storage

package
v0.0.0-...-7e02c4e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2024 License: Apache-2.0 Imports: 7 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNotFound is returned when a requested policy wasn't found.
	ErrNotFound = errors.New("not found")

	// ErrCannotDelete is thrown by our custom pg error from migration 02
	// if a user tries to delete a policy that is marked as non-deletable.
	ErrCannotDelete = errors.New("policy not deletable")

	// ErrConflict indicates that the object being created already exists.
	ErrConflict = errors.New("conflict")

	// ErrDatabase results from unexpected database errors.
	ErrDatabase = errors.New("database internal")

	// ErrChangeProjectForRule indicates that an update operation attempted to change
	// the project for a rule, which is not allowed.
	ErrChangeProjectForRule = errors.New("cannot change rule project")

	// ErrMarkedForDeletion indicates an update was attempted on a rule that
	// is staged for deletion (cannot be "un-deleted")
	ErrMarkedForDeletion = errors.New("rule marked for deletion")

	// ErrChangeTypeForRule indicates that an update operation attempted to change
	// the type for a rule, which is not allowed.
	ErrChangeTypeForRule = errors.New("cannot change rule type")

	// ErrProjectInGraveyard indicates that an attempt was made to create a project with
	// an ID that is currently in iam_project_graveyard
	ErrProjectInGraveyard = errors.New("cannot create project with ID that is currently being deleted")
)

Error responses common to all storage adapters, be it memstore, postgres, etc.

Functions

func DefaultProjectIDs 

func DefaultProjectIDs() []string

func MemberSliceToStringSlice 

func MemberSliceToStringSlice(m []Member) []string

MemberSliceToStringSlice returns a slice of the names of members or an empty string slice if the member array is of length zero or nil.

func NewMaxProjectsExceededError 

func NewMaxProjectsExceededError(limit int) error

func NewTxCommitError 

func NewTxCommitError(e error) error

Types

type Condition 

type Condition struct {
	Value     []string           `json:"value"`
	Attribute ConditionAttribute `json:"attribute"`
	Operator  ConditionOperator  `json:"operator"`
}

Condition defines a condition for an ingest rule for a project.

func NewCondition 

func NewCondition(value []string,
	attribute ConditionAttribute, operator ConditionOperator) (Condition, error)

NewCondition is a factory for creating a Condition storage object that also does validation around what a valid condition is in terms of our storage layer.

func (*Condition) Scan 

func (p *Condition) Scan(src interface{}) error

Scan implements pq Scan interface for a Condition reference so we can pull them out of the database directly as the correct type.

type ConditionAttribute 

type ConditionAttribute int

ConditionAttribute is an enum of attributes a project rule condition can be. 

const (
	ChefRole ConditionAttribute = iota
	ChefServer
	ChefTag
	Environment
	Organization
	PolicyGroup
	PolicyName
)

func NewConditionAttribute 

func NewConditionAttribute(in string) (ConditionAttribute, error)

NewConditionAttribute converts a string to a ConditionAttribute or returns an error.

func (ConditionAttribute) String 

func (c ConditionAttribute) String() string

func (*ConditionAttribute) UnmarshalJSON 

func (c *ConditionAttribute) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for a ConditionAttribute reference so we can pull them out of the database directly as the correct type.

type ConditionOperator 

type ConditionOperator int

ConditionOperator is an enum of operators a project rule condition can have. This is an enum because we are planning on adding more eventually. 

const (
	MemberOf ConditionOperator = iota
	Equals
)

func NewConditionOperator 

func NewConditionOperator(in string) (ConditionOperator, error)

NewConditionOperator converts a string to a ConditionOperator or returns an error.

func (ConditionOperator) String 

func (c ConditionOperator) String() string

func (*ConditionOperator) UnmarshalJSON 

func (c *ConditionOperator) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for a ConditionOperator reference so we can pull them out of the database directly as the correct type.

type Effect 

type Effect int

Effect is an enum of allow or deny for use in Statements. 

const (
	// Allow represents the allow case for a Statement Effect.
	Allow Effect = iota
	// Deny represents the deny case for a Statement Effect.
	Deny
)

func NewEffect 

func NewEffect(in string) (Effect, error)

NewEffect converts a string to an Effect or returns an error.

func (Effect) String 

func (e Effect) String() string

func (*Effect) UnmarshalJSON 

func (e *Effect) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for an Effect reference so we can pull them out of the database directly as the correct type.

type ForeignKeyError 

type ForeignKeyError struct {
	Msg string
}

MissingFieldError occurs when a required field was not passed.

func (*ForeignKeyError) Error 

func (e *ForeignKeyError) Error() string

type MaxProjectsExceededError 

type MaxProjectsExceededError struct {
	// contains filtered or unexported fields
}

func (*MaxProjectsExceededError) Error 

func (e *MaxProjectsExceededError) Error() string

MaxProjectsExceededError indicates that a new project cannot be created since the max allowed are already created.

type Member 

type Member struct {
	Name string `json:"name"`
}

Member represents a member that can be added / removed from a policy.

func NewMember 

func NewMember(name string) (Member, error)

NewMember is a factory for creating a Member storage object.

type Policy 

type Policy struct {
	ID         string      `json:"id"`
	Name       string      `json:"name"`
	Members    []Member    `json:"members"`
	Statements []Statement `json:"statements"`
	Type       Type        `json:"type"`
	Projects   []string    `json:"projects"`
}

Policy represents a policy definition to be persisted to storage.

func DefaultPolicies 

func DefaultPolicies() ([]Policy, error)

DefaultPolicies shipped with IAM, and also the set of policies to which we factory-reset our storage.

func NewPolicy 

func NewPolicy(
	id string,
	name string,
	typeVal Type,
	members []Member,
	statements []Statement,
	projects []string,
) (Policy, error)

NewPolicy is a factory for creating a Policy storage object that also does validation around what a valid policy is in terms of our storage layer.

func (*Policy) Scan 

func (p *Policy) Scan(src interface{}) error

Scan implements pq Scan interface for an Policy reference so we can pull them out of the database directly as the correct type.

type PolicyChangeNotification 

type PolicyChangeNotification struct{}

type PolicyChangeNotifier 

type PolicyChangeNotifier interface {
	C() <-chan PolicyChangeNotification
	Close() error
}

type Project 

type Project struct {
	ID     string `json:"id"`
	Name   string `json:"name"`
	Type   Type   `json:"type"`
	Status string `json:"status"`
}

Project represents a project definition to be persisted to storage.

func DefaultProjects 

func DefaultProjects() []Project

DefaultProjects defines the default Chef-managed projects provided on storage reset At present, this list contains internally required projects only, hidden from the user.

func NewProject 

func NewProject(
	id string,
	name string,
	typeVal Type,
	status ProjectRulesStatus) (Project, error)

NewProject is a factory for creating a Project storage object that also does validation around what a valid project is in terms of our storage layer.

func (*Project) Scan 

func (p *Project) Scan(src interface{}) error

Scan implements pq Scan interface for a Project reference so we can pull them out of the database directly as the correct type.

type ProjectRulesStatus 

type ProjectRulesStatus int

ProjectRulesStatus is an enum that represents the states a project's rules can be in. 

const (
	// RulesStatusError occurs in some error situation
	RulesStatusError ProjectRulesStatus = iota
	// The project has rules but all are applied
	Applied
	// The project has rules and at least one is staged
	EditsPending
	// The project has no staged or applied rules
	NoRules
)

func (ProjectRulesStatus) String 

func (c ProjectRulesStatus) String() string

type Role 

type Role struct {
	ID       string   `json:"id"`
	Name     string   `json:"name"`
	Actions  []string `json:"actions"`
	Type     Type     `json:"type"`
	Projects []string `json:"projects"`
}

Role represents a role definition to be persisted to storage.

func NewRole 

func NewRole(id string, name string, typeVal Type, actions []string, projects []string) (*Role, error)

NewRole is a factory for creating a Role storage object that also does validation around what a valid role is in terms of our storage layer.

func NewUpdateRole 

func NewUpdateRole(id string, name string, actions []string, projects []string) (*Role, error)

NewUpdateRole is a factory for modifying an existing role.

func (*Role) Scan 

func (p *Role) Scan(src interface{}) error

Scan implements pq Scan interface for a Role reference so we can pull them out of the database directly as the correct type.

type Rule 

type Rule struct {
	ID         string      `json:"id"`
	ProjectID  string      `json:"project_id"`
	Name       string      `json:"name"`
	Type       RuleType    `json:"type"`
	Conditions []Condition `json:"conditions"`
	Deleted    bool        `json:"deleted"`
	Status     string      `json:"status"`
}

Rule defines an ingest rule for a project.

func NewRule 

func NewRule(id string, projectID string, name string,
	ruleType RuleType, conditions []Condition) (Rule, error)

NewRule is a factory for creating a Rule storage object that also does validation around what a valid rule is in terms of our storage layer.

func (*Rule) Scan 

func (p *Rule) Scan(src interface{}) error

Scan implements pq Scan interface for a Rule reference so we can pull them out of the database directly as the correct type.

type RuleType 

type RuleType int

RuleType is an enum of the types a project rule can be. 

const (
	Node RuleType = iota
	Event
)

func NewRuleType 

func NewRuleType(in string) (RuleType, error)

NewRuleType converts a string to a RuleType or returns an error.

func (RuleType) String 

func (r RuleType) String() string

func (*RuleType) UnmarshalJSON 

func (r *RuleType) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for an RuleType reference so we can pull them out of the database directly as the correct type.

type Statement 

type Statement struct {
	Actions   []string `json:"actions"`
	Resources []string `json:"resources"`
	Role      string   `json:"role"`
	Projects  []string `json:"projects"`
	Effect    Effect   `json:"effect"`
}

Statement must have at least a role OR a non-empty actions list

func NewStatement 

func NewStatement(effect Effect, role string, projects, resources, actions []string) (Statement, error)

NewStatement is a factory for creating a Statement storage object that also does validation around what a valid statement is in terms of our storage layer.

type Storage 

type Storage interface {

	// Reset allows "factory-resetting" IAM policies
	Reset(context.Context) error

	// Close closes the connection to the backend
	Close() error
	// contains filtered or unexported methods
}

Storage is the interface that both our postgres and memstore storage solutions implement for consistency. The memstore implementation is only used for ease of testing.

type TxCommitError 

type TxCommitError struct {
	// contains filtered or unexported fields
}

TxCommitError occurs when the database attempts to commit a transaction and fails.

func (*TxCommitError) Error 

func (e *TxCommitError) Error() string

type Type 

type Type int

Type is an enum to denote custom or chef-managed policy. 

const (
	// Custom represents a policy created by the enduser.
	Custom Type = iota
	// ChefManaged represents a policy created by Chef Software.
	ChefManaged
	// System represents a policy that is only loaded directly into OPA
	// to allow Automate to function correctly without revealing Automate's
	// internal policies to the customer
	// This type is only used in the OPA cache (not in API or database)
	System
)

func NewType 

func NewType(in string) (Type, error)

NewType converts a string to a Type or returns an error.

func (Type) String 

func (t Type) String() string

func (*Type) UnmarshalJSON 

func (t *Type) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for a Type reference so we can pull them out of the database directly as the correct type.

Source Files

View all Source files

Directories

Path Synopsis
datamigration
migration
migration/legacy
migration/legacy/constants/v1
migration/legacy/constants/v2

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.