Source file src/edge-infra.dev/pkg/lib/gcp/iam/roles/roles.go

Documentation: edge-infra.dev/pkg/lib/gcp/iam/roles

     1  package roles
     2  
     3  import "strings"
     4  
     5  // Strings for GCP IAM Roles
     6  
     7  // Basic roles
     8  const (
     9  	Owner  = "roles/owner"
    10  	Editor = "roles/editor"
    11  	Viewer = "roles/viewer"
    12  )
    13  
    14  // Resource Manager
    15  const (
    16  	ProjectCreator = "roles/resourcemanager.projectCreator"
    17  	ProjectAdmin   = "roles/resourcemanager.projectIamAdmin"
    18  	FolderAdmin    = "roles/resourcemanager.folderAdmin"
    19  	FolderEditor   = "roles/resourcemanager.folderEditor"
    20  )
    21  
    22  // GKE Connect
    23  const (
    24  	GKEHubConnect = "roles/gkehub.connect"
    25  	GKEHubAdmin   = "roles/gkehub.admin"
    26  	GKEHubViewer  = "roles/gkehub.viewer"
    27  )
    28  
    29  // GKE
    30  const (
    31  	GKEViewer       = "roles/container.clusterViewer"
    32  	GKEClusterAdmin = "roles/container.clusterAdmin"
    33  	GKEAdmin        = "roles/container.admin"
    34  )
    35  
    36  // Secret Manager
    37  const (
    38  	SecretAccessor = "roles/secretmanager.secretAccessor"
    39  	SecretAdmin    = "roles/secretmanager.admin"
    40  )
    41  
    42  // Identity Aware Proxy
    43  const (
    44  	IAPSecuredWebAppUser = "roles/iap.httpsResourceAccessor"
    45  )
    46  
    47  // WorkloadIdentity
    48  const (
    49  	WorkloadIdentityUser = "roles/iam.workloadIdentityUser"
    50  )
    51  
    52  // Artifactory
    53  const (
    54  	ArtifactoryReader = "roles/artifactregistry.reader"
    55  )
    56  
    57  // GCP Storage
    58  const (
    59  	StorageAdmin              = "roles/storage.admin"
    60  	StorageObjectAdmin        = "roles/storage.objectAdmin"
    61  	StorageObjectCreator      = "roles/storage.objectCreator"
    62  	StorageObjectViewer       = "roles/storage.objectViewer"
    63  	StorageLegacyBucketReader = "roles/storage.legacyBucketReader"
    64  	StorageLegacyObjectReader = "roles/storage.legacyObjectReader"
    65  )
    66  
    67  // Pubsub
    68  const (
    69  	PubsubAdmin      = "roles/pubsub.admin"
    70  	PubsubEditor     = "roles/pubsub.editor"
    71  	PubsubPublisher  = "roles/pubsub.publisher"
    72  	PubsubViewer     = "roles/pubsub.viewer"
    73  	PubsubSubscriber = "roles/pubsub.subscriber"
    74  )
    75  
    76  // BigQuery
    77  const (
    78  	BigQueryDataEditor = "roles/bigquery.dataEditor"
    79  )
    80  
    81  // Monitoring
    82  const (
    83  	MonitoringViewer  = "roles/monitoring.viewer"
    84  	LogWriter         = "roles/logging.logWriter"
    85  	MetricWriter      = "roles/monitoring.metricWriter"
    86  	StackDriverWriter = "roles/stackdriver.resourceMetadata.writer"
    87  )
    88  
    89  // RoleToK8sString converts a roleString (roles/foo.blah) or project/bar/roles/foo.blah into a valid K8s
    90  // resource name string (foo-blah)
    91  func RoleToK8sString(roleString string) string {
    92  	roleSplit := strings.Split(roleString, "/")
    93  	if len(roleSplit) >= 4 {
    94  		return strings.ToLower(strings.ReplaceAll(roleSplit[3], ".", "-"))
    95  	}
    96  	return strings.ToLower(strings.ReplaceAll(roleSplit[1], ".", "-"))
    97  }
    98  

View as plain text