Documentation ¶
Overview ¶
Package permissions contains the permission sets and other related functionalities that dictate the level of access a subject has to a Tharsis resource.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ViewGPGKeyPermission = Permission{ResourceType: GPGKeyResourceType, Action: ViewAction} CreateGPGKeyPermission = Permission{ResourceType: GPGKeyResourceType, Action: CreateAction} DeleteGPGKeyPermission = Permission{ResourceType: GPGKeyResourceType, Action: DeleteAction} ViewGroupPermission = Permission{ResourceType: GroupResourceType, Action: ViewAction} CreateGroupPermission = Permission{ResourceType: GroupResourceType, Action: CreateAction} UpdateGroupPermission = Permission{ResourceType: GroupResourceType, Action: UpdateAction} DeleteGroupPermission = Permission{ResourceType: GroupResourceType, Action: DeleteAction} ViewNamespaceMembershipPermission = Permission{ResourceType: NamespaceMembershipResourceType, Action: ViewAction} CreateNamespaceMembershipPermission = Permission{ResourceType: NamespaceMembershipResourceType, Action: CreateAction} UpdateNamespaceMembershipPermission = Permission{ResourceType: NamespaceMembershipResourceType, Action: UpdateAction} DeleteNamespaceMembershipPermission = Permission{ResourceType: NamespaceMembershipResourceType, Action: DeleteAction} ViewWorkspacePermission = Permission{ResourceType: WorkspaceResourceType, Action: ViewAction} CreateWorkspacePermission = Permission{ResourceType: WorkspaceResourceType, Action: CreateAction} UpdateWorkspacePermission = Permission{ResourceType: WorkspaceResourceType, Action: UpdateAction} DeleteWorkspacePermission = Permission{ResourceType: WorkspaceResourceType, Action: DeleteAction} CreateTeamPermission = Permission{ResourceType: TeamResourceType, Action: CreateAction} UpdateTeamPermission = Permission{ResourceType: TeamResourceType, Action: UpdateAction} DeleteTeamPermission = Permission{ResourceType: TeamResourceType, Action: DeleteAction} ViewRunPermission = Permission{ResourceType: RunResourceType, Action: ViewAction} CreateRunPermission = Permission{ResourceType: RunResourceType, Action: CreateAction} ViewJobPermission = Permission{ResourceType: JobResourceType, Action: ViewAction} ClaimJobPermission = Permission{ResourceType: JobResourceType, Action: ClaimAction} // Specifically for claiming jobs. UpdateJobPermission = Permission{ResourceType: JobResourceType, Action: UpdateAction} // Write job perm. UpdatePlanPermission = Permission{ResourceType: PlanResourceType, Action: UpdateAction} // Write plan perm. UpdateApplyPermission = Permission{ResourceType: ApplyResourceType, Action: UpdateAction} // Write apply perm. ViewRunnerPermission = Permission{ResourceType: RunnerResourceType, Action: ViewAction} CreateRunnerPermission = Permission{ResourceType: RunnerResourceType, Action: CreateAction} UpdateRunnerPermission = Permission{ResourceType: RunnerResourceType, Action: UpdateAction} DeleteRunnerPermission = Permission{ResourceType: RunnerResourceType, Action: DeleteAction} CreateRunnerSessionPermission = Permission{ResourceType: RunnerSessionResourceType, Action: CreateAction} UpdateRunnerSessionPermission = Permission{ResourceType: RunnerSessionResourceType, Action: UpdateAction} CreateUserPermission = Permission{ResourceType: UserResourceType, Action: CreateAction} UpdateUserPermission = Permission{ResourceType: UserResourceType, Action: UpdateAction} DeleteUserPermission = Permission{ResourceType: UserResourceType, Action: DeleteAction} ViewVariableValuePermission = Permission{ResourceType: VariableResourceType, Action: ViewValueAction} // Viewing variable values. ViewVariablePermission = Permission{ResourceType: VariableResourceType, Action: ViewAction} CreateVariablePermission = Permission{ResourceType: VariableResourceType, Action: CreateAction} UpdateVariablePermission = Permission{ResourceType: VariableResourceType, Action: UpdateAction} DeleteVariablePermission = Permission{ResourceType: VariableResourceType, Action: DeleteAction} ViewTerraformProviderPermission = Permission{ResourceType: TerraformProviderResourceType, Action: ViewAction} CreateTerraformProviderPermission = Permission{ResourceType: TerraformProviderResourceType, Action: CreateAction} UpdateTerraformProviderPermission = Permission{ResourceType: TerraformProviderResourceType, Action: UpdateAction} DeleteTerraformProviderPermission = Permission{ResourceType: TerraformProviderResourceType, Action: DeleteAction} ViewTerraformModulePermission = Permission{ResourceType: TerraformModuleResourceType, Action: ViewAction} CreateTerraformModulePermission = Permission{ResourceType: TerraformModuleResourceType, Action: CreateAction} UpdateTerraformModulePermission = Permission{ResourceType: TerraformModuleResourceType, Action: UpdateAction} DeleteTerraformModulePermission = Permission{ResourceType: TerraformModuleResourceType, Action: DeleteAction} ViewStateVersionPermission = Permission{ResourceType: StateVersionResourceType, Action: ViewAction} ViewStateVersionDataPermission = Permission{ResourceType: StateVersionResourceType, Action: ViewValueAction} CreateStateVersionPermission = Permission{ResourceType: StateVersionResourceType, Action: CreateAction} ViewConfigurationVersionPermission = Permission{ResourceType: ConfigurationVersionResourceType, Action: ViewAction} CreateConfigurationVersionPermission = Permission{ResourceType: ConfigurationVersionResourceType, Action: CreateAction} UpdateConfigurationVersionPermission = Permission{ResourceType: ConfigurationVersionResourceType, Action: UpdateAction} ViewServiceAccountPermission = Permission{ResourceType: ServiceAccountResourceType, Action: ViewAction} CreateServiceAccountPermission = Permission{ResourceType: ServiceAccountResourceType, Action: CreateAction} UpdateServiceAccountPermission = Permission{ResourceType: ServiceAccountResourceType, Action: UpdateAction} DeleteServiceAccountPermission = Permission{ResourceType: ServiceAccountResourceType, Action: DeleteAction} ViewManagedIdentityPermission = Permission{ResourceType: ManagedIdentityResourceType, Action: ViewAction} CreateManagedIdentityPermission = Permission{ResourceType: ManagedIdentityResourceType, Action: CreateAction} UpdateManagedIdentityPermission = Permission{ResourceType: ManagedIdentityResourceType, Action: UpdateAction} DeleteManagedIdentityPermission = Permission{ResourceType: ManagedIdentityResourceType, Action: DeleteAction} ViewVCSProviderPermission = Permission{ResourceType: VCSProviderResourceType, Action: ViewAction} CreateVCSProviderPermission = Permission{ResourceType: VCSProviderResourceType, Action: CreateAction} UpdateVCSProviderPermission = Permission{ResourceType: VCSProviderResourceType, Action: UpdateAction} DeleteVCSProviderPermission = Permission{ResourceType: VCSProviderResourceType, Action: DeleteAction} ViewTerraformProviderMirrorPermission = Permission{ResourceType: TerraformProviderMirrorResourceType, Action: ViewAction} CreateTerraformProviderMirrorPermission = Permission{ResourceType: TerraformProviderMirrorResourceType, Action: CreateAction} DeleteTerraformProviderMirrorPermission = Permission{ResourceType: TerraformProviderMirrorResourceType, Action: DeleteAction} )
All possible Permissions.
Functions ¶
func GetAssignablePermissions ¶
func GetAssignablePermissions() []string
GetAssignablePermissions returns a list of assignable permissions.
Types ¶
type Action ¶
type Action string
Action is an enum representing a CRUD action.
const ( ViewAction Action = "view" ViewValueAction Action = "view_value" CreateAction Action = "create" UpdateAction Action = "update" DeleteAction Action = "delete" ClaimAction Action = "claim" )
Action constants.
func (Action) HasViewerAccess ¶
HasViewerAccess returns true if Action is viewer access or greater.
type Permission ¶
type Permission struct { ResourceType ResourceType `json:"resourceType"` Action Action `json:"action"` }
Permission represents a level of access a subject has to a Tharsis resource.
func ParsePermissions ¶
func ParsePermissions(perms []string) ([]Permission, error)
ParsePermissions parses and normalizes a slice of permission strings and extracts a Permission that adheres to the format resource_type:action.
func (*Permission) GTE ¶
func (p *Permission) GTE(want *Permission) bool
GTE returns true if permission available is >= wanted permission.
func (*Permission) IsAssignable ¶
func (p *Permission) IsAssignable() bool
IsAssignable returns true if permission is assignable to a role.
func (*Permission) String ¶
func (p *Permission) String() string
String returns the Permission as <resource_type:action> string.
type ResourceType ¶
type ResourceType string
ResourceType is an enum representing a Tharsis resource type.
const ( GPGKeyResourceType ResourceType = "gpg_key" GroupResourceType ResourceType = "group" WorkspaceResourceType ResourceType = "workspace" NamespaceMembershipResourceType ResourceType = "namespace_membership" TeamResourceType ResourceType = "team" RunResourceType ResourceType = "run" JobResourceType ResourceType = "job" PlanResourceType ResourceType = "plan" ApplyResourceType ResourceType = "apply" RunnerResourceType ResourceType = "runner" RunnerSessionResourceType ResourceType = "runner_session" UserResourceType ResourceType = "user" VariableResourceType ResourceType = "variable" TerraformProviderResourceType ResourceType = "terraform_provider" TerraformModuleResourceType ResourceType = "terraform_module" StateVersionResourceType ResourceType = "state_version" ConfigurationVersionResourceType ResourceType = "configuration_version" ServiceAccountResourceType ResourceType = "service_account" ManagedIdentityResourceType ResourceType = "managed_identity" VCSProviderResourceType ResourceType = "vcs_provider" TerraformProviderMirrorResourceType ResourceType = "terraform_provider_mirror" )
ResourceType constants.