feat: iam request definition (#3)

gcp policy type:
https://cloud.google.com/resource-manager/reference/rest/Shared.Types/Policy
will add a sample yaml file documentation in the future.

.github/workflows/ci.yml

@@ -0,0 +1,41 @@
+# Copyright 2023 The Authors (see AUTHORS file)
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#      http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: 'ci'
+
+on:
+  push:
+    branches:
+      - 'main'
+  pull_request:
+    branches:
+      - 'main'
+  workflow_dispatch:
+
+concurrency:
+  group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}'
+  cancel-in-progress: true
+
+jobs:
+  # Linting job - go.
+  go_lint:
+    uses: 'abcxyz/pkg/.github/workflows/go-lint.yml@main' # ratchet:exclude
+    with:
+      go_version: '1.20'
+
+  # Unit tests - go
+  go_test:
+    uses: 'abcxyz/pkg/.github/workflows/go-test.yml@main' # ratchet:exclude
+    with:
+      go_version: '1.20'

apis/v1alpha1/iam_request.go

@@ -0,0 +1,44 @@
+// Copyright 2023 The Authors (see AUTHORS file)
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+// IAMRequest represents a request to update IAM policies.
+type IAMRequest struct {
+	// List of ResourcePolicy, each specifies the IAM principals/members to role
+	// bindings to be added for a GCP resource IAM policy.
+	ResourcePolicies []*ResourcePolicy `yaml:"policies,omitempty"`
+}
+
+// ResourcePolicy specifies the IAM principals/members to role bindings to be
+// added for a GCP resource IAM policy.
+type ResourcePolicy struct {
+	// Resource represents one of GCP organization, folder, and project.
+	Resource string `yaml:"resource,omitempty"`
+
+	// Bindings contains a list of IAM principals/members to role bindings.
+	Bindings []*Binding `yaml:"bindings,omitempty"`
+}
+
+// Binding associates IAM principals/members with a role.
+type Binding struct {
+	// Members is a list of IAM principals, check
+	// https://cloud.google.com/resource-manager/reference/rest/Shared.Types/Binding
+	// for acceptable values.
+	Members []string `yaml:"members,omitempty"`
+
+	// Role to be assigned to Members. For example, roles/viewer, roles/editor, or
+	// roles/owner.
+	Role string `yaml:"role,omitempty"`
+}

apis/v1alpha1/v1alpha1.go

@@ -0,0 +1,17 @@
+// Copyright 2023 The Authors (see AUTHORS file)
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package v1alpha1 contains versioned access-on-demand(AOD) contracts, e.g.
+// AOD request definition.
+package v1alpha1

go.mod

@@ -0,0 +1,3 @@
+module github.com/abcxyz/access-on-demand
+
+go 1.20