Skip to main content

Adding new provider

Introduce new provider type

domain/provider.go
package domain

...

const (
    ...
    // ProviderTypeNoOp is the type name for No-Op provider
    ProviderTypeNoOp = "noop"
)

Initialize the provider

internal/server/services.go
import (
    ...
    "github.com/raystack/guardian/plugins/providers/noop"
)

...

func InitServices(deps ServiceDeps) (*Services, error) {
    ...
    providerClients := []provider.Client{
        ...
        noop.NewProvider(domain.ProviderTypeNoOp, deps.Logger),
    }

Provider implementation

Interfaces

Provider should implement provider.Client, providers.PermissionManager and providers.Client interface

core/provider/service.go
type Client interface {
    providers.PermissionManager
    providers.Client
}
plugins/providers/client.go
type Client interface {
    GetType() string
    CreateConfig(*domain.ProviderConfig) error
    GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, error)
    GrantAccess(*domain.ProviderConfig, domain.Grant) error
    RevokeAccess(*domain.ProviderConfig, domain.Grant) error
    GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)
    GetAccountTypes() []string
    ListAccess(context.Context, domain.ProviderConfig, []*domain.Resource) (domain.MapResourceAccess, error)
}

type PermissionManager interface {
    GetPermissions(p *domain.ProviderConfig, resourceType, role string) ([]interface{}, error)
}

Example NoOp Provider

plugins/providers/noop/provider.go
package noop

...

type Provider struct {
    provider.UnimplementedClient
    provider.PermissionManager

    typeName string

    logger log.Logger
}

func NewProvider(typeName string, logger log.Logger) *Provider {
    return &Provider{
        typeName: typeName,

        logger: logger,
    }
}

func (p *Provider) GetType() string {
    return p.typeName
}

func (p *Provider) CreateConfig(cfg *domain.ProviderConfig) error {
    // CreateConfig implementation
}

func (p *Provider) GetResources(pc *domain.ProviderConfig) ([]*domain.Resource, error) {
    // GetResources implementation
}

func (p *Provider) GrantAccess(*domain.ProviderConfig, domain.Grant) error {
    // GrantAccess implementation
}

func (p *Provider) RevokeAccess(*domain.ProviderConfig, domain.Grant) error {
    // RevokeAccess implementation
}

func (p *Provider) GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error) {
    // GetRoles implementation
}

func (p *Provider) GetAccountTypes() []string {
    // GetAccountTypes implementation
}

See full implementation here