Documentation ¶
Index ¶
- type AccessList
- func (a *AccessList) CheckAndSetDefaults() error
- func (a *AccessList) CloneResource() types.ResourceWithLabels
- func (a *AccessList) GetGrants() Grants
- func (a *AccessList) GetMembershipRequires() Requires
- func (a *AccessList) GetMetadata() types.Metadata
- func (a *AccessList) GetOwners() []Owner
- func (a *AccessList) GetOwnershipRequires() Requires
- func (a *AccessList) MatchSearch(values []string) bool
- func (a *AccessList) SelectNextReviewDate() time.Time
- func (a *AccessList) SetOwners(owners []Owner)
- type AccessListMember
- type AccessListMemberSpec
- type Audit
- type Grants
- type Notifications
- type Owner
- type Recurrence
- type Requires
- type Review
- type ReviewChanges
- type ReviewDayOfMonth
- type ReviewFrequency
- type ReviewSpec
- type Spec
- type Status
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessList ¶
type AccessList struct { // ResourceHeader is the common resource header for all resources. header.ResourceHeader // Spec is the specification for the access list. Spec Spec `json:"spec" yaml:"spec"` // Status contains dynamically calculated fields. Status Status `json:"-" yaml:"-"` }
AccessList describes the basic building block of access grants, which are similar to access requests but for longer lived permissions that need to be regularly audited.
func NewAccessList ¶
func NewAccessList(metadata header.Metadata, spec Spec) (*AccessList, error)
NewAccessList will create a new access list.
func (*AccessList) CheckAndSetDefaults ¶
func (a *AccessList) CheckAndSetDefaults() error
CheckAndSetDefaults validates fields and populates empty fields with default values.
func (*AccessList) CloneResource ¶
func (a *AccessList) CloneResource() types.ResourceWithLabels
CloneResource returns a copy of the resource as types.ResourceWithLabels.
func (*AccessList) GetGrants ¶
func (a *AccessList) GetGrants() Grants
GetGrants returns the grants from the access list.
func (*AccessList) GetMembershipRequires ¶
func (a *AccessList) GetMembershipRequires() Requires
GetMembershipRequires returns the membership requires configuration from the access list.
func (*AccessList) GetMetadata ¶
func (a *AccessList) GetMetadata() types.Metadata
GetMetadata returns metadata. This is specifically for conforming to the Resource interface, and should be removed when possible.
func (*AccessList) GetOwners ¶
func (a *AccessList) GetOwners() []Owner
GetOwners returns the list of owners from the access list.
func (*AccessList) GetOwnershipRequires ¶
func (a *AccessList) GetOwnershipRequires() Requires
GetOwnershipRequires returns the ownership requires configuration from the access list.
func (*AccessList) MatchSearch ¶
func (a *AccessList) MatchSearch(values []string) bool
MatchSearch goes through select field values of a resource and tries to match against the list of search values.
func (*AccessList) SelectNextReviewDate ¶
func (a *AccessList) SelectNextReviewDate() time.Time
SelectNextReviewDate will select the next review date for the access list.
func (*AccessList) SetOwners ¶
func (a *AccessList) SetOwners(owners []Owner)
GetOwners returns the list of owners from the access list.
type AccessListMember ¶
type AccessListMember struct { // ResourceHeader is the common resource header for all resources. header.ResourceHeader // Spec is the specification for the access list member. Spec AccessListMemberSpec `json:"spec" yaml:"spec"` }
AccessListMember is an access list member resource.
func NewAccessListMember ¶
func NewAccessListMember(metadata header.Metadata, spec AccessListMemberSpec) (*AccessListMember, error)
NewAccessListMember will create a new access listm member.
func (*AccessListMember) CheckAndSetDefaults ¶
func (a *AccessListMember) CheckAndSetDefaults() error
CheckAndSetDefaults validates fields and populates empty fields with default values.
func (*AccessListMember) GetMetadata ¶
func (a *AccessListMember) GetMetadata() types.Metadata
GetMetadata returns metadata. This is specifically for conforming to the Resource interface, and should be removed when possible.
func (*AccessListMember) IsEqual ¶
func (a *AccessListMember) IsEqual(other *AccessListMember) bool
IsEqual defines AccessListMember equality for use with `services.CompareResources()` (and hence the services.Reconciler).
For the purposes of reconciliation, we only care that the user and target AccessList match.
func (*AccessListMember) MatchSearch ¶
func (a *AccessListMember) MatchSearch(values []string) bool
MatchSearch goes through select field values of a resource and tries to match against the list of search values.
type AccessListMemberSpec ¶
type AccessListMemberSpec struct { // AccessList is the name of the associated access list. AccessList string `json:"access_list" yaml:"access_list"` // Name is the name of the member of the access list. Name string `json:"name" yaml:"name"` // Joined is when the user joined the access list. Joined time.Time `json:"joined" yaml:"joined"` // expires is when the user's membership to the access list expires. Expires time.Time `json:"expires" yaml:"expires"` // reason is the reason this user was added to the access list. Reason string `json:"reason" yaml:"reason"` // added_by is the user that added this user to the access list. AddedBy string `json:"added_by" yaml:"added_by"` // IneligibleStatus describes the reason why this member is not eligible. IneligibleStatus string `json:"ineligible_status" yaml:"ineligible_status"` }
AccessListMemberSpec describes the specification of a member of an access list.
type Audit ¶
type Audit struct { // NextAuditDate is the date that the next audit should be performed. NextAuditDate time.Time `json:"next_audit_date" yaml:"next_audit_date"` // Recurrence is the recurrence definition for auditing. Valid values are // 1, first, 15, and last. Recurrence Recurrence `json:"recurrence" yaml:"recurrence"` // Notifications is the configuration for notifying users. Notifications Notifications `json:"notifications" yaml:"notifications"` }
Audit describes the audit configuration for an access list.
func (Audit) MarshalJSON ¶
func (*Audit) UnmarshalJSON ¶
type Grants ¶
type Grants struct { // Roles are the roles that are granted to users who are members of the access list. Roles []string `json:"roles" yaml:"roles"` // Traits are the traits that are granted to users who are members of the access list. Traits trait.Traits `json:"traits" yaml:"traits"` }
Grants describes what access is granted by membership to the access list.
type Notifications ¶
type Notifications struct { // Start specifies when to start notifying users that the next audit date is coming up. Start time.Duration `json:"start" yaml:"start"` }
Notifications contains the configuration for notifying users of a nearing next audit date.
func (Notifications) MarshalJSON ¶
func (n Notifications) MarshalJSON() ([]byte, error)
func (*Notifications) UnmarshalJSON ¶
func (n *Notifications) UnmarshalJSON(data []byte) error
type Owner ¶
type Owner struct { // Name is the username of the owner. Name string `json:"name" yaml:"name"` // Description is the plaintext description of the owner and why they are an owner. Description string `json:"description" yaml:"description"` // IneligibleStatus describes the reason why this owner is not eligible. IneligibleStatus string `json:"ineligible_status" yaml:"ineligible_status"` }
Owner is an owner of an access list.
type Recurrence ¶
type Recurrence struct { // Frequency is the frequency between access list reviews. Frequency ReviewFrequency `json:"frequency" yaml:"frequency"` // DayOfMonth is the day of month subsequent reviews will be scheduled on. DayOfMonth ReviewDayOfMonth `json:"day_of_month" yaml:"day_of_month"` }
Recurrence defines when access list reviews should occur.
func (Recurrence) MarshalJSON ¶
func (r Recurrence) MarshalJSON() ([]byte, error)
func (*Recurrence) UnmarshalJSON ¶
func (r *Recurrence) UnmarshalJSON(data []byte) error
type Requires ¶
type Requires struct { // Roles are the user roles that must be present for the user to obtain access. Roles []string `json:"roles" yaml:"roles"` // Traits are the traits that must be present for the user to obtain access. Traits trait.Traits `json:"traits" yaml:"traits"` }
Requires describes a requirement section for an access list. A user must meet the following criteria to obtain the specific access to the list.
type Review ¶
type Review struct { // ResourceHeader is the common resource header for all resources. header.ResourceHeader // Spec is the specification for the access list review. Spec ReviewSpec `json:"spec" yaml:"spec"` }
Review is an access list review resource.
func NewReview ¶
func NewReview(metadata header.Metadata, spec ReviewSpec) (*Review, error)
NewReview will create a new access list review.
func (*Review) CheckAndSetDefaults ¶
CheckAndSetDefaults validates fields and populates empty fields with default values.
func (*Review) GetMetadata ¶
GetMetadata returns metadata. This is specifically for conforming to the Resource interface, and should be removed when possible.
type ReviewChanges ¶
type ReviewChanges struct { // MembershipRequirementsChanged is populated if the requirements were changed as part of this review. MembershipRequirementsChanged *Requires `json:"membership_requirements_changed" yaml:"membership_requirements_changed"` // RemovedMembers contains the members that were removed as part of this review. RemovedMembers []string `json:"removed_members" yaml:"removed_members"` // ReviewFrequencyChanged is populated if the review frequency has changed. ReviewFrequencyChanged ReviewFrequency `json:"review_frequency_changed" yaml:"review_frequency_changed"` // ReviewDayOfMonthChanged is populated if the review day of month has changed. ReviewDayOfMonthChanged ReviewDayOfMonth `json:"review_day_of_month_changed" yaml:"review_day_of_month_changed"` }
ReviewChanges are the changes that were made as part of the review.
func (ReviewChanges) MarshalJSON ¶
func (r ReviewChanges) MarshalJSON() ([]byte, error)
func (*ReviewChanges) UnmarshalJSON ¶
func (r *ReviewChanges) UnmarshalJSON(data []byte) error
type ReviewDayOfMonth ¶
type ReviewDayOfMonth int
ReviewDayOfMonth is the day of month the review should be repeated on.
const ( FirstDayOfMonth ReviewDayOfMonth = 1 FifteenthDayOfMonth ReviewDayOfMonth = 15 LastDayOfMonth ReviewDayOfMonth = 31 )
func (ReviewDayOfMonth) String ¶
func (r ReviewDayOfMonth) String() string
type ReviewFrequency ¶
type ReviewFrequency int
ReviewFrequency is the review frequency in months.
const ( OneMonth ReviewFrequency = 1 ThreeMonths ReviewFrequency = 3 SixMonths ReviewFrequency = 6 OneYear ReviewFrequency = 12 )
func (ReviewFrequency) String ¶
func (r ReviewFrequency) String() string
type ReviewSpec ¶
type ReviewSpec struct { // AccessList is the name of the associated access list. AccessList string `json:"access_list" yaml:"access_list"` // Reviewers are the users who performed the review. Reviewers []string `json:"reviewers" yaml:"reviewers"` // ReviewDate is the date that this review was created. ReviewDate time.Time `json:"review_date" yaml:"review_date"` // Notes is an optional plaintext attached to the review that can be used by the review for arbitrary // note taking on the review. Notes string `json:"notes" yaml:"notes"` // Changes are the changes made as part of the review. Changes ReviewChanges `json:"changes" yaml:"changes"` }
ReviewSpec describes the specification of a review of an access list.
func (ReviewSpec) MarshalJSON ¶
func (r ReviewSpec) MarshalJSON() ([]byte, error)
func (*ReviewSpec) UnmarshalJSON ¶
func (r *ReviewSpec) UnmarshalJSON(data []byte) error
type Spec ¶
type Spec struct { // Title is a plaintext short description of the access list. Title string `json:"title" yaml:"title"` // Description is an optional plaintext description of the access list. Description string `json:"description" yaml:"description"` // Owners is a list of owners of the access list. Owners []Owner `json:"owners" yaml:"owners"` // Audit describes the frequency that this access list must be audited. Audit Audit `json:"audit" yaml:"audit"` // MembershipRequires describes the requirements for a user to be a member of the access list. // For a membership to an access list to be effective, the user must meet the requirements of // MembershipRequires and must be in the members list. MembershipRequires Requires `json:"membership_requires" yaml:"membership_requires"` // OwnershipRequires describes the requirements for a user to be an owner of the access list. // For ownership of an access list to be effective, the user must meet the requirements of // OwnershipRequires and must be in the owners list. OwnershipRequires Requires `json:"ownership_requires" yaml:"ownership_requires"` // Grants describes the access granted by membership to this access list. Grants Grants `json:"grants" yaml:"grants"` // OwnerGrants describes the access granted by ownership of this access list. OwnerGrants Grants `json:"owner_grants" yaml:"owner_grants"` }
Spec is the specification for an access list.