grafana/kinds/accesspolicy/access_policy_kind.cue

package kind

name:              "AccessPolicy"
maturity:          "merged"
description:       "Access rules for a scope+role.  NOTE there is a unique constraint on role+scope"
pluralName:        "AccessPolicies"
machineName:       "accesspolicy"
pluralMachineName: "accesspolicies"

lineage: schemas: [{
	version: [0, 0]
	schema: {
		spec: {
			// The scope where these policies should apply
			scope: #ResourceRef

			// The role that must apply this policy 
			role: #RoleRef

			// The set of rules to apply.  Note that * is required to modify
			// access policy rules, and that "none" will reject all actions
			rules: [...#AccessRule]
		} @cuetsy(kind="interface")

		#RoleRef: {
			// Policies can apply to roles, teams, or users
			// Applying policies to individual users is supported, but discouraged
			kind:  "Role" | "BuiltinRole" | "Team" | "User"
			name:  string
			xname: string // temporary
		} @cuetsy(kind="interface")

		#ResourceRef: {
			kind: string // explicit resource or folder will cascade
			name: string
		} @cuetsy(kind="interface")

		#AccessRule: {
			// The kind this rule applies to (dashboards, alert, etc)
			kind: "*" | string

			// READ, WRITE, CREATE, DELETE, ...
			// should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete" 
			verb: "*" | "none" | string

			// Specific sub-elements like "alert.rules" or "dashboard.permissions"????
			target?: string
		} @cuetsy(kind="interface")
	}
},
]
Schema: Add schema for role+access policies (#68047) 2023-05-24 12:31:57 -05:00			`package kind`

			`name: "AccessPolicy"`
			`maturity: "merged"`
			`description: "Access rules for a scope+role. NOTE there is a unique constraint on role+scope"`
			`pluralName: "AccessPolicies"`
			`machineName: "accesspolicy"`
			`pluralMachineName: "accesspolicies"`

			`lineage: schemas: [{`
			`version: [0, 0]`
			`schema: {`
			`spec: {`
			`// The scope where these policies should apply`
			`scope: #ResourceRef`

			`// The role that must apply this policy`
			`role: #RoleRef`

			`// The set of rules to apply. Note that * is required to modify`
			`// access policy rules, and that "none" will reject all actions`
			`rules: [...#AccessRule]`
			`} @cuetsy(kind="interface")`

			`#RoleRef: {`
			`// Policies can apply to roles, teams, or users`
			`// Applying policies to individual users is supported, but discouraged`
			`kind: "Role" \| "BuiltinRole" \| "Team" \| "User"`
			`name: string`
			`xname: string // temporary`
			`} @cuetsy(kind="interface")`

			`#ResourceRef: {`
			`kind: string // explicit resource or folder will cascade`
			`name: string`
			`} @cuetsy(kind="interface")`

			`#AccessRule: {`
Docs/k8s install update (#72567) * added before you begin section * just syncing up * added namespace and yaml mainfest sections * started the managed k8s section * added external-ip section * added minikube instructions * added deployment rollout section * added rolling update section * added rollback stratgety section * added the logging section * fixed many typos * Update docs/sources/setup-grafana/installation/kubernetes/index.md * Update docs/sources/setup-grafana/installation/kubernetes/index.md * Update docs/sources/setup-grafana/installation/kubernetes/index.md * Update docs/sources/setup-grafana/installation/kubernetes/index.md * Update docs/sources/setup-grafana/installation/kubernetes/index.md * adjust codeblock spacing * adjusts steps * copy edit throughout * Apply suggestions from code review * more copy edit, updates links * fixed minor typos * Apply suggestions from code review Co-authored-by: Clayton Cornell <131809008+clayton-cornell@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * explained the dry-run example * Move .codespellignore out of Drone so that technical writers can modify it Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Fix spelling errors Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Add .codespellignore CODEOWNER Signed-off-by: Jack Baldry <jack.baldry@grafana.com> --------- Signed-off-by: Jack Baldry <jack.baldry@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Chris Moyer <chris.moyer@grafana.com> Co-authored-by: Clayton Cornell <131809008+clayton-cornell@users.noreply.github.com> Co-authored-by: Jack Baldry <jack.baldry@grafana.com> 2023-08-03 08:53:13 -05:00			`// The kind this rule applies to (dashboards, alert, etc)`
Schema: Add schema for role+access policies (#68047) 2023-05-24 12:31:57 -05:00			`kind: "*" \| string`

			`// READ, WRITE, CREATE, DELETE, ...`
			`// should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete"`
			`verb: "*" \| "none" \| string`

			`// Specific sub-elements like "alert.rules" or "dashboard.permissions"????`
			`target?: string`
			`} @cuetsy(kind="interface")`
			`}`
			`},`
			`]`