Documentation
¶
Index ¶
- func ActivateWorkSession(ac *client.AlpaconClient, id string) error
- func ApproveWorkSession(ac *client.AlpaconClient, id string, req WorkSessionApproveRequest) error
- func CancelWorkSession(ac *client.AlpaconClient, id string) error
- func CompleteWorkSession(ac *client.AlpaconClient, id string) error
- func ExtendWorkSession(ac *client.AlpaconClient, id string, req WorkSessionExtendRequest) error
- func GetWorkSessionRaw(ac *client.AlpaconClient, id string) ([]byte, error)
- func RejectWorkSession(ac *client.AlpaconClient, id string) error
- func RevokeWorkSession(ac *client.AlpaconClient, id string) error
- type Adjustments
- type Recommendation
- type ScopeDiff
- type ServerDiff
- type SudoPolicyInline
- type TimelineAttributes
- type TimelineItem
- type WorkSession
- type WorkSessionApproveRequest
- type WorkSessionAttributes
- type WorkSessionCreateRequest
- type WorkSessionExtendRequest
- type WorkSessionUpdateRequest
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ActivateWorkSession ¶
func ActivateWorkSession(ac *client.AlpaconClient, id string) error
func ApproveWorkSession ¶
func ApproveWorkSession(ac *client.AlpaconClient, id string, req WorkSessionApproveRequest) error
func CancelWorkSession ¶ added in v1.9.0
func CancelWorkSession(ac *client.AlpaconClient, id string) error
CancelWorkSession withdraws the requester's own pending session; the server restricts it to the creator/superuser and rejects non-pending sessions (unlike superuser-only RevokeWorkSession).
func CompleteWorkSession ¶
func CompleteWorkSession(ac *client.AlpaconClient, id string) error
func ExtendWorkSession ¶
func ExtendWorkSession(ac *client.AlpaconClient, id string, req WorkSessionExtendRequest) error
func GetWorkSessionRaw ¶
func GetWorkSessionRaw(ac *client.AlpaconClient, id string) ([]byte, error)
func RejectWorkSession ¶
func RejectWorkSession(ac *client.AlpaconClient, id string) error
func RevokeWorkSession ¶
func RevokeWorkSession(ac *client.AlpaconClient, id string) error
Types ¶
type Adjustments ¶ added in v1.9.0
type Adjustments struct {
Scopes *ScopeDiff `json:"scopes,omitempty"`
Servers *ServerDiff `json:"servers,omitempty"`
}
Adjustments is the approver's diff; each dimension is set only when changed, nil when unchanged.
type Recommendation ¶ added in v1.9.0
type Recommendation struct {
ID string `json:"id"`
Text string `json:"text"`
Severity string `json:"severity"`
Source string `json:"source"`
AutoCheckable bool `json:"auto_checkable"`
}
Recommendation is an admin-confirmed note attached at approval time.
type ServerDiff ¶ added in v1.9.0
type ServerDiff struct {
Old []types.ServerSummary `json:"old"`
New []types.ServerSummary `json:"new"`
}
ServerDiff holds the requested (old) and granted (new) server lists.
type SudoPolicyInline ¶ added in v1.5.0
type SudoPolicyInline struct {
ID string `json:"id,omitempty"`
Commands []string `json:"commands"`
Reason string `json:"reason,omitempty"`
AllowBypassMFA bool `json:"allow_bypass_mfa"`
}
SudoPolicyInline is a sudo policy bound to a work session. It serves three roles: read (when returned on a WorkSession), create (attached at session create time), and modify (sent on update). Commands are the allowed patterns (wildcards permitted); AllowBypassMFA lets matching sudo run without interactive MFA, which is the only way a non-interactive caller (e.g. an AI agent running 'exec') can sudo. Users is intentionally omitted — the server binds the policy to the session assignee automatically so it never applies to other workspace users.
ID is set only on read and on modify: the sudo_policies field of an update PATCH is the FULL desired set, so existing policies must be echoed back with their ID (modify in place) alongside new entries without an ID (additions). Omitting an existing policy from the set deletes it, so callers must preserve the current entries.
type TimelineAttributes ¶ added in v1.4.8
type TimelineItem ¶ added in v1.4.8
type TimelineItem struct {
Type string `json:"type"`
Timestamp *string `json:"timestamp"`
ID string `json:"id"`
ServerID *string `json:"server_id"`
// shared across session-like types (websh_session, tunnel_session, ftp_session)
Username string `json:"username"`
Groupname string `json:"groupname"`
ClosedAt *string `json:"closed_at"`
ClientType string `json:"client_type"`
// command
Shell string `json:"shell"`
Line string `json:"line"`
Success *bool `json:"success"`
Denied bool `json:"denied"`
ElapsedTime float64 `json:"elapsed_time"`
// tunnel_session
IsTunnel bool `json:"is_tunnel"`
TargetPort *int `json:"target_port"`
// file_upload / file_download
Name string `json:"name"`
Size int64 `json:"size"`
// sudo_grant
GrantType string `json:"grant_type"`
Status string `json:"status"`
Command *string `json:"command"`
OneTime bool `json:"one_time"`
// websh_record
SessionID string `json:"session_id"`
MaskedRecord string `json:"masked_record"`
}
TimelineItem represents a single event in a work session's activity timeline. All event types share this struct; type-specific fields are zero-valued for other types.
func GetWorkSessionTimeline ¶ added in v1.4.8
func GetWorkSessionTimeline(ac *client.AlpaconClient, id string, includeRecords bool) ([]TimelineItem, error)
type WorkSession ¶
type WorkSession struct {
ID string `json:"id"`
Title string `json:"title"`
Description string `json:"description"`
Status string `json:"status"`
RequesterType string `json:"requester_type"`
Scopes []string `json:"scopes"`
Servers []types.ServerSummary `json:"servers"`
CreatedBy *types.UserSummary `json:"created_by"`
AssignedUser *types.UserSummary `json:"assigned_user"`
ApprovalRequestID string `json:"approval_request_id"`
StartsAt *time.Time `json:"starts_at"`
ExpiresAt time.Time `json:"expires_at"`
StartedAt *time.Time `json:"started_at"`
CompletedAt *time.Time `json:"completed_at"`
AddedAt time.Time `json:"added_at"`
UpdatedAt time.Time `json:"updated_at"`
SudoPolicies []SudoPolicyInline `json:"sudo_policies"`
Adjustments *Adjustments `json:"adjustments"`
Recommendations []Recommendation `json:"recommendations"`
}
func CreateWorkSession ¶
func CreateWorkSession(ac *client.AlpaconClient, req WorkSessionCreateRequest) (*WorkSession, error)
func GetWorkSession ¶
func GetWorkSession(ac *client.AlpaconClient, id string) (*WorkSession, error)
func UpdateWorkSession ¶ added in v1.5.0
func UpdateWorkSession(ac *client.AlpaconClient, id string, req WorkSessionUpdateRequest) (*WorkSession, error)
UpdateWorkSession PATCHes a work session. Used to attach sudo policies to an existing session (e.g. after an 'exec' sudo was denied). The server may queue the change for approval, in which case it takes effect only once approved.
type WorkSessionAttributes ¶
type WorkSessionAttributes struct {
// Active is the active-session marker ("*" for the workspace's active session, empty otherwise).
// Decorated by cmd/worksession.MarkActive; hidden from JSON output via the "-" tag.
Active string `json:"-" table:"Active"`
ID string `json:"id" table:"ID"`
Status string `json:"status" table:"Status"`
Scopes string `json:"scopes" table:"Scopes"`
Servers string `json:"servers" table:"Servers"`
ExpiresAt string `json:"expires_at" table:"Expires At"`
Description string `json:"description" table:"Description"`
}
func GetWorkSessionList ¶
func GetWorkSessionList(ac *client.AlpaconClient, status, requesterType, assignedUser string) ([]WorkSessionAttributes, error)
func ProjectAttributes ¶
func ProjectAttributes(ws *WorkSession) WorkSessionAttributes
ProjectAttributes converts a full WorkSession into the WorkSessionAttributes shape used by table outputs (ls, current). Single source of truth for column projection.
type WorkSessionExtendRequest ¶
type WorkSessionExtendRequest struct {
ExpiresAt string `json:"expires_at"`
}
type WorkSessionUpdateRequest ¶ added in v1.5.0
type WorkSessionUpdateRequest struct {
Title string `json:"title,omitempty"`
Description string `json:"description,omitempty"`
Scopes []string `json:"scopes,omitempty"`
Servers []string `json:"servers,omitempty"`
StartsAt string `json:"starts_at,omitempty"`
ExpiresAt string `json:"expires_at,omitempty"`
SudoPolicies []SudoPolicyInline `json:"sudo_policies,omitempty"`
}
WorkSessionUpdateRequest is a partial update: omitempty leaves unset fields untouched. SudoPolicies is PUT-style — the server replaces the whole set, so existing policies must be echoed back or they are deleted. An empty slice is also omitted (omitempty), so this request cannot clear policies.