Documentation
¶
Index ¶
- Constants
- Variables
- type AccessEntry
- type Activity
- type ActivityConfig
- type AdditionalAppeal
- type Appeal
- func (a *Appeal) AdvanceApproval(policy *Policy) error
- func (a *Appeal) ApplyPolicy(p *Policy) error
- func (a *Appeal) Approve() error
- func (a *Appeal) Cancel()
- func (a *Appeal) GetApproval(id string) *Approval
- func (a *Appeal) GetDuration() (time.Duration, error)
- func (a *Appeal) GetNextPendingApproval() *Approval
- func (a *Appeal) Init(policy *Policy)
- func (a *Appeal) IsDurationEmpty() bool
- func (a *Appeal) Reject()
- func (a *Appeal) SetDefaults()
- func (a Appeal) ToGrant() (*Grant, error)
- type AppealConfig
- type AppealDurationOption
- type AppealOptions
- type Approval
- type ApprovalAction
- type ApprovalActionType
- type ApprovalStepStrategy
- type Approver
- type Condition
- type Crypto
- type Decryptor
- type DormancyCheckCriteria
- type Encryptor
- type Grant
- type GrantSource
- type GrantStatus
- type IAMClient
- type IAMConfig
- type IAMManager
- type IAMProviderType
- type ListActivitiesFilter
- type ListAppealsFilter
- type ListApprovalsFilter
- type ListGrantsFilter
- type ListProviderActivitiesFilter
- type ListResourcesFilter
- type MapResourceAccess
- type MatchCondition
- type Notification
- type NotificationMessage
- type NotificationMessages
- type Policy
- type PolicyAppealConfig
- type PolicyConfig
- type Provider
- type ProviderConfig
- type ProviderParameter
- type ProviderType
- type Question
- type Requirement
- type RequirementTrigger
- type Resource
- type ResourceConfig
- type ResourceIdentifier
- type Resources
- type RevokeGrantsFilter
- type Role
- type SensitiveConfig
- type SensitiveInformation
- type Step
Constants ¶
View Source
const ( AppealActionNameApprove = "approve" AppealActionNameReject = "reject" AppealStatusPending = "pending" AppealStatusCanceled = "canceled" AppealStatusApproved = "approved" AppealStatusRejected = "rejected" SystemActorName = "system" DefaultAppealAccountType = "user" PermanentDurationLabel = "Permanent" ExpirationDateReasonFromAppeal = "Expiration date is set based on the appeal options" )
View Source
const ( ApprovalStatusPending = "pending" ApprovalStatusBlocked = "blocked" ApprovalStatusSkipped = "skipped" ApprovalStatusApproved = "approved" ApprovalStatusRejected = "rejected" )
View Source
const ( GrantStatusActive GrantStatus = "active" GrantStatusInactive GrantStatus = "inactive" GrantSourceAppeal GrantSource = "appeal" GrantSourceImport GrantSource = "import" GrantExpirationReasonDormant = "grant/access hasn't been used for a while" )
View Source
const ( NotificationTypeExpirationReminder = "ExpirationReminder" NotificationTypeAppealApproved = "AppealApproved" NotificationTypeOnBehalfAppealApproved = "OnBehalfAppealApproved" NotificationTypeAppealRejected = "AppealRejected" NotificationTypeAccessRevoked = "AccessRevoked" NotificationTypeApproverNotification = "ApproverNotification" NotificationTypeGrantOwnerChanged = "GrantOwnerChanged" NotificationTypeUnusedGrant = "UnusedGrant" )
View Source
const ( // ProviderTypeBigQuery is the type name for BigQuery provider ProviderTypeBigQuery = "bigquery" // ProviderTypeMetabase is the type name for Metabase provider ProviderTypeMetabase = "metabase" // ProviderTypeGrafana is the type name for Grafana provider ProviderTypeGrafana = "grafana" // ProviderTypeTableau is the type name for Tableau provider ProviderTypeTableau = "tableau" // ProviderTypeGCloudIAM is the type name for Google Cloud IAM provider ProviderTypeGCloudIAM = "gcloud_iam" // ProviderTypeNoOp is the type name for No-Op provider ProviderTypeNoOp = "noop" // ProviderTypeGCS is the type name for Google Cloud Storage provider ProviderTypeGCS = "gcs" // ProviderTypePolicyTag is the type name for Dataplex ProviderTypePolicyTag = "dataplex" // ProviderTypeShield is the type name for Shield auth layer provider ProviderTypeShield = "shield" )
View Source
const (
ApproversKeyResource = "$resource"
)
View Source
const (
TraceIDKey = "trace_id"
)
Variables ¶
View Source
var (
ErrApproverInvalidType = errors.New("invalid approver type, expected an email string or array of email string")
)
View Source
var (
ErrInvalidConditionField = errors.New("unable to parse condition's field")
)
Functions ¶
This section is empty.
Types ¶
type AccessEntry ¶
func (AccessEntry) ToGrant ¶
func (ae AccessEntry) ToGrant(resource Resource) Grant
type Activity ¶
type Activity struct {
ID string `json:"id" yaml:"id"`
ProviderID string `json:"provider_id" yaml:"provider_id"`
ResourceID string `json:"resource_id" yaml:"resource_id"`
ProviderActivityID string `json:"provider_activity_id" yaml:"provider_activity_id"`
AccountType string `json:"account_type" yaml:"account_type"`
AccountID string `json:"account_id" yaml:"account_id"`
Timestamp time.Time `json:"timestamp" yaml:"timestamp"`
Authorizations []string `json:"authorizations" yaml:"authorizations"`
RelatedPermissions []string `json:"related_permissions" yaml:"related_permissions"`
Type string `json:"type" yaml:"type"`
Metadata map[string]interface{} `json:"metadata" yaml:"metadata"`
CreatedAt time.Time `json:"created_at" yaml:"created_at"`
Provider *Provider `json:"provider,omitempty" yaml:"provider,omitempty"`
Resource *Resource `json:"resource,omitempty" yaml:"resource,omitempty"`
}
type ActivityConfig ¶ added in v0.7.5
type AdditionalAppeal ¶
type AdditionalAppeal struct {
Resource *ResourceIdentifier `json:"resource" yaml:"resource" validate:"required"`
Role string `json:"role" yaml:"role" validate:"required"`
Options *AppealOptions `json:"options" yaml:"options"`
Policy *PolicyConfig `json:"policy" yaml:"policy"`
}
type Appeal ¶
type Appeal struct {
ID string `json:"id" yaml:"id"`
ResourceID string `json:"resource_id" yaml:"resource_id"`
PolicyID string `json:"policy_id" yaml:"policy_id"`
PolicyVersion uint `json:"policy_version" yaml:"policy_version"`
Status string `json:"status" yaml:"status"`
AccountID string `json:"account_id" yaml:"account_id"`
AccountType string `json:"account_type" yaml:"account_type" default:"user"`
CreatedBy string `json:"created_by" yaml:"created_by"`
Creator interface{} `json:"creator" yaml:"creator"`
Role string `json:"role" yaml:"role"`
Permissions []string `json:"permissions" yaml:"permissions"`
Options *AppealOptions `json:"options" yaml:"options"`
Details map[string]interface{} `json:"details" yaml:"details"`
Labels map[string]string `json:"labels" yaml:"labels"`
Description string `json:"description" yaml:"description"`
Policy *Policy `json:"-" yaml:"-"`
Resource *Resource `json:"resource,omitempty" yaml:"resource,omitempty"`
Approvals []*Approval `json:"approvals,omitempty" yaml:"approvals,omitempty"`
Grant *Grant `json:"grant,omitempty" yaml:"grant,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`
}
Appeal struct
func (*Appeal) AdvanceApproval ¶
func (*Appeal) ApplyPolicy ¶
func (*Appeal) GetApproval ¶
func (*Appeal) GetNextPendingApproval ¶
func (*Appeal) IsDurationEmpty ¶
func (*Appeal) SetDefaults ¶
func (a *Appeal) SetDefaults()
type AppealConfig ¶
type AppealConfig struct {
AllowPermanentAccess bool `json:"allow_permanent_access" yaml:"allow_permanent_access"`
AllowActiveAccessExtensionIn string `json:"allow_active_access_extension_in" yaml:"allow_active_access_extension_in" validate:"required"`
}
AppealConfig is the policy configuration of the appeal
type AppealDurationOption ¶
type AppealDurationOption struct {
// Name of the duration
// Ex: 1 Day, 3 Days, Permanent
Name string `json:"name" yaml:"name" validate:"required"`
// Value of the actual duration
// Ex: 24h, 72h, 0h
// `0h` is reserved for permanent access
Value string `json:"value" yaml:"value" validate:"required"`
}
type AppealOptions ¶
type AppealOptions struct {
ExpirationDate *time.Time `json:"expiration_date,omitempty" yaml:"expiration_date,omitempty"`
Duration string `json:"duration" yaml:"duration"`
}
AppealOptions
type Approval ¶
type Approval struct {
ID string `json:"id" yaml:"id"`
Name string `json:"name" yaml:"name"`
Index int `json:"-" yaml:"-"`
AppealID string `json:"appeal_id" yaml:"appeal_id"`
Status string `json:"status" yaml:"status"`
Actor *string `json:"actor" yaml:"actor"`
Reason string `json:"reason,omitempty" yaml:"reason,omitempty"`
PolicyID string `json:"policy_id" yaml:"policy_id"`
PolicyVersion uint `json:"policy_version" yaml:"policy_version"`
Approvers []string `json:"approvers,omitempty" yaml:"approvers,omitempty"`
Appeal *Appeal `json:"appeal,omitempty" yaml:"appeal,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`
}
func (*Approval) IsManualApproval ¶
type ApprovalAction ¶
type ApprovalActionType ¶
type ApprovalActionType string
const ( ApprovalActionApprove ApprovalActionType = "approve" ApprovalActionReject ApprovalActionType = "reject" )
type ApprovalStepStrategy ¶
type ApprovalStepStrategy string
const ( ApprovalStepStrategyAuto ApprovalStepStrategy = "auto" ApprovalStepStrategyManual ApprovalStepStrategy = "manual" )
type Approver ¶
type Approver struct {
ID string `json:"id" yaml:"id"`
ApprovalID string `json:"approval_id" yaml:"approval_id"`
AppealID string `json:"appeal_id" yaml:"appeal_id"`
Email string `json:"email" yaml:"email"`
CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`
}
type Condition ¶
type Condition struct {
Field string `json:"field" yaml:"field" validate:"required"`
Match *MatchCondition `json:"match" yaml:"match" validate:"required"`
}
Condition gets evaluated to determine the approval step resolution whether it is success or failed
type DormancyCheckCriteria ¶ added in v0.7.5
type DormancyCheckCriteria struct {
ProviderID string
Period time.Duration
RetainDuration time.Duration
DryRun bool
}
func (DormancyCheckCriteria) Validate ¶ added in v0.7.5
func (c DormancyCheckCriteria) Validate() error
type Grant ¶
type Grant struct {
ID string `json:"id" yaml:"id"`
Status GrantStatus `json:"status" yaml:"status"`
StatusInProvider GrantStatus `json:"status_in_provider" yaml:"status_in_provider"`
AccountID string `json:"account_id" yaml:"account_id"`
AccountType string `json:"account_type" yaml:"account_type"`
ResourceID string `json:"resource_id" yaml:"resource_id"`
Role string `json:"role" yaml:"role"`
Permissions []string `json:"permissions" yaml:"permissions"`
IsPermanent bool `json:"is_permanent" yaml:"is_permanent"`
ExpirationDate *time.Time `json:"expiration_date" yaml:"expiration_date"`
RequestedExpirationDate *time.Time `json:"requested_expiration_date,omitempty" yaml:"requested_expiration_date,omitempty"`
ExpirationDateReason string `json:"expiration_date_reason,omitempty" yaml:"expiration_date_reason,omitempty"`
AppealID string `json:"appeal_id" yaml:"appeal_id"`
Source GrantSource `json:"source" yaml:"source"`
RevokedBy string `json:"revoked_by,omitempty" yaml:"revoked_by,omitempty"`
RevokedAt *time.Time `json:"revoked_at,omitempty" yaml:"revoked_at,omitempty"`
RevokeReason string `json:"revoke_reason,omitempty" yaml:"revoke_reason,omitempty"`
CreatedBy string `json:"created_by" yaml:"created_by"` // Deprecated: use Owner instead
Owner string `json:"owner" yaml:"owner"`
CreatedAt time.Time `json:"created_at" yaml:"created_at"`
UpdatedAt time.Time `json:"updated_at" yaml:"updated_at"`
Resource *Resource `json:"resource,omitempty" yaml:"resource,omitempty"`
Appeal *Appeal `json:"appeal,omitempty" yaml:"appeal,omitempty"`
Activities []*Activity `json:"activities,omitempty" yaml:"activities,omitempty"`
}
func (*Grant) GetPermissions ¶
func (Grant) IsEligibleForExtension ¶
func (Grant) PermissionsKey ¶
type GrantSource ¶
type GrantSource string
type GrantStatus ¶
type GrantStatus string
type IAMConfig ¶
type IAMConfig struct {
Provider IAMProviderType `json:"provider" yaml:"provider" validate:"required,oneof=http shield"`
Config interface{} `json:"config" yaml:"config" validate:"required"`
Schema map[string]string `json:"schema" yaml:"schema"`
}
type IAMManager ¶
type IAMManager interface {
ParseConfig(*IAMConfig) (SensitiveConfig, error)
GetClient(SensitiveConfig) (IAMClient, error)
}
type IAMProviderType ¶
type IAMProviderType string
const ( IAMProviderTypeShield IAMProviderType = "shield" IAMProviderTypeHTTP IAMProviderType = "http" )
type ListActivitiesFilter ¶ added in v0.7.5
type ListActivitiesFilter struct {
ProviderID string
ResourceIDs []string
ResourceIdentifiers []ResourceIdentifier
AccountIDs []string
TimestampGte *time.Time
TimestampLte *time.Time
// contains filtered or unexported fields
}
func (*ListActivitiesFilter) GetResources ¶ added in v0.7.5
func (f *ListActivitiesFilter) GetResources() []*Resource
func (*ListActivitiesFilter) PopulateResources ¶ added in v0.7.5
func (f *ListActivitiesFilter) PopulateResources(resources map[string]*Resource) error
type ListAppealsFilter ¶
type ListAppealsFilter struct {
Q string `mapstructure:"q" validate:"omitempty"`
AccountTypes []string `mapstructure:"account_types" validate:"omitempty,min=1"`
CreatedBy string `mapstructure:"created_by" validate:"omitempty,required"`
AccountID string `mapstructure:"account_id" validate:"omitempty,required"`
AccountIDs []string `mapstructure:"account_ids" validate:"omitempty,required"`
ResourceID string `mapstructure:"resource_id" validate:"omitempty,required"`
Role string `mapstructure:"role" validate:"omitempty,required"`
Statuses []string `mapstructure:"statuses" validate:"omitempty,min=1"`
ExpirationDateLessThan time.Time `mapstructure:"expiration_date_lt" validate:"omitempty,required"`
ExpirationDateGreaterThan time.Time `mapstructure:"expiration_date_gt" validate:"omitempty,required"`
ProviderTypes []string `mapstructure:"provider_types" validate:"omitempty,min=1"`
ProviderURNs []string `mapstructure:"provider_urns" validate:"omitempty,min=1"`
ResourceTypes []string `mapstructure:"resource_types" validate:"omitempty,min=1"`
ResourceURNs []string `mapstructure:"resource_urns" validate:"omitempty,min=1"`
OrderBy []string `mapstructure:"order_by" validate:"omitempty,min=1"`
Size int `mapstructure:"size" validate:"omitempty"`
Offset int `mapstructure:"offset" validate:"omitempty"`
}
type ListApprovalsFilter ¶
type ListApprovalsFilter struct {
Q string `mapstructure:"q" validate:"omitempty"`
AccountID string `mapstructure:"account_id" validate:"omitempty,required"`
AccountTypes []string `mapstructure:"account_types" validate:"omitempty,min=1"`
ResourceTypes []string `mapstructure:"resource_types" validate:"omitempty,min=1"`
CreatedBy string `mapstructure:"created_by" validate:"omitempty,required"`
Statuses []string `mapstructure:"statuses" validate:"omitempty,min=1"`
OrderBy []string `mapstructure:"order_by" validate:"omitempty,min=1"`
Size int `mapstructure:"size" validate:"omitempty"`
Offset int `mapstructure:"offset" validate:"omitempty"`
AppealStatuses []string `mapstructure:"appeal_statuses" validate:"omitempty,min=1"`
}
type ListGrantsFilter ¶
type ListGrantsFilter struct {
Statuses []string
AccountIDs []string
AccountTypes []string
ResourceIDs []string
Roles []string
Permissions []string
ProviderTypes []string
ProviderURNs []string
ResourceTypes []string
ResourceURNs []string
CreatedBy string
Owner string
OrderBy []string
ExpirationDateLessThan time.Time
ExpirationDateGreaterThan time.Time
IsPermanent *bool
CreatedAtLte time.Time
Size int `mapstructure:"size" validate:"omitempty"`
Offset int `mapstructure:"offset" validate:"omitempty"`
Q string `mapstructure:"q" validate:"omitempty"`
}
type ListResourcesFilter ¶
type ListResourcesFilter struct {
IDs []string `mapstructure:"ids" validate:"omitempty,min=1"`
IsDeleted bool `mapstructure:"is_deleted" validate:"omitempty"`
ProviderType string `mapstructure:"provider_type" validate:"omitempty"`
ProviderURN string `mapstructure:"provider_urn" validate:"omitempty"`
Name string `mapstructure:"name" validate:"omitempty"`
ResourceURN string `mapstructure:"urn" validate:"omitempty"`
ResourceType string `mapstructure:"type" validate:"omitempty"`
ResourceURNs []string `mapstructure:"urns" validate:"omitempty"`
ResourceTypes []string `mapstructure:"types" validate:"omitempty"`
Details map[string]string `mapstructure:"details"`
Size uint32 `mapstructure:"size" validate:"omitempty"`
Offset uint32 `mapstructure:"offset" validate:"omitempty"`
}
type MapResourceAccess ¶
type MapResourceAccess map[string][]AccessEntry
MapResourceAccess is list of UserAccess grouped by resource urn
type MatchCondition ¶
type MatchCondition struct {
Eq interface{} `json:"eq" yaml:"eq"`
}
MatchCondition is for determining the requirement of the condition
type Notification ¶
type Notification struct {
User string
Message NotificationMessage
Labels map[string]string
}
type NotificationMessage ¶
type NotificationMessages ¶
type NotificationMessages struct {
ExpirationReminder string `mapstructure:"expiration_reminder"`
AppealApproved string `mapstructure:"appeal_approved"`
AppealRejected string `mapstructure:"appeal_rejected"`
AccessRevoked string `mapstructure:"access_revoked"`
ApproverNotification string `mapstructure:"approver_notification"`
OthersAppealApproved string `mapstructure:"others_appeal_approved"`
GrantOwnerChanged string `mapstructure:"grant_owner_changed"`
UnusedGrant string `mapstructure:"unused_grant"`
}
type Policy ¶
type Policy struct {
ID string `json:"id" yaml:"id" validate:"required"`
Version uint `json:"version" yaml:"version" validate:"required"`
Description string `json:"description" yaml:"description"`
Steps []*Step `json:"steps" yaml:"steps" validate:"required,min=1,dive"`
AppealConfig *PolicyAppealConfig `json:"appeal_config" yaml:"appeal_config" validate:"omitempty,dive"`
Requirements []*Requirement `json:"requirements,omitempty" yaml:"requirements,omitempty" validate:"omitempty,min=1,dive"`
Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"`
IAM *IAMConfig `json:"iam,omitempty" yaml:"iam,omitempty" validate:"omitempty,dive"`
CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`
}
Policy is the approval policy configuration
func (*Policy) HasIAMConfig ¶
type PolicyAppealConfig ¶
type PolicyAppealConfig struct {
DurationOptions []AppealDurationOption `json:"duration_options" yaml:"duration_options" validate:"omitempty,min=1,dive"`
AllowOnBehalf bool `json:"allow_on_behalf" yaml:"allow_on_behalf"`
AllowPermanentAccess bool `json:"allow_permanent_access" yaml:"allow_permanent_access"`
AllowActiveAccessExtensionIn string `json:"allow_active_access_extension_in" yaml:"allow_active_access_extension_in"`
Questions []Question `json:"questions" yaml:"questions"`
// AllowCreatorDetailsFailure is a flag that lets the appeal creation to continue when the request to the identity
// provider (Policy.IAM) fails. If this is set to true and request to the identity provider fails (4xx or 5xx), the
// value of `creator` field in the appeal will be nil.
// Note: any expression that tries to access `$appeal.creator.*` is still evaluated as usual, it might need to have
// proper nil checking to avoid accessing nil value.
AllowCreatorDetailsFailure bool `json:"allow_creator_details_failure" yaml:"allow_creator_details_failure"`
}
type PolicyConfig ¶
type PolicyConfig struct {
ID string `json:"id" yaml:"id" validate:"required"`
Version int `json:"version" yaml:"version" validate:"required"`
}
PolicyConfig is the configuration that defines which policy is being used in the provider
type Provider ¶
type Provider struct {
ID string `json:"id" yaml:"id"`
Type string `json:"type" yaml:"type"`
URN string `json:"urn" yaml:"urn"`
Config *ProviderConfig `json:"config" yaml:"config"`
CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`
}
Provider domain structure
type ProviderConfig ¶
type ProviderConfig struct {
Type string `json:"type" yaml:"type" validate:"required,oneof=google_bigquery metabase grafana tableau gcloud_iam noop gcs"`
URN string `json:"urn" yaml:"urn" validate:"required"`
AllowedAccountTypes []string `json:"allowed_account_types" yaml:"allowed_account_types" validate:"omitempty,min=1"`
Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"`
Credentials interface{} `json:"credentials,omitempty" yaml:"credentials" validate:"required"`
Appeal *AppealConfig `json:"appeal,omitempty" yaml:"appeal,omitempty" validate:"required"`
Resources []*ResourceConfig `json:"resources" yaml:"resources" validate:"required"`
Parameters []*ProviderParameter `json:"parameters,omitempty" yaml:"parameters,omitempty"`
Activity *ActivityConfig `json:"activity,omitempty" yaml:"activity,omitempty"`
}
ProviderConfig is the configuration for a data provider
func (ProviderConfig) GetFilterForResourceType ¶ added in v0.7.8
func (pc ProviderConfig) GetFilterForResourceType(resourceType string) string
func (ProviderConfig) GetResourceTypes ¶
func (pc ProviderConfig) GetResourceTypes() (resourceTypes []string)
type ProviderParameter ¶
type ProviderType ¶
type Requirement ¶
type Requirement struct {
On *RequirementTrigger `json:"on" yaml:"on" validate:"required"`
Appeals []*AdditionalAppeal `json:"appeals" yaml:"appeals" validate:"required,min=1,dive"`
}
type RequirementTrigger ¶
type RequirementTrigger struct {
ProviderType string `` /* 137-byte string literal not displayed */
ProviderURN string `` /* 136-byte string literal not displayed */
ResourceType string `` /* 137-byte string literal not displayed */
ResourceURN string `` /* 136-byte string literal not displayed */
Role string `` /* 128-byte string literal not displayed */
// Deprecated: use Expression instead
Conditions []*Condition `` /* 134-byte string literal not displayed */
Expression string `` /* 134-byte string literal not displayed */
}
type Resource ¶
type Resource struct {
ID string `json:"id" yaml:"id"`
ProviderType string `json:"provider_type" yaml:"provider_type"`
ProviderURN string `json:"provider_urn" yaml:"provider_urn"`
Type string `json:"type" yaml:"type"`
URN string `json:"urn" yaml:"urn"`
Name string `json:"name" yaml:"name"`
Details map[string]interface{} `json:"details" yaml:"details"`
Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`
IsDeleted bool `json:"is_deleted,omitempty" yaml:"is_deleted,omitempty"`
ParentID *string `json:"parent_id,omitempty" yaml:"parent_id,omitempty"`
Children []*Resource `json:"children,omitempty" yaml:"children,omitempty"`
}
Resource struct
func (*Resource) GetFlattened ¶
type ResourceConfig ¶
type ResourceConfig struct {
Type string `json:"type" yaml:"type" validate:"required"`
Filter string `json:"filter" yaml:"filter"`
Policy *PolicyConfig `json:"policy" yaml:"policy"`
Roles []*Role `json:"roles" yaml:"roles" validate:"required"`
}
ResourceConfig is the configuration for a resource type within a provider
type ResourceIdentifier ¶
type ResourceIdentifier struct {
ProviderType string `json:"provider_type" yaml:"provider_type" validate:"required_with=ProviderURN Type URN"`
ProviderURN string `json:"provider_urn" yaml:"provider_urn" validate:"required_with=ProviderType Type URN"`
Type string `json:"type" yaml:"type" validate:"required_with=ProviderType ProviderURN URN"`
URN string `json:"urn" yaml:"urn" validate:"required_with=ProviderType ProviderURN Type"`
ID string `json:"id" yaml:"id" validate:"required_without_all=ProviderType ProviderURN Type URN"`
}
type RevokeGrantsFilter ¶
type Role ¶
type Role struct {
ID string `json:"id" yaml:"id" validate:"required"`
Name string `json:"name" yaml:"name" validate:"required"`
Description string `json:"description,omitempty" yaml:"description"`
Permissions []interface{} `json:"permissions" yaml:"permissions" validate:"required"`
}
Role is the configuration to define a role and mapping the permissions in the provider
func (Role) GetOrderedPermissions ¶
GetOrderedPermissions returns the permissions as a string slice
type SensitiveConfig ¶
type SensitiveConfig interface {
SensitiveInformation
Validate() error
}
type SensitiveInformation ¶
type Step ¶
type Step struct {
// Name used as the step identifier
Name string `json:"name" yaml:"name" validate:"required"`
// Description tells more details about the step
Description string `json:"description" yaml:"description"`
// AllowFailed lets the approval flow continue to the next step even the current step is rejected.
// If the last step has AllowFailed equal to true, and it's getting rejected,
// the appeal status will resolve as approved or success.
AllowFailed bool `json:"allow_failed" yaml:"allow_failed"`
// When is an Expression that determines whether the step should be evaluated or it can be skipped at the beginning.
// If it evaluates to be falsy, the step will automatically skipped. Otherwise, step become pending/blocked (normal).
//
// Accessible parameters:
// $appeal = Appeal object
When string `json:"when,omitempty" yaml:"when,omitempty"`
// Strategy defines if the step requires manual approval or not
Strategy ApprovalStepStrategy `json:"strategy" yaml:"strategy" validate:"required,oneof=auto manual"`
// RejectionReason message fills `Approval.Reason` if the approval step gets rejected based on `ApproveIf` expression.
RejectionReason string `json:"rejection_reason" yaml:"rejection_reason"`
// Approvers is an Expression that if the evaluation returns string or []string that contains email address of the approvers.
// If human approval (manual) is required, use this field.
//
// Accessible parameters:
// $appeal = Appeal object
Approvers []string `json:"approvers,omitempty" yaml:"approvers,omitempty" validate:"required_if=Strategy manual,omitempty,min=1"`
// ApproveIf is an Expression to determines the resolution of the step. If automatic approval is needed for the step,
// use this field.
//
// Accessible parameters:
// $appeal = Appeal object
ApproveIf string `json:"approve_if,omitempty" yaml:"approve_if,omitempty" validate:"required_if=Strategy auto"`
}
Step is an individual process within an approval flow
Source Files
Click to show internal directories.
Click to hide internal directories.