akillibulut
/
porter
mirror of https://github.com/porter-dev/porter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
							package types

import "time"

type PermissionScope string

const (
	UserScope            PermissionScope = "user"
	ProjectScope         PermissionScope = "project"
	ClusterScope         PermissionScope = "cluster"
	RegistryScope        PermissionScope = "registry"
	InviteScope          PermissionScope = "invite"
	HelmRepoScope        PermissionScope = "helm_repo"
	InfraScope           PermissionScope = "infra"
	OperationScope       PermissionScope = "operation"
	GitInstallationScope PermissionScope = "git_installation"
	NamespaceScope       PermissionScope = "namespace"
	SettingsScope        PermissionScope = "settings"
	ReleaseScope         PermissionScope = "release"
)

type NameOrUInt struct {
	Name string `json:"name"`
	UInt uint   `json:"uint"`
}

type PolicyDocument struct {
	Scope     PermissionScope                     `json:"scope"`
	Resources []NameOrUInt                        `json:"resources"`
	Verbs     []APIVerb                           `json:"verbs"`
	Children  map[PermissionScope]*PolicyDocument `json:"children"`
}

type ScopeTree map[PermissionScope]ScopeTree

/* ScopeHeirarchy describes the tree of scopes, i.e. Cluster, Registry, and Settings
are children of Project, Namespace is a child of Cluster, etc.
*/
var ScopeHeirarchy = ScopeTree{
	ProjectScope: {
		ClusterScope: {
			NamespaceScope: {
				ReleaseScope: {},
			},
		},
		RegistryScope:        {},
		HelmRepoScope:        {},
		GitInstallationScope: {},
		InfraScope: {
			OperationScope: {},
		},
		SettingsScope: {},
	},
}

type Policy []*PolicyDocument

var AdminPolicy = []*PolicyDocument{
	{
		Scope: ProjectScope,
		Verbs: ReadWriteVerbGroup(),
	},
}

var DeveloperPolicy = []*PolicyDocument{
	{
		Scope: ProjectScope,
		Verbs: ReadWriteVerbGroup(),
		Children: map[PermissionScope]*PolicyDocument{
			SettingsScope: {
				Scope: SettingsScope,
				Verbs: ReadVerbGroup(),
			},
		},
	},
}

var ViewerPolicy = []*PolicyDocument{
	{
		Scope: ProjectScope,
		Verbs: ReadVerbGroup(),
		Children: map[PermissionScope]*PolicyDocument{
			SettingsScope: {
				Scope: SettingsScope,
				Verbs: []APIVerb{},
			},
		},
	},
}

type CreatePolicy struct {
	Name   string            `json:"name" form:"required"`
	Policy []*PolicyDocument `json:"policy" form:"required"`
}

const URLParamPolicyID URLParam = "policy_id"

type APIPolicyMeta struct {
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
	ProjectID uint      `json:"project_id"`
	UID       string    `json:"uid"`
	Name      string    `json:"name"`
}

type APIPolicy struct {
	*APIPolicyMeta
	Policy []*PolicyDocument `json:"policy"`
}