accesspolicy

package
v0.0.0-...-fb7f86c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 18, 2023 License: AGPL-3.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source
const AllowAll = "*"
View Source
const AllowNone = "none"
View Source
const PermissionsTarget = "permissions"

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessRule

type AccessRule struct {
	// The kind this rule applies to (dashboards, alert, etc)
	Kind string `json:"kind"`

	// Specific sub-elements like "alert.rules" or "dashboard.permissions"????
	Target *string `json:"target,omitempty"`

	// READ, WRITE, CREATE, DELETE, ...
	// should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete"
	Verb string `json:"verb"`
}

AccessRule defines model for AccessRule.

func ReduceRules

func ReduceRules(rules []AccessRule) []AccessRule

type K8sResource

type K8sResource = kinds.GrafanaResource[Spec, Status]

Resource is the kubernetes style representation of AccessPolicy. (TODO be better)

func NewK8sResource

func NewK8sResource(name string, s *Spec) K8sResource

NewResource creates a new instance of the resource with a given name (UID)

type Kind

type Kind struct {
	kindsys.Core
	// contains filtered or unexported fields
}

TODO standard generated docs

func NewKind

func NewKind(rt *thema.Runtime, opts ...thema.BindOption) (*Kind, error)

TODO standard generated docs

func (*Kind) ConvergentLineage

func (k *Kind) ConvergentLineage() thema.ConvergentLineage[*Resource]

ConvergentLineage returns the same thema.Lineage as Lineage, but bound (see thema.BindType) to the the AccessPolicy Resource type generated from the current schema, v0.0.

func (*Kind) JSONValueMux

func (k *Kind) JSONValueMux(b []byte) (*Resource, thema.TranslationLacunas, error)

JSONValueMux is a version multiplexer that maps a []byte containing JSON data at any schematized dashboard version to an instance of AccessPolicy Resource.

Validation and translation errors emitted from this func will identify the input bytes as "dashboard.json".

This is a thin wrapper around Thema's vmux.ValueMux.

type KubeObjectMetadata

type KubeObjectMetadata struct {
	CreationTimestamp time.Time         `json:"creationTimestamp"`
	DeletionTimestamp *time.Time        `json:"deletionTimestamp,omitempty"`
	Finalizers        []string          `json:"finalizers"`
	Labels            map[string]string `json:"labels"`
	ResourceVersion   string            `json:"resourceVersion"`
	Uid               string            `json:"uid"`
}

_kubeObjectMetadata is metadata found in a kubernetes object's metadata field. It is not exhaustive and only includes fields which may be relevant to a kind's implementation, As it is also intended to be generic enough to function with any API Server.

type Metadata

type Metadata struct {
	CreatedBy         string     `json:"createdBy"`
	CreationTimestamp time.Time  `json:"creationTimestamp"`
	DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"`

	// extraFields is reserved for any fields that are pulled from the API server metadata but do not have concrete fields in the CUE metadata
	ExtraFields     map[string]any    `json:"extraFields"`
	Finalizers      []string          `json:"finalizers"`
	Labels          map[string]string `json:"labels"`
	ResourceVersion string            `json:"resourceVersion"`
	Uid             string            `json:"uid"`
	UpdateTimestamp time.Time         `json:"updateTimestamp"`
	UpdatedBy       string            `json:"updatedBy"`
}

Metadata defines model for Metadata.

type OperatorState

type OperatorState struct {
	// descriptiveState is an optional more descriptive state field which has no requirements on format
	DescriptiveState *string `json:"descriptiveState,omitempty"`

	// details contains any extra information that is operator-specific
	Details map[string]any `json:"details,omitempty"`

	// lastEvaluation is the ResourceVersion last evaluated
	LastEvaluation string `json:"lastEvaluation"`

	// state describes the state of the lastEvaluation.
	// It is limited to three possible states for machine evaluation.
	State OperatorStateState `json:"state"`
}

OperatorState defines model for OperatorState.

type OperatorStateState

type OperatorStateState string

OperatorStateState state describes the state of the lastEvaluation. It is limited to three possible states for machine evaluation.

const (
	OperatorStateStateFailed     OperatorStateState = "failed"
	OperatorStateStateInProgress OperatorStateState = "in_progress"
	OperatorStateStateSuccess    OperatorStateState = "success"
)

Defines values for OperatorStateState.

type Resource

type Resource struct {
	Metadata Metadata `json:"metadata"`
	Spec     Spec     `json:"spec"`
	Status   Status   `json:"status"`
}

Resource is the wire representation of AccessPolicy. It currently will soon be merged into the k8s flavor (TODO be better)

type ResourceRef

type ResourceRef struct {
	Kind string `json:"kind"`
	Name string `json:"name"`
}

ResourceRef defines model for ResourceRef.

type RoleRef

type RoleRef struct {
	// Policies can apply to roles, teams, or users
	// Applying policies to individual users is supported, but discouraged
	Kind  RoleRefKind `json:"kind"`
	Name  string      `json:"name"`
	Xname string      `json:"xname"`
}

RoleRef defines model for RoleRef.

type RoleRefKind

type RoleRefKind string

Policies can apply to roles, teams, or users Applying policies to individual users is supported, but discouraged

const (
	RoleRefKindBuiltinRole RoleRefKind = "BuiltinRole"
	RoleRefKindRole        RoleRefKind = "Role"
	RoleRefKindTeam        RoleRefKind = "Team"
	RoleRefKindUser        RoleRefKind = "User"
)

Defines values for RoleRefKind.

type Spec

type Spec struct {
	Role RoleRef `json:"role"`

	// The set of rules to apply.  Note that * is required to modify
	// access policy rules, and that "none" will reject all actions
	Rules []AccessRule `json:"rules"`
	Scope ResourceRef  `json:"scope"`
}

Spec defines model for Spec.

type Status

type Status struct {
	// additionalFields is reserved for future use
	AdditionalFields map[string]any `json:"additionalFields,omitempty"`

	// operatorStates is a map of operator ID to operator state evaluations.
	// Any operator which consumes this kind SHOULD add its state evaluation information to this field.
	OperatorStates map[string]StatusOperatorState `json:"operatorStates,omitempty"`
}

Status defines model for Status.

type StatusOperatorState

type StatusOperatorState struct {
	// descriptiveState is an optional more descriptive state field which has no requirements on format
	DescriptiveState *string `json:"descriptiveState,omitempty"`

	// details contains any extra information that is operator-specific
	Details map[string]any `json:"details,omitempty"`

	// lastEvaluation is the ResourceVersion last evaluated
	LastEvaluation string `json:"lastEvaluation"`

	// state describes the state of the lastEvaluation.
	// It is limited to three possible states for machine evaluation.
	State StatusOperatorStateState `json:"state"`
}

StatusOperatorState defines model for status.#OperatorState.

type StatusOperatorStateState

type StatusOperatorStateState string

StatusOperatorStateState state describes the state of the lastEvaluation. It is limited to three possible states for machine evaluation.

const (
	StatusOperatorStateStateFailed     StatusOperatorStateState = "failed"
	StatusOperatorStateStateInProgress StatusOperatorStateState = "in_progress"
	StatusOperatorStateStateSuccess    StatusOperatorStateState = "success"
)

Defines values for StatusOperatorStateState.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL