...

Source file src/cloud.google.com/go/storage/iam.go

Documentation: cloud.google.com/go/storage 

     1  // Copyright 2017 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package storage
    16  
    17  import (
    18  	"context"
    19  
    20  	"cloud.google.com/go/iam"
    21  	"cloud.google.com/go/iam/apiv1/iampb"
    22  	"cloud.google.com/go/internal/trace"
    23  	raw "google.golang.org/api/storage/v1"
    24  	"google.golang.org/genproto/googleapis/type/expr"
    25  )
    26  
    27  // IAM provides access to IAM access control for the bucket.
    28  func (b *BucketHandle) IAM() *iam.Handle {
    29  	return iam.InternalNewHandleClient(&iamClient{
    30  		userProject: b.userProject,
    31  		retry:       b.retry,
    32  		client:      b.c,
    33  	}, b.name)
    34  }
    35  
    36  // iamClient implements the iam.client interface.
    37  type iamClient struct {
    38  	userProject string
    39  	retry       *retryConfig
    40  	client      *Client
    41  }
    42  
    43  func (c *iamClient) Get(ctx context.Context, resource string) (p *iampb.Policy, err error) {
    44  	return c.GetWithVersion(ctx, resource, 1)
    45  }
    46  
    47  func (c *iamClient) GetWithVersion(ctx context.Context, resource string, requestedPolicyVersion int32) (p *iampb.Policy, err error) {
    48  	ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.IAM.Get")
    49  	defer func() { trace.EndSpan(ctx, err) }()
    50  
    51  	o := makeStorageOpts(true, c.retry, c.userProject)
    52  	return c.client.tc.GetIamPolicy(ctx, resource, requestedPolicyVersion, o...)
    53  }
    54  
    55  func (c *iamClient) Set(ctx context.Context, resource string, p *iampb.Policy) (err error) {
    56  	ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.IAM.Set")
    57  	defer func() { trace.EndSpan(ctx, err) }()
    58  
    59  	isIdempotent := len(p.Etag) > 0
    60  	o := makeStorageOpts(isIdempotent, c.retry, c.userProject)
    61  	return c.client.tc.SetIamPolicy(ctx, resource, p, o...)
    62  }
    63  
    64  func (c *iamClient) Test(ctx context.Context, resource string, perms []string) (permissions []string, err error) {
    65  	ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.IAM.Test")
    66  	defer func() { trace.EndSpan(ctx, err) }()
    67  
    68  	o := makeStorageOpts(true, c.retry, c.userProject)
    69  	return c.client.tc.TestIamPermissions(ctx, resource, perms, o...)
    70  }
    71  
    72  func iamToStoragePolicy(ip *iampb.Policy) *raw.Policy {
    73  	return &raw.Policy{
    74  		Bindings: iamToStorageBindings(ip.Bindings),
    75  		Etag:     string(ip.Etag),
    76  		Version:  int64(ip.Version),
    77  	}
    78  }
    79  
    80  func iamToStorageBindings(ibs []*iampb.Binding) []*raw.PolicyBindings {
    81  	var rbs []*raw.PolicyBindings
    82  	for _, ib := range ibs {
    83  		rbs = append(rbs, &raw.PolicyBindings{
    84  			Role:      ib.Role,
    85  			Members:   ib.Members,
    86  			Condition: iamToStorageCondition(ib.Condition),
    87  		})
    88  	}
    89  	return rbs
    90  }
    91  
    92  func iamToStorageCondition(exprpb *expr.Expr) *raw.Expr {
    93  	if exprpb == nil {
    94  		return nil
    95  	}
    96  	return &raw.Expr{
    97  		Expression:  exprpb.Expression,
    98  		Description: exprpb.Description,
    99  		Location:    exprpb.Location,
   100  		Title:       exprpb.Title,
   101  	}
   102  }
   103  
   104  func iamFromStoragePolicy(rp *raw.Policy) *iampb.Policy {
   105  	return &iampb.Policy{
   106  		Bindings: iamFromStorageBindings(rp.Bindings),
   107  		Etag:     []byte(rp.Etag),
   108  	}
   109  }
   110  
   111  func iamFromStorageBindings(rbs []*raw.PolicyBindings) []*iampb.Binding {
   112  	var ibs []*iampb.Binding
   113  	for _, rb := range rbs {
   114  		ibs = append(ibs, &iampb.Binding{
   115  			Role:      rb.Role,
   116  			Members:   rb.Members,
   117  			Condition: iamFromStorageCondition(rb.Condition),
   118  		})
   119  	}
   120  	return ibs
   121  }
   122  
   123  func iamFromStorageCondition(rawexpr *raw.Expr) *expr.Expr {
   124  	if rawexpr == nil {
   125  		return nil
   126  	}
   127  	return &expr.Expr{
   128  		Expression:  rawexpr.Expression,
   129  		Description: rawexpr.Description,
   130  		Location:    rawexpr.Location,
   131  		Title:       rawexpr.Title,
   132  	}
   133  }
   134  

View as plain text