Documentation ¶
Index ¶
- Constants
- Variables
- func GetRoles(pc *domain.ProviderConfig, resourceType string) ([]*domain.Role, error)
- func WithDryRun(ctx context.Context) context.Context
- type Client
- type PermissionManager
- type Service
- func (s *Service) CorrelateGrantActivities(ctx context.Context, p domain.Provider, grants []*domain.Grant, ...) error
- func (s *Service) Create(ctx context.Context, p *domain.Provider) error
- func (s *Service) Delete(ctx context.Context, id string) error
- func (s *Service) FetchResources(ctx context.Context) error
- func (s *Service) Find(ctx context.Context) ([]*domain.Provider, error)
- func (s *Service) GetByID(ctx context.Context, id string) (*domain.Provider, error)
- func (s *Service) GetDependencyGrants(ctx context.Context, g domain.Grant) ([]*domain.Grant, error)
- func (s *Service) GetOne(ctx context.Context, pType, urn string) (*domain.Provider, error)
- func (s *Service) GetPermissions(_ context.Context, pc *domain.ProviderConfig, resourceType, role string) ([]interface{}, error)
- func (s *Service) GetRoles(ctx context.Context, id string, resourceType string) ([]*domain.Role, error)
- func (s *Service) GetTypes(ctx context.Context) ([]domain.ProviderType, error)
- func (s *Service) GrantAccess(ctx context.Context, a domain.Grant) error
- func (s *Service) ImportActivities(ctx context.Context, filter domain.ListActivitiesFilter) ([]*domain.Activity, error)
- func (s *Service) IsExclusiveRoleAssignment(ctx context.Context, providerType, resourceType string) bool
- func (s *Service) ListAccess(ctx context.Context, p domain.Provider, resources []*domain.Resource) (domain.MapResourceAccess, error)
- func (s *Service) ListActivities(ctx context.Context, p domain.Provider, filter domain.ListActivitiesFilter) ([]*domain.Activity, error)
- func (s *Service) RevokeAccess(ctx context.Context, a domain.Grant) error
- func (s *Service) Update(ctx context.Context, p *domain.Provider) error
- func (s *Service) ValidateAppeal(ctx context.Context, a *domain.Appeal, p *domain.Provider, ...) error
- type ServiceDeps
- type UnimplementedClient
- func (c *UnimplementedClient) CreateConfig(*domain.ProviderConfig) error
- func (c *UnimplementedClient) GetResources(*domain.ProviderConfig) ([]*domain.Resource, error)
- func (c *UnimplementedClient) GetRoles(*domain.ProviderConfig, string) ([]*domain.Role, error)
- func (c *UnimplementedClient) GrantAccess(*domain.ProviderConfig, *domain.Appeal) error
- func (c *UnimplementedClient) ListAccess(context.Context, domain.ProviderConfig, []*domain.Resource) (domain.MapResourceAccess, error)
- func (c *UnimplementedClient) RevokeAccess(*domain.ProviderConfig, *domain.Appeal) error
Constants ¶
View Source
const ( AuditKeyCreate = "provider.create" AuditKeyUpdate = "provider.update" AuditKeyDelete = "provider.delete" )
Variables ¶
View Source
var ( // ErrInvalidProviderType is the error value if provider is unable to find the matching provider type ErrInvalidProviderType = errors.New("unable to find provider based on provider type") // ErrEmptyIDParam is the error value if the policy id is empty ErrEmptyIDParam = errors.New("id can't be empty") // ErrRecordNotFound is the error value if the designated record id is not exists ErrRecordNotFound = errors.New("record not found") ErrEmptyProviderType = errors.New("provider type can't be nil") ErrEmptyProviderURN = errors.New("provider urn can't be nil") ErrNilAppeal = errors.New("appeal can't be nil") ErrNilResource = errors.New("resource can't be nil") ErrInvalidResourceType = errors.New("invalid resource type") ErrInvalidRole = errors.New("invalid role") ErrUnimplementedMethod = errors.New("method is not yet implemented") ErrImportActivitiesMethodNotSupported = errors.New("import activities is not supported for this provider type") ErrGetActivityMethodNotSupported = errors.New("get activity is not supported for this provider type") ErrAppealValidationInvalidAccountType = errors.New("invalid account type") ErrAppealValidationInvalidRole = errors.New("invalid role") ErrAppealValidationDurationNotSpecified = errors.New("appeal duration is required") ErrAppealValidationEmptyDuration = errors.New("permanent access is not allowed") ErrAppealValidationInvalidDurationValue = errors.New("invalid duration value") ErrAppealValidationMissingRequiredParameter = errors.New("missing required parameter") ErrAppealValidationMissingRequiredQuestion = errors.New("missing required question") ErrGrantAlreadyExists = errors.New("grant already exists") )
Functions ¶
Types ¶
type PermissionManager ¶
type PermissionManager struct{}
func (PermissionManager) GetPermissions ¶
func (m PermissionManager) GetPermissions(pc *domain.ProviderConfig, resourceType, role string) ([]interface{}, error)
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service handling the business logics
func (*Service) CorrelateGrantActivities ¶ added in v0.7.5
func (*Service) FetchResources ¶
FetchResources fetches all resources for all registered providers
func (*Service) GetDependencyGrants ¶ added in v0.12.8
func (*Service) GetPermissions ¶
func (*Service) GrantAccess ¶
func (*Service) ImportActivities ¶
func (*Service) IsExclusiveRoleAssignment ¶ added in v0.9.0
func (s *Service) IsExclusiveRoleAssignment(ctx context.Context, providerType, resourceType string) bool
IsExclusiveRoleAssignment returns true if the provider only supports exclusive role assignment i.e. a user can only have one role per resource
func (*Service) ListAccess ¶
func (*Service) ListActivities ¶ added in v0.7.5
func (*Service) RevokeAccess ¶
type ServiceDeps ¶
type UnimplementedClient ¶
type UnimplementedClient struct{}
func (*UnimplementedClient) CreateConfig ¶
func (c *UnimplementedClient) CreateConfig(*domain.ProviderConfig) error
func (*UnimplementedClient) GetResources ¶
func (c *UnimplementedClient) GetResources(*domain.ProviderConfig) ([]*domain.Resource, error)
func (*UnimplementedClient) GetRoles ¶
func (c *UnimplementedClient) GetRoles(*domain.ProviderConfig, string) ([]*domain.Role, error)
func (*UnimplementedClient) GrantAccess ¶
func (c *UnimplementedClient) GrantAccess(*domain.ProviderConfig, *domain.Appeal) error
func (*UnimplementedClient) ListAccess ¶
func (c *UnimplementedClient) ListAccess(context.Context, domain.ProviderConfig, []*domain.Resource) (domain.MapResourceAccess, error)
func (*UnimplementedClient) RevokeAccess ¶
func (c *UnimplementedClient) RevokeAccess(*domain.ProviderConfig, *domain.Appeal) error
Click to show internal directories.
Click to hide internal directories.