mirror of
https://github.com/Luzifer/nginx-sso.git
synced 2025-01-19 19:11:57 +00:00
755 lines
30 KiB
Go
755 lines
30 KiB
Go
|
// Copyright 2019 Google LLC
|
||
|
//
|
||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
// you may not use this file except in compliance with the License.
|
||
|
// You may obtain a copy of the License at
|
||
|
//
|
||
|
// https://www.apache.org/licenses/LICENSE-2.0
|
||
|
//
|
||
|
// Unless required by applicable law or agreed to in writing, software
|
||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
// See the License for the specific language governing permissions and
|
||
|
// limitations under the License.
|
||
|
|
||
|
// Code generated by gapic-generator. DO NOT EDIT.
|
||
|
|
||
|
package admin
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"fmt"
|
||
|
"math"
|
||
|
"time"
|
||
|
|
||
|
"github.com/golang/protobuf/proto"
|
||
|
gax "github.com/googleapis/gax-go/v2"
|
||
|
"google.golang.org/api/iterator"
|
||
|
"google.golang.org/api/option"
|
||
|
"google.golang.org/api/transport"
|
||
|
adminpb "google.golang.org/genproto/googleapis/iam/admin/v1"
|
||
|
iampb "google.golang.org/genproto/googleapis/iam/v1"
|
||
|
"google.golang.org/grpc"
|
||
|
"google.golang.org/grpc/codes"
|
||
|
"google.golang.org/grpc/metadata"
|
||
|
)
|
||
|
|
||
|
// IamCallOptions contains the retry settings for each method of IamClient.
|
||
|
type IamCallOptions struct {
|
||
|
ListServiceAccounts []gax.CallOption
|
||
|
GetServiceAccount []gax.CallOption
|
||
|
CreateServiceAccount []gax.CallOption
|
||
|
UpdateServiceAccount []gax.CallOption
|
||
|
DeleteServiceAccount []gax.CallOption
|
||
|
ListServiceAccountKeys []gax.CallOption
|
||
|
GetServiceAccountKey []gax.CallOption
|
||
|
CreateServiceAccountKey []gax.CallOption
|
||
|
DeleteServiceAccountKey []gax.CallOption
|
||
|
SignBlob []gax.CallOption
|
||
|
GetIamPolicy []gax.CallOption
|
||
|
SetIamPolicy []gax.CallOption
|
||
|
TestIamPermissions []gax.CallOption
|
||
|
QueryGrantableRoles []gax.CallOption
|
||
|
SignJwt []gax.CallOption
|
||
|
ListRoles []gax.CallOption
|
||
|
GetRole []gax.CallOption
|
||
|
CreateRole []gax.CallOption
|
||
|
UpdateRole []gax.CallOption
|
||
|
DeleteRole []gax.CallOption
|
||
|
UndeleteRole []gax.CallOption
|
||
|
QueryTestablePermissions []gax.CallOption
|
||
|
}
|
||
|
|
||
|
func defaultIamClientOptions() []option.ClientOption {
|
||
|
return []option.ClientOption{
|
||
|
option.WithEndpoint("iam.googleapis.com:443"),
|
||
|
option.WithScopes(DefaultAuthScopes()...),
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func defaultIamCallOptions() *IamCallOptions {
|
||
|
retry := map[[2]string][]gax.CallOption{
|
||
|
{"default", "idempotent"}: {
|
||
|
gax.WithRetry(func() gax.Retryer {
|
||
|
return gax.OnCodes([]codes.Code{
|
||
|
codes.DeadlineExceeded,
|
||
|
codes.Unavailable,
|
||
|
}, gax.Backoff{
|
||
|
Initial: 100 * time.Millisecond,
|
||
|
Max: 60000 * time.Millisecond,
|
||
|
Multiplier: 1.3,
|
||
|
})
|
||
|
}),
|
||
|
},
|
||
|
}
|
||
|
return &IamCallOptions{
|
||
|
ListServiceAccounts: retry[[2]string{"default", "idempotent"}],
|
||
|
GetServiceAccount: retry[[2]string{"default", "idempotent"}],
|
||
|
CreateServiceAccount: retry[[2]string{"default", "non_idempotent"}],
|
||
|
UpdateServiceAccount: retry[[2]string{"default", "idempotent"}],
|
||
|
DeleteServiceAccount: retry[[2]string{"default", "idempotent"}],
|
||
|
ListServiceAccountKeys: retry[[2]string{"default", "idempotent"}],
|
||
|
GetServiceAccountKey: retry[[2]string{"default", "idempotent"}],
|
||
|
CreateServiceAccountKey: retry[[2]string{"default", "non_idempotent"}],
|
||
|
DeleteServiceAccountKey: retry[[2]string{"default", "idempotent"}],
|
||
|
SignBlob: retry[[2]string{"default", "non_idempotent"}],
|
||
|
GetIamPolicy: retry[[2]string{"default", "non_idempotent"}],
|
||
|
SetIamPolicy: retry[[2]string{"default", "non_idempotent"}],
|
||
|
TestIamPermissions: retry[[2]string{"default", "non_idempotent"}],
|
||
|
QueryGrantableRoles: retry[[2]string{"default", "non_idempotent"}],
|
||
|
SignJwt: retry[[2]string{"default", "non_idempotent"}],
|
||
|
ListRoles: retry[[2]string{"default", "idempotent"}],
|
||
|
GetRole: retry[[2]string{"default", "idempotent"}],
|
||
|
CreateRole: retry[[2]string{"default", "non_idempotent"}],
|
||
|
UpdateRole: retry[[2]string{"default", "non_idempotent"}],
|
||
|
DeleteRole: retry[[2]string{"default", "non_idempotent"}],
|
||
|
UndeleteRole: retry[[2]string{"default", "non_idempotent"}],
|
||
|
QueryTestablePermissions: retry[[2]string{"default", "non_idempotent"}],
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// IamClient is a client for interacting with Google Identity and Access Management (IAM) API.
|
||
|
//
|
||
|
// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
|
||
|
type IamClient struct {
|
||
|
// The connection to the service.
|
||
|
conn *grpc.ClientConn
|
||
|
|
||
|
// The gRPC API client.
|
||
|
iamClient adminpb.IAMClient
|
||
|
|
||
|
// The call options for this service.
|
||
|
CallOptions *IamCallOptions
|
||
|
|
||
|
// The x-goog-* metadata to be sent with each request.
|
||
|
xGoogMetadata metadata.MD
|
||
|
}
|
||
|
|
||
|
// NewIamClient creates a new iam client.
|
||
|
//
|
||
|
// Creates and manages service account objects.
|
||
|
//
|
||
|
// Service account is an account that belongs to your project instead
|
||
|
// of to an individual end user. It is used to authenticate calls
|
||
|
// to a Google API.
|
||
|
//
|
||
|
// To create a service account, specify the project_id and account_id
|
||
|
// for the account. The account_id is unique within the project, and used
|
||
|
// to generate the service account email address and a stable
|
||
|
// unique_id.
|
||
|
//
|
||
|
// All other methods can identify accounts using the format
|
||
|
// projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}.
|
||
|
// Using - as a wildcard for the project will infer the project from
|
||
|
// the account. The account value can be the email address or the
|
||
|
// unique_id of the service account.
|
||
|
func NewIamClient(ctx context.Context, opts ...option.ClientOption) (*IamClient, error) {
|
||
|
conn, err := transport.DialGRPC(ctx, append(defaultIamClientOptions(), opts...)...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
c := &IamClient{
|
||
|
conn: conn,
|
||
|
CallOptions: defaultIamCallOptions(),
|
||
|
|
||
|
iamClient: adminpb.NewIAMClient(conn),
|
||
|
}
|
||
|
c.setGoogleClientInfo()
|
||
|
return c, nil
|
||
|
}
|
||
|
|
||
|
// Connection returns the client's connection to the API service.
|
||
|
func (c *IamClient) Connection() *grpc.ClientConn {
|
||
|
return c.conn
|
||
|
}
|
||
|
|
||
|
// Close closes the connection to the API service. The user should invoke this when
|
||
|
// the client is no longer required.
|
||
|
func (c *IamClient) Close() error {
|
||
|
return c.conn.Close()
|
||
|
}
|
||
|
|
||
|
// setGoogleClientInfo sets the name and version of the application in
|
||
|
// the `x-goog-api-client` header passed on each request. Intended for
|
||
|
// use by Google-written clients.
|
||
|
func (c *IamClient) setGoogleClientInfo(keyval ...string) {
|
||
|
kv := append([]string{"gl-go", versionGo()}, keyval...)
|
||
|
kv = append(kv, "gapic", versionClient, "gax", gax.Version, "grpc", grpc.Version)
|
||
|
c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
|
||
|
}
|
||
|
|
||
|
// ListServiceAccounts lists [ServiceAccounts][google.iam.admin.v1.ServiceAccount] for a project.
|
||
|
func (c *IamClient) ListServiceAccounts(ctx context.Context, req *adminpb.ListServiceAccountsRequest, opts ...gax.CallOption) *ServiceAccountIterator {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.ListServiceAccounts[0:len(c.CallOptions.ListServiceAccounts):len(c.CallOptions.ListServiceAccounts)], opts...)
|
||
|
it := &ServiceAccountIterator{}
|
||
|
req = proto.Clone(req).(*adminpb.ListServiceAccountsRequest)
|
||
|
it.InternalFetch = func(pageSize int, pageToken string) ([]*adminpb.ServiceAccount, string, error) {
|
||
|
var resp *adminpb.ListServiceAccountsResponse
|
||
|
req.PageToken = pageToken
|
||
|
if pageSize > math.MaxInt32 {
|
||
|
req.PageSize = math.MaxInt32
|
||
|
} else {
|
||
|
req.PageSize = int32(pageSize)
|
||
|
}
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.ListServiceAccounts(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, "", err
|
||
|
}
|
||
|
return resp.Accounts, resp.NextPageToken, nil
|
||
|
}
|
||
|
fetch := func(pageSize int, pageToken string) (string, error) {
|
||
|
items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
|
||
|
if err != nil {
|
||
|
return "", err
|
||
|
}
|
||
|
it.items = append(it.items, items...)
|
||
|
return nextPageToken, nil
|
||
|
}
|
||
|
it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
|
||
|
it.pageInfo.MaxSize = int(req.PageSize)
|
||
|
return it
|
||
|
}
|
||
|
|
||
|
// GetServiceAccount gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
|
||
|
func (c *IamClient) GetServiceAccount(ctx context.Context, req *adminpb.GetServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.GetServiceAccount[0:len(c.CallOptions.GetServiceAccount):len(c.CallOptions.GetServiceAccount)], opts...)
|
||
|
var resp *adminpb.ServiceAccount
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.GetServiceAccount(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// CreateServiceAccount creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount]
|
||
|
// and returns it.
|
||
|
func (c *IamClient) CreateServiceAccount(ctx context.Context, req *adminpb.CreateServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.CreateServiceAccount[0:len(c.CallOptions.CreateServiceAccount):len(c.CallOptions.CreateServiceAccount)], opts...)
|
||
|
var resp *adminpb.ServiceAccount
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.CreateServiceAccount(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// UpdateServiceAccount updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
|
||
|
//
|
||
|
// Currently, only the following fields are updatable:
|
||
|
// display_name .
|
||
|
// The etag is mandatory.
|
||
|
func (c *IamClient) UpdateServiceAccount(ctx context.Context, req *adminpb.ServiceAccount, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.UpdateServiceAccount[0:len(c.CallOptions.UpdateServiceAccount):len(c.CallOptions.UpdateServiceAccount)], opts...)
|
||
|
var resp *adminpb.ServiceAccount
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.UpdateServiceAccount(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// DeleteServiceAccount deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
|
||
|
func (c *IamClient) DeleteServiceAccount(ctx context.Context, req *adminpb.DeleteServiceAccountRequest, opts ...gax.CallOption) error {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.DeleteServiceAccount[0:len(c.CallOptions.DeleteServiceAccount):len(c.CallOptions.DeleteServiceAccount)], opts...)
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
_, err = c.iamClient.DeleteServiceAccount(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
// ListServiceAccountKeys lists [ServiceAccountKeys][google.iam.admin.v1.ServiceAccountKey].
|
||
|
func (c *IamClient) ListServiceAccountKeys(ctx context.Context, req *adminpb.ListServiceAccountKeysRequest, opts ...gax.CallOption) (*adminpb.ListServiceAccountKeysResponse, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.ListServiceAccountKeys[0:len(c.CallOptions.ListServiceAccountKeys):len(c.CallOptions.ListServiceAccountKeys)], opts...)
|
||
|
var resp *adminpb.ListServiceAccountKeysResponse
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.ListServiceAccountKeys(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// GetServiceAccountKey gets the [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]
|
||
|
// by key id.
|
||
|
func (c *IamClient) GetServiceAccountKey(ctx context.Context, req *adminpb.GetServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.GetServiceAccountKey[0:len(c.CallOptions.GetServiceAccountKey):len(c.CallOptions.GetServiceAccountKey)], opts...)
|
||
|
var resp *adminpb.ServiceAccountKey
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.GetServiceAccountKey(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// CreateServiceAccountKey creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]
|
||
|
// and returns it.
|
||
|
func (c *IamClient) CreateServiceAccountKey(ctx context.Context, req *adminpb.CreateServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.CreateServiceAccountKey[0:len(c.CallOptions.CreateServiceAccountKey):len(c.CallOptions.CreateServiceAccountKey)], opts...)
|
||
|
var resp *adminpb.ServiceAccountKey
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.CreateServiceAccountKey(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// DeleteServiceAccountKey deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
|
||
|
func (c *IamClient) DeleteServiceAccountKey(ctx context.Context, req *adminpb.DeleteServiceAccountKeyRequest, opts ...gax.CallOption) error {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.DeleteServiceAccountKey[0:len(c.CallOptions.DeleteServiceAccountKey):len(c.CallOptions.DeleteServiceAccountKey)], opts...)
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
_, err = c.iamClient.DeleteServiceAccountKey(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
// SignBlob signs a blob using a service account's system-managed private key.
|
||
|
func (c *IamClient) SignBlob(ctx context.Context, req *adminpb.SignBlobRequest, opts ...gax.CallOption) (*adminpb.SignBlobResponse, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.SignBlob[0:len(c.CallOptions.SignBlob):len(c.CallOptions.SignBlob)], opts...)
|
||
|
var resp *adminpb.SignBlobResponse
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.SignBlob(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// getIamPolicy returns the IAM access control policy for a
|
||
|
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
|
||
|
func (c *IamClient) getIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", req.GetResource()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.GetIamPolicy[0:len(c.CallOptions.GetIamPolicy):len(c.CallOptions.GetIamPolicy)], opts...)
|
||
|
var resp *iampb.Policy
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.GetIamPolicy(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// setIamPolicy sets the IAM access control policy for a
|
||
|
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
|
||
|
func (c *IamClient) setIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", req.GetResource()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.SetIamPolicy[0:len(c.CallOptions.SetIamPolicy):len(c.CallOptions.SetIamPolicy)], opts...)
|
||
|
var resp *iampb.Policy
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.SetIamPolicy(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// TestIamPermissions tests the specified permissions against the IAM access control policy
|
||
|
// for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
|
||
|
func (c *IamClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", req.GetResource()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.TestIamPermissions[0:len(c.CallOptions.TestIamPermissions):len(c.CallOptions.TestIamPermissions)], opts...)
|
||
|
var resp *iampb.TestIamPermissionsResponse
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.TestIamPermissions(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// QueryGrantableRoles queries roles that can be granted on a particular resource.
|
||
|
// A role is grantable if it can be used as the role in a binding for a policy
|
||
|
// for that resource.
|
||
|
func (c *IamClient) QueryGrantableRoles(ctx context.Context, req *adminpb.QueryGrantableRolesRequest, opts ...gax.CallOption) (*adminpb.QueryGrantableRolesResponse, error) {
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata)
|
||
|
opts = append(c.CallOptions.QueryGrantableRoles[0:len(c.CallOptions.QueryGrantableRoles):len(c.CallOptions.QueryGrantableRoles)], opts...)
|
||
|
var resp *adminpb.QueryGrantableRolesResponse
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.QueryGrantableRoles(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// SignJwt signs a JWT using a service account's system-managed private key.
|
||
|
//
|
||
|
// If no expiry time (exp) is provided in the SignJwtRequest, IAM sets an
|
||
|
// an expiry time of one hour by default. If you request an expiry time of
|
||
|
// more than one hour, the request will fail.
|
||
|
func (c *IamClient) SignJwt(ctx context.Context, req *adminpb.SignJwtRequest, opts ...gax.CallOption) (*adminpb.SignJwtResponse, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.SignJwt[0:len(c.CallOptions.SignJwt):len(c.CallOptions.SignJwt)], opts...)
|
||
|
var resp *adminpb.SignJwtResponse
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.SignJwt(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// ListRoles lists the Roles defined on a resource.
|
||
|
func (c *IamClient) ListRoles(ctx context.Context, req *adminpb.ListRolesRequest, opts ...gax.CallOption) *RoleIterator {
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata)
|
||
|
opts = append(c.CallOptions.ListRoles[0:len(c.CallOptions.ListRoles):len(c.CallOptions.ListRoles)], opts...)
|
||
|
it := &RoleIterator{}
|
||
|
req = proto.Clone(req).(*adminpb.ListRolesRequest)
|
||
|
it.InternalFetch = func(pageSize int, pageToken string) ([]*adminpb.Role, string, error) {
|
||
|
var resp *adminpb.ListRolesResponse
|
||
|
req.PageToken = pageToken
|
||
|
if pageSize > math.MaxInt32 {
|
||
|
req.PageSize = math.MaxInt32
|
||
|
} else {
|
||
|
req.PageSize = int32(pageSize)
|
||
|
}
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.ListRoles(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, "", err
|
||
|
}
|
||
|
return resp.Roles, resp.NextPageToken, nil
|
||
|
}
|
||
|
fetch := func(pageSize int, pageToken string) (string, error) {
|
||
|
items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
|
||
|
if err != nil {
|
||
|
return "", err
|
||
|
}
|
||
|
it.items = append(it.items, items...)
|
||
|
return nextPageToken, nil
|
||
|
}
|
||
|
it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
|
||
|
it.pageInfo.MaxSize = int(req.PageSize)
|
||
|
return it
|
||
|
}
|
||
|
|
||
|
// GetRole gets a Role definition.
|
||
|
func (c *IamClient) GetRole(ctx context.Context, req *adminpb.GetRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.GetRole[0:len(c.CallOptions.GetRole):len(c.CallOptions.GetRole)], opts...)
|
||
|
var resp *adminpb.Role
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.GetRole(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// CreateRole creates a new Role.
|
||
|
func (c *IamClient) CreateRole(ctx context.Context, req *adminpb.CreateRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.CreateRole[0:len(c.CallOptions.CreateRole):len(c.CallOptions.CreateRole)], opts...)
|
||
|
var resp *adminpb.Role
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.CreateRole(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// UpdateRole updates a Role definition.
|
||
|
func (c *IamClient) UpdateRole(ctx context.Context, req *adminpb.UpdateRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.UpdateRole[0:len(c.CallOptions.UpdateRole):len(c.CallOptions.UpdateRole)], opts...)
|
||
|
var resp *adminpb.Role
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.UpdateRole(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// DeleteRole soft deletes a role. The role is suspended and cannot be used to create new
|
||
|
// IAM Policy Bindings.
|
||
|
// The Role will not be included in ListRoles() unless show_deleted is set
|
||
|
// in the ListRolesRequest. The Role contains the deleted boolean set.
|
||
|
// Existing Bindings remains, but are inactive. The Role can be undeleted
|
||
|
// within 7 days. After 7 days the Role is deleted and all Bindings associated
|
||
|
// with the role are removed.
|
||
|
func (c *IamClient) DeleteRole(ctx context.Context, req *adminpb.DeleteRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.DeleteRole[0:len(c.CallOptions.DeleteRole):len(c.CallOptions.DeleteRole)], opts...)
|
||
|
var resp *adminpb.Role
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.DeleteRole(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// UndeleteRole undelete a Role, bringing it back in its previous state.
|
||
|
func (c *IamClient) UndeleteRole(ctx context.Context, req *adminpb.UndeleteRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) {
|
||
|
md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata, md)
|
||
|
opts = append(c.CallOptions.UndeleteRole[0:len(c.CallOptions.UndeleteRole):len(c.CallOptions.UndeleteRole)], opts...)
|
||
|
var resp *adminpb.Role
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.UndeleteRole(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return resp, nil
|
||
|
}
|
||
|
|
||
|
// QueryTestablePermissions lists the permissions testable on a resource.
|
||
|
// A permission is testable if it can be tested for an identity on a resource.
|
||
|
func (c *IamClient) QueryTestablePermissions(ctx context.Context, req *adminpb.QueryTestablePermissionsRequest, opts ...gax.CallOption) *PermissionIterator {
|
||
|
ctx = insertMetadata(ctx, c.xGoogMetadata)
|
||
|
opts = append(c.CallOptions.QueryTestablePermissions[0:len(c.CallOptions.QueryTestablePermissions):len(c.CallOptions.QueryTestablePermissions)], opts...)
|
||
|
it := &PermissionIterator{}
|
||
|
req = proto.Clone(req).(*adminpb.QueryTestablePermissionsRequest)
|
||
|
it.InternalFetch = func(pageSize int, pageToken string) ([]*adminpb.Permission, string, error) {
|
||
|
var resp *adminpb.QueryTestablePermissionsResponse
|
||
|
req.PageToken = pageToken
|
||
|
if pageSize > math.MaxInt32 {
|
||
|
req.PageSize = math.MaxInt32
|
||
|
} else {
|
||
|
req.PageSize = int32(pageSize)
|
||
|
}
|
||
|
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
|
||
|
var err error
|
||
|
resp, err = c.iamClient.QueryTestablePermissions(ctx, req, settings.GRPC...)
|
||
|
return err
|
||
|
}, opts...)
|
||
|
if err != nil {
|
||
|
return nil, "", err
|
||
|
}
|
||
|
return resp.Permissions, resp.NextPageToken, nil
|
||
|
}
|
||
|
fetch := func(pageSize int, pageToken string) (string, error) {
|
||
|
items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
|
||
|
if err != nil {
|
||
|
return "", err
|
||
|
}
|
||
|
it.items = append(it.items, items...)
|
||
|
return nextPageToken, nil
|
||
|
}
|
||
|
it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
|
||
|
it.pageInfo.MaxSize = int(req.PageSize)
|
||
|
return it
|
||
|
}
|
||
|
|
||
|
// PermissionIterator manages a stream of *adminpb.Permission.
|
||
|
type PermissionIterator struct {
|
||
|
items []*adminpb.Permission
|
||
|
pageInfo *iterator.PageInfo
|
||
|
nextFunc func() error
|
||
|
|
||
|
// InternalFetch is for use by the Google Cloud Libraries only.
|
||
|
// It is not part of the stable interface of this package.
|
||
|
//
|
||
|
// InternalFetch returns results from a single call to the underlying RPC.
|
||
|
// The number of results is no greater than pageSize.
|
||
|
// If there are no more results, nextPageToken is empty and err is nil.
|
||
|
InternalFetch func(pageSize int, pageToken string) (results []*adminpb.Permission, nextPageToken string, err error)
|
||
|
}
|
||
|
|
||
|
// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
|
||
|
func (it *PermissionIterator) PageInfo() *iterator.PageInfo {
|
||
|
return it.pageInfo
|
||
|
}
|
||
|
|
||
|
// Next returns the next result. Its second return value is iterator.Done if there are no more
|
||
|
// results. Once Next returns Done, all subsequent calls will return Done.
|
||
|
func (it *PermissionIterator) Next() (*adminpb.Permission, error) {
|
||
|
var item *adminpb.Permission
|
||
|
if err := it.nextFunc(); err != nil {
|
||
|
return item, err
|
||
|
}
|
||
|
item = it.items[0]
|
||
|
it.items = it.items[1:]
|
||
|
return item, nil
|
||
|
}
|
||
|
|
||
|
func (it *PermissionIterator) bufLen() int {
|
||
|
return len(it.items)
|
||
|
}
|
||
|
|
||
|
func (it *PermissionIterator) takeBuf() interface{} {
|
||
|
b := it.items
|
||
|
it.items = nil
|
||
|
return b
|
||
|
}
|
||
|
|
||
|
// RoleIterator manages a stream of *adminpb.Role.
|
||
|
type RoleIterator struct {
|
||
|
items []*adminpb.Role
|
||
|
pageInfo *iterator.PageInfo
|
||
|
nextFunc func() error
|
||
|
|
||
|
// InternalFetch is for use by the Google Cloud Libraries only.
|
||
|
// It is not part of the stable interface of this package.
|
||
|
//
|
||
|
// InternalFetch returns results from a single call to the underlying RPC.
|
||
|
// The number of results is no greater than pageSize.
|
||
|
// If there are no more results, nextPageToken is empty and err is nil.
|
||
|
InternalFetch func(pageSize int, pageToken string) (results []*adminpb.Role, nextPageToken string, err error)
|
||
|
}
|
||
|
|
||
|
// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
|
||
|
func (it *RoleIterator) PageInfo() *iterator.PageInfo {
|
||
|
return it.pageInfo
|
||
|
}
|
||
|
|
||
|
// Next returns the next result. Its second return value is iterator.Done if there are no more
|
||
|
// results. Once Next returns Done, all subsequent calls will return Done.
|
||
|
func (it *RoleIterator) Next() (*adminpb.Role, error) {
|
||
|
var item *adminpb.Role
|
||
|
if err := it.nextFunc(); err != nil {
|
||
|
return item, err
|
||
|
}
|
||
|
item = it.items[0]
|
||
|
it.items = it.items[1:]
|
||
|
return item, nil
|
||
|
}
|
||
|
|
||
|
func (it *RoleIterator) bufLen() int {
|
||
|
return len(it.items)
|
||
|
}
|
||
|
|
||
|
func (it *RoleIterator) takeBuf() interface{} {
|
||
|
b := it.items
|
||
|
it.items = nil
|
||
|
return b
|
||
|
}
|
||
|
|
||
|
// ServiceAccountIterator manages a stream of *adminpb.ServiceAccount.
|
||
|
type ServiceAccountIterator struct {
|
||
|
items []*adminpb.ServiceAccount
|
||
|
pageInfo *iterator.PageInfo
|
||
|
nextFunc func() error
|
||
|
|
||
|
// InternalFetch is for use by the Google Cloud Libraries only.
|
||
|
// It is not part of the stable interface of this package.
|
||
|
//
|
||
|
// InternalFetch returns results from a single call to the underlying RPC.
|
||
|
// The number of results is no greater than pageSize.
|
||
|
// If there are no more results, nextPageToken is empty and err is nil.
|
||
|
InternalFetch func(pageSize int, pageToken string) (results []*adminpb.ServiceAccount, nextPageToken string, err error)
|
||
|
}
|
||
|
|
||
|
// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
|
||
|
func (it *ServiceAccountIterator) PageInfo() *iterator.PageInfo {
|
||
|
return it.pageInfo
|
||
|
}
|
||
|
|
||
|
// Next returns the next result. Its second return value is iterator.Done if there are no more
|
||
|
// results. Once Next returns Done, all subsequent calls will return Done.
|
||
|
func (it *ServiceAccountIterator) Next() (*adminpb.ServiceAccount, error) {
|
||
|
var item *adminpb.ServiceAccount
|
||
|
if err := it.nextFunc(); err != nil {
|
||
|
return item, err
|
||
|
}
|
||
|
item = it.items[0]
|
||
|
it.items = it.items[1:]
|
||
|
return item, nil
|
||
|
}
|
||
|
|
||
|
func (it *ServiceAccountIterator) bufLen() int {
|
||
|
return len(it.items)
|
||
|
}
|
||
|
|
||
|
func (it *ServiceAccountIterator) takeBuf() interface{} {
|
||
|
b := it.items
|
||
|
it.items = nil
|
||
|
return b
|
||
|
}
|