Documentation ¶
Index ¶
- Constants
- Variables
- type AccessEntry
- type Activity
- type ActivityConfig
- type AdditionalAppeal
- type Appeal
- func (a *Appeal) AdvanceApproval(policy *Policy) error
- func (a *Appeal) ApplyPolicy(p *Policy) error
- func (a *Appeal) Approve() error
- func (a *Appeal) Cancel()
- func (a *Appeal) GetApproval(id string) *Approval
- func (a *Appeal) GetDuration() (time.Duration, error)
- func (a *Appeal) GetNextPendingApproval() *Approval
- func (a *Appeal) Init(policy *Policy)
- func (a *Appeal) IsDurationEmpty() bool
- func (a *Appeal) Reject()
- func (a *Appeal) SetDefaults()
- func (a Appeal) ToGrant() (*Grant, error)
- type AppealConfig
- type AppealDurationOption
- type AppealOptions
- type Approval
- type ApprovalAction
- type ApprovalActionType
- type ApprovalStepStrategy
- type Approver
- type Condition
- type Crypto
- type Decryptor
- type DormancyCheckCriteria
- type Encryptor
- type Grant
- type GrantSource
- type GrantStatus
- type IAMClient
- type IAMConfig
- type IAMManager
- type IAMProviderType
- type ListActivitiesFilter
- type ListAppealsFilter
- type ListApprovalsFilter
- type ListGrantsFilter
- type ListProviderActivitiesFilter
- type ListResourcesFilter
- type MapResourceAccess
- type MatchCondition
- type Notification
- type NotificationMessage
- type NotificationMessages
- type Policy
- type PolicyAppealConfig
- type PolicyConfig
- type Provider
- type ProviderConfig
- type ProviderParameter
- type ProviderType
- type Question
- type Requirement
- type RequirementTrigger
- type Resource
- type ResourceConfig
- type ResourceIdentifier
- type Resources
- type RevokeGrantsFilter
- type Role
- type SensitiveConfig
- type SensitiveInformation
- type Step
Constants ¶
const ( AppealActionNameApprove = "approve" AppealActionNameReject = "reject" AppealStatusPending = "pending" AppealStatusCanceled = "canceled" AppealStatusApproved = "approved" AppealStatusRejected = "rejected" SystemActorName = "system" DefaultAppealAccountType = "user" PermanentDurationLabel = "Permanent" ExpirationDateReasonFromAppeal = "Expiration date is set based on the appeal options" )
const ( ApprovalStatusPending = "pending" ApprovalStatusBlocked = "blocked" ApprovalStatusSkipped = "skipped" ApprovalStatusApproved = "approved" ApprovalStatusRejected = "rejected" )
const ( GrantStatusActive GrantStatus = "active" GrantStatusInactive GrantStatus = "inactive" GrantSourceAppeal GrantSource = "appeal" GrantSourceImport GrantSource = "import" GrantExpirationReasonDormant = "grant/access hasn't been used for a while" )
const ( NotificationTypeExpirationReminder = "ExpirationReminder" NotificationTypeAppealApproved = "AppealApproved" NotificationTypeOnBehalfAppealApproved = "OnBehalfAppealApproved" NotificationTypeAppealRejected = "AppealRejected" NotificationTypeAccessRevoked = "AccessRevoked" NotificationTypeApproverNotification = "ApproverNotification" NotificationTypeGrantOwnerChanged = "GrantOwnerChanged" NotificationTypeUnusedGrant = "UnusedGrant" )
const ( ProviderTypeBigQuery = "bigquery" ProviderTypeMetabase = "metabase" ProviderTypeGrafana = "grafana" ProviderTypeTableau = "tableau" ProviderTypeGCloudIAM = "gcloud_iam" ProviderTypeNoOp = "noop" ProviderTypeGCS = "gcs" ProviderTypePolicyTag = "dataplex" ProviderTypeShield = "shield" ProviderTypeGitlab = "gitlab" )
const (
ApproversKeyResource = "$resource"
)
const (
TraceIDKey = "trace_id"
)
Variables ¶
var ( ErrFailedToGetApprovers = errors.New("failed to get approvers") ErrApproversNotFound = errors.New("approvers not found") ErrUnexpectedApproverType = errors.New("unexpected approver type") ErrInvalidApproverValue = errors.New("approver value is not a valid email") )
var ErrDuplicateActiveGrant = errors.New("grant already exists")
var (
ErrInvalidConditionField = errors.New("unable to parse condition's field")
)
Functions ¶
This section is empty.
Types ¶
type AccessEntry ¶
func (AccessEntry) ToGrant ¶
func (ae AccessEntry) ToGrant(resource Resource) Grant
type Activity ¶
type Activity struct { ID string `json:"id" yaml:"id"` ProviderID string `json:"provider_id" yaml:"provider_id"` ResourceID string `json:"resource_id" yaml:"resource_id"` ProviderActivityID string `json:"provider_activity_id" yaml:"provider_activity_id"` AccountType string `json:"account_type" yaml:"account_type"` AccountID string `json:"account_id" yaml:"account_id"` Timestamp time.Time `json:"timestamp" yaml:"timestamp"` Authorizations []string `json:"authorizations" yaml:"authorizations"` RelatedPermissions []string `json:"related_permissions" yaml:"related_permissions"` Type string `json:"type" yaml:"type"` Metadata map[string]interface{} `json:"metadata" yaml:"metadata"` CreatedAt time.Time `json:"created_at" yaml:"created_at"` Provider *Provider `json:"provider,omitempty" yaml:"provider,omitempty"` Resource *Resource `json:"resource,omitempty" yaml:"resource,omitempty"` }
type ActivityConfig ¶ added in v0.7.5
type AdditionalAppeal ¶
type AdditionalAppeal struct { Resource *ResourceIdentifier `json:"resource" yaml:"resource" validate:"required"` Role string `json:"role" yaml:"role" validate:"required"` Options *AppealOptions `json:"options" yaml:"options"` Policy *PolicyConfig `json:"policy" yaml:"policy"` }
type Appeal ¶
type Appeal struct { ID string `json:"id" yaml:"id"` ResourceID string `json:"resource_id" yaml:"resource_id"` PolicyID string `json:"policy_id" yaml:"policy_id"` PolicyVersion uint `json:"policy_version" yaml:"policy_version"` Status string `json:"status" yaml:"status"` AccountID string `json:"account_id" yaml:"account_id"` AccountType string `json:"account_type" yaml:"account_type" default:"user"` CreatedBy string `json:"created_by" yaml:"created_by"` Creator interface{} `json:"creator" yaml:"creator"` Role string `json:"role" yaml:"role"` Permissions []string `json:"permissions" yaml:"permissions"` Options *AppealOptions `json:"options" yaml:"options"` Details map[string]interface{} `json:"details" yaml:"details"` Labels map[string]string `json:"labels" yaml:"labels"` Description string `json:"description" yaml:"description"` Policy *Policy `json:"-" yaml:"-"` Resource *Resource `json:"resource,omitempty" yaml:"resource,omitempty"` Approvals []*Approval `json:"approvals,omitempty" yaml:"approvals,omitempty"` Grant *Grant `json:"grant,omitempty" yaml:"grant,omitempty"` CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"` UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"` }
Appeal struct
func (*Appeal) AdvanceApproval ¶
func (*Appeal) ApplyPolicy ¶
func (*Appeal) GetApproval ¶
func (*Appeal) GetNextPendingApproval ¶
func (*Appeal) IsDurationEmpty ¶
func (*Appeal) SetDefaults ¶
func (a *Appeal) SetDefaults()
type AppealConfig ¶
type AppealConfig struct { AllowPermanentAccess bool `json:"allow_permanent_access" yaml:"allow_permanent_access"` AllowActiveAccessExtensionIn string `json:"allow_active_access_extension_in" yaml:"allow_active_access_extension_in" validate:"required"` }
AppealConfig is the policy configuration of the appeal
type AppealDurationOption ¶
type AppealDurationOption struct { // Name of the duration // Ex: 1 Day, 3 Days, Permanent Name string `json:"name" yaml:"name" validate:"required"` // Value of the actual duration // Ex: 24h, 72h, 0h // `0h` is reserved for permanent access Value string `json:"value" yaml:"value" validate:"required"` }
type AppealOptions ¶
type AppealOptions struct { ExpirationDate *time.Time `json:"expiration_date,omitempty" yaml:"expiration_date,omitempty"` Duration string `json:"duration" yaml:"duration"` }
AppealOptions
type Approval ¶
type Approval struct { ID string `json:"id" yaml:"id"` Name string `json:"name" yaml:"name"` Index int `json:"-" yaml:"-"` AppealID string `json:"appeal_id" yaml:"appeal_id"` Status string `json:"status" yaml:"status"` Actor *string `json:"actor" yaml:"actor"` Reason string `json:"reason,omitempty" yaml:"reason,omitempty"` PolicyID string `json:"policy_id" yaml:"policy_id"` PolicyVersion uint `json:"policy_version" yaml:"policy_version"` Approvers []string `json:"approvers,omitempty" yaml:"approvers,omitempty"` Appeal *Appeal `json:"appeal,omitempty" yaml:"appeal,omitempty"` CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"` UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"` }
func (*Approval) IsManualApproval ¶
type ApprovalAction ¶
type ApprovalAction struct { AppealID string `validate:"required" json:"appeal_id"` ApprovalName string `validate:"required" json:"approval_name"` Actor string `validate:"email" json:"actor"` Action string `validate:"required,oneof=approve reject" json:"action"` Reason string `json:"reason"` }
func (ApprovalAction) Validate ¶ added in v0.8.0
func (a ApprovalAction) Validate() error
type ApprovalActionType ¶
type ApprovalActionType string
const ( ApprovalActionApprove ApprovalActionType = "approve" ApprovalActionReject ApprovalActionType = "reject" )
type ApprovalStepStrategy ¶
type ApprovalStepStrategy string
const ( ApprovalStepStrategyAuto ApprovalStepStrategy = "auto" ApprovalStepStrategyManual ApprovalStepStrategy = "manual" )
type Approver ¶
type Approver struct { ID string `json:"id" yaml:"id"` ApprovalID string `json:"approval_id" yaml:"approval_id"` AppealID string `json:"appeal_id" yaml:"appeal_id"` Email string `json:"email" yaml:"email"` CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"` UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"` }
type Condition ¶
type Condition struct { Field string `json:"field" yaml:"field" validate:"required"` Match *MatchCondition `json:"match" yaml:"match" validate:"required"` }
Condition gets evaluated to determine the approval step resolution whether it is success or failed
type DormancyCheckCriteria ¶ added in v0.7.5
type DormancyCheckCriteria struct { ProviderID string Period time.Duration RetainDuration time.Duration DryRun bool }
func (DormancyCheckCriteria) Validate ¶ added in v0.7.5
func (c DormancyCheckCriteria) Validate() error
type Grant ¶
type Grant struct { ID string `json:"id" yaml:"id"` Status GrantStatus `json:"status" yaml:"status"` StatusInProvider GrantStatus `json:"status_in_provider" yaml:"status_in_provider"` AccountID string `json:"account_id" yaml:"account_id"` AccountType string `json:"account_type" yaml:"account_type"` ResourceID string `json:"resource_id" yaml:"resource_id"` Role string `json:"role" yaml:"role"` Permissions []string `json:"permissions" yaml:"permissions"` IsPermanent bool `json:"is_permanent" yaml:"is_permanent"` ExpirationDate *time.Time `json:"expiration_date" yaml:"expiration_date"` RequestedExpirationDate *time.Time `json:"requested_expiration_date,omitempty" yaml:"requested_expiration_date,omitempty"` ExpirationDateReason string `json:"expiration_date_reason,omitempty" yaml:"expiration_date_reason,omitempty"` AppealID string `json:"appeal_id" yaml:"appeal_id"` Source GrantSource `json:"source" yaml:"source"` RevokedBy string `json:"revoked_by,omitempty" yaml:"revoked_by,omitempty"` RevokedAt *time.Time `json:"revoked_at,omitempty" yaml:"revoked_at,omitempty"` RevokeReason string `json:"revoke_reason,omitempty" yaml:"revoke_reason,omitempty"` CreatedBy string `json:"created_by" yaml:"created_by"` // Deprecated: use Owner instead Owner string `json:"owner" yaml:"owner"` CreatedAt time.Time `json:"created_at" yaml:"created_at"` UpdatedAt time.Time `json:"updated_at" yaml:"updated_at"` Resource *Resource `json:"resource,omitempty" yaml:"resource,omitempty"` Appeal *Appeal `json:"appeal,omitempty" yaml:"appeal,omitempty"` Activities []*Activity `json:"activities,omitempty" yaml:"activities,omitempty"` }
func (*Grant) GetPermissions ¶
func (Grant) IsEligibleForExtension ¶
func (Grant) PermissionsKey ¶
type GrantSource ¶
type GrantSource string
type GrantStatus ¶
type GrantStatus string
type IAMConfig ¶
type IAMConfig struct { Provider IAMProviderType `json:"provider" yaml:"provider" validate:"required,oneof=http shield"` Config interface{} `json:"config" yaml:"config" validate:"required"` Schema map[string]string `json:"schema" yaml:"schema"` }
type IAMManager ¶
type IAMManager interface { ParseConfig(*IAMConfig) (SensitiveConfig, error) GetClient(SensitiveConfig) (IAMClient, error) }
type IAMProviderType ¶
type IAMProviderType string
const ( IAMProviderTypeShield IAMProviderType = "shield" IAMProviderTypeHTTP IAMProviderType = "http" )
type ListActivitiesFilter ¶ added in v0.7.5
type ListActivitiesFilter struct { ProviderID string ResourceIDs []string ResourceIdentifiers []ResourceIdentifier AccountIDs []string TimestampGte *time.Time TimestampLte *time.Time // contains filtered or unexported fields }
func (*ListActivitiesFilter) GetResources ¶ added in v0.7.5
func (f *ListActivitiesFilter) GetResources() []*Resource
func (*ListActivitiesFilter) PopulateResources ¶ added in v0.7.5
func (f *ListActivitiesFilter) PopulateResources(resources map[string]*Resource) error
type ListAppealsFilter ¶
type ListAppealsFilter struct { Q string `mapstructure:"q" validate:"omitempty"` AccountTypes []string `mapstructure:"account_types" validate:"omitempty,min=1"` CreatedBy string `mapstructure:"created_by" validate:"omitempty,required"` AccountID string `mapstructure:"account_id" validate:"omitempty,required"` AccountIDs []string `mapstructure:"account_ids" validate:"omitempty,required"` ResourceID string `mapstructure:"resource_id" validate:"omitempty,required"` Role string `mapstructure:"role" validate:"omitempty,required"` Statuses []string `mapstructure:"statuses" validate:"omitempty,min=1"` ExpirationDateLessThan time.Time `mapstructure:"expiration_date_lt" validate:"omitempty,required"` ExpirationDateGreaterThan time.Time `mapstructure:"expiration_date_gt" validate:"omitempty,required"` ProviderTypes []string `mapstructure:"provider_types" validate:"omitempty,min=1"` ProviderURNs []string `mapstructure:"provider_urns" validate:"omitempty,min=1"` ResourceTypes []string `mapstructure:"resource_types" validate:"omitempty,min=1"` ResourceURNs []string `mapstructure:"resource_urns" validate:"omitempty,min=1"` OrderBy []string `mapstructure:"order_by" validate:"omitempty,min=1"` Size int `mapstructure:"size" validate:"omitempty"` Offset int `mapstructure:"offset" validate:"omitempty"` }
type ListApprovalsFilter ¶
type ListApprovalsFilter struct { Q string `mapstructure:"q" validate:"omitempty"` AccountID string `mapstructure:"account_id" validate:"omitempty,required"` AccountTypes []string `mapstructure:"account_types" validate:"omitempty,min=1"` ResourceTypes []string `mapstructure:"resource_types" validate:"omitempty,min=1"` CreatedBy string `mapstructure:"created_by" validate:"omitempty,required"` Statuses []string `mapstructure:"statuses" validate:"omitempty,min=1"` OrderBy []string `mapstructure:"order_by" validate:"omitempty,min=1"` Size int `mapstructure:"size" validate:"omitempty"` Offset int `mapstructure:"offset" validate:"omitempty"` AppealStatuses []string `mapstructure:"appeal_statuses" validate:"omitempty,min=1"` }
type ListGrantsFilter ¶
type ListGrantsFilter struct { Statuses []string AccountIDs []string AccountTypes []string ResourceIDs []string Roles []string Permissions []string ProviderTypes []string ProviderURNs []string ResourceTypes []string ResourceURNs []string CreatedBy string Owner string OrderBy []string ExpirationDateLessThan time.Time ExpirationDateGreaterThan time.Time IsPermanent *bool CreatedAtLte time.Time Size int `mapstructure:"size" validate:"omitempty"` Offset int `mapstructure:"offset" validate:"omitempty"` Q string `mapstructure:"q" validate:"omitempty"` }
type ListResourcesFilter ¶
type ListResourcesFilter struct { IDs []string `mapstructure:"ids" validate:"omitempty,min=1"` IsDeleted bool `mapstructure:"is_deleted" validate:"omitempty"` ProviderType string `mapstructure:"provider_type" validate:"omitempty"` ProviderURN string `mapstructure:"provider_urn" validate:"omitempty"` Name string `mapstructure:"name" validate:"omitempty"` ResourceURN string `mapstructure:"urn" validate:"omitempty"` ResourceType string `mapstructure:"type" validate:"omitempty"` ResourceURNs []string `mapstructure:"urns" validate:"omitempty"` ResourceTypes []string `mapstructure:"types" validate:"omitempty"` Details map[string]string `mapstructure:"details"` Size uint32 `mapstructure:"size" validate:"omitempty"` Offset uint32 `mapstructure:"offset" validate:"omitempty"` OrderBy []string `mapstructure:"order_by" validate:"omitempty"` }
type MapResourceAccess ¶
type MapResourceAccess map[string][]AccessEntry
MapResourceAccess is list of UserAccess grouped by resource urn
type MatchCondition ¶
type MatchCondition struct {
Eq interface{} `json:"eq" yaml:"eq"`
}
MatchCondition is for determining the requirement of the condition
type Notification ¶
type Notification struct { User string Message NotificationMessage Labels map[string]string }
type NotificationMessage ¶
type NotificationMessages ¶
type NotificationMessages struct { ExpirationReminder string `mapstructure:"expiration_reminder"` AppealApproved string `mapstructure:"appeal_approved"` AppealRejected string `mapstructure:"appeal_rejected"` AccessRevoked string `mapstructure:"access_revoked"` ApproverNotification string `mapstructure:"approver_notification"` OthersAppealApproved string `mapstructure:"others_appeal_approved"` GrantOwnerChanged string `mapstructure:"grant_owner_changed"` UnusedGrant string `mapstructure:"unused_grant"` }
type Policy ¶
type Policy struct { ID string `json:"id" yaml:"id" validate:"required"` Version uint `json:"version" yaml:"version" validate:"required"` Description string `json:"description" yaml:"description"` Steps []*Step `json:"steps" yaml:"steps" validate:"required,min=1,dive"` AppealConfig *PolicyAppealConfig `json:"appeal_config" yaml:"appeal_config" validate:"omitempty,dive"` Requirements []*Requirement `json:"requirements,omitempty" yaml:"requirements,omitempty" validate:"omitempty,min=1,dive"` Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"` IAM *IAMConfig `json:"iam,omitempty" yaml:"iam,omitempty" validate:"omitempty,dive"` CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"` UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"` }
Policy is the approval policy configuration
func (*Policy) HasIAMConfig ¶
type PolicyAppealConfig ¶
type PolicyAppealConfig struct { DurationOptions []AppealDurationOption `json:"duration_options" yaml:"duration_options" validate:"omitempty,min=1,dive"` AllowOnBehalf bool `json:"allow_on_behalf" yaml:"allow_on_behalf"` AllowPermanentAccess bool `json:"allow_permanent_access" yaml:"allow_permanent_access"` AllowActiveAccessExtensionIn string `json:"allow_active_access_extension_in" yaml:"allow_active_access_extension_in"` Questions []Question `json:"questions" yaml:"questions"` // AllowCreatorDetailsFailure is a flag that lets the appeal creation to continue when the request to the identity // provider (Policy.IAM) fails. If this is set to true and request to the identity provider fails (4xx or 5xx), the // value of `creator` field in the appeal will be nil. // Note: any expression that tries to access `$appeal.creator.*` is still evaluated as usual, it might need to have // proper nil checking to avoid accessing nil value. AllowCreatorDetailsFailure bool `json:"allow_creator_details_failure" yaml:"allow_creator_details_failure"` }
type PolicyConfig ¶
type PolicyConfig struct { ID string `json:"id" yaml:"id" validate:"required"` Version int `json:"version" yaml:"version" validate:"required"` }
PolicyConfig is the configuration that defines which policy is being used in the provider
type Provider ¶
type Provider struct { ID string `json:"id" yaml:"id"` Type string `json:"type" yaml:"type"` URN string `json:"urn" yaml:"urn"` Config *ProviderConfig `json:"config" yaml:"config"` CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"` UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"` }
type ProviderConfig ¶
type ProviderConfig struct { Type string `json:"type" yaml:"type" validate:"required,oneof=google_bigquery metabase grafana tableau gcloud_iam noop gcs"` URN string `json:"urn" yaml:"urn" validate:"required"` AllowedAccountTypes []string `json:"allowed_account_types" yaml:"allowed_account_types" validate:"omitempty,min=1"` Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"` Credentials interface{} `json:"credentials,omitempty" yaml:"credentials" validate:"required"` Appeal *AppealConfig `json:"appeal,omitempty" yaml:"appeal,omitempty" validate:"required"` Resources []*ResourceConfig `json:"resources" yaml:"resources" validate:"required"` Parameters []*ProviderParameter `json:"parameters,omitempty" yaml:"parameters,omitempty"` Activity *ActivityConfig `json:"activity,omitempty" yaml:"activity,omitempty"` }
func (ProviderConfig) GetFilterForResourceType ¶ added in v0.7.8
func (pc ProviderConfig) GetFilterForResourceType(resourceType string) string
func (ProviderConfig) GetResourceTypes ¶
func (pc ProviderConfig) GetResourceTypes() (resourceTypes []string)
type ProviderParameter ¶
type ProviderType ¶
type Requirement ¶
type Requirement struct { On *RequirementTrigger `json:"on" yaml:"on" validate:"required"` Appeals []*AdditionalAppeal `json:"appeals" yaml:"appeals" validate:"required,min=1,dive"` }
type RequirementTrigger ¶
type RequirementTrigger struct { ProviderType string `` /* 137-byte string literal not displayed */ ProviderURN string `` /* 136-byte string literal not displayed */ ResourceType string `` /* 137-byte string literal not displayed */ ResourceURN string `` /* 136-byte string literal not displayed */ Role string `` /* 128-byte string literal not displayed */ // Deprecated: use Expression instead Conditions []*Condition `` /* 134-byte string literal not displayed */ Expression string `` /* 134-byte string literal not displayed */ }
type Resource ¶
type Resource struct { ID string `json:"id" yaml:"id"` ProviderType string `json:"provider_type" yaml:"provider_type"` ProviderURN string `json:"provider_urn" yaml:"provider_urn"` Type string `json:"type" yaml:"type"` URN string `json:"urn" yaml:"urn"` Name string `json:"name" yaml:"name"` Details map[string]interface{} `json:"details" yaml:"details"` Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"` CreatedAt time.Time `json:"created_at,omitempty" yaml:"created_at,omitempty"` UpdatedAt time.Time `json:"updated_at,omitempty" yaml:"updated_at,omitempty"` IsDeleted bool `json:"is_deleted,omitempty" yaml:"is_deleted,omitempty"` ParentID *string `json:"parent_id,omitempty" yaml:"parent_id,omitempty"` Children []*Resource `json:"children,omitempty" yaml:"children,omitempty"` GlobalURN string `json:"global_urn" yaml:"global_urn"` }
Resource struct
func (*Resource) GetFlattened ¶
type ResourceConfig ¶
type ResourceConfig struct { Type string `json:"type" yaml:"type" validate:"required"` Filter string `json:"filter" yaml:"filter"` Policy *PolicyConfig `json:"policy" yaml:"policy"` Roles []*Role `json:"roles" yaml:"roles" validate:"required"` }
ResourceConfig is the configuration for a resource type within a provider
type ResourceIdentifier ¶
type ResourceIdentifier struct { ProviderType string `json:"provider_type" yaml:"provider_type" validate:"required_with=ProviderURN Type URN"` ProviderURN string `json:"provider_urn" yaml:"provider_urn" validate:"required_with=ProviderType Type URN"` Type string `json:"type" yaml:"type" validate:"required_with=ProviderType ProviderURN URN"` URN string `json:"urn" yaml:"urn" validate:"required_with=ProviderType ProviderURN Type"` ID string `json:"id" yaml:"id" validate:"required_without_all=ProviderType ProviderURN Type URN"` }
type RevokeGrantsFilter ¶
type Role ¶
type Role struct { ID string `json:"id" yaml:"id" validate:"required"` Name string `json:"name" yaml:"name" validate:"required"` Description string `json:"description,omitempty" yaml:"description"` Permissions []interface{} `json:"permissions" yaml:"permissions" validate:"required"` }
Role is the configuration to define a role and mapping the permissions in the provider
func (Role) GetOrderedPermissions ¶
GetOrderedPermissions returns the permissions as a string slice
type SensitiveConfig ¶
type SensitiveConfig interface { SensitiveInformation Validate() error }
type SensitiveInformation ¶
type Step ¶
type Step struct { // Name used as the step identifier Name string `json:"name" yaml:"name" validate:"required"` // Description tells more details about the step Description string `json:"description" yaml:"description"` // AllowFailed lets the approval flow continue to the next step even the current step is rejected. // If the last step has AllowFailed equal to true, and it's getting rejected, // the appeal status will resolve as approved or success. AllowFailed bool `json:"allow_failed" yaml:"allow_failed"` // When is an Expression that determines whether the step should be evaluated or it can be skipped at the beginning. // If it evaluates to be falsy, the step will automatically skipped. Otherwise, step become pending/blocked (normal). // // Accessible parameters: // $appeal = Appeal object When string `json:"when,omitempty" yaml:"when,omitempty"` // Strategy defines if the step requires manual approval or not Strategy ApprovalStepStrategy `json:"strategy" yaml:"strategy" validate:"required,oneof=auto manual"` // RejectionReason message fills `Approval.Reason` if the approval step gets rejected based on `ApproveIf` expression. RejectionReason string `json:"rejection_reason" yaml:"rejection_reason"` // Approvers is an Expression that if the evaluation returns string or []string that contains email address of the approvers. // If human approval (manual) is required, use this field. // // Accessible parameters: // $appeal = Appeal object Approvers []string `json:"approvers,omitempty" yaml:"approvers,omitempty" validate:"required_if=Strategy manual,omitempty,min=1"` // ApproveIf is an Expression to determines the resolution of the step. If automatic approval is needed for the step, // use this field. // // Accessible parameters: // $appeal = Appeal object ApproveIf string `json:"approve_if,omitempty" yaml:"approve_if,omitempty" validate:"required_if=Strategy auto"` }
Step is an individual process within an approval flow