policy

Documentation

Index

• Constants
• Variables
• type ACL
  • func All(objects ...string) ACL
  • func Approve(objects ...string) ACL
  • func CRUD(objects ...string) ACL
  • func Create(objects ...string) ACL
  • func Delete(objects ...string) ACL
  • func Read(objects ...string) ACL
  • func Run(objects ...string) ACL
  • func Update(objects ...string) ACL
  • func (acl ACL) GetPolicyDefinition() [][]string
• type Permission
  • func NewPermission(perm []string) Permission
  • func NewPermissions(perms [][]string) []Permission
  • func (p Permission) String() string
• type Policy
  • func (p Policy) GetPolicyDefintions() [][]string
  • func (p Policy) String() string

Constants

const (
	// Roles
	RoleAdmin     = "admin"
	RoleEveryone  = "everyone"
	RoleEditor    = "editor"
	RoleViewer    = "viewer"
	RoleCommander = "commander"
	RoleResponder = "responder"
	RoleAgent     = "agent"
	RoleGuest     = "guest"

	// Objects
	ObjectKubernetesProxy  = "kubernetes-proxy"
	ObjectLogs             = "logs"
	ObjectAgent            = "agent"
	ObjectAgentPush        = "agent-push"
	ObjectArtifact         = "artifact"
	ObjectAuth             = "auth"
	ObjectCanary           = "canaries"
	ObjectCatalog          = "catalog"
	ObjectConnection       = "connection"
	ObjectConnectionDetail = "connection-detail"
	ObjectDatabase         = "database"
	ObjectDatabaseIdentity = "database.identities"
	ObjectAuthConfidential = "database.kratos"
	ObjectDatabasePublic   = "database.public"
	ObjectDatabaseSettings = "database.config_scrapers"
	ObjectDatabaseSystem   = "database.system"
	ObjectIncident         = "incident"
	ObjectMonitor          = "database.monitor"
	ObjectPlaybooks        = "playbooks"
	ObjectRBAC             = "rbac"
	ObjectTopology         = "topology"
	ObjectPeople           = "people"
	ObjectNotification     = "notification"
)

const (
	ActionAll    = "*"
	ActionCRUD   = "create,read,update,delete"
	ActionCreate = "create"
	ActionDelete = "delete"
	ActionRead   = "read"
	ActionUpdate = "update"

	// Playbooks
	ActionPlaybookRun     = "playbook:run"
	ActionPlaybookApprove = "playbook:approve"
)

Actions

Variables

var AllActions = []string{
	ActionCreate,
	ActionDelete,
	ActionRead,
	ActionUpdate,
	ActionPlaybookApprove,
	ActionPlaybookRun,
}

Types

type ACL

type ACL struct {
	Objects   string `yaml:"objects" json:"objects"`
	Actions   string `yaml:"actions" json:"actions"`
	Principal string `yaml:"principal,omitempty" json:"principal,omitempty"`
}

func All

func All(objects ...string) ACL

func Approve

func Approve(objects ...string) ACL

func CRUD

func CRUD(objects ...string) ACL

func Create

func Create(objects ...string) ACL

func Delete

func Delete(objects ...string) ACL

func Read

func Read(objects ...string) ACL

func Run

func Run(objects ...string) ACL

func Update

func Update(objects ...string) ACL

func (ACL) GetPolicyDefinition

func (acl ACL) GetPolicyDefinition() [][]string

type Permission

type Permission struct {
	ID        string `json:"id,omitempty"`
	Subject   string `json:"subject,omitempty"`
	Object    string `json:"object,omitempty"`
	Action    string `json:"action,omitempty"`
	Deny      bool   `json:"deny,omitempty"`
	Condition string `json:"condition,omitempty"`
}

func NewPermission

func NewPermission(perm []string) Permission

func NewPermissions

func NewPermissions(perms [][]string) []Permission

func (Permission) String

func (p Permission) String() string

type Policy

type Policy struct {
	Principal string   `yaml:"principal" json:"principal"`
	ACLs      []ACL    `yaml:"acl,omitempty" json:"acl"`
	Inherit   []string `yaml:"inherit,omitempty" json:"inherit"`
}

func (Policy) GetPolicyDefintions

func (p Policy) GetPolicyDefintions() [][]string

func (Policy) String

func (p Policy) String() string