gcp

package

v1.0.0 Latest Latest Go to latest Published: Apr 21, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gallettilance/cloud-credential-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CheckCloudCredCreation(gcpClient ccgcp.Client, logger log.FieldLogger) (bool, error)
func CheckCloudCredPassthrough(gcpClient ccgcp.Client, logger log.FieldLogger) (bool, error)
func CheckPermissionsAgainstPermissionList(gcpClient ccgcp.Client, permList []string, logger log.FieldLogger) (bool, error)
func CheckServicesEnabled(gcpClient ccgcp.Client, permList []string, logger log.FieldLogger) (bool, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// CredMintingPermissions is a list of GCP permissions needed to run in the mode where the
	// cloud-credential-operator can mint new creds to satisfy CredentialsRequest CRDs
	CredMintingPermissions = []string{

		"resourcemanager.projects.get",
		"serviceusage.services.list",

		"iam.serviceAccountKeys.create",
		"iam.serviceAccountKeys.delete",
		"iam.serviceAccounts.create",
		"iam.serviceAccounts.delete",
		"iam.serviceAccounts.get",

		"iam.roles.get",
		"resourcemanager.projects.getIamPolicy",
		"resourcemanager.projects.setIamPolicy",
	}

	// CredPassthroughPermissions is a list of GCP permissions needed to run in passthrough mode.
	CredPassthroughPermissions = []string{

		"serviceusage.services.list",

		"resourcemanager.projects.get",

		"iam.roles.get",
	}
)

Functions ¶

func CheckCloudCredCreation ¶

func CheckCloudCredCreation(gcpClient ccgcp.Client, logger log.FieldLogger) (bool, error)

CheckCloudCredCreation will see whether we have enough permissions to create new sub-creds, and whether the necessary services are enabled.

func CheckCloudCredPassthrough ¶

func CheckCloudCredPassthrough(gcpClient ccgcp.Client, logger log.FieldLogger) (bool, error)

CheckCloudCredPassthrough will see if the provided creds are good enough to determine at runtime whether the current credentials are good enough to be passed along as-is to satisfy a CredentialsRequest (and validating that the associated APIs are enabled).

func CheckPermissionsAgainstPermissionList ¶

func CheckPermissionsAgainstPermissionList(gcpClient ccgcp.Client, permList []string, logger log.FieldLogger) (bool, error)

CheckPermissionsAgainstPermissionList will take the passsed-in list of permissions to check whether the provided gcpClient creds have sufficient permissions to perform the actions. Will return true/false indicating whether the permissions are sufficient.

func CheckServicesEnabled ¶

func CheckServicesEnabled(gcpClient ccgcp.Client, permList []string, logger log.FieldLogger) (bool, error)

CheckServicesEnabled will take a list of GCP permissions, and see whether each permissions' related API is enabled.

Types ¶

This section is empty.

Source Files ¶

View all Source files

utils.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL