Documentation
¶
Overview ¶
operationroles implements various rules around what role to use for a particular operation
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EntityOperationRoleMap ¶
type EntityOperationRoleMap map[app.OperationType]string
func EntityOperationRoleMapFromHstore ¶
func EntityOperationRoleMapFromHstore(hstore map[string]*string) EntityOperationRoleMap
type RoleSelection ¶
type RoleSelection struct {
RoleName string
RoleARN string
Source RoleSelectionSource
}
func GetDefaultRoleSelection ¶
func GetDefaultRoleSelection(ctx *SelectionContext) (*RoleSelection, error)
func SelectRole ¶
func SelectRole(ctx *SelectionContext, l *zap.Logger) (*RoleSelection, error)
SelectRole determines which role to use based on precedence rules Precedence (highest to lowest): 1. Runtime override (CLI --role flag or UI selection) 2. Entity-level config (component/sandbox/action specific) 3. Matrix rules (app-level operation_roles config) 4. Default roles (provision/maintenance/deprovision)
type RoleSelectionSource ¶
type RoleSelectionSource string
RoleSelectionSource represents where a role selection came from
const ( // selected at runtime RoleSelectionSourceRuntime RoleSelectionSource = "runtime" // defined in entity definition, in component, action or sandbox RoleSelectionSourceEntity RoleSelectionSource = "entity" // defined in app config rules RoleSelectionSourceMatrix RoleSelectionSource = "matrix" // existing behavior RoleSelectionSourceDefault RoleSelectionSource = "default" // break glass RoleSelectionSourceBreakGlass RoleSelectionSource = "breakglass" )
type SelectionContext ¶
type SelectionContext struct {
// under sandbox mode make sure to choose either provision deprovision or maintenance
SandboxMode bool
Operation app.OperationType
// "component", "sandbox", "action"
PrincipalType principal.Type
// Component/action name (empty for sandbox)
PrincipalName string
// Configuration sources (in precedence order)
// --role flag from CLI/UI (highest precedence)
RuntimeRole string
// Component/sandbox/action config
EntityRoles EntityOperationRoleMap
// App-level rules from DB
MatrixRules []*app.AppOperationRoleRule
// DefaultRole is the role selected if none of the rules assiciate with the pricipal and operation
DefaultRole string
// Break Glass role
BreakGlassRole string
StackOutputs *app.InstallStackOutputs
AppConfig *app.AppConfig
// Install state for rendering role names with templating
InstallState *state.State
}
SelectionContext contains all information needed for role selection
Source Files
Click to show internal directories.
Click to hide internal directories.