v1alpha1

package

v0.0.4 Latest Latest Go to latest Published: Sep 21, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sqin2019/access-on-demand-fork

Links

Open Source Insights

Documentation ¶

Overview ¶

Package v1alpha1 contains versioned access-on-demand(AOD) contracts, e.g. AOD request definition.

Index ¶

func ValidateCLIRequest(r *CLIRequest) (retErr error)
func ValidateIAMRequest(r *IAMRequest) (retErr error)
type Binding
type CLIRequest
type IAMRequest
type IAMRequestWrapper
type IAMResponse
type ResourcePolicy

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ValidateCLIRequest ¶

func ValidateCLIRequest(r *CLIRequest) (retErr error)

ValidateCLIRequest checks if the CLIRequest is valid.

func ValidateIAMRequest ¶

func ValidateIAMRequest(r *IAMRequest) (retErr error)

ValidateIAMRequest checks if the IAMRequest is valid.

Types ¶

type Binding ¶

type Binding struct {
	// Members is a list of IAM principals, limited to list of users.
	// For example ["user:alice@example.com"].
	Members []string `yaml:"members,omitempty"`

	// Role to be assigned to Members. Basic roles, including Owner (roles/owner),
	// Editor (roles/editor), and Viewer (roles/viewer) are not allowed since
	// conditional role bindings do not work with basic roles.
	Role string `yaml:"role,omitempty"`
}

Binding associates IAM principals/members with a role.

type CLIRequest ¶

type CLIRequest struct {
	// Tool name such as gcloud.
	Tool string `yaml:"cli,omitempty"`

	// List of commands without tool name.
	Do []string `yaml:"do,omitempty"`

	// List of cleanup commands without tool name to run after "do" is completed.
	Cleanup []string `yaml:"cleanup,omitempty"`
}

CLIRequest represents a request to run CLI commands.

type IAMRequest ¶

type IAMRequest struct {
	// List of ResourcePolicy, each specifies the IAM principals/members to role
	// bindings to be added for a GCP resource IAM policy.
	ResourcePolicies []*ResourcePolicy `yaml:"policies,omitempty"`
}

IAMRequest represents a request to update IAM policies.

type IAMRequestWrapper ¶

type IAMRequestWrapper struct {
	// IAMRequest contains IAM binding information.
	*IAMRequest

	// Duration feild used as IAM binding condition to specify expiration.
	// This will not override role bindings with no conditions.
	Duration time.Duration

	// Start time of the IAM permission lifecycle, StartTime + Duration is when
	// the permission will expire.
	StartTime time.Time
}

IAMRequestWrapper wraps the IAMRequest and adds additional fields such as duration.

type IAMResponse ¶

type IAMResponse struct {
	// IAM policy of the resource.
	Policy *iampb.Policy

	// Resource represents one of GCP organization, folder, and project.
	Resource string
}

IAMResponse contains the IAM policy returned and its resource information.

type ResourcePolicy ¶

type ResourcePolicy struct {
	// Resource represents one of GCP organization, folder, and project.
	Resource string `yaml:"resource,omitempty"`

	// Bindings contains a list of IAM principals/members to role bindings.
	Bindings []*Binding `yaml:"bindings,omitempty"`
}

ResourcePolicy specifies the IAM principals/members to role bindings to be added for a GCP resource IAM policy.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL