README
¶
qsgpm
A commandline tool for management of QuickSight Group and CustomPermission
Install
binary packages
QuickStart
$ qsgpm --help
NAME:
qsgpm - A commandline tool for management of QuickSight Group and CustomPermission
USAGE:
qsgpm --config <config file>
VERSION:
current
COMMANDS:
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--config value, -c value config file path [$CONFIG, $QSGPM_CONFIG]
--dry-run (default: false) [$QSGPM_DRY_RUN]
--log-level value, -l value output log level (debug|info|notice|warn|error) (default: "info") [$QSGPM_LOG_LEVEL]
--help, -h show help (default: false)
--version, -v print the version (default: false)
The simplest configuration is:
required_version: ">=0.0.0"
user:
namespace: default
groups:
- all
rules:
- user:
role: Admin
groups:
- admin
- user:
role: Author
groups:
- author
custom_permission: DefaultAuthor
- user:
role: Reader
groups:
- reader
The above setting means that all users will belong to the group "all" and also to the group for each account role, and Author will have a custom permission named DefaultAuthor.
What conditions do the rules match for users? and if they match, which group they belong to and what custom permissions they should have. The rule matches only one. The Yaml array is evaluated from the top and the first matching rule is applied to each user.
For example, for a more complex configuration where the QuickSight user is an external user, the following is an example of another configuration.
required_version: ">=0.0.0"
user:
identity_type: IAM
namespace: default
groups:
- all
rules:
- user:
role: Admin
groups:
- admin
- user:
identity_type: QuickSight
email_suffix: "@internal.example.com"
role: Author
groups:
- internal_author
- author
custom_permission: InternalAuthor
- user:
role: Author
groups:
- external_author
- author
custom_permission: ExternalAuthor
- user:
session_name_suffix: "@external.example.com"
role: Author
groups:
- external_author
- author
custom_permission: ExternalAuthor
- user:
role: Author
groups:
- internal_author
- author
custom_permission: InternalAuthor
- user:
role: Reader
groups:
- reader
LICENSE
MIT
Documentation
¶
Index ¶
- func WithCreateOnly(f bool) func(*ApplyGroupsOptions) error
- type App
- type ApplyGroupsOptions
- type Config
- func (cfg *Config) GetCustomPermissionName(user *User) *string
- func (cfg *Config) GetGroupNames(user *User) ([]string, bool)
- func (cfg *Config) GetNamespaces() []string
- func (cfg *Config) Load(path string) error
- func (cfg *Config) Restrict() error
- func (c *Config) ValidateVersion(version string) error
- type Group
- type Groups
- func (groups Groups) Add(group, user string)
- func (groups Groups) AddGroup(group string) Group
- func (groups Groups) Assign(user string, groupNames []string)
- func (groups Groups) DiffGroup(other Groups) (add, stable, delete []string)
- func (groups Groups) DiffMembership(other Groups) (add, stable, delete []Membership)
- type Membership
- type QuickSightClient
- type QuickSightDryRunClient
- func (c QuickSightDryRunClient) CreateGroup(ctx context.Context, params *quicksight.CreateGroupInput, ...) (*quicksight.CreateGroupOutput, error)
- func (c QuickSightDryRunClient) CreateGroupMembership(ctx context.Context, params *quicksight.CreateGroupMembershipInput, ...) (*quicksight.CreateGroupMembershipOutput, error)
- func (c QuickSightDryRunClient) DeleteGroup(ctx context.Context, params *quicksight.DeleteGroupInput, ...) (*quicksight.DeleteGroupOutput, error)
- func (c QuickSightDryRunClient) DeleteGroupMembership(ctx context.Context, params *quicksight.DeleteGroupMembershipInput, ...) (*quicksight.DeleteGroupMembershipOutput, error)
- func (c QuickSightDryRunClient) UpdateUser(ctx context.Context, params *quicksight.UpdateUserInput, ...) (*quicksight.UpdateUserOutput, error)
- type QuickSightService
- func (svc QuickSightService) ApplyGroups(ctx context.Context, namespace string, groups Groups, ...) error
- func (svc QuickSightService) GetDryRunService() *QuickSightService
- func (svc QuickSightService) GetGroups(ctx context.Context, namespace string) (Groups, error)
- func (svc QuickSightService) NewUsersPaginator(namespace string) UsersPaginator
- func (svc QuickSightService) UpdateUserCustomPermission(ctx context.Context, user *User, customPermissionName *string) error
- type RuleConfig
- type RunOption
- type User
- type UserConfig
- type UsersPaginator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WithCreateOnly ¶ added in v0.1.0
func WithCreateOnly(f bool) func(*ApplyGroupsOptions) error
Types ¶
type ApplyGroupsOptions ¶ added in v0.1.0
type ApplyGroupsOptions struct {
// contains filtered or unexported fields
}
type Config ¶
type Config struct {
RequiredVersion string `yaml:"required_version"`
CreateOnly bool `yaml:"create_only"`
User *UserConfig `yaml:"user"`
Groups []string `yaml:"groups"`
CustomPermission string `yaml:"custom_permission"`
Rules []*RuleConfig `yaml:"rules"`
// contains filtered or unexported fields
}
func NewDefaultConfig ¶
func NewDefaultConfig() *Config
func (*Config) GetCustomPermissionName ¶
func (*Config) GetNamespaces ¶
func (*Config) ValidateVersion ¶
ValidateVersion validates a version satisfies required_version.
type Group ¶
type Group struct {
// contains filtered or unexported fields
}
func (Group) Diff ¶
func (group Group) Diff(other Group) (add, stable, delete []Membership)
func (Group) Membership ¶
func (group Group) Membership() []Membership
type Groups ¶
func (Groups) DiffMembership ¶
func (groups Groups) DiffMembership(other Groups) (add, stable, delete []Membership)
type Membership ¶
type QuickSightClient ¶
type QuickSightClient interface {
ListUsers(context.Context, *quicksight.ListUsersInput, ...func(*quicksight.Options)) (*quicksight.ListUsersOutput, error)
UpdateUser(ctx context.Context, params *quicksight.UpdateUserInput, optFns ...func(*quicksight.Options)) (*quicksight.UpdateUserOutput, error)
ListGroups(ctx context.Context, params *quicksight.ListGroupsInput, optFns ...func(*quicksight.Options)) (*quicksight.ListGroupsOutput, error)
CreateGroup(ctx context.Context, params *quicksight.CreateGroupInput, optFns ...func(*quicksight.Options)) (*quicksight.CreateGroupOutput, error)
DeleteGroup(ctx context.Context, params *quicksight.DeleteGroupInput, optFns ...func(*quicksight.Options)) (*quicksight.DeleteGroupOutput, error)
ListGroupMemberships(ctx context.Context, params *quicksight.ListGroupMembershipsInput, optFns ...func(*quicksight.Options)) (*quicksight.ListGroupMembershipsOutput, error)
CreateGroupMembership(ctx context.Context, params *quicksight.CreateGroupMembershipInput, optFns ...func(*quicksight.Options)) (*quicksight.CreateGroupMembershipOutput, error)
DeleteGroupMembership(ctx context.Context, params *quicksight.DeleteGroupMembershipInput, optFns ...func(*quicksight.Options)) (*quicksight.DeleteGroupMembershipOutput, error)
}
type QuickSightDryRunClient ¶
type QuickSightDryRunClient struct {
QuickSightClient
}
func (QuickSightDryRunClient) CreateGroup ¶
func (c QuickSightDryRunClient) CreateGroup(ctx context.Context, params *quicksight.CreateGroupInput, optFns ...func(*quicksight.Options)) (*quicksight.CreateGroupOutput, error)
func (QuickSightDryRunClient) CreateGroupMembership ¶
func (c QuickSightDryRunClient) CreateGroupMembership(ctx context.Context, params *quicksight.CreateGroupMembershipInput, optFns ...func(*quicksight.Options)) (*quicksight.CreateGroupMembershipOutput, error)
func (QuickSightDryRunClient) DeleteGroup ¶
func (c QuickSightDryRunClient) DeleteGroup(ctx context.Context, params *quicksight.DeleteGroupInput, optFns ...func(*quicksight.Options)) (*quicksight.DeleteGroupOutput, error)
func (QuickSightDryRunClient) DeleteGroupMembership ¶
func (c QuickSightDryRunClient) DeleteGroupMembership(ctx context.Context, params *quicksight.DeleteGroupMembershipInput, optFns ...func(*quicksight.Options)) (*quicksight.DeleteGroupMembershipOutput, error)
func (QuickSightDryRunClient) UpdateUser ¶
func (c QuickSightDryRunClient) UpdateUser(ctx context.Context, params *quicksight.UpdateUserInput, optFns ...func(*quicksight.Options)) (*quicksight.UpdateUserOutput, error)
type QuickSightService ¶
type QuickSightService struct {
// contains filtered or unexported fields
}
func (QuickSightService) ApplyGroups ¶
func (svc QuickSightService) ApplyGroups(ctx context.Context, namespace string, groups Groups, optFns ...func(opt *ApplyGroupsOptions) error) error
func (QuickSightService) GetDryRunService ¶
func (svc QuickSightService) GetDryRunService() *QuickSightService
func (QuickSightService) NewUsersPaginator ¶
func (svc QuickSightService) NewUsersPaginator(namespace string) UsersPaginator
func (QuickSightService) UpdateUserCustomPermission ¶
type RuleConfig ¶
type RuleConfig struct {
User *UserConfig `yaml:"user"`
Groups []string `yaml:"groups"`
CustomPermission string `yaml:"custom_permission"`
}
func (*RuleConfig) GetCustomPermissionName ¶
func (cfg *RuleConfig) GetCustomPermissionName(user *User) (string, bool)
func (*RuleConfig) GetGroupNames ¶
func (cfg *RuleConfig) GetGroupNames(user *User) ([]string, bool)
func (*RuleConfig) Restrict ¶
func (cfg *RuleConfig) Restrict() error
type User ¶
func (*User) IAMRoleName ¶
func (*User) IsNeedUpdateCustomPermission ¶
func (*User) SessionName ¶
type UserConfig ¶
type UserConfig struct {
IdentityType string `yaml:"identity_type"`
SessionNameSuffix string `yaml:"session_name_suffix"`
EmailSuffix string `yaml:"email_suffix"`
Namespace string `yaml:"namespace"`
IAMRoleName string `yaml:"iam_role_name"`
Role string `yaml:"role"`
// contains filtered or unexported fields
}
func (*UserConfig) Clone ¶
func (cfg *UserConfig) Clone() *UserConfig
func (*UserConfig) Match ¶
func (cfg *UserConfig) Match(user *User) bool
func (*UserConfig) Merge ¶
func (cfg *UserConfig) Merge(other *UserConfig) *UserConfig
func (*UserConfig) Restrict ¶
func (cfg *UserConfig) Restrict() error
type UsersPaginator ¶
type UsersPaginator struct {
// contains filtered or unexported fields
}
func (UsersPaginator) HasMoreUsers ¶
func (p UsersPaginator) HasMoreUsers() bool
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.