forked from remote/oauth2
go fmt
This commit is contained in:
Patrick Jones
@@ -2,7 +2,7 @@
|
|||||||
Package downscope implements the ability to downwcope, or restrict, the
|
Package downscope implements the ability to downwcope, or restrict, the
|
||||||
Identity and AccessManagement permissions that a short-lived Token
|
Identity and AccessManagement permissions that a short-lived Token
|
||||||
can use. Please note that only Google Cloud Storage supports this feature.
|
can use. Please note that only Google Cloud Storage supports this feature.
|
||||||
*/
|
*/
|
||||||
package downscope
|
package downscope
|
||||||
|
|
||||||
import (
|
import (
|
||||||
@@ -32,9 +32,9 @@ type AvailabilityCondition struct {
|
|||||||
// A condition expression that specifies the Cloud Storage objects where
|
// A condition expression that specifies the Cloud Storage objects where
|
||||||
// permissions are available. For further documentation, see
|
// permissions are available. For further documentation, see
|
||||||
// https://cloud.google.com/iam/docs/conditions-overview
|
// https://cloud.google.com/iam/docs/conditions-overview
|
||||||
Expression string `json:"expression"`
|
Expression string `json:"expression"`
|
||||||
// Optional. A short string that identifies the purpose of the condition.
|
// Optional. A short string that identifies the purpose of the condition.
|
||||||
Title string `json:"title,omitempty"`
|
Title string `json:"title,omitempty"`
|
||||||
// Optional. Details about the purpose of the condition.
|
// Optional. Details about the purpose of the condition.
|
||||||
Description string `json:"description,omitempty"`
|
Description string `json:"description,omitempty"`
|
||||||
}
|
}
|
||||||
@@ -44,18 +44,18 @@ type AvailabilityCondition struct {
|
|||||||
type AccessBoundaryRule struct {
|
type AccessBoundaryRule struct {
|
||||||
// AvailableResource is the full resource name of the Cloud Storage bucket that the rule applies to.
|
// AvailableResource is the full resource name of the Cloud Storage bucket that the rule applies to.
|
||||||
// Use the format //storage.googleapis.com/projects/_/buckets/bucket-name.
|
// Use the format //storage.googleapis.com/projects/_/buckets/bucket-name.
|
||||||
AvailableResource string `json:"availableResource"`
|
AvailableResource string `json:"availableResource"`
|
||||||
// AvailablePermissions is a list that defines the upper bound on the available permissions
|
// AvailablePermissions is a list that defines the upper bound on the available permissions
|
||||||
// for the resource. Each value is the identifier for an IAM predefined role or custom role,
|
// for the resource. Each value is the identifier for an IAM predefined role or custom role,
|
||||||
// with the prefix inRole:. For example: inRole:roles/storage.objectViewer.
|
// with the prefix inRole:. For example: inRole:roles/storage.objectViewer.
|
||||||
// Only the permissions in these roles will be available.
|
// Only the permissions in these roles will be available.
|
||||||
AvailablePermissions []string `json:"availablePermissions"`
|
AvailablePermissions []string `json:"availablePermissions"`
|
||||||
// An optional Condition that restricts the availability of permissions
|
// An optional Condition that restricts the availability of permissions
|
||||||
// to specific Cloud Storage objects.
|
// to specific Cloud Storage objects.
|
||||||
//
|
//
|
||||||
// Use this field if you want to make permissions available for specific objects,
|
// Use this field if you want to make permissions available for specific objects,
|
||||||
// rather than all objects in a Cloud Storage bucket.
|
// rather than all objects in a Cloud Storage bucket.
|
||||||
Condition *AvailabilityCondition `json:"availabilityCondition,omitempty"`
|
Condition *AvailabilityCondition `json:"availabilityCondition,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type downscopedTokenResponse struct {
|
type downscopedTokenResponse struct {
|
||||||
@@ -70,7 +70,7 @@ type DownscopingConfig struct {
|
|||||||
// RootSource is the TokenSource used to create the downscoped token.
|
// RootSource is the TokenSource used to create the downscoped token.
|
||||||
// The downscoped token therefore has some subset of the accesses of
|
// The downscoped token therefore has some subset of the accesses of
|
||||||
// the original RootSource.
|
// the original RootSource.
|
||||||
RootSource oauth2.TokenSource
|
RootSource oauth2.TokenSource
|
||||||
// CredentialAccessBoundary defines the accesses held by the new
|
// CredentialAccessBoundary defines the accesses held by the new
|
||||||
// downscoped Token.
|
// downscoped Token.
|
||||||
CredentialAccessBoundary AccessBoundary
|
CredentialAccessBoundary AccessBoundary
|
||||||
|
|||||||
@@ -63,7 +63,6 @@ func Example() {
|
|||||||
availableResource := "//storage.googleapis.com/projects/_/buckets/foo"
|
availableResource := "//storage.googleapis.com/projects/_/buckets/foo"
|
||||||
availablePermissions := []string{"inRole:roles/storage.objectViewer"}
|
availablePermissions := []string{"inRole:roles/storage.objectViewer"}
|
||||||
|
|
||||||
|
|
||||||
// Initializes an accessBoundary
|
// Initializes an accessBoundary
|
||||||
myBoundary := AccessBoundary{make([]AccessBoundaryRule, 0)}
|
myBoundary := AccessBoundary{make([]AccessBoundaryRule, 0)}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user