Documentation
¶
Overview ¶
operationroles implements various rules around what role to use for a particular operation
Index ¶
- type EntityOperationRoleMap
- type RoleSelection
- func GetRoleForAction(l *zap.Logger, appCfg *app.AppConfig, run *app.InstallActionWorkflowRun, ...) (*RoleSelection, app.OperationType, error)
- func GetRoleForDeploy(l *zap.Logger, appCfg *app.AppConfig, installDeploy *app.InstallDeploy, ...) (*RoleSelection, app.OperationType, error)
- func GetRoleForSandbox(l *zap.Logger, appCfg *app.AppConfig, run *app.InstallSandboxRun, ...) (*RoleSelection, app.OperationType, error)
- func SelectDefaultRole(ctx *SelectionContext) (*RoleSelection, error)
- func SelectRole(ctx *SelectionContext, l *zap.Logger) (*RoleSelection, error)
- type RoleSelectionSource
- type SelectionContext
- type SelectionError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EntityOperationRoleMap ¶
type EntityOperationRoleMap map[app.OperationType]string
func EntityOperationRoleMapFromHstore ¶
func EntityOperationRoleMapFromHstore(hstore map[string]*string) EntityOperationRoleMap
type RoleSelection ¶
type RoleSelection struct {
RoleName string `temporaljson:"role_name"`
UnrenderedRoleName string `temporaljson:"unrendered_role_name"`
// RoleArn is arn/id/unique identifier for the role depending on cloud provider
RoleARN string `temporaljson:"role_arn"`
Source RoleSelectionSource `temporaljson:"source"`
Trace []app.InstallRoleSelectionRecord `temporaljson:"trace"`
}
func GetRoleForAction ¶ added in v0.19.872
func GetRoleForAction( l *zap.Logger, appCfg *app.AppConfig, run *app.InstallActionWorkflowRun, stack *app.InstallStack, installState *state.State, ) (*RoleSelection, app.OperationType, error)
GetRoleForAction selects the role for an action workflow trigger operation.
func GetRoleForDeploy ¶ added in v0.19.872
func GetRoleForDeploy( l *zap.Logger, appCfg *app.AppConfig, installDeploy *app.InstallDeploy, compCfgConn *app.ComponentConfigConnection, stack *app.InstallStack, installState *state.State, ) (*RoleSelection, app.OperationType, error)
GetRoleForDeploy selects the role for a component deploy or teardown operation.
func GetRoleForSandbox ¶ added in v0.19.872
func GetRoleForSandbox( l *zap.Logger, appCfg *app.AppConfig, run *app.InstallSandboxRun, stack *app.InstallStack, installState *state.State, ) (*RoleSelection, app.OperationType, error)
GetRoleForSandbox selects the role for a sandbox provision/reprovision/deprovision operation.
func SelectDefaultRole ¶ added in v0.19.872
func SelectDefaultRole(ctx *SelectionContext) (*RoleSelection, error)
func SelectRole ¶
func SelectRole(ctx *SelectionContext, l *zap.Logger) (*RoleSelection, error)
SelectRole determines which role to use based on precedence rules Precedence (highest to lowest): 1. Runtime override (CLI --role flag or UI selection) 2. Entity-level config (component/sandbox/action specific) 3. Matrix rules (app-level operation_roles config) 4. Default roles (provision/maintenance/deprovision)
type RoleSelectionSource ¶
type RoleSelectionSource string
RoleSelectionSource represents where a role selection came from
const ( // selected at runtime RoleSelectionSourceRuntime RoleSelectionSource = "runtime" // defined in entity definition, in component, action or sandbox RoleSelectionSourceEntity RoleSelectionSource = "entity" // defined in app config rules RoleSelectionSourceMatrix RoleSelectionSource = "matrix" // existing behavior RoleSelectionSourceDefault RoleSelectionSource = "default" // break glass RoleSelectionSourceBreakGlass RoleSelectionSource = "breakglass" )
type SelectionContext ¶
type SelectionContext struct {
Operation app.OperationType
// "component", "sandbox", "action"
PrincipalType principal.Type
// Component/action name (empty for sandbox)
PrincipalName string
// Configuration sources (in precedence order)
// --role flag from CLI/UI (highest precedence)
RuntimeRole string
// Component/sandbox/action config
EntityRoles EntityOperationRoleMap
// App-level rules from DB
MatrixRules []*app.AppOperationRoleRule
// DefaultRole is the role selected if none of the rules associate with the principal and operation
DefaultRole string
// Break Glass role
BreakGlassRole string
StackOutputs *app.InstallStackOutputs
AppConfig *app.AppConfig
// Install state for rendering role names with templating
InstallState *state.State
}
SelectionContext contains all information needed for role selection
type SelectionError ¶ added in v0.19.872
type SelectionError struct {
Err error
Trace []app.InstallRoleSelectionRecord
}
func (*SelectionError) Error ¶ added in v0.19.872
func (e *SelectionError) Error() string
func (*SelectionError) Unwrap ¶ added in v0.19.872
func (e *SelectionError) Unwrap() error
Source Files
Click to show internal directories.
Click to hide internal directories.