json:"discovery_name"`
	// Actual resource state as per Terraform.  Note that this does
	// not necessarily correspond perfectly with the CAI representation
	// as there are occasional deviations between CAI and API responses.
	// This returns the API response values instead.
	Data map[string]interface{} `json:"data,omitempty"`
}

AssetResource is the Asset's Resource field.

type BooleanPolicy

type BooleanPolicy struct {
	Enforced bool `json:"enforced,omitempty"`
}

type ConvertFunc

type ConvertFunc func(d tpgresource.TerraformResourceData, config *transport_tpg.Config) ([]Asset, error)

type Expr

type Expr struct {
	Expression  string `json:"expression,omitempty"`
	Title       string `json:"title,omitempty"`
	Description string `json:"description,omitempty"`
	Location    string `json:"location,omitempty"`
}

type FetchFullResourceFunc

type FetchFullResourceFunc func(d tpgresource.TerraformResourceData, config *transport_tpg.Config) (Asset, error)

FetchFullResourceFunc allows initial data for a resource to be fetched from the API and merged with the planned changes. This is useful for resources that are only partially managed by Terraform, like IAM policies managed with member/binding resources.

type Folder

type Folder struct {
	Name        string     `json:"name,omitempty"`
	Parent      string     `json:"parent,omitempty"`
	DisplayName string     `json:"display_name,omitempty"`
	State       string     `json:"state,omitempty"`
	CreateTime  *Timestamp `json:"create_time,omitempty"`
}

type GetApiObjectFunc

type GetApiObjectFunc func(d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]interface{}, error)

type IAMBinding

type IAMBinding struct {
	Role    string   `json:"role"`
	Members []string `json:"members"`
}

func ExpandIamMemberBindings

func ExpandIamMemberBindings(d tpgresource.TerraformResourceData) ([]IAMBinding, error)

ExpandIamMemberBindings is used in google_<type>_iam_member resources.

func ExpandIamPolicyBindings

func ExpandIamPolicyBindings(d tpgresource.TerraformResourceData) ([]IAMBinding, error)

ExpandIamPolicyBindings is used in google_<type>_iam_policy resources.

func ExpandIamRoleBindings

func ExpandIamRoleBindings(d tpgresource.TerraformResourceData) ([]IAMBinding, error)

ExpandIamRoleBindings is used in google_<type>_iam_binding resources.

func MergeAdditiveBindings

func MergeAdditiveBindings(existing, incoming []IAMBinding) []IAMBinding

MergeAdditiveBindings adds members to bindings with the same roles and adds new bindings for roles that dont exist.

func MergeAuthoritativeBindings

func MergeAuthoritativeBindings(existing, incoming []IAMBinding) []IAMBinding

MergeAuthoritativeBindings clobbers members to bindings with the same roles and adds new bindings for roles that dont exist.

func MergeDeleteAdditiveBindings

func MergeDeleteAdditiveBindings(existing, incoming []IAMBinding) []IAMBinding

MergeDeleteAdditiveBindings eliminates listed members from roles in the existing list. incoming is the last known state of the bindings being deleted.

func MergeDeleteAuthoritativeBindings

func MergeDeleteAuthoritativeBindings(existing, incoming []IAMBinding) []IAMBinding

MergeDeleteAuthoritativeBindings eliminates any bindings with matching roles in the existing list. incoming is the last known state of the bindings being deleted.

type IAMPolicy

type IAMPolicy struct {
	Bindings []IAMBinding `json:"bindings"`
}

type ListPolicy

type ListPolicy struct {
	AllowedValues     []string            `json:"allowed_values,omitempty"`
	DeniedValues      []string            `json:"denied_values,omitempty"`
	AllValues         ListPolicyAllValues `json:"all_values,omitempty"`
	SuggestedValue    string              `json:"suggested_value,omitempty"`
	InheritFromParent bool                `json:"inherit_from_parent,omitempty"`
}

type ListPolicyAllValues

type ListPolicyAllValues int32

type MergeFunc

type MergeFunc func(existing, incoming Asset) Asset

MergeFunc combines multiple terraform resources into a single CAI asset. The incoming asset will either be an asset that was created/updated or deleted.

type OrgPolicy

type OrgPolicy struct {
	Constraint     string          `json:"constraint,omitempty"`
	ListPolicy     *ListPolicy     `json:"listPolicy"`
	BooleanPolicy  *BooleanPolicy  `json:"booleanPolicy"`
	RestoreDefault *RestoreDefault `json:"restoreDefault"`
	UpdateTime     *Timestamp      `json:"update_time,omitempty"`
}

type PolicyRule

type PolicyRule struct {
	Values    *StringValues `json:"values,omitempty"`
	AllowAll  bool          `json:"allow_all,omitempty"`
	DenyAll   bool          `json:"deny_all,omitempty"`
	Enforce   bool          `json:"enforce,omitempty"`
	Condition *Expr         `json:"condition,omitempty"`
}

type PolicySpec

type PolicySpec struct {
	Etag              string        `json:"etag,omitempty"`
	UpdateTime        *Timestamp    `json:"update_time,omitempty"`
	PolicyRules       []*PolicyRule `json:"rules,omitempty"`
	InheritFromParent bool          `json:"inherit_from_parent,omitempty"`
	Reset             bool          `json:"reset,omitempty"`
}

Spec is the representation of Spec for V2OrgPolicy

type ResourceConverter

type ResourceConverter struct {
	AssetType         string
	Convert           ConvertFunc
	FetchFullResource FetchFullResourceFunc
	MergeCreateUpdate MergeFunc
	MergeDelete       MergeFunc
}

type RestoreDefault

type RestoreDefault struct {
}

type StringValues

type StringValues struct {
	AllowedValues []string `json:"allowed_values,omitempty"`
	DeniedValues  []string `json:"denied_values,omitempty"`
}

type Timestamp

type Timestamp struct {
	Seconds int64 `json:"seconds,omitempty"`
	Nanos   int64 `json:"nanos,omitempty"`
}

type V2OrgPolicies

type V2OrgPolicies struct {
	Name       string      `json:"name"`
	PolicySpec *PolicySpec `json:"spec,omitempty"`
}

V2OrgPolicies is the represtation of V2OrgPolicies

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL