accesslist

package
v0.0.0-...-27af30b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2024 License: Apache-2.0 Imports: 11 Imported by: 22

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessList 

type AccessList struct {
	// ResourceHeader is the common resource header for all resources.
	header.ResourceHeader

	// Spec is the specification for the access list.
	Spec Spec `json:"spec" yaml:"spec"`

	// Status contains dynamically calculated fields.
	Status Status `json:"-" yaml:"-"`
}

AccessList describes the basic building block of access grants, which are similar to access requests but for longer lived permissions that need to be regularly audited.

func NewAccessList 

func NewAccessList(metadata header.Metadata, spec Spec) (*AccessList, error)

NewAccessList will create a new access list.

func (*AccessList) CheckAndSetDefaults 

func (a *AccessList) CheckAndSetDefaults() error

CheckAndSetDefaults validates fields and populates empty fields with default values.

func (*AccessList) CloneResource 

func (a *AccessList) CloneResource() types.ResourceWithLabels

CloneResource returns a copy of the resource as types.ResourceWithLabels.

func (*AccessList) GetGrants 

func (a *AccessList) GetGrants() Grants

GetGrants returns the grants from the access list.

func (*AccessList) GetMembershipRequires 

func (a *AccessList) GetMembershipRequires() Requires

GetMembershipRequires returns the membership requires configuration from the access list.

func (*AccessList) GetMetadata 

func (a *AccessList) GetMetadata() types.Metadata

GetMetadata returns metadata. This is specifically for conforming to the Resource interface, and should be removed when possible.

func (*AccessList) GetOwners 

func (a *AccessList) GetOwners() []Owner

GetOwners returns the list of owners from the access list.

func (*AccessList) GetOwnershipRequires 

func (a *AccessList) GetOwnershipRequires() Requires

GetOwnershipRequires returns the ownership requires configuration from the access list.

func (*AccessList) MatchSearch 

func (a *AccessList) MatchSearch(values []string) bool

MatchSearch goes through select field values of a resource and tries to match against the list of search values.

func (*AccessList) SelectNextReviewDate 

func (a *AccessList) SelectNextReviewDate() time.Time

SelectNextReviewDate will select the next review date for the access list.

func (*AccessList) SetOwners 

func (a *AccessList) SetOwners(owners []Owner)

GetOwners returns the list of owners from the access list.

type AccessListMember 

type AccessListMember struct {
	// ResourceHeader is the common resource header for all resources.
	header.ResourceHeader

	// Spec is the specification for the access list member.
	Spec AccessListMemberSpec `json:"spec" yaml:"spec"`
}

AccessListMember is an access list member resource.

func NewAccessListMember 

func NewAccessListMember(metadata header.Metadata, spec AccessListMemberSpec) (*AccessListMember, error)

NewAccessListMember will create a new access listm member.

func (*AccessListMember) CheckAndSetDefaults 

func (a *AccessListMember) CheckAndSetDefaults() error

CheckAndSetDefaults validates fields and populates empty fields with default values.

func (*AccessListMember) GetMetadata 

func (a *AccessListMember) GetMetadata() types.Metadata

GetMetadata returns metadata. This is specifically for conforming to the Resource interface, and should be removed when possible.

func (*AccessListMember) IsEqual 

func (a *AccessListMember) IsEqual(other *AccessListMember) bool

IsEqual defines AccessListMember equality for use with `services.CompareResources()` (and hence the services.Reconciler).

For the purposes of reconciliation, we only care that the user and target AccessList match.

func (*AccessListMember) MatchSearch 

func (a *AccessListMember) MatchSearch(values []string) bool

MatchSearch goes through select field values of a resource and tries to match against the list of search values.

type AccessListMemberSpec 

type AccessListMemberSpec struct {
	// AccessList is the name of the associated access list.
	AccessList string `json:"access_list" yaml:"access_list"`

	// Name is the name of the member of the access list.
	Name string `json:"name" yaml:"name"`

	// Joined is when the user joined the access list.
	Joined time.Time `json:"joined" yaml:"joined"`

	// expires is when the user's membership to the access list expires.
	Expires time.Time `json:"expires" yaml:"expires"`

	// reason is the reason this user was added to the access list.
	Reason string `json:"reason" yaml:"reason"`

	// added_by is the user that added this user to the access list.
	AddedBy string `json:"added_by" yaml:"added_by"`

	// IneligibleStatus describes the reason why this member is not eligible.
	IneligibleStatus string `json:"ineligible_status" yaml:"ineligible_status"`
}

AccessListMemberSpec describes the specification of a member of an access list.

type Audit 

type Audit struct {
	// NextAuditDate is the date that the next audit should be performed.
	NextAuditDate time.Time `json:"next_audit_date" yaml:"next_audit_date"`

	// Recurrence is the recurrence definition for auditing. Valid values are
	// 1, first, 15, and last.
	Recurrence Recurrence `json:"recurrence" yaml:"recurrence"`

	// Notifications is the configuration for notifying users.
	Notifications Notifications `json:"notifications" yaml:"notifications"`
}

Audit describes the audit configuration for an access list.

func (Audit) MarshalJSON 

func (a Audit) MarshalJSON() ([]byte, error)

func (*Audit) UnmarshalJSON 

func (a *Audit) UnmarshalJSON(data []byte) error

type Grants 

type Grants struct {
	// Roles are the roles that are granted to users who are members of the access list.
	Roles []string `json:"roles" yaml:"roles"`

	// Traits are the traits that are granted to users who are members of the access list.
	Traits trait.Traits `json:"traits" yaml:"traits"`
}

Grants describes what access is granted by membership to the access list.

type Notifications 

type Notifications struct {
	// Start specifies when to start notifying users that the next audit date is coming up.
	Start time.Duration `json:"start" yaml:"start"`
}

Notifications contains the configuration for notifying users of a nearing next audit date.

func (Notifications) MarshalJSON 

func (n Notifications) MarshalJSON() ([]byte, error)

func (*Notifications) UnmarshalJSON 

func (n *Notifications) UnmarshalJSON(data []byte) error

type Owner 

type Owner struct {
	// Name is the username of the owner.
	Name string `json:"name" yaml:"name"`

	// Description is the plaintext description of the owner and why they are an owner.
	Description string `json:"description" yaml:"description"`

	// IneligibleStatus describes the reason why this owner is not eligible.
	IneligibleStatus string `json:"ineligible_status" yaml:"ineligible_status"`
}

Owner is an owner of an access list.

type Recurrence 

type Recurrence struct {
	// Frequency is the frequency between access list reviews.
	Frequency ReviewFrequency `json:"frequency" yaml:"frequency"`

	// DayOfMonth is the day of month subsequent reviews will be scheduled on.
	DayOfMonth ReviewDayOfMonth `json:"day_of_month" yaml:"day_of_month"`
}

Recurrence defines when access list reviews should occur.

func (Recurrence) MarshalJSON 

func (r Recurrence) MarshalJSON() ([]byte, error)

func (*Recurrence) UnmarshalJSON 

func (r *Recurrence) UnmarshalJSON(data []byte) error

type Requires 

type Requires struct {
	// Roles are the user roles that must be present for the user to obtain access.
	Roles []string `json:"roles" yaml:"roles"`

	// Traits are the traits that must be present for the user to obtain access.
	Traits trait.Traits `json:"traits" yaml:"traits"`
}

Requires describes a requirement section for an access list. A user must meet the following criteria to obtain the specific access to the list.

func (*Requires) IsEmpty 

func (r *Requires) IsEmpty() bool

IsEmpty returns true when no roles or traits are set

type Review 

type Review struct {
	// ResourceHeader is the common resource header for all resources.
	header.ResourceHeader

	// Spec is the specification for the access list review.
	Spec ReviewSpec `json:"spec" yaml:"spec"`
}

Review is an access list review resource.

func NewReview 

func NewReview(metadata header.Metadata, spec ReviewSpec) (*Review, error)

NewReview will create a new access list review.

func (*Review) CheckAndSetDefaults 

func (r *Review) CheckAndSetDefaults() error

CheckAndSetDefaults validates fields and populates empty fields with default values.

func (*Review) GetMetadata 

func (r *Review) GetMetadata() types.Metadata

GetMetadata returns metadata. This is specifically for conforming to the Resource interface, and should be removed when possible.

type ReviewChanges 

type ReviewChanges struct {
	// MembershipRequirementsChanged is populated if the requirements were changed as part of this review.
	MembershipRequirementsChanged *Requires `json:"membership_requirements_changed" yaml:"membership_requirements_changed"`

	// RemovedMembers contains the members that were removed as part of this review.
	RemovedMembers []string `json:"removed_members" yaml:"removed_members"`

	// ReviewFrequencyChanged is populated if the review frequency has changed.
	ReviewFrequencyChanged ReviewFrequency `json:"review_frequency_changed" yaml:"review_frequency_changed"`

	// ReviewDayOfMonthChanged is populated if the review day of month has changed.
	ReviewDayOfMonthChanged ReviewDayOfMonth `json:"review_day_of_month_changed" yaml:"review_day_of_month_changed"`
}

ReviewChanges are the changes that were made as part of the review.

func (ReviewChanges) MarshalJSON 

func (r ReviewChanges) MarshalJSON() ([]byte, error)

func (*ReviewChanges) UnmarshalJSON 

func (r *ReviewChanges) UnmarshalJSON(data []byte) error

type ReviewDayOfMonth 

type ReviewDayOfMonth int

ReviewDayOfMonth is the day of month the review should be repeated on. 

const (
	FirstDayOfMonth     ReviewDayOfMonth = 1
	FifteenthDayOfMonth ReviewDayOfMonth = 15
	LastDayOfMonth      ReviewDayOfMonth = 31
)

func (ReviewDayOfMonth) String 

func (r ReviewDayOfMonth) String() string

type ReviewFrequency 

type ReviewFrequency int

ReviewFrequency is the review frequency in months. 

const (
	OneMonth    ReviewFrequency = 1
	ThreeMonths ReviewFrequency = 3
	SixMonths   ReviewFrequency = 6
	OneYear     ReviewFrequency = 12
)

func (ReviewFrequency) String 

func (r ReviewFrequency) String() string

type ReviewSpec 

type ReviewSpec struct {
	// AccessList is the name of the associated access list.
	AccessList string `json:"access_list" yaml:"access_list"`

	// Reviewers are the users who performed the review.
	Reviewers []string `json:"reviewers" yaml:"reviewers"`

	// ReviewDate is the date that this review was created.
	ReviewDate time.Time `json:"review_date" yaml:"review_date"`

	// Notes is an optional plaintext attached to the review that can be used by the review for arbitrary
	// note taking on the review.
	Notes string `json:"notes" yaml:"notes"`

	// Changes are the changes made as part of the review.
	Changes ReviewChanges `json:"changes" yaml:"changes"`
}

ReviewSpec describes the specification of a review of an access list.

func (ReviewSpec) MarshalJSON 

func (r ReviewSpec) MarshalJSON() ([]byte, error)

func (*ReviewSpec) UnmarshalJSON 

func (r *ReviewSpec) UnmarshalJSON(data []byte) error

type Spec 

type Spec struct {
	// Title is a plaintext short description of the access list.
	Title string `json:"title" yaml:"title"`

	// Description is an optional plaintext description of the access list.
	Description string `json:"description" yaml:"description"`

	// Owners is a list of owners of the access list.
	Owners []Owner `json:"owners" yaml:"owners"`

	// Audit describes the frequency that this access list must be audited.
	Audit Audit `json:"audit" yaml:"audit"`

	// MembershipRequires describes the requirements for a user to be a member of the access list.
	// For a membership to an access list to be effective, the user must meet the requirements of
	// MembershipRequires and must be in the members list.
	MembershipRequires Requires `json:"membership_requires" yaml:"membership_requires"`

	// OwnershipRequires describes the requirements for a user to be an owner of the access list.
	// For ownership of an access list to be effective, the user must meet the requirements of
	// OwnershipRequires and must be in the owners list.
	OwnershipRequires Requires `json:"ownership_requires" yaml:"ownership_requires"`

	// Grants describes the access granted by membership to this access list.
	Grants Grants `json:"grants" yaml:"grants"`

	// OwnerGrants describes the access granted by ownership of this access list.
	OwnerGrants Grants `json:"owner_grants" yaml:"owner_grants"`
}

Spec is the specification for an access list.

type Status 

type Status struct {
	// MemberCount is the number of members in the access list.
	MemberCount *uint32
}

Status contains dynamic fields calculated during retrieval.

Source Files

View all Source files

Directories

Path Synopsis
convert
v1

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.