access

package
v0.15.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2023 License: AGPL-3.0 Imports: 10 Imported by: 0

Documentation

Overview

Package access contains business logic for requesting and approving access to things.

It's used to manage Access Requests in the Common Fate app. API endpoints for end users use this package.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func WithNow 

func WithNow(t time.Time) func(o *GetIntervalOpts)

WithNow allows you to override the now time used by getInterval

Types

type AccessToken 

type AccessToken struct {
	RequestID string `json:"requestId" dynamodbav:"requestId"`
	Token     string `json:"token" dynamodbav:"token"`

	Start time.Time `json:"start" dynamodbav:"start"`
	//the time the grant is scheduled to end
	End       time.Time `json:"end" dynamodbav:"end"`
	CreatedAt time.Time `json:"createdAt" dynamodbav:"createdAt"`
}

func (*AccessToken) DDBKeys 

func (r *AccessToken) DDBKeys() (ddb.Keys, error)

DDBKeys provides the keys for storing the object in DynamoDB

func (AccessToken) Validate 

func (a AccessToken) Validate(now time.Time) error

Validate an Access Token.

type Decision 

type Decision string

Decision is a decision made by an approver on an Access Request. 

const (
	DecisionApproved Decision = "APPROVED"
	DecisionDECLINED Decision = "DECLINED"
)

type Favorite 

type Favorite struct {
	// ID
	ID     string `json:"id" dynamodbav:"id"`
	UserID string `json:"userId" dynamodbav:"userId"`
	Name   string `json:"name" dynamodbav:"name"`
	// Rule is the ID of the Access Rule which the request relates to.
	Rule            string                `json:"rule" dynamodbav:"rule"`
	Data            RequestData           `json:"data" dynamodbav:"data"`
	RequestedTiming Timing                `json:"requestedTiming" dynamodbav:"requestedTiming"`
	With            []map[string][]string `json:"with" dynamodbav:"with"`
	CreatedAt       time.Time             `json:"createdAt" dynamodbav:"createdAt"`
	UpdatedAt       time.Time             `json:"updatedAt" dynamodbav:"updatedAt"`
}

func (*Favorite) DDBKeys 

func (b *Favorite) DDBKeys() (ddb.Keys, error)

func (Favorite) ToAPI 

func (b Favorite) ToAPI() types.Favorite

func (Favorite) ToAPIDetail 

func (b Favorite) ToAPIDetail() types.FavoriteDetail

type GetIntervalOpts 

type GetIntervalOpts struct {
	Now time.Time
}

type Grant 

type Grant struct {
	Provider string              `json:"provider" dynamodbav:"provider"`
	Subject  string              `json:"subject" dynamodbav:"subject"`
	With     ac_types.Grant_With `json:"with" dynamodbav:"with"`
	//the time which the grant starts
	Start time.Time `json:"start" dynamodbav:"start"`
	//the time the grant is scheduled to end
	End       time.Time            `json:"end" dynamodbav:"end"`
	Status    ac_types.GrantStatus `json:"status" dynamodbav:"status"`
	CreatedAt time.Time            `json:"createdAt" dynamodbav:"createdAt"`
	UpdatedAt time.Time            `json:"updatedAt" dynamodbav:"updatedAt"`
}

func (*Grant) ToAHGrant 

func (g *Grant) ToAHGrant(requestID string) ac_types.Grant

func (*Grant) ToAPI 

func (g *Grant) ToAPI() types.Grant

type Notifications 

type Notifications struct {
	// if slack is in use, slack message ID should be populated when this has been notified
	SlackMessageID *string `json:"slackMessageId" dynamodbav:"slackMessageId"`
}

type Option 

type Option struct {
	Value       string  `json:"value" dynamodbav:"value"`
	Label       string  `json:"label" dynamodbav:"label"`
	Description *string `json:"description" dynamodbav:"description"`
}

type Request 

type Request struct {
	// ID is a read-only field after the request has been created.
	ID string `json:"id" dynamodbav:"id"`

	// RequestedBy is the ID of the user who has made the request.
	RequestedBy string `json:"requestedBy" dynamodbav:"requestedBy"`

	// Rule is the ID of the Access Rule which the request relates to.
	Rule string `json:"rule" dynamodbav:"rule"`
	// RuleVersion is the version string of the rule that this request relates to
	RuleVersion string `json:"ruleVersion" dynamodbav:"ruleVersion"`
	// SelectedWith stores a denormalised version of the option with a label at the time the request was created
	// Allowing it to be easily displayed in the frontend for context and reducing latency on loading requests
	SelectedWith    map[string]Option `json:"selectedWith"  dynamodbav:"selectedWith"`
	Status          Status            `json:"status" dynamodbav:"status"`
	Data            RequestData       `json:"data" dynamodbav:"data"`
	RequestedTiming Timing            `json:"requestedTiming" dynamodbav:"requestedTiming"`
	// When a request is approver, the approver has the option to override the timing, if they do so, this will be populated.
	// If the timing was not overriden, then the original request timing should be used.
	// Override timing should only be set by an approving review
	OverrideTiming *Timing `json:"overrideTiming,omitempty" dynamodbav:"overrideTiming,omitempty"`
	// Grant is the ID of the grant when it is created by the access handler
	Grant *Grant `json:"grant,omitempty" dynamodbav:"grant,omitempty"`
	// ApprovalMethod explains whether an approval was AUTOMATIC, or REVIEWED
	ApprovalMethod *types.ApprovalMethod `json:"approvalMethod,omitempty" dynamodbav:"approvalMethod,omitempty"`
	// CreatedAt is a read-only field after the request has been created.
	CreatedAt time.Time `json:"createdAt" dynamodbav:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt" dynamodbav:"updatedAt"`
}

func (*Request) DDBKeys 

func (r *Request) DDBKeys() (ddb.Keys, error)

func (*Request) GetInterval 

func (r *Request) GetInterval(opts ...func(o *GetIntervalOpts)) (start time.Time, end time.Time)

GetInterval will return the interval for either the requested timing or for the override timing if it is present

func (*Request) HasReason 

func (r *Request) HasReason() bool

HasReason returns true if the request has a non-empty reason associated with it.

func (*Request) IsScheduled 

func (r *Request) IsScheduled() bool

IsScheduled will return true if this request is scheduled, first checking for override timing, then for original timing

func (*Request) ToAPI 

func (r *Request) ToAPI() types.Request

func (*Request) ToAPIDetail 

func (r *Request) ToAPIDetail(accessRule rule.AccessRule, canReview bool, requestArguments map[string]types.RequestArgument) types.RequestDetail

type RequestData 

type RequestData struct {
	Reason *string `json:"reason,omitempty" dynamodbav:"reason,omitempty"`
}

RequestData is information provided by the user when they make the request, through filling in form fields in the web application.

type RequestEvent 

type RequestEvent struct {
	ID        string    `json:"id" dynamodbav:"id"`
	RequestID string    `json:"requestId" dynamodbav:"requestId"`
	CreatedAt time.Time `json:"createdAt" dynamodbav:"createdAt"`
	// Actor is the ID of the user who has made the request or nil if it was automated
	Actor              *string               `json:"actor,omitempty" dynamodbav:"actor,omitempty"`
	FromStatus         *Status               `json:"fromStatus,omitempty" dynamodbav:"fromStatus,omitempty"`
	ToStatus           *Status               `json:"toStatus,omitempty" dynamodbav:"toStatus,omitempty"`
	FromTiming         *Timing               `json:"fromTiming,omitempty" dynamodbav:"fromTiming,omitempty"`
	ToTiming           *Timing               `json:"toTiming,omitempty" dynamodbav:"toTiming,omitempty"`
	FromGrantStatus    *ac_types.GrantStatus `json:"fromGrantStatus,omitempty" dynamodbav:"fromGrantStatus,omitempty"`
	ToGrantStatus      *ac_types.GrantStatus `json:"toGrantStatus,omitempty" dynamodbav:"toGrantStatus,omitempty"`
	GrantCreated       *bool                 `json:"grantCreated,omitempty" dynamodbav:"grantCreated,omitempty"`
	GrantFailureReason *string               `json:"grantFailureReason,omitempty" dynamodbav:"grantFailureReason,omitempty"`
	RequestCreated     *bool                 `json:"requestCreated,omitempty" dynamodbav:"requestCreated,omitempty"`
	RecordedEvent      *map[string]string    `json:"recordedEvent,omitempty" dynamodbav:"recordedEvent,omitempty"`
}

request events should not be updated once created

func NewGrantCreatedEvent 

func NewGrantCreatedEvent(requestID string, createdAt time.Time) RequestEvent

func NewGrantFailedEvent 

func NewGrantFailedEvent(requestID string, createdAt time.Time, from, to ac_types.GrantStatus, reason string) RequestEvent

func NewGrantStatusChangeEvent 

func NewGrantStatusChangeEvent(requestID string, createdAt time.Time, actor *string, from, to ac_types.GrantStatus) RequestEvent

func NewRecordedEvent 

func NewRecordedEvent(requestID string, actor *string, createdAt time.Time, event map[string]string) RequestEvent

func NewRequestCreatedEvent 

func NewRequestCreatedEvent(requestID string, createdAt time.Time, actor *string) RequestEvent

func NewStatusChangeEvent 

func NewStatusChangeEvent(requestID string, createdAt time.Time, actor *string, from, to Status) RequestEvent

func NewTimingChangeEvent 

func NewTimingChangeEvent(requestID string, createdAt time.Time, actor *string, from, to Timing) RequestEvent

func (*RequestEvent) DDBKeys 

func (r *RequestEvent) DDBKeys() (ddb.Keys, error)

func (*RequestEvent) ToAPI 

func (r *RequestEvent) ToAPI() types.RequestEvent

type Review 

type Review struct {
	ID              string   `json:"id" dynamodbav:"id"`
	RequestID       string   `json:"requestId" dynamodbav:"requestId"`
	ReviewerID      string   `json:"reviewerId" dynamodbav:"reviewerId"`
	Decision        Decision `json:"decision" dynamodbav:"decision"`
	Comment         *string  `json:"comment,omitempty" dynamodbav:"comment,omitempty"`
	OverrideTimings *Timing  `json:"overrideTimings,omitempty" dynamodbav:"overrideTimings,omitempty"`
}

Review is a review of a Request. When Requests are created, Reviews are created for all approvers who need to review the request. When an approver completes the review the status of the Review is updated to be COMPLETE.

func (*Review) DDBKeys 

func (r *Review) DDBKeys() (ddb.Keys, error)

type Reviewer 

type Reviewer struct {
	ReviewerID string `json:"reviewerId" dynamodbav:"reviewerId"`
	// Request is the associated request.
	Request       Request       `json:"request" dynamodbav:"request"`
	Notifications Notifications `json:"notifications" dynamodbav:"notifications"`
}

Reviewer of a Request. When Requests are created, Reviewers are created for all approvers who need to review the request.

func (*Reviewer) DDBKeys 

func (r *Reviewer) DDBKeys() (ddb.Keys, error)

DDBKeys provides the keys for storing the object in DynamoDB

type Status 

type Status string

Status of an Access Request. 

const (
	APPROVED  Status = "APPROVED"
	DECLINED  Status = "DECLINED"
	CANCELLED Status = "CANCELLED"
	PENDING   Status = "PENDING"
)

type Timing 

type Timing struct {
	Duration time.Duration `json:"duration" dynamodbav:"duration"`
	// If the start time is not nil, this request is for scheduled access, if it is nil, then the request is for asap access
	StartTime *time.Time `json:"start,omitempty" dynamodbav:"start,omitempty"`
}

Timing represents all the timing options available Duration should always be set StartTime should be set if this is a scheduled access The combination of startTime and duration make up the start and end times of a grant

func TimingFromRequestTiming 

func TimingFromRequestTiming(r types.RequestTiming) Timing

TimingFromRequestTiming converts from the api type to the internal type

func (*Timing) GetInterval 

func (t *Timing) GetInterval(opts ...func(o *GetIntervalOpts)) (start time.Time, end time.Time)

GetInterval returns a start and end time for this timing information it will either return times for scheduled access if the timing represents scheduled access. Or it will use the time.Now() as the start time.

To override the start time for asap timing, pass in the WithNow(t time.Time) function

func (*Timing) IsScheduled 

func (t *Timing) IsScheduled() bool

IsScheduled is true if the startTime is not nil

func (*Timing) ToAPI 

func (t *Timing) ToAPI() types.RequestTiming

ToAPI returns the api representation of the timing information

func (Timing) ToAnalytics 

func (t Timing) ToAnalytics() analytics.Timing

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.