iam

package
v1.151.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 12, 2026 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Copyright 2025 Google LLC

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	LogTypeUnspecified = "LOG_TYPE_UNSPECIFIED"
	AdminRead          = "ADMIN_READ"
	DataWrite          = "DATA_WRITE"
	DataRead           = "DATA_READ"
)

Variables

This section is empty.

Functions

func ComputePartialPolicyWithMergedBindings 

func ComputePartialPolicyWithMergedBindings(partialPolicy *v1beta1.IAMPartialPolicy, livePolicy *v1beta1.IAMPolicy, resolver MemberIdentityResolver) (*v1beta1.IAMPartialPolicy, error)

The status.AllBindings in the returned IAMPartialPolicy reflects a mix of user specified bindings and the existing bindings associated with the GCP resource. The merge strategy takes effect on the member level with {role, condition} tuples as keys. The status.LastAppliedBindings in the returned IAMPartialPolicy reflects a list of canonical bindings that specified by users.

func ComputePartialPolicyWithRemainingBindings 

func ComputePartialPolicyWithRemainingBindings(partialPolicy *v1beta1.IAMPartialPolicy, livePolicy *v1beta1.IAMPolicy) *v1beta1.IAMPartialPolicy

ComputePartialPolicyWithRemainingBindings returns the IAMPartialPolicy that results after the user's last applied bindings (as specified by the input IAMPartialPolicy) are deleted from the underlying IAM Policy (as specified by the input IAMPolicy). This function is intended to be called on IAMPartialPolicy resources deletion.

The status.AllBindings in the returned IAMPartialPolicy reflects the remaining bindings that are computed by pruning last applied bindings (bindings managed by KCC) from all the existing bindings from the underlying IAM Policy. The status.LastAppliedBindings in the returned IAMPartialPolicy will be cleared.

func ConvertIAMPartialBindingsToIAMPolicyBindings 

func ConvertIAMPartialBindingsToIAMPolicyBindings(partialPolicy *v1beta1.IAMPartialPolicy, resolver MemberIdentityResolver) (bindings []v1beta1.IAMPolicyBinding, err error)

func DenyRule_FromProto added in v1.135.0 

func DenyRule_FromProto(mapCtx *direct.MapContext, in *pb.DenyRule) *krmv1alpha1.DenyRule

func DenyRule_ToProto added in v1.135.0 

func DenyRule_ToProto(mapCtx *direct.MapContext, in *krmv1alpha1.DenyRule) *pb.DenyRule

func Expr_FromProto added in v1.135.0 

func Expr_FromProto(mapCtx *direct.MapContext, in *exprpb.Expr) *krmv1alpha1.Expr

func Expr_ToProto added in v1.135.0 

func Expr_ToProto(mapCtx *direct.MapContext, in *krmv1alpha1.Expr) *exprpb.Expr

func IAMDenyPolicyObservedState_FromProto added in v1.135.0 

func IAMDenyPolicyObservedState_FromProto(mapCtx *direct.MapContext, in *pb.Policy) *krmv1alpha1.IAMDenyPolicyObservedState

func IAMDenyPolicyObservedState_ToProto added in v1.135.0 

func IAMDenyPolicyObservedState_ToProto(mapCtx *direct.MapContext, in *krmv1alpha1.IAMDenyPolicyObservedState) *pb.Policy

func IAMDenyPolicySpec_FromProto added in v1.135.0 

func IAMDenyPolicySpec_FromProto(mapCtx *direct.MapContext, in *pb.Policy) *krmv1alpha1.IAMDenyPolicySpec

func IAMDenyPolicySpec_ToProto added in v1.135.0 

func IAMDenyPolicySpec_ToProto(mapCtx *direct.MapContext, in *krmv1alpha1.IAMDenyPolicySpec) *pb.Policy

func IAMPolicySpec_FromProto 

func IAMPolicySpec_FromProto(_ *direct.MapContext, in *iampb.Policy) *krm.IAMPolicySpec

func IAMPolicySpec_ToProto 

func IAMPolicySpec_ToProto(_ *direct.MapContext, in *krm.IAMPolicySpec) *iampb.Policy

func IAMServiceAccountKeyObservedState_FromProto added in v1.145.0 

func IAMServiceAccountKeyObservedState_FromProto(mapCtx *direct.MapContext, in *adminpb.ServiceAccountKey) *krm.IAMServiceAccountKeyObservedState

func IAMServiceAccountKeyObservedState_ToProto added in v1.145.0 

func IAMServiceAccountKeyObservedState_ToProto(mapCtx *direct.MapContext, in *krm.IAMServiceAccountKeyObservedState) *adminpb.ServiceAccountKey

func IAMServiceAccountKeySpec_FromProto added in v1.145.0 

func IAMServiceAccountKeySpec_FromProto(mapCtx *direct.MapContext, in *adminpb.ServiceAccountKey) *krm.IAMServiceAccountKeySpec

func IAMServiceAccountKeySpec_ToProto added in v1.145.0 

func IAMServiceAccountKeySpec_ToProto(mapCtx *direct.MapContext, in *krm.IAMServiceAccountKeySpec) *adminpb.ServiceAccountKey

func NewIAMPartialPolicyModel 

func NewIAMPartialPolicyModel(ctx context.Context, config *config.ControllerConfig) (directbase.Model, error)

func PolicyRule_FromProto added in v1.135.0 

func PolicyRule_FromProto(mapCtx *direct.MapContext, in *pb.PolicyRule) *krmv1alpha1.PolicyRule

func PolicyRule_ToProto added in v1.135.0 

func PolicyRule_ToProto(mapCtx *direct.MapContext, in *krmv1alpha1.PolicyRule) *pb.PolicyRule

func ToIAMPolicySkeleton added in v1.137.0 

func ToIAMPolicySkeleton(p *krm.IAMPartialPolicy) *krm.IAMPolicy

ToIAMPolicySkeleton creates an IAMPolicy struct with ObjectMeta and resource reference copied from the partial policy. The skeleton struct can be passed to IAMClient.GetPolicy() to fetch the live IAM policy.

Types

type IAMMemberIdentityResolver 

type IAMMemberIdentityResolver struct {
	IAMClient *kcciamclient.IAMClient
	Ctx       context.Context
}

IAMMemberIdentityResolver helps to resolve referenced member identity

func (IAMMemberIdentityResolver) Resolve 

func (t IAMMemberIdentityResolver) Resolve(member krm.Member, memberFrom *krm.MemberSource, defaultNamespace string) (string, error)

type IAMPartialPolicyAdapter 

type IAMPartialPolicyAdapter struct {
	// contains filtered or unexported fields
}

func (*IAMPartialPolicyAdapter) Create 

func (a *IAMPartialPolicyAdapter) Create(ctx context.Context, createOp *directbase.CreateOperation) error

func (*IAMPartialPolicyAdapter) Delete 

func (a *IAMPartialPolicyAdapter) Delete(ctx context.Context, deleteOp *directbase.DeleteOperation) (bool, error)

func (*IAMPartialPolicyAdapter) Export 

func (a *IAMPartialPolicyAdapter) Export(ctx context.Context) (*unstructured.Unstructured, error)

func (*IAMPartialPolicyAdapter) Find 

func (a *IAMPartialPolicyAdapter) Find(ctx context.Context) (bool, error)

func (*IAMPartialPolicyAdapter) Update 

func (a *IAMPartialPolicyAdapter) Update(ctx context.Context, updateOp *directbase.UpdateOperation) error

type MemberIdentityResolver 

type MemberIdentityResolver interface {
	Resolve(v1beta1.Member, *v1beta1.MemberSource, string) (string, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.