iamspanner

package
v0.52.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 26, 2024 License: MIT Imports: 23 Imported by: 0

Documentation

Overview

Package iamspanner provides a Spanner-based storage implementation of the IAMPolicy service.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SQLSchema added in v0.4.0 

func SQLSchema() string

SQLSchema returns the example Spanner SQL schema.

Types

type IAMServer added in v0.7.0 

type IAMServer struct {
	iampb.UnimplementedIAMPolicyServer
	adminpb.UnimplementedIAMServer
	// contains filtered or unexported fields
}

IAMServer is a Spanner implementation of the iampb.IAMPolicyServer interface.

func NewIAMServer added in v0.10.0 

func NewIAMServer(
	client *spanner.Client,
	roles []*adminpb.Role,
	callerResolver iamcaller.Resolver,
	config ServerConfig,
) (*IAMServer, error)

NewIAMServer creates a new Spanner IAM policy server.

func (*IAMServer) GetIamPolicy added in v0.7.0 

func (s *IAMServer) GetIamPolicy(
	ctx context.Context,
	request *iampb.GetIamPolicyRequest,
) (*iampb.Policy, error)

GetIamPolicy implements iampb.IAMPolicyServer.

func (*IAMServer) GetRole added in v0.7.0 

func (s *IAMServer) GetRole(
	ctx context.Context,
	request *adminpb.GetRoleRequest,
) (*adminpb.Role, error)

GetRole implements adminpb.IAMServer.

func (*IAMServer) ListRoles added in v0.7.0 

func (s *IAMServer) ListRoles(
	ctx context.Context,
	request *adminpb.ListRolesRequest,
) (*adminpb.ListRolesResponse, error)

ListRoles implements adminpb.IAMServer.

func (*IAMServer) ReadBindingsByMembersAndPermissions added in v0.24.0 

func (s *IAMServer) ReadBindingsByMembersAndPermissions(
	ctx context.Context,
	members []string,
	permissions []string,
	fn func(ctx context.Context, resource string, role *adminpb.Role, member string) error,
) error

ReadBindingsByMembersAndPermissions reads all bindings for the provided members and permissions.

func (*IAMServer) ReadBindingsByMembersAndPermissionsInTransaction added in v0.24.0 

func (s *IAMServer) ReadBindingsByMembersAndPermissionsInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	members []string,
	permissions []string,
	fn func(ctx context.Context, resource string, role *adminpb.Role, member string) error,
) error

ReadBindingsByMembersAndPermissionsInTransaction reads all bindings for the provided members and permissions, within the provided Spanner transaction.

func (*IAMServer) ReadBindingsByResourcesAndMembers added in v0.24.0 

func (s *IAMServer) ReadBindingsByResourcesAndMembers(
	ctx context.Context,
	resources []string,
	members []string,
	fn func(ctx context.Context, resource string, role *adminpb.Role, member string) error,
) error

ReadBindingsByResourcesAndMembers reads all roles bound to the provided members and resources.

func (*IAMServer) ReadBindingsByResourcesAndMembersInTransaction added in v0.24.0 

func (s *IAMServer) ReadBindingsByResourcesAndMembersInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	resources []string,
	members []string,
	fn func(ctx context.Context, resource string, role *adminpb.Role, member string) error,
) error

ReadBindingsByResourcesAndMembersInTransaction reads all roles bound to members and resources within the provided Spanner transaction. Also considers roles bound to parent resources.

func (*IAMServer) ReadPolicyInTransaction added in v0.24.0 

func (s *IAMServer) ReadPolicyInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	resource string,
) (*iampb.Policy, error)

ReadPolicyInTransaction reads the IAM policy for a resource within the provided transaction.

func (*IAMServer) ReadWritePolicy added in v0.22.0 

func (s *IAMServer) ReadWritePolicy(
	ctx context.Context,
	resource string,
	fn func(*iampb.Policy) (*iampb.Policy, error),
) (*iampb.Policy, error)

ReadWritePolicy enables the caller to modify a policy in a read-write transaction.

func (*IAMServer) SetIamPolicy added in v0.7.0 

func (s *IAMServer) SetIamPolicy(
	ctx context.Context,
	request *iampb.SetIamPolicyRequest,
) (*iampb.Policy, error)

SetIamPolicy implements iampb.IAMPolicyServer.

func (*IAMServer) SetIamPolicyWithFunctionsInTransaction added in v0.47.0 

func (s *IAMServer) SetIamPolicyWithFunctionsInTransaction(
	ctx context.Context,
	request *iampb.SetIamPolicyRequest,
	fns ...InsideSetIamPolicyTransaction,
) (*iampb.Policy, error)

SetIamPolicyWithFunctionsInTransaction handles a SetIamPolicy request but allows for functions to be called within the spanner.ReadWriteTransaction.

func (*IAMServer) TestIamPermissions added in v0.7.0 

func (s *IAMServer) TestIamPermissions(
	ctx context.Context,
	request *iampb.TestIamPermissionsRequest,
) (*iampb.TestIamPermissionsResponse, error)

TestIamPermissions implements iampb.IAMPolicyServer.

func (*IAMServer) TestPermissions added in v0.36.0 

func (s *IAMServer) TestPermissions(
	ctx context.Context,
	caller *iamv1.Caller,
	resourcePermissions map[string]string,
) (map[string]bool, error)

TestPermissions implements iamcel.PermissionTester.

func (*IAMServer) ValidatePolicyFreshnessInTransaction added in v0.24.0 

func (s *IAMServer) ValidatePolicyFreshnessInTransaction(
	ctx context.Context,
	tx ReadTransaction,
	resource string,
	etag []byte,
) (bool, error)

ValidatePolicyFreshnessInTransaction validates the freshness of an IAM policy for a resource within the provided transaction.

type InsideSetIamPolicyTransaction added in v0.47.0 

type InsideSetIamPolicyTransaction func(context.Context, *spanner.ReadWriteTransaction, *iampb.Policy) error

InsideSetIamPolicyTransaction describes a function that is called within the spanner.ReadWriteTransaction in IAMServer.SetIamPolicyWithFunctionsInTransaction. The policy provided is the request policy that is applied afterwards. If the function returns a non-nil error, the transaction will not be committed.

type ReadTransaction 

type ReadTransaction interface {
	Read(context.Context, string, spanner.KeySet, []string) *spanner.RowIterator
	ReadWithOptions(context.Context, string, spanner.KeySet, []string, *spanner.ReadOptions) *spanner.RowIterator
}

ReadTransaction is an interface for Spanner read transactions.

type ServerConfig 

type ServerConfig struct {
	// ErrorHook is called when errors occur in the IAMServer.
	ErrorHook func(context.Context, error)
	// ValidateMember is a custom IAM member validator.
	// When not provided, iammember.Validate will be used.
	ValidateMember func(string) error
}

ServerConfig configures a Spanner IAM policy server.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.