rulesvc

package

v0.15.14 Latest Latest Go to latest Published: Jan 18, 2024 License: AGPL-3.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/common-fate/common-fate

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func FilterRulesByGroupMap(groups []string, rules []rule.AccessRule) []rule.AccessRule
func GetApprovers(ctx context.Context, db ddb.Storage, rule rule.AccessRule) ([]string, error)
type CacheService
type LookedUpRule
- func (r LookedUpRule) ToAPI() types.LookupAccessRule
type LookupFields
type LookupRuleOpts
type Service
type UpdateOpts

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// ErrRuleNotFound is returned if a rule with the supplied id already exists.
	ErrRuleIdAlreadyExists = errors.New("access rule id already exists")

	// ErrUserNotAuthorized is returned if the user isn't allowed to complete an action,
	// like reviewing a request.
	ErrUserNotAuthorized = errors.New("user is not authorized to perform this action")

	// ErrProviderNotFound is returned if a matching provider could not be found in the access handler
	ErrProviderNotFound = errors.New("provider not found")

	ErrUnhandledResponseFromAccessHandler = errors.New("access handler returned an unhandled response")

	// ErrAccessRuleAlreadyArchived is returned if an archive request is made for a rule which is already archived
	ErrAccessRuleAlreadyArchived = errors.New("access rule already archived")
)

Functions ¶

func FilterRulesByGroupMap ¶ added in v0.14.0

func FilterRulesByGroupMap(groups []string, rules []rule.AccessRule) []rule.AccessRule

FilterRulesByGroupMap This method is used to filter a set of rule by the groups passed in as input This method could not be co-located in pkg/api due to import cycle errors This method was required as a part of CF-744, and due to intrinsic limitationsn in dynamo db, when filtering by large expressions (i.e. len(groups) > 20)

func GetApprovers ¶

func GetApprovers(ctx context.Context, db ddb.Storage, rule rule.AccessRule) ([]string, error)

GetApprovers gets all the approvers for a rule, both those assigned as individuals and those assigned via a group. It de-duplicates users, so if a user is assigned as an approver through multiple groups they'll only be returned once.

Types ¶

type CacheService ¶

type CacheService interface {
	LoadCachedProviderArgOptions(ctx context.Context, providerId string, argId string) (bool, []cache.ProviderOption, []cache.ProviderArgGroupOption, error)
	RefreshCachedProviderArgOptions(ctx context.Context, providerId string, argId string) (bool, []cache.ProviderOption, []cache.ProviderArgGroupOption, error)
}

type LookedUpRule ¶

type LookedUpRule struct {
	Rule                       rule.AccessRule
	SelectableWithOptionValues []types.KeyValue
}

LookedUpRule is a rule found by the LookupRule method.

func (LookedUpRule) ToAPI ¶

func (r LookedUpRule) ToAPI() types.LookupAccessRule

ToAPI converts the LookedUpRule to an API response type.

type LookupFields ¶

type LookupFields struct {
	AccountID string
	RoleName  string
}

LookupFields are fields to look up an Access Rule by. Currently, these are hardcoded to the AWS SSO provider. In future, these will need to be made more generic.

type LookupRuleOpts ¶

type LookupRuleOpts struct {
	User         identity.User
	ProviderType string
	Fields       LookupFields
}

LookupRuleOpts are the fields used to look up access rules.

type Service ¶

type Service struct {
	Clock    clock.Clock
	AHClient types.ClientWithResponsesInterface
	DB       ddb.Storage
	Cache    CacheService
}

Service holds business logic relating to Access Rules.

func (*Service) ArchiveAccessRule ¶

func (s *Service) ArchiveAccessRule(ctx context.Context, userId string, in rule.AccessRule) (*rule.AccessRule, error)

func (*Service) CreateAccessRule ¶

func (s *Service) CreateAccessRule(ctx context.Context, userID string, in types.CreateAccessRuleRequest) (*rule.AccessRule, error)

func (*Service) GetRule ¶

func (s *Service) GetRule(ctx context.Context, ID string, user *identity.User, isAdmin bool) (*rule.GetAccessRuleResponse, error)

func (*Service) LookupRule ¶

func (s *Service) LookupRule(ctx context.Context, opts LookupRuleOpts) ([]LookedUpRule, error)

LookupRule finds access rules which will grant access to a desired permission.

func (*Service) ProcessTarget ¶

func (s *Service) ProcessTarget(ctx context.Context, in types.CreateAccessRuleTarget, isTargetGroup bool) (rule.Target, error)

func (*Service) RequestArguments ¶

func (s *Service) RequestArguments(ctx context.Context, accessRuleTarget rule.Target) (map[string]types.RequestArgument, error)

RequestArguments takes an access rule and prepares a list of request arguments which contains all the available options that a user may chose from when creating a request this can also be used to validate the input to a create request api call

func (*Service) UpdateRule ¶

func (s *Service) UpdateRule(ctx context.Context, in *UpdateOpts) (*rule.AccessRule, error)

type UpdateOpts ¶

type UpdateOpts struct {
	UpdaterID      string
	Rule           rule.AccessRule
	UpdateRequest  types.CreateAccessRuleRequest
	ApprovalGroups []rule.Approval
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL