Documentation
¶
Index ¶
- Variables
- func FilterRulesByGroupMap(groups []string, rules []rule.AccessRule) []rule.AccessRule
- func GetApprovers(ctx context.Context, db ddb.Storage, rule rule.AccessRule) ([]string, error)
- type CacheService
- type LookedUpRule
- type LookupFields
- type LookupRuleOpts
- type Service
- func (s *Service) ArchiveAccessRule(ctx context.Context, userId string, in rule.AccessRule) (*rule.AccessRule, error)
- func (s *Service) CreateAccessRule(ctx context.Context, userID string, in types.CreateAccessRuleRequest) (*rule.AccessRule, error)
- func (s *Service) GetRule(ctx context.Context, ID string, user *identity.User, isAdmin bool) (*rule.GetAccessRuleResponse, error)
- func (s *Service) LookupRule(ctx context.Context, opts LookupRuleOpts) ([]LookedUpRule, error)
- func (s *Service) ProcessTarget(ctx context.Context, in types.CreateAccessRuleTarget) (rule.Target, error)
- func (s *Service) RequestArguments(ctx context.Context, accessRuleTarget rule.Target) (map[string]types.RequestArgument, error)
- func (s *Service) UpdateRule(ctx context.Context, in *UpdateOpts) (*rule.AccessRule, error)
- type UpdateOpts
Constants ¶
This section is empty.
Variables ¶
var ( // ErrRuleNotFound is returned if a rule with the supplied id already exists. ErrRuleIdAlreadyExists = errors.New("access rule id already exists") // ErrUserNotAuthorized is returned if the user isn't allowed to complete an action, // like reviewing a request. ErrUserNotAuthorized = errors.New("user is not authorized to perform this action") // ErrProviderNotFound is returned if a matching provider could not be found in the access handler ErrProviderNotFound = errors.New("provider not found") ErrUnhandledResponseFromAccessHandler = errors.New("access handler returned an unhandled response") // ErrAccessRuleAlreadyArchived is returned if an archive request is made for a rule which is already archived ErrAccessRuleAlreadyArchived = errors.New("access rule already archived") )
Functions ¶
func FilterRulesByGroupMap ¶ added in v0.14.0
func FilterRulesByGroupMap(groups []string, rules []rule.AccessRule) []rule.AccessRule
FilterRulesByGroupMap This method is used to filter a set of rule by the groups passed in as input This method could not be co-located in pkg/api due to import cycle errors This method was required as a part of CF-744, and due to intrinsic limitationsn in dynamo db, when filtering by large expressions (i.e. len(groups) > 20)
func GetApprovers ¶
GetApprovers gets all the approvers for a rule, both those assigned as individuals and those assigned via a group. It de-duplicates users, so if a user is assigned as an approver through multiple groups they'll only be returned once.
Types ¶
type CacheService ¶
type CacheService interface {
LoadCachedProviderArgOptions(ctx context.Context, providerId string, argId string) (bool, []cache.ProviderOption, []cache.ProviderArgGroupOption, error)
RefreshCachedProviderArgOptions(ctx context.Context, providerId string, argId string) (bool, []cache.ProviderOption, []cache.ProviderArgGroupOption, error)
}
type LookedUpRule ¶
type LookedUpRule struct {
Rule rule.AccessRule
SelectableWithOptionValues []types.KeyValue
}
LookedUpRule is a rule found by the LookupRule method.
func (LookedUpRule) ToAPI ¶
func (r LookedUpRule) ToAPI() types.LookupAccessRule
ToAPI converts the LookedUpRule to an API response type.
type LookupFields ¶
LookupFields are fields to look up an Access Rule by. Currently, these are hardcoded to the AWS SSO provider. In future, these will need to be made more generic.
type LookupRuleOpts ¶
type LookupRuleOpts struct {
User identity.User
ProviderType string
Fields LookupFields
}
LookupRuleOpts are the fields used to look up access rules.
type Service ¶
type Service struct {
Clock clock.Clock
AHClient types.ClientWithResponsesInterface
DB ddb.Storage
Cache CacheService
}
Service holds business logic relating to Access Rules.
func (*Service) ArchiveAccessRule ¶
func (s *Service) ArchiveAccessRule(ctx context.Context, userId string, in rule.AccessRule) (*rule.AccessRule, error)
func (*Service) CreateAccessRule ¶
func (s *Service) CreateAccessRule(ctx context.Context, userID string, in types.CreateAccessRuleRequest) (*rule.AccessRule, error)
func (*Service) LookupRule ¶
func (s *Service) LookupRule(ctx context.Context, opts LookupRuleOpts) ([]LookedUpRule, error)
LookupRule finds access rules which will grant access to a desired permission.
func (*Service) ProcessTarget ¶
func (*Service) RequestArguments ¶
func (s *Service) RequestArguments(ctx context.Context, accessRuleTarget rule.Target) (map[string]types.RequestArgument, error)
RequestArguments takes an access rule and prepares a list of request arguments which contains all the available options that a user may chose from when creating a request this can also be used to validate the input to a create request api call
func (*Service) UpdateRule ¶
func (s *Service) UpdateRule(ctx context.Context, in *UpdateOpts) (*rule.AccessRule, error)
type UpdateOpts ¶
type UpdateOpts struct {
UpdaterID string
Rule rule.AccessRule
UpdateRequest types.CreateAccessRuleRequest
ApprovalGroups []rule.Approval
}
Source Files
Directories