Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WithCurrent ¶
func WithCurrent(current bool) func(*AccessRule)
WithCurrent sets the current of the AccessRule.
func WithGroups ¶
func WithGroups(groups ...string) func(*AccessRule)
WithGroups sets the groups of the AccessRule.
func WithName ¶
func WithName(name string) func(*AccessRule)
WithName sets the name of the AccessRule.
func WithStatus ¶
func WithStatus(status Status) func(*AccessRule)
WithStatus sets the status of the AccessRule.
Types ¶
type AccessRule ¶
type AccessRule struct {
// Current is true if this is the current version
// When a new version is added, the previous version should be updated to set Current to false
Current bool `json:"current" dynamodbav:"current"`
// Approver config for access rules
Approval Approval `json:"approval" dynamodbav:"approval"`
Version string `json:"version" dynamodbav:"version"`
Status Status `json:"status" dynamodbav:"status"`
Description string `json:"description" dynamodbav:"description"`
// Array of group names that the access rule applies to
Groups []string `json:"groups" dynamodbav:"groups"`
ID string `json:"id" dynamodbav:"id"`
Metadata AccessRuleMetadata `json:"metadata" dynamodbav:"metadata"`
Name string `json:"name" dynamodbav:"name"`
Target Target `json:"target" dynamodbav:"target"`
TimeConstraints types.TimeConstraints `json:"timeConstraints" dynamodbav:"timeConstraints"`
}
AccessRule is a rule governing access to something in Common Fate.
Access Rules have versions. When updating an access rule, you need to update the current version with Current = false and then insert the new version with Current = true This will correctly set the keys and enable the access patterns
func TestAccessRule ¶
func TestAccessRule(opt ...func(*AccessRule)) AccessRule
TestAccessRule returns an AccessRule fixture to be used in tests.
func (AccessRule) ToAPI ¶
func (a AccessRule) ToAPI() types.AccessRule
served basic detail of the access rule
func (AccessRule) ToAPIDetail ¶
func (a AccessRule) ToAPIDetail() types.AccessRuleDetail
ised for admin apis, this contains the access rule target in a format for updating the access rule provider target
func (AccessRule) ToRequestAccessRuleAPI ¶
func (a AccessRule) ToRequestAccessRuleAPI(requestArguments map[string]types.RequestArgument, canRequest bool) types.RequestAccessRule
This is used to serve a user making a request, it contains all the available arguments and options with title, description and labels
type AccessRuleMetadata ¶
type AccessRuleMetadata struct {
CreatedAt time.Time `json:"createdAt" dynamodbav:"createdAt"`
// userID
CreatedBy string `json:"createdBy" dynamodbav:"createdBy"`
UpdateMessage *string `json:"updateMessage,omitempty" dynamodbav:"updateMessage,omitempty"`
UpdateMetadata *map[string]interface{} `json:"updateMetadata,omitempty" dynamodbav:"updateMetadata,omitempty"`
UpdatedAt time.Time `json:"updatedAt" dynamodbav:"updatedAt"`
// userID
UpdatedBy string `json:"updatedBy" dynamodbav:"updatedBy"`
}
AccessRuleMetadata defines model for AccessRuleMetadata.
type Approval ¶
type Approval struct {
// List of group ids represents the groups whos members may approver requests for this rule
Groups []string `json:"groups" dynamodbav:"groups"`
//List of users ids represents the individual users who may approve requests for this rule.
// This does not represent members of the approval groups
Users []string `json:"users" dynamodbav:"users"`
}
Approver config for access rules
func (*Approval) IsRequired ¶
type GetAccessRuleResponse ¶ added in v0.11.1
type GetAccessRuleResponse struct {
Rule *AccessRule
CanRequest bool
}
Inherit rule and include `canRequest` field which is used to determine if the approval can request the rule or not.
type Target ¶
type Target struct {
// References the provider's unique ID
ProviderID string `json:"providerId" dynamodbav:"providerId"`
TargetGroupID string `json:"targetGroupId" dynamodbav:"targetGroupId"`
// BuiltInProviderType is only used for built-in providers
BuiltInProviderType string `json:"providerType" dynamodbav:"providerType"`
// TargetGroupFrom is only used for PDK providers and is a denormalised copy of the
// 'From' field in a Target Group.
TargetGroupFrom target.From `json:"targetGroupFrom" dynamodbav:"targetGroupFrom"`
With map[string]string `json:"with" dynamodbav:"with"`
// when target can have multiple values
WithSelectable map[string][]string `json:"withSelectable" dynamodbav:"withSelectable"`
// when target doesn't have values but instead belongs to a group
// which can be dynamically fetched at access request time.
WithArgumentGroupOptions map[string]map[string][]string `json:"withArgumentGroupOptions" dynamodbav:"withArgumentGroupOptions"`
}
Provider defines model for Provider. I expect this will be different to what gets returned in the api response
func (Target) IsForTargetGroup ¶ added in v0.15.0
IsForTargetGroup check if this target has a targetgroup ID if so, it means this rule is for a targetgroup not a built-in provider
func (Target) ProviderToAPI ¶
func (Target) ToAPIDetail ¶
func (t Target) ToAPIDetail() types.AccessRuleTargetDetail
func (Target) UsesDynamicOptions ¶
UsesDynamicOptions is true if the rule uses dynamic options that are automatically updated, such as AWS Organizational Units.
func (Target) UsesSelectableOptions ¶
UsesSelectableOptions is true if the rule allows users to select an option when making a request.
Source Files