Adding new provider
Introduce new provider type
domain/provider.go
package domain
...
const (
...
// ProviderTypeNoOp is the type name for No-Op provider
ProviderTypeNoOp = "noop"
)
Initialize the provider
internal/server/services.go
import (
...
"github.com/goto/guardian/plugins/providers/noop"
)
...
func InitServices(deps ServiceDeps) (*Services, error) {
...
providerClients := []provider.Client{
...
noop.NewProvider(domain.ProviderTypeNoOp, deps.Logger),
}
Provider implementation
Interfaces
Provider should implement provider.Client
, providers.PermissionManager
and providers.Client
interface
core/provider/service.go
type Client interface {
providers.PermissionManager
providers.Client
}
plugins/providers/client.go
type Client interface {
GetType() string
CreateConfig(*domain.ProviderConfig) error
GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, error)
GrantAccess(*domain.ProviderConfig, domain.Grant) error
RevokeAccess(*domain.ProviderConfig, domain.Grant) error
GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)
GetAccountTypes() []string
ListAccess(context.Context, domain.ProviderConfig, []*domain.Resource) (domain.MapResourceAccess, error)
}
type PermissionManager interface {
GetPermissions(p *domain.ProviderConfig, resourceType, role string) ([]interface{}, error)
}
Example NoOp Provider
plugins/providers/noop/provider.go
package noop
...
type Provider struct {
provider.UnimplementedClient
provider.PermissionManager
typeName string
logger log.Logger
}
func NewProvider(typeName string, logger log.Logger) *Provider {
return &Provider{
typeName: typeName,
logger: logger,
}
}
func (p *Provider) GetType() string {
return p.typeName
}
func (p *Provider) CreateConfig(cfg *domain.ProviderConfig) error {
// CreateConfig implementation
}
func (p *Provider) GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, error) {
// GetResources implementation
}
func (p *Provider) GrantAccess(*domain.ProviderConfig, domain.Grant) error {
// GrantAccess implementation
}
func (p *Provider) RevokeAccess(*domain.ProviderConfig, domain.Grant) error {
// RevokeAccess implementation
}
func (p *Provider) GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error) {
// GetRoles implementation
}
func (p *Provider) GetAccountTypes() []string {
// GetAccountTypes implementation
}
See full implementation here