Documentation ¶
Index ¶
Constants ¶
const AllowAll = "*"
const AllowNone = "none"
const PermissionsTarget = "permissions"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessRule ¶
type AccessRule struct { // The kind this rule applies to (dashboars, alert, etc) Kind string `json:"kind"` // Specific sub-elements like "alert.rules" or "dashboard.permissions"???? Target *string `json:"target,omitempty"` // READ, WRITE, CREATE, DELETE, ... // should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete" Verb string `json:"verb"` }
AccessRule defines model for AccessRule.
func ReduceRules ¶
func ReduceRules(rules []AccessRule) []AccessRule
type K8sResource ¶
type K8sResource = kinds.GrafanaResource[Spec, Status]
Resource is the kubernetes style representation of AccessPolicy. (TODO be better)
func NewK8sResource ¶
func NewK8sResource(name string, s *Spec) K8sResource
NewResource creates a new instance of the resource with a given name (UID)
type Kind ¶
TODO standard generated docs
func (*Kind) ConvergentLineage ¶
func (k *Kind) ConvergentLineage() thema.ConvergentLineage[*Resource]
ConvergentLineage returns the same thema.Lineage as Lineage, but bound (see thema.BindType) to the the AccessPolicy Resource type generated from the current schema, v0.0.
func (*Kind) JSONValueMux ¶
JSONValueMux is a version multiplexer that maps a []byte containing JSON data at any schematized dashboard version to an instance of AccessPolicy Resource.
Validation and translation errors emitted from this func will identify the input bytes as "dashboard.json".
This is a thin wrapper around Thema's vmux.ValueMux.
type KubeObjectMetadata ¶
type KubeObjectMetadata struct { CreationTimestamp time.Time `json:"creationTimestamp"` DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` Finalizers []string `json:"finalizers"` Labels map[string]string `json:"labels"` ResourceVersion string `json:"resourceVersion"` Uid string `json:"uid"` }
_kubeObjectMetadata is metadata found in a kubernetes object's metadata field. It is not exhaustive and only includes fields which may be relevant to a kind's implementation, As it is also intended to be generic enough to function with any API Server.
type Metadata ¶
type Metadata struct { CreatedBy string `json:"createdBy"` CreationTimestamp time.Time `json:"creationTimestamp"` DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` // extraFields is reserved for any fields that are pulled from the API server metadata but do not have concrete fields in the CUE metadata ExtraFields map[string]interface{} `json:"extraFields"` Finalizers []string `json:"finalizers"` Labels map[string]string `json:"labels"` ResourceVersion string `json:"resourceVersion"` Uid string `json:"uid"` UpdateTimestamp time.Time `json:"updateTimestamp"` UpdatedBy string `json:"updatedBy"` }
Metadata defines model for Metadata.
type OperatorState ¶
type OperatorState struct { // descriptiveState is an optional more descriptive state field which has no requirements on format DescriptiveState *string `json:"descriptiveState,omitempty"` // details contains any extra information that is operator-specific Details map[string]interface{} `json:"details,omitempty"` // lastEvaluation is the ResourceVersion last evaluated LastEvaluation string `json:"lastEvaluation"` // state describes the state of the lastEvaluation. // It is limited to three possible states for machine evaluation. State OperatorStateState `json:"state"` }
OperatorState defines model for OperatorState.
type OperatorStateState ¶
type OperatorStateState string
OperatorStateState state describes the state of the lastEvaluation. It is limited to three possible states for machine evaluation.
const ( OperatorStateStateFailed OperatorStateState = "failed" OperatorStateStateInProgress OperatorStateState = "in_progress" OperatorStateStateSuccess OperatorStateState = "success" )
Defines values for OperatorStateState.
type Resource ¶
type Resource struct { Metadata Metadata `json:"metadata"` Spec Spec `json:"spec"` Status Status `json:"status"` }
Resource is the wire representation of AccessPolicy. It currently will soon be merged into the k8s flavor (TODO be better)
type ResourceRef ¶
ResourceRef defines model for ResourceRef.
type RoleRef ¶
type RoleRef struct { // Policies can apply to roles, teams, or users // Applying policies to individual users is supported, but discouraged Kind RoleRefKind `json:"kind"` Name string `json:"name"` Xname string `json:"xname"` }
RoleRef defines model for RoleRef.
type RoleRefKind ¶
type RoleRefKind string
Policies can apply to roles, teams, or users Applying policies to individual users is supported, but discouraged
const ( RoleRefKindBuiltinRole RoleRefKind = "BuiltinRole" RoleRefKindRole RoleRefKind = "Role" RoleRefKindTeam RoleRefKind = "Team" RoleRefKindUser RoleRefKind = "User" )
Defines values for RoleRefKind.
type Spec ¶
type Spec struct { Role RoleRef `json:"role"` // The set of rules to apply. Note that * is required to modify // access policy rules, and that "none" will reject all actions Rules []AccessRule `json:"rules"` Scope ResourceRef `json:"scope"` }
Spec defines model for Spec.
type Status ¶
type Status struct { // additionalFields is reserved for future use AdditionalFields map[string]interface{} `json:"additionalFields,omitempty"` // operatorStates is a map of operator ID to operator state evaluations. // Any operator which consumes this kind SHOULD add its state evaluation information to this field. OperatorStates map[string]StatusOperatorState `json:"operatorStates,omitempty"` }
Status defines model for Status.
type StatusOperatorState ¶
type StatusOperatorState struct { // descriptiveState is an optional more descriptive state field which has no requirements on format DescriptiveState *string `json:"descriptiveState,omitempty"` // details contains any extra information that is operator-specific Details map[string]interface{} `json:"details,omitempty"` // lastEvaluation is the ResourceVersion last evaluated LastEvaluation string `json:"lastEvaluation"` // state describes the state of the lastEvaluation. // It is limited to three possible states for machine evaluation. State StatusOperatorStateState `json:"state"` }
StatusOperatorState defines model for status.#OperatorState.
type StatusOperatorStateState ¶
type StatusOperatorStateState string
StatusOperatorStateState state describes the state of the lastEvaluation. It is limited to three possible states for machine evaluation.
const ( StatusOperatorStateStateFailed StatusOperatorStateState = "failed" StatusOperatorStateStateInProgress StatusOperatorStateState = "in_progress" StatusOperatorStateStateSuccess StatusOperatorStateState = "success" )
Defines values for StatusOperatorStateState.