v2

package
v0.0.0-...-0490640 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2019 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultProjectIDs 

func DefaultProjectIDs() []string

func MemberSliceToStringSlice 

func MemberSliceToStringSlice(m []Member) []string

MemberSliceToStringSlice returns a slice of the names of members or an empty string slice if the member array is of length zero or nil.

func ValidateProjects 

func ValidateProjects(projects []string) error

Types

type Effect 

type Effect int

Effect is an enum of allow or deny for use in Statements. 

const (
	// Allow represents the allow case for a Statement Effect.
	Allow Effect = iota
	// Deny represents the deny case for a Statement Effect.
	Deny
)

func NewEffect 

func NewEffect(in string) (Effect, error)

NewEffect converts a string to an Effect or returns an error.

func (Effect) String 

func (e Effect) String() string

func (*Effect) UnmarshalJSON 

func (e *Effect) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for an Effect reference so we can pull them out of the database directly as the correct type.

type Member 

type Member struct {
	ID   uuid.UUID `json:"id"`
	Name string    `json:"name"`
}

Member represents a member that can be added / removed from a policy.

func NewMember 

func NewMember(name string) (Member, error)

NewMember is a factory for creating a Member storage object.

type MigrationStatus 

type MigrationStatus int8
const (
	Pristine MigrationStatus = iota
	InProgress
	Successful
	SuccessfulBeta1
	Failed
)

type MigrationStatusProvider 

type MigrationStatusProvider interface {
	// record migration status
	Pristine(context.Context) error // for reset
	InProgress(context.Context) error
	Success(context.Context) error
	SuccessBeta1(context.Context) error
	Failure(context.Context) error

	// retrieve migration status
	MigrationStatus(context.Context) (MigrationStatus, error)
}

type Policy 

type Policy struct {
	ID         string      `json:"id"`
	Name       string      `json:"name"`
	Members    []Member    `json:"members"`
	Statements []Statement `json:"statements"`
	Type       Type        `json:"type"`
	Projects   []string    `json:"projects"`
}

Policy represents a policy definition to be persisted to storage.

func DefaultPolicies 

func DefaultPolicies() ([]Policy, error)

DefaultPolicies shipped with IAM v2, and also the set of policies to which we factory-reset our storage.

func NewPolicy 

func NewPolicy(
	id string,
	name string,
	typeVal Type,
	members []Member,
	statements []Statement,
	projects []string,
) (Policy, error)

NewPolicy is a factory for creating a Statement storage object that also does validation around what a valid policy is in terms of our storage layer.

func (*Policy) Scan 

func (p *Policy) Scan(src interface{}) error

Scan implements pq Scan interface for an Policy reference so we can pull them out of the database directly as the correct type.

type PolicyChangeNotification 

type PolicyChangeNotification struct{}

type PolicyChangeNotifier 

type PolicyChangeNotifier interface {
	C() <-chan PolicyChangeNotification
	Close() error
}

type Project 

type Project struct {
	ID       string   `json:"id"`
	Name     string   `json:"name"`
	Type     Type     `json:"type"`
	Projects []string `json:"projects"`
}

Project represents a project definition to be persisted to storage.

func DefaultProjects 

func DefaultProjects() []Project

DefaultProjects defines the default Chef-managed projects provided on storage reset At present, this list contains internally required projects only, hidden from the user.

func NewProject 

func NewProject(id string, name string, typeVal Type) (Project, error)

NewProject is a factory for creating a Project storage object that also does validation around what a valid project is in terms of our storage layer.

func (*Project) Scan 

func (p *Project) Scan(src interface{}) error

Scan implements pq Scan interface for a Project reference so we can pull them out of the database directly as the correct type.

type Role 

type Role struct {
	ID       string   `json:"id"`
	Name     string   `json:"name"`
	Actions  []string `json:"actions"`
	Type     Type     `json:"type"`
	Projects []string `json:"projects"`
}

Role represents a role definition to be persisted to storage.

func DefaultRoles 

func DefaultRoles() []Role

DefaultRoles defines the default Chef-managed roles provided on storage reset

func NewRole 

func NewRole(id string, name string, typeVal Type, actions []string, projects []string) (*Role, error)

NewRole is a factory for creating a Role storage object that also does validation around what a valid role is in terms of our storage layer.

func NewUpdateRole 

func NewUpdateRole(id string, name string, actions []string, projects []string) (*Role, error)

NewUpdateRole is a factory for modifying an existing role.

func (*Role) Scan 

func (p *Role) Scan(src interface{}) error

Scan implements pq Scan interface for a Role reference so we can pull them out of the database directly as the correct type.

type Statement 

type Statement struct {
	ID        uuid.UUID `json:"id"`
	Actions   []string  `json:"actions"`
	Resources []string  `json:"resources"`
	Role      string    `json:"role"`
	Projects  []string  `json:"projects"`
	Effect    Effect    `json:"effect"`
}

Statement must have at least a role OR a non-empty actions list

func NewStatement 

func NewStatement(effect Effect, role string, projects, resources, actions []string) (Statement, error)

NewStatement is a factory for creating a Statement storage object that also does validation around what a valid statement is in terms of our storage layer. It also generates a new ID for our statement.

type Storage 

type Storage interface {

	// Reset allows "factory-resetting" IAM v2 policies
	Reset(context.Context) error

	// Close closes the connection to the backend
	Close() error

	MigrationStatusProvider
	// contains filtered or unexported methods
}

Storage is the interface that both our postgres and memstore storage solutions implement for consistency. The memstore implementation is only used for ease of testing.

type Type 

type Type int

Type is an enum to denote custom or chef-managed policy. 

const (
	// Custom represents a policy created by the enduser.
	Custom Type = iota
	// ChefManaged represents a policy created by Chef Software.
	ChefManaged
	// System represents a policy that is only loaded directly into OPA
	// to allow Automate to function correctly without revealing Automate's
	// internal policies to the customer
	// This type is only used in the OPA cache (not in API or database)
	System
)

func NewType 

func NewType(in string) (Type, error)

NewType converts a string to a Type or returns an error.

func (Type) String 

func (t Type) String() string

func (*Type) UnmarshalJSON 

func (t *Type) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for a Type reference so we can pull them out of the database directly as the correct type.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.