storage

package
v0.0.0-...-9697014 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2025 License: Apache-2.0 Imports: 7 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrNotFound is returned when a requested policy wasn't found.
	ErrNotFound = errors.New("not found")

	// ErrCannotDelete is thrown by our custom pg error from migration 02
	// if a user tries to delete a policy that is marked as non-deletable.
	ErrCannotDelete = errors.New("policy not deletable")

	// ErrConflict indicates that the object being created already exists.
	ErrConflict = errors.New("conflict")

	// ErrDatabase results from unexpected database errors.
	ErrDatabase = errors.New("database internal")

	// ErrChangeProjectForRule indicates that an update operation attempted to change
	// the project for a rule, which is not allowed.
	ErrChangeProjectForRule = errors.New("cannot change rule project")

	// ErrMarkedForDeletion indicates an update was attempted on a rule that
	// is staged for deletion (cannot be "un-deleted")
	ErrMarkedForDeletion = errors.New("rule marked for deletion")

	// ErrChangeTypeForRule indicates that an update operation attempted to change
	// the type for a rule, which is not allowed.
	ErrChangeTypeForRule = errors.New("cannot change rule type")

	// ErrProjectInGraveyard indicates that an attempt was made to create a project with
	// an ID that is currently in iam_project_graveyard
	ErrProjectInGraveyard = errors.New("cannot create project with ID that is currently being deleted")
)

Error responses common to all storage adapters, be it memstore, postgres, etc.

Functions

func DefaultProjectIDs

func DefaultProjectIDs() []string

func MemberSliceToStringSlice

func MemberSliceToStringSlice(m []Member) []string

MemberSliceToStringSlice returns a slice of the names of members or an empty string slice if the member array is of length zero or nil.

func NewMaxProjectsExceededError

func NewMaxProjectsExceededError(limit int) error

func NewTxCommitError

func NewTxCommitError(e error) error

Types

type Condition

type Condition struct {
	Value     []string           `json:"value"`
	Attribute ConditionAttribute `json:"attribute"`
	Operator  ConditionOperator  `json:"operator"`
}

Condition defines a condition for an ingest rule for a project.

func NewCondition

func NewCondition(value []string,
	attribute ConditionAttribute, operator ConditionOperator) (Condition, error)

NewCondition is a factory for creating a Condition storage object that also does validation around what a valid condition is in terms of our storage layer.

func (*Condition) Scan

func (p *Condition) Scan(src interface{}) error

Scan implements pq Scan interface for a Condition reference so we can pull them out of the database directly as the correct type.

type ConditionAttribute

type ConditionAttribute int

ConditionAttribute is an enum of attributes a project rule condition can be.

const (
	ChefRole ConditionAttribute = iota
	ChefServer
	ChefTag
	Environment
	Organization
	PolicyGroup
	PolicyName
)

func NewConditionAttribute

func NewConditionAttribute(in string) (ConditionAttribute, error)

NewConditionAttribute converts a string to a ConditionAttribute or returns an error.

func (ConditionAttribute) String

func (c ConditionAttribute) String() string

func (*ConditionAttribute) UnmarshalJSON

func (c *ConditionAttribute) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for a ConditionAttribute reference so we can pull them out of the database directly as the correct type.

type ConditionOperator

type ConditionOperator int

ConditionOperator is an enum of operators a project rule condition can have. This is an enum because we are planning on adding more eventually.

const (
	MemberOf ConditionOperator = iota
	Equals
)

func NewConditionOperator

func NewConditionOperator(in string) (ConditionOperator, error)

NewConditionOperator converts a string to a ConditionOperator or returns an error.

func (ConditionOperator) String

func (c ConditionOperator) String() string

func (*ConditionOperator) UnmarshalJSON

func (c *ConditionOperator) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for a ConditionOperator reference so we can pull them out of the database directly as the correct type.

type Effect

type Effect int

Effect is an enum of allow or deny for use in Statements.

const (
	// Allow represents the allow case for a Statement Effect.
	Allow Effect = iota
	// Deny represents the deny case for a Statement Effect.
	Deny
)

func NewEffect

func NewEffect(in string) (Effect, error)

NewEffect converts a string to an Effect or returns an error.

func (Effect) String

func (e Effect) String() string

func (*Effect) UnmarshalJSON

func (e *Effect) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for an Effect reference so we can pull them out of the database directly as the correct type.

type ForeignKeyError

type ForeignKeyError struct {
	Msg string
}

MissingFieldError occurs when a required field was not passed.

func (*ForeignKeyError) Error

func (e *ForeignKeyError) Error() string

type MaxProjectsExceededError

type MaxProjectsExceededError struct {
	// contains filtered or unexported fields
}

func (*MaxProjectsExceededError) Error

func (e *MaxProjectsExceededError) Error() string

MaxProjectsExceededError indicates that a new project cannot be created since the max allowed are already created.

type Member

type Member struct {
	Name string `json:"name"`
}

Member represents a member that can be added / removed from a policy.

func NewMember

func NewMember(name string) (Member, error)

NewMember is a factory for creating a Member storage object.

type Policy

type Policy struct {
	ID         string      `json:"id"`
	Name       string      `json:"name"`
	Members    []Member    `json:"members"`
	Statements []Statement `json:"statements"`
	Type       Type        `json:"type"`
	Projects   []string    `json:"projects"`
}

Policy represents a policy definition to be persisted to storage.

func DefaultPolicies

func DefaultPolicies() ([]Policy, error)

DefaultPolicies shipped with IAM, and also the set of policies to which we factory-reset our storage.

func NewPolicy

func NewPolicy(
	id string,
	name string,
	typeVal Type,
	members []Member,
	statements []Statement,
	projects []string,
) (Policy, error)

NewPolicy is a factory for creating a Policy storage object that also does validation around what a valid policy is in terms of our storage layer.

func (*Policy) Scan

func (p *Policy) Scan(src interface{}) error

Scan implements pq Scan interface for an Policy reference so we can pull them out of the database directly as the correct type.

type PolicyChangeNotification

type PolicyChangeNotification struct{}

type PolicyChangeNotifier

type PolicyChangeNotifier interface {
	C() <-chan PolicyChangeNotification
	Close() error
}

type Project

type Project struct {
	ID     string `json:"id"`
	Name   string `json:"name"`
	Type   Type   `json:"type"`
	Status string `json:"status"`
}

Project represents a project definition to be persisted to storage.

func DefaultProjects

func DefaultProjects() []Project

DefaultProjects defines the default Chef-managed projects provided on storage reset At present, this list contains internally required projects only, hidden from the user.

func NewProject

func NewProject(
	id string,
	name string,
	typeVal Type,
	status ProjectRulesStatus) (Project, error)

NewProject is a factory for creating a Project storage object that also does validation around what a valid project is in terms of our storage layer.

func (*Project) Scan

func (p *Project) Scan(src interface{}) error

Scan implements pq Scan interface for a Project reference so we can pull them out of the database directly as the correct type.

type ProjectRulesStatus

type ProjectRulesStatus int

ProjectRulesStatus is an enum that represents the states a project's rules can be in.

const (
	// RulesStatusError occurs in some error situation
	RulesStatusError ProjectRulesStatus = iota
	// The project has rules but all are applied
	Applied
	// The project has rules and at least one is staged
	EditsPending
	// The project has no staged or applied rules
	NoRules
)

func (ProjectRulesStatus) String

func (c ProjectRulesStatus) String() string

type Role

type Role struct {
	ID       string   `json:"id"`
	Name     string   `json:"name"`
	Actions  []string `json:"actions"`
	Type     Type     `json:"type"`
	Projects []string `json:"projects"`
}

Role represents a role definition to be persisted to storage.

func NewRole

func NewRole(id string, name string, typeVal Type, actions []string, projects []string) (*Role, error)

NewRole is a factory for creating a Role storage object that also does validation around what a valid role is in terms of our storage layer.

func NewUpdateRole

func NewUpdateRole(id string, name string, actions []string, projects []string) (*Role, error)

NewUpdateRole is a factory for modifying an existing role.

func (*Role) Scan

func (p *Role) Scan(src interface{}) error

Scan implements pq Scan interface for a Role reference so we can pull them out of the database directly as the correct type.

type Rule

type Rule struct {
	ID         string      `json:"id"`
	ProjectID  string      `json:"project_id"`
	Name       string      `json:"name"`
	Type       RuleType    `json:"type"`
	Conditions []Condition `json:"conditions"`
	Deleted    bool        `json:"deleted"`
	Status     string      `json:"status"`
}

Rule defines an ingest rule for a project.

func NewRule

func NewRule(id string, projectID string, name string,
	ruleType RuleType, conditions []Condition) (Rule, error)

NewRule is a factory for creating a Rule storage object that also does validation around what a valid rule is in terms of our storage layer.

func (*Rule) Scan

func (p *Rule) Scan(src interface{}) error

Scan implements pq Scan interface for a Rule reference so we can pull them out of the database directly as the correct type.

type RuleType

type RuleType int

RuleType is an enum of the types a project rule can be.

const (
	Node RuleType = iota
	Event
)

func NewRuleType

func NewRuleType(in string) (RuleType, error)

NewRuleType converts a string to a RuleType or returns an error.

func (RuleType) String

func (r RuleType) String() string

func (*RuleType) UnmarshalJSON

func (r *RuleType) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for an RuleType reference so we can pull them out of the database directly as the correct type.

type Statement

type Statement struct {
	Actions   []string `json:"actions"`
	Resources []string `json:"resources"`
	Role      string   `json:"role"`
	Projects  []string `json:"projects"`
	Effect    Effect   `json:"effect"`
}

Statement must have at least a role OR a non-empty actions list

func NewStatement

func NewStatement(effect Effect, role string, projects, resources, actions []string) (Statement, error)

NewStatement is a factory for creating a Statement storage object that also does validation around what a valid statement is in terms of our storage layer.

type Storage

type Storage interface {

	// Reset allows "factory-resetting" IAM policies
	Reset(context.Context) error

	// Close closes the connection to the backend
	Close() error
	// contains filtered or unexported methods
}

Storage is the interface that both our postgres and memstore storage solutions implement for consistency. The memstore implementation is only used for ease of testing.

type TxCommitError

type TxCommitError struct {
	// contains filtered or unexported fields
}

TxCommitError occurs when the database attempts to commit a transaction and fails.

func (*TxCommitError) Error

func (e *TxCommitError) Error() string

type Type

type Type int

Type is an enum to denote custom or chef-managed policy.

const (
	// Custom represents a policy created by the enduser.
	Custom Type = iota
	// ChefManaged represents a policy created by Chef Software.
	ChefManaged
	// System represents a policy that is only loaded directly into OPA
	// to allow Automate to function correctly without revealing Automate's
	// internal policies to the customer
	// This type is only used in the OPA cache (not in API or database)
	System
)

func NewType

func NewType(in string) (Type, error)

NewType converts a string to a Type or returns an error.

func (Type) String

func (t Type) String() string

func (*Type) UnmarshalJSON

func (t *Type) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json unmarshalling for a Type reference so we can pull them out of the database directly as the correct type.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL