externalonly.go

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/iam/iamclient

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package iamclient
    16  
    17  import (
    18  	"fmt"
    19  
    20  	corekccv1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/core/v1alpha1"
    21  	iamv1beta1 "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/iam/v1beta1"
    22  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/gvks/externalonlygvks"
    23  
    24  	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
    25  	"k8s.io/apimachinery/pkg/runtime/schema"
    26  )
    27  
    28  // ExternalOnlyType is a KCC resource type that KCC does not support as a
    29  // core resource, but does support referencing externally in IAM.
    30  type ExternalOnlyType struct {
    31  	// UnstuctHandler is a function that fills in the external field information
    32  	// from the given reference into the given unstructured object.
    33  	UnstructHandler func(ref iamv1beta1.ResourceReference, u *unstructured.Unstructured) *unstructured.Unstructured
    34  
    35  	// ResourceConfig is a skeleton resource config that includes IAM configuration
    36  	// needed to map to the proper Terraform resource.
    37  	ResourceConfig *corekccv1alpha1.ResourceConfig
    38  
    39  	// ExternalFormat is the format the external field is expected to match. This
    40  	// is used for documentation only. Ex. "{{org_id}}"
    41  	ExternalFormat string
    42  }
    43  
    44  var ExternalOnlyTypes = map[schema.GroupVersionKind]ExternalOnlyType{
    45  	externalonlygvks.OrganizationGVK: {
    46  		UnstructHandler: func(ref iamv1beta1.ResourceReference, u *unstructured.Unstructured) *unstructured.Unstructured {
    47  			u.Object["spec"] = map[string]interface{}{
    48  				"org_id": ref.External,
    49  			}
    50  			return u
    51  		},
    52  		ResourceConfig: &corekccv1alpha1.ResourceConfig{
    53  			IAMConfig: corekccv1alpha1.IAMConfig{
    54  				PolicyName:       "google_organization_iam_policy",
    55  				PolicyMemberName: "google_organization_iam_member",
    56  				AuditConfigName:  "google_organization_iam_audit_config",
    57  				ReferenceField: corekccv1alpha1.IAMReferenceField{
    58  					Name: "org_id",
    59  					Type: "id",
    60  				},
    61  				SupportsConditions: true,
    62  			},
    63  		},
    64  		ExternalFormat: "{{org_id}}",
    65  	},
    66  	externalonlygvks.BillingAccountGVK: {
    67  		UnstructHandler: func(ref iamv1beta1.ResourceReference, u *unstructured.Unstructured) *unstructured.Unstructured {
    68  			u.Object["spec"] = map[string]interface{}{
    69  				"billing_account_id": ref.External,
    70  			}
    71  			return u
    72  		},
    73  		ResourceConfig: &corekccv1alpha1.ResourceConfig{
    74  			IAMConfig: corekccv1alpha1.IAMConfig{
    75  				PolicyName:       "google_billing_account_iam_policy",
    76  				PolicyMemberName: "google_billing_account_iam_member",
    77  				ReferenceField: corekccv1alpha1.IAMReferenceField{
    78  					Name: "billing_account_id",
    79  					Type: "id",
    80  				},
    81  				SupportsConditions: true,
    82  			},
    83  		},
    84  		ExternalFormat: "{{billing_account_id}}",
    85  	},
    86  }
    87  
    88  func GetResourceConfigForExternalOnlyGVK(gvk schema.GroupVersionKind) (*corekccv1alpha1.ResourceConfig, error) {
    89  	ext, ok := ExternalOnlyTypes[gvk]
    90  	if !ok {
    91  		return nil, fmt.Errorf("unsupported external-only reference of type %v", gvk)
    92  	}
    93  	return ext.ResourceConfig, nil
    94  }
    95  
    96  func unstructuredIAMSkeletonForExternalOnlyRef(resourceRef iamv1beta1.ResourceReference, u *unstructured.Unstructured) (
    97  	*unstructured.Unstructured, error) {
    98  	gvk := resourceRef.GroupVersionKind()
    99  	ext, ok := ExternalOnlyTypes[gvk]
   100  	if !ok {
   101  		return nil, fmt.Errorf("unsupported external-only reference of type %v", gvk)
   102  	}
   103  	return ext.UnstructHandler(resourceRef, u), nil
   104  }
   105
View as plain text