akillibulut
/
porter
-ын хуулбар https://github.com/porter-dev/porter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197
							package types

import "time"

type PermissionScope string

const (
	UserScope                PermissionScope = "user"
	ProjectScope             PermissionScope = "project"
	ClusterScope             PermissionScope = "cluster"
	DeploymentTargetScope    PermissionScope = "target"
	RegistryScope            PermissionScope = "registry"
	InviteScope              PermissionScope = "invite"
	HelmRepoScope            PermissionScope = "helm_repo"
	InfraScope               PermissionScope = "infra"
	OperationScope           PermissionScope = "operation"
	GitInstallationScope     PermissionScope = "git_installation"
	NamespaceScope           PermissionScope = "namespace"
	SettingsScope            PermissionScope = "settings"
	ReleaseScope             PermissionScope = "release"
	StackScope               PermissionScope = "stack"
	GitlabIntegrationScope   PermissionScope = "gitlab_integration"
	PreviewEnvironmentScope  PermissionScope = "preview_environment"
	APIContractRevisionScope PermissionScope = "contract_revision"
)

type NameOrUInt struct {
	Name string `json:"name"`
	UInt uint   `json:"uint"`
}

type PolicyDocument struct {
	Scope     PermissionScope                     `json:"scope"`
	Resources []NameOrUInt                        `json:"resources"`
	Verbs     []APIVerb                           `json:"verbs"`
	Children  map[PermissionScope]*PolicyDocument `json:"children"`
}

type ScopeTree map[PermissionScope]ScopeTree

/*
	ScopeHeirarchy describes the tree of scopes, i.e. Cluster, Registry, and Settings

are children of Project, Namespace is a child of Cluster, etc.
*/
var ScopeHeirarchy = ScopeTree{
	ProjectScope: {
		ClusterScope: {
			NamespaceScope: {
				StackScope:   {},
				ReleaseScope: {},
			},
			PreviewEnvironmentScope: {},
		},
		RegistryScope:        {},
		HelmRepoScope:        {},
		GitInstallationScope: {},
		InfraScope: {
			OperationScope: {},
		},
		SettingsScope:            {},
		APIContractRevisionScope: {},
	},
}

type Policy []*PolicyDocument

var AdminPolicy = []*PolicyDocument{
	{
		Scope: ProjectScope,
		Verbs: ReadWriteVerbGroup(),
		Children: map[PermissionScope]*PolicyDocument{
			ClusterScope: {
				Scope: ClusterScope,
				Verbs: ReadWriteVerbGroup(),
			},
			RegistryScope: {
				Scope: RegistryScope,
				Verbs: ReadWriteVerbGroup(),
			},
			HelmRepoScope: {
				Scope: HelmRepoScope,
				Verbs: ReadWriteVerbGroup(),
			},
			GitInstallationScope: {
				Scope: GitInstallationScope,
				Verbs: ReadWriteVerbGroup(),
			},
			InfraScope: {
				Scope: InfraScope,
				Verbs: ReadWriteVerbGroup(),
			},
			SettingsScope: {
				Scope: SettingsScope,
				Verbs: ReadWriteVerbGroup(),
			},
			APIContractRevisionScope: {
				Scope: APIContractRevisionScope,
				Verbs: ReadWriteVerbGroup(),
			},
		},
	},
}

var DeveloperPolicy = []*PolicyDocument{
	{
		Scope: ProjectScope,
		Verbs: ReadWriteVerbGroup(),
		Children: map[PermissionScope]*PolicyDocument{
			ClusterScope: {
				Scope: ClusterScope,
				Verbs: ReadWriteVerbGroup(),
			},
			RegistryScope: {
				Scope: RegistryScope,
				Verbs: ReadWriteVerbGroup(),
			},
			HelmRepoScope: {
				Scope: HelmRepoScope,
				Verbs: ReadWriteVerbGroup(),
			},
			GitInstallationScope: {
				Scope: GitInstallationScope,
				Verbs: ReadWriteVerbGroup(),
			},
			InfraScope: {
				Scope: InfraScope,
				Verbs: ReadWriteVerbGroup(),
			},
			SettingsScope: {
				Scope: SettingsScope,
				Verbs: ReadVerbGroup(),
			},
			APIContractRevisionScope: {
				Scope: APIContractRevisionScope,
				Verbs: ReadWriteVerbGroup(),
			},
		},
	},
}

var ViewerPolicy = []*PolicyDocument{
	{
		Scope: ProjectScope,
		Verbs: ReadVerbGroup(),
		Children: map[PermissionScope]*PolicyDocument{
			ClusterScope: {
				Scope: ClusterScope,
				Verbs: ReadVerbGroup(),
			},
			RegistryScope: {
				Scope: RegistryScope,
				Verbs: ReadVerbGroup(),
			},
			HelmRepoScope: {
				Scope: HelmRepoScope,
				Verbs: ReadVerbGroup(),
			},
			GitInstallationScope: {
				Scope: GitInstallationScope,
				Verbs: ReadVerbGroup(),
			},
			InfraScope: {
				Scope: InfraScope,
				Verbs: ReadVerbGroup(),
			},
			SettingsScope: {
				Scope: SettingsScope,
				Verbs: []APIVerb{},
			},
			APIContractRevisionScope: {
				Scope: APIContractRevisionScope,
				Verbs: ReadVerbGroup(),
			},
		},
	},
}

type CreatePolicy struct {
	Name   string            `json:"name" form:"required"`
	Policy []*PolicyDocument `json:"policy" form:"required"`
}

const URLParamPolicyID URLParam = "policy_id"

type APIPolicyMeta struct {
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
	ProjectID uint      `json:"project_id"`
	UID       string    `json:"uid"`
	Name      string    `json:"name"`
}

type APIPolicy struct {
	*APIPolicyMeta
	Policy []*PolicyDocument `json:"policy"`
}