Documentation ¶
Index ¶
Constants ¶
const AllowAll = "*"
const AllowNone = "none"
const PermissionsTarget = "permissions"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessRule ¶
type AccessRule struct { // The kind this rule applies to (dashboards, alert, etc) Kind string `json:"kind"` // Specific sub-elements like "alert.rules" or "dashboard.permissions"???? Target *string `json:"target,omitempty"` // READ, WRITE, CREATE, DELETE, ... // should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete" Verb string `json:"verb"` }
AccessRule defines model for AccessRule.
func ReduceRules ¶
func ReduceRules(rules []AccessRule) []AccessRule
type K8sResource ¶
type K8sResource = kinds.GrafanaResource[Spec, Status]
Resource is the kubernetes style representation of AccessPolicy. (TODO be better)
func NewK8sResource ¶
func NewK8sResource(name string, s *Spec) K8sResource
NewResource creates a new instance of the resource with a given name (UID)
type KubeObjectMetadata ¶
type KubeObjectMetadata struct { CreationTimestamp time.Time `json:"creationTimestamp"` DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` Finalizers []string `json:"finalizers"` Labels map[string]string `json:"labels"` ResourceVersion string `json:"resourceVersion"` Uid string `json:"uid"` }
_kubeObjectMetadata is metadata found in a kubernetes object's metadata field. It is not exhaustive and only includes fields which may be relevant to a kind's implementation, As it is also intended to be generic enough to function with any API Server.
type Metadata ¶
type Metadata struct { CreatedBy string `json:"createdBy"` CreationTimestamp time.Time `json:"creationTimestamp"` DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` // extraFields is reserved for any fields that are pulled from the API server metadata but do not have concrete fields in the CUE metadata ExtraFields map[string]any `json:"extraFields"` Finalizers []string `json:"finalizers"` Labels map[string]string `json:"labels"` ResourceVersion string `json:"resourceVersion"` Uid string `json:"uid"` UpdateTimestamp time.Time `json:"updateTimestamp"` UpdatedBy string `json:"updatedBy"` }
Metadata defines model for Metadata.
type OperatorState ¶
type OperatorState struct { // descriptiveState is an optional more descriptive state field which has no requirements on format DescriptiveState *string `json:"descriptiveState,omitempty"` // details contains any extra information that is operator-specific Details map[string]any `json:"details,omitempty"` // lastEvaluation is the ResourceVersion last evaluated LastEvaluation string `json:"lastEvaluation"` // state describes the state of the lastEvaluation. // It is limited to three possible states for machine evaluation. State OperatorStateState `json:"state"` }
OperatorState defines model for OperatorState.
type OperatorStateState ¶
type OperatorStateState string
OperatorStateState state describes the state of the lastEvaluation. It is limited to three possible states for machine evaluation.
const ( OperatorStateStateFailed OperatorStateState = "failed" OperatorStateStateInProgress OperatorStateState = "in_progress" OperatorStateStateSuccess OperatorStateState = "success" )
Defines values for OperatorStateState.
type Resource ¶
type Resource struct { Metadata Metadata `json:"metadata"` Spec Spec `json:"spec"` Status Status `json:"status"` }
Resource is the wire representation of AccessPolicy. It currently will soon be merged into the k8s flavor (TODO be better)
type ResourceRef ¶
ResourceRef defines model for ResourceRef.
type RoleRef ¶
type RoleRef struct { // Policies can apply to roles, teams, or users // Applying policies to individual users is supported, but discouraged Kind RoleRefKind `json:"kind"` Name string `json:"name"` Xname string `json:"xname"` }
RoleRef defines model for RoleRef.
type RoleRefKind ¶
type RoleRefKind string
Policies can apply to roles, teams, or users Applying policies to individual users is supported, but discouraged
const ( RoleRefKindBuiltinRole RoleRefKind = "BuiltinRole" RoleRefKindRole RoleRefKind = "Role" RoleRefKindTeam RoleRefKind = "Team" RoleRefKindUser RoleRefKind = "User" )
Defines values for RoleRefKind.
type Spec ¶
type Spec struct { Role RoleRef `json:"role"` // The set of rules to apply. Note that * is required to modify // access policy rules, and that "none" will reject all actions Rules []AccessRule `json:"rules"` Scope ResourceRef `json:"scope"` }
Spec defines model for Spec.
type Status ¶
type Status struct { // additionalFields is reserved for future use AdditionalFields map[string]any `json:"additionalFields,omitempty"` // operatorStates is a map of operator ID to operator state evaluations. // Any operator which consumes this kind SHOULD add its state evaluation information to this field. OperatorStates map[string]StatusOperatorState `json:"operatorStates,omitempty"` }
Status defines model for Status.
type StatusOperatorState ¶
type StatusOperatorState struct { // descriptiveState is an optional more descriptive state field which has no requirements on format DescriptiveState *string `json:"descriptiveState,omitempty"` // details contains any extra information that is operator-specific Details map[string]any `json:"details,omitempty"` // lastEvaluation is the ResourceVersion last evaluated LastEvaluation string `json:"lastEvaluation"` // state describes the state of the lastEvaluation. // It is limited to three possible states for machine evaluation. State StatusOperatorStateState `json:"state"` }
StatusOperatorState defines model for status.#OperatorState.
type StatusOperatorStateState ¶
type StatusOperatorStateState string
StatusOperatorStateState state describes the state of the lastEvaluation. It is limited to three possible states for machine evaluation.
const ( StatusOperatorStateStateFailed StatusOperatorStateState = "failed" StatusOperatorStateStateInProgress StatusOperatorStateState = "in_progress" StatusOperatorStateStateSuccess StatusOperatorStateState = "success" )
Defines values for StatusOperatorStateState.