accesspolicy

package
v11.1.4-modfix Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 20, 2024 License: AGPL-3.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source
const AllowAll = "*"
View Source
const AllowNone = "none"
View Source
const PermissionsTarget = "permissions"

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessRule

type AccessRule struct {
	// The kind this rule applies to (dashboards, alert, etc)
	Kind string `json:"kind"`

	// Specific sub-elements like "alert.rules" or "dashboard.permissions"????
	Target *string `json:"target,omitempty"`

	// READ, WRITE, CREATE, DELETE, ...
	// should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete"
	Verb string `json:"verb"`
}

AccessRule defines model for AccessRule.

func ReduceRules

func ReduceRules(rules []AccessRule) []AccessRule

type K8sResource

type K8sResource = kinds.GrafanaResource[Spec, Status]

Resource is the kubernetes style representation of AccessPolicy. (TODO be better)

func NewK8sResource

func NewK8sResource(name string, s *Spec) K8sResource

NewResource creates a new instance of the resource with a given name (UID)

type KubeObjectMetadata

type KubeObjectMetadata struct {
	CreationTimestamp time.Time         `json:"creationTimestamp"`
	DeletionTimestamp *time.Time        `json:"deletionTimestamp,omitempty"`
	Finalizers        []string          `json:"finalizers"`
	Labels            map[string]string `json:"labels"`
	ResourceVersion   string            `json:"resourceVersion"`
	Uid               string            `json:"uid"`
}

_kubeObjectMetadata is metadata found in a kubernetes object's metadata field. It is not exhaustive and only includes fields which may be relevant to a kind's implementation, As it is also intended to be generic enough to function with any API Server.

type Metadata

type Metadata struct {
	CreatedBy         string     `json:"createdBy"`
	CreationTimestamp time.Time  `json:"creationTimestamp"`
	DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"`

	// extraFields is reserved for any fields that are pulled from the API server metadata but do not have concrete fields in the CUE metadata
	ExtraFields     map[string]any    `json:"extraFields"`
	Finalizers      []string          `json:"finalizers"`
	Labels          map[string]string `json:"labels"`
	ResourceVersion string            `json:"resourceVersion"`
	Uid             string            `json:"uid"`
	UpdateTimestamp time.Time         `json:"updateTimestamp"`
	UpdatedBy       string            `json:"updatedBy"`
}

Metadata defines model for Metadata.

type OperatorState

type OperatorState struct {
	// descriptiveState is an optional more descriptive state field which has no requirements on format
	DescriptiveState *string `json:"descriptiveState,omitempty"`

	// details contains any extra information that is operator-specific
	Details map[string]any `json:"details,omitempty"`

	// lastEvaluation is the ResourceVersion last evaluated
	LastEvaluation string `json:"lastEvaluation"`

	// state describes the state of the lastEvaluation.
	// It is limited to three possible states for machine evaluation.
	State OperatorStateState `json:"state"`
}

OperatorState defines model for OperatorState.

type OperatorStateState

type OperatorStateState string

OperatorStateState state describes the state of the lastEvaluation. It is limited to three possible states for machine evaluation.

const (
	OperatorStateStateFailed     OperatorStateState = "failed"
	OperatorStateStateInProgress OperatorStateState = "in_progress"
	OperatorStateStateSuccess    OperatorStateState = "success"
)

Defines values for OperatorStateState.

type Resource

type Resource struct {
	Metadata Metadata `json:"metadata"`
	Spec     Spec     `json:"spec"`
	Status   Status   `json:"status"`
}

Resource is the wire representation of AccessPolicy. It currently will soon be merged into the k8s flavor (TODO be better)

type ResourceRef

type ResourceRef struct {
	Kind string `json:"kind"`
	Name string `json:"name"`
}

ResourceRef defines model for ResourceRef.

type RoleRef

type RoleRef struct {
	// Policies can apply to roles, teams, or users
	// Applying policies to individual users is supported, but discouraged
	Kind  RoleRefKind `json:"kind"`
	Name  string      `json:"name"`
	Xname string      `json:"xname"`
}

RoleRef defines model for RoleRef.

type RoleRefKind

type RoleRefKind string

Policies can apply to roles, teams, or users Applying policies to individual users is supported, but discouraged

const (
	RoleRefKindBuiltinRole RoleRefKind = "BuiltinRole"
	RoleRefKindRole        RoleRefKind = "Role"
	RoleRefKindTeam        RoleRefKind = "Team"
	RoleRefKindUser        RoleRefKind = "User"
)

Defines values for RoleRefKind.

type Spec

type Spec struct {
	Role RoleRef `json:"role"`

	// The set of rules to apply.  Note that * is required to modify
	// access policy rules, and that "none" will reject all actions
	Rules []AccessRule `json:"rules"`
	Scope ResourceRef  `json:"scope"`
}

Spec defines model for Spec.

type Status

type Status struct {
	// additionalFields is reserved for future use
	AdditionalFields map[string]any `json:"additionalFields,omitempty"`

	// operatorStates is a map of operator ID to operator state evaluations.
	// Any operator which consumes this kind SHOULD add its state evaluation information to this field.
	OperatorStates map[string]StatusOperatorState `json:"operatorStates,omitempty"`
}

Status defines model for Status.

type StatusOperatorState

type StatusOperatorState struct {
	// descriptiveState is an optional more descriptive state field which has no requirements on format
	DescriptiveState *string `json:"descriptiveState,omitempty"`

	// details contains any extra information that is operator-specific
	Details map[string]any `json:"details,omitempty"`

	// lastEvaluation is the ResourceVersion last evaluated
	LastEvaluation string `json:"lastEvaluation"`

	// state describes the state of the lastEvaluation.
	// It is limited to three possible states for machine evaluation.
	State StatusOperatorStateState `json:"state"`
}

StatusOperatorState defines model for status.#OperatorState.

type StatusOperatorStateState

type StatusOperatorStateState string

StatusOperatorStateState state describes the state of the lastEvaluation. It is limited to three possible states for machine evaluation.

const (
	StatusOperatorStateStateFailed     StatusOperatorStateState = "failed"
	StatusOperatorStateStateInProgress StatusOperatorStateState = "in_progress"
	StatusOperatorStateStateSuccess    StatusOperatorStateState = "success"
)

Defines values for StatusOperatorStateState.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL