IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Authz/Schema: Remove unused stub cue definitions (#100387)

Browse Source
This commit is contained in:
Ryan McKinley 2025-02-11 15:24:11 +03:00 committed by GitHub
parent 6ee3c71ffe
commit e3cb73301e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
22 changed files with 0 additions and 1188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
kinds/accesspolicy/access_policy_kind.cue
View File

@ -1,51 +0,0 @@
package kind
name: "AccessPolicy"
maturity: "merged"
description: "Access rules for a scope+role. NOTE there is a unique constraint on role+scope"
pluralName: "AccessPolicies"
machineName: "accesspolicy"
pluralMachineName: "accesspolicies"
lineage: schemas: [{
version: [0, 0]
schema: {
spec: {
// The scope where these policies should apply
scope: #ResourceRef
// The role that must apply this policy
role: #RoleRef
// The set of rules to apply. Note that * is required to modify
// access policy rules, and that "none" will reject all actions
rules: [...#AccessRule]
} @cuetsy(kind="interface")
#RoleRef: {
// Policies can apply to roles, teams, or users
// Applying policies to individual users is supported, but discouraged
kind: "Role" | "BuiltinRole" | "Team" | "User"
name: string
xname: string // temporary
} @cuetsy(kind="interface")
#ResourceRef: {
kind: string // explicit resource or folder will cascade
name: string
} @cuetsy(kind="interface")
#AccessRule: {
// The kind this rule applies to (dashboards, alert, etc)
kind: "*" | string
// READ, WRITE, CREATE, DELETE, ...
// should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete"
verb: "*" | "none" | string
// Specific sub-elements like "alert.rules" or "dashboard.permissions"????
target?: string
} @cuetsy(kind="interface")
}
},
]

25
kinds/role/role_kind.cue
View File

@ -1,25 +0,0 @@
package kind
name: "Role"
maturity: "merged"
description: "Roles represent a set of users+teams that should share similar access"
lineage: schemas: [{
version: [0, 0]
schema: {
spec: {
// The role identifier `managed:builtins:editor:permissions`
name: string
// Optional display
displayName?: string
// Name of the team.
groupName?: string
// Role description
description?: string
// Do not show this role
hidden: bool | false
} @cuetsy(kind="interface")
}
},
]

36
kinds/rolebinding/role_binding_kind.cue
View File

@ -1,36 +0,0 @@
package kind
name: "RoleBinding"
maturity: "merged"
description: "Role bindings links a user|team to a configured role"
lineage: schemas: [{
version: [0, 0]
schema: {
spec: {
// The role we are discussing
role: #BuiltinRoleRef | #CustomRoleRef
// The team or user that has the specified role
subject: #RoleBindingSubject
} @cuetsy(kind="interface")
#CustomRoleRef: {
kind: "Role"
name: string
} @cuetsy(kind="interface")
#BuiltinRoleRef: {
kind: "BuiltinRole"
name: "viewer" | "editor" | "admin"
} @cuetsy(kind="interface")
#RoleBindingSubject: {
kind: "Team" | "User"
// The team/user identifier name
name: string
} @cuetsy(kind="interface")
}
},
]

22
packages/grafana-schema/src/index.gen.ts
View File

@ -7,17 +7,6 @@
//
// Run 'make gen-cue' from repository root to regenerate.
// Raw generated types from AccessPolicy kind.
export type {
AccessPolicy,
RoleRef,
ResourceRef,
AccessRule
} from './raw/accesspolicy/x/accesspolicy_types.gen';
// Raw generated enums and default consts from accesspolicy kind.
export { defaultAccessPolicy } from './raw/accesspolicy/x/accesspolicy_types.gen';
// Raw generated types from Dashboard kind.
export type {
AnnotationTarget,
@ -135,14 +124,3 @@ export { defaultNavbarPreference } from './raw/preferences/x/preferences_types.g
// Raw generated types from PublicDashboard kind.
export type { PublicDashboard } from './raw/publicdashboard/x/publicdashboard_types.gen';
// Raw generated types from Role kind.
export type { Role } from './raw/role/x/role_types.gen';
// Raw generated types from RoleBinding kind.
export type {
RoleBinding,
CustomRoleRef,
BuiltinRoleRef,
RoleBindingSubject
} from './raw/rolebinding/x/rolebinding_types.gen';

60
packages/grafana-schema/src/raw/accesspolicy/x/accesspolicy_types.gen.ts
View File

@ -1,60 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// TSTypesJenny
// LatestMajorsOrXJenny
//
// Run 'make gen-cue' from repository root to regenerate.
export interface RoleRef {
/**
* Policies can apply to roles, teams, or users
* Applying policies to individual users is supported, but discouraged
*/
kind: ('Role' | 'BuiltinRole' | 'Team' | 'User');
name: string;
xname: string; // temporary
}
export interface ResourceRef {
kind: string; // explicit resource or folder will cascade
name: string;
}
export interface AccessRule {
/**
* The kind this rule applies to (dashboards, alert, etc)
*/
kind: ('*' | string);
/**
* Specific sub-elements like "alert.rules" or "dashboard.permissions"????
*/
target?: string;
/**
* READ, WRITE, CREATE, DELETE, ...
* should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete"
*/
verb: ('*' | 'none' | string);
}
export interface AccessPolicy {
/**
* The role that must apply this policy
*/
role: RoleRef;
/**
* The set of rules to apply. Note that * is required to modify
* access policy rules, and that "none" will reject all actions
*/
rules: Array<AccessRule>;
/**
* The scope where these policies should apply
*/
scope: ResourceRef;
}
export const defaultAccessPolicy: Partial<AccessPolicy> = {
rules: [],
};

32
packages/grafana-schema/src/raw/role/x/role_types.gen.ts
View File

@ -1,32 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// TSTypesJenny
// LatestMajorsOrXJenny
//
// Run 'make gen-cue' from repository root to regenerate.
export interface Role {
/**
* Role description
*/
description?: string;
/**
* Optional display
*/
displayName?: string;
/**
* Name of the team.
*/
groupName?: string;
/**
* Do not show this role
*/
hidden: (boolean | false);
/**
* The role identifier `managed:builtins:editor:permissions`
*/
name: string;
}

38
packages/grafana-schema/src/raw/rolebinding/x/rolebinding_types.gen.ts
View File

@ -1,38 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// TSTypesJenny
// LatestMajorsOrXJenny
//
// Run 'make gen-cue' from repository root to regenerate.
export interface CustomRoleRef {
kind: 'Role';
name: string;
}
export interface BuiltinRoleRef {
kind: 'BuiltinRole';
name: ('viewer' | 'editor' | 'admin');
}
export interface RoleBindingSubject {
kind: ('Team' | 'User');
/**
* The team/user identifier name
*/
name: string;
}
export interface RoleBinding {
/**
* The role we are discussing
*/
role: (BuiltinRoleRef | CustomRoleRef);
/**
* The team or user that has the specified role
*/
subject: RoleBindingSubject;
}

43
pkg/kinds/accesspolicy/accesspolicy_gen.go
View File

@ -1,43 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// K8ResourcesJenny
//
// Run 'make gen-cue' from repository root to regenerate.
package accesspolicy
import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/grafana/grafana/pkg/kinds"
)
// Resource is the kubernetes style representation of AccessPolicy. (TODO be better)
type K8sResource = kinds.GrafanaResource[Spec, Status]
// NewResource creates a new instance of the resource with a given name (UID)
func NewK8sResource(name string, s *Spec) K8sResource {
return K8sResource{
TypeMeta: v1.TypeMeta{
Kind: "AccessPolicy",
APIVersion: "v0-0-alpha",
},
ObjectMeta: v1.ObjectMeta{
Name: name,
Annotations: make(map[string]string),
Labels: make(map[string]string),
},
Spec: s,
}
}
// Resource is the wire representation of AccessPolicy.
// It currently will soon be merged into the k8s flavor (TODO be better)
type Resource struct {
Metadata Metadata `json:"metadata"`
Spec Spec `json:"spec"`
Status Status `json:"status"`
}

42
pkg/kinds/accesspolicy/accesspolicy_metadata_gen.go
View File

@ -1,42 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// K8ResourcesJenny
//
// Run 'make gen-cue' from repository root to regenerate.
package accesspolicy
import (
"time"
)
// Metadata defines model for Metadata.
type Metadata struct {
CreatedBy string `json:"createdBy"`
CreationTimestamp time.Time `json:"creationTimestamp"`
DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"`
// extraFields is reserved for any fields that are pulled from the API server metadata but do not have concrete fields in the CUE metadata
ExtraFields map[string]any `json:"extraFields"`
Finalizers []string `json:"finalizers"`
Labels map[string]string `json:"labels"`
ResourceVersion string `json:"resourceVersion"`
Uid string `json:"uid"`
UpdateTimestamp time.Time `json:"updateTimestamp"`
UpdatedBy string `json:"updatedBy"`
}
// _kubeObjectMetadata is metadata found in a kubernetes object's metadata field.
// It is not exhaustive and only includes fields which may be relevant to a kind's implementation,
// As it is also intended to be generic enough to function with any API Server.
type KubeObjectMetadata struct {
CreationTimestamp time.Time `json:"creationTimestamp"`
DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"`
Finalizers []string `json:"finalizers"`
Labels map[string]string `json:"labels"`
ResourceVersion string `json:"resourceVersion"`
Uid string `json:"uid"`
}

79
pkg/kinds/accesspolicy/accesspolicy_spec_gen.go
View File

@ -1,79 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// GoResourceTypes
//
// Run 'make gen-cue' from repository root to regenerate.
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
package accesspolicy
type ResourceRef struct {
// explicit resource or folder will cascade
Kind string `json:"kind"`
Name string `json:"name"`
}
// NewResourceRef creates a new ResourceRef object.
func NewResourceRef() *ResourceRef {
return &ResourceRef{}
}
type RoleRef struct {
// Policies can apply to roles, teams, or users
// Applying policies to individual users is supported, but discouraged
Kind RoleRefKind `json:"kind"`
Name string `json:"name"`
// temporary
Xname string `json:"xname"`
}
// NewRoleRef creates a new RoleRef object.
func NewRoleRef() *RoleRef {
return &RoleRef{}
}
type AccessRule struct {
// The kind this rule applies to (dashboards, alert, etc)
Kind string `json:"kind"`
// READ, WRITE, CREATE, DELETE, ...
// should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete"
Verb string `json:"verb"`
// Specific sub-elements like "alert.rules" or "dashboard.permissions"????
Target *string `json:"target,omitempty"`
}
// NewAccessRule creates a new AccessRule object.
func NewAccessRule() *AccessRule {
return &AccessRule{}
}
type Spec struct {
// The scope where these policies should apply
Scope ResourceRef `json:"scope"`
// The role that must apply this policy
Role RoleRef `json:"role"`
// The set of rules to apply. Note that * is required to modify
// access policy rules, and that "none" will reject all actions
Rules []AccessRule `json:"rules"`
}
// NewSpec creates a new Spec object.
func NewSpec() *Spec {
return &Spec{
Scope: *NewResourceRef(),
Role: *NewRoleRef(),
}
}
type RoleRefKind string
const (
RoleRefKindRole RoleRefKind = "Role"
RoleRefKindBuiltinRole RoleRefKind = "BuiltinRole"
RoleRefKindTeam RoleRefKind = "Team"
RoleRefKindUser RoleRefKind = "User"
)

74
pkg/kinds/accesspolicy/accesspolicy_status_gen.go
View File

@ -1,74 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// K8ResourcesJenny
//
// Run 'make gen-cue' from repository root to regenerate.
package accesspolicy
// Defines values for OperatorStateState.
const (
OperatorStateStateFailed OperatorStateState = "failed"
OperatorStateStateInProgress OperatorStateState = "in_progress"
OperatorStateStateSuccess OperatorStateState = "success"
)
// Defines values for StatusOperatorStateState.
const (
StatusOperatorStateStateFailed StatusOperatorStateState = "failed"
StatusOperatorStateStateInProgress StatusOperatorStateState = "in_progress"
StatusOperatorStateStateSuccess StatusOperatorStateState = "success"
)
// OperatorState defines model for OperatorState.
type OperatorState struct {
// descriptiveState is an optional more descriptive state field which has no requirements on format
DescriptiveState *string `json:"descriptiveState,omitempty"`
// details contains any extra information that is operator-specific
Details map[string]any `json:"details,omitempty"`
// lastEvaluation is the ResourceVersion last evaluated
LastEvaluation string `json:"lastEvaluation"`
// state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
State OperatorStateState `json:"state"`
}
// OperatorStateState state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
type OperatorStateState string
// Status defines model for Status.
type Status struct {
// additionalFields is reserved for future use
AdditionalFields map[string]any `json:"additionalFields,omitempty"`
// operatorStates is a map of operator ID to operator state evaluations.
// Any operator which consumes this kind SHOULD add its state evaluation information to this field.
OperatorStates map[string]StatusOperatorState `json:"operatorStates,omitempty"`
}
// StatusOperatorState defines model for status.#OperatorState.
type StatusOperatorState struct {
// descriptiveState is an optional more descriptive state field which has no requirements on format
DescriptiveState *string `json:"descriptiveState,omitempty"`
// details contains any extra information that is operator-specific
Details map[string]any `json:"details,omitempty"`
// lastEvaluation is the ResourceVersion last evaluated
LastEvaluation string `json:"lastEvaluation"`
// state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
State StatusOperatorStateState `json:"state"`
}
// StatusOperatorStateState state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
type StatusOperatorStateState string

99
pkg/kinds/accesspolicy/utils.go
View File

@ -1,99 +0,0 @@
package accesspolicy
import (
"sort"
"github.com/grafana/grafana/pkg/util"
)
const PermissionsTarget = "permissions"
const AllowAll = "*"
const AllowNone = "none"
func ReduceRules(rules []AccessRule) []AccessRule {
type verbs struct {
Verb map[string][]string
Terminal string
}
kinds := make(map[string]*verbs)
for _, rule := range rules {
if rule.Kind == "" || rule.Verb == "" {
continue // invalid
}
// flip write permission to *
if rule.Target != nil && *rule.Target == PermissionsTarget {
if rule.Verb == "write" {
rule.Verb = AllowAll
}
}
kind, ok := kinds[rule.Kind]
if !ok {
kind = &verbs{
Verb: make(map[string][]string),
}
kinds[rule.Kind] = kind
}
terminal := rule.Verb == AllowAll || rule.Verb == AllowNone
if terminal {
if rule.Kind == AllowAll {
return []AccessRule{rule}
}
kind.Terminal = rule.Verb
} else if kind.Terminal == "" {
targets, ok := kind.Verb[rule.Verb]
if !ok {
targets = []string{}
}
if rule.Target != nil && !contains(targets, *rule.Target) {
targets = append(targets, *rule.Target)
sort.Strings(targets)
}
kind.Verb[rule.Verb] = targets
}
}
results := make([]AccessRule, 0)
for _, kind := range getSortedKeys(kinds) {
verb := kinds[kind]
if verb.Terminal != "" {
results = append(results, AccessRule{Kind: kind, Verb: verb.Terminal})
} else {
for _, v := range getSortedKeys(verb.Verb) {
targets := verb.Verb[v]
if len(targets) == 0 {
results = append(results, AccessRule{Kind: kind, Verb: v})
} else {
for _, t := range targets {
results = append(results, AccessRule{
Kind: kind,
Verb: v,
Target: util.Pointer(t),
})
}
}
}
}
}
return results
}
func getSortedKeys[T any](vals map[string]T) []string {
keys := make([]string, 0, len(vals))
for k := range vals {
keys = append(keys, k)
}
sort.Strings(keys)
return keys
}
func contains[T comparable](s []T, e T) bool {
for _, v := range s {
if v == e {
return true
}
}
return false
}

68
pkg/kinds/accesspolicy/utils_test.go
View File

@ -1,68 +0,0 @@
package accesspolicy
import (
"encoding/json"
"fmt"
"testing"
"github.com/grafana/grafana/pkg/util"
"github.com/stretchr/testify/require"
)
func TestRuleReducer(t *testing.T) {
t.Run("Check write pointer becomes star", func(t *testing.T) {
rules := ReduceRules([]AccessRule{
{Kind: "dashboard", Verb: "read"},
{Kind: "dashboard", Verb: "write", Target: util.Pointer("permissions")},
{Kind: "dashboard", Verb: "read"},
})
require.Len(t, rules, 1)
require.Equal(t, rules[0], AccessRule{Kind: "dashboard", Verb: "*"})
})
t.Run("Check sort", func(t *testing.T) {
rules := ReduceRules([]AccessRule{
{Kind: "x", Verb: "b"},
{Kind: "x", Verb: "a"},
{Kind: "x", Verb: "a"}, // ignore duplicates
{Kind: "x", Verb: "a"}, // ignore duplicates
{Kind: "x", Verb: "a"}, // ignore duplicates
{Kind: "x", Verb: "a"},
{Kind: "z", Verb: "b"},
{Kind: "AAA", Verb: ""}, // ignore
{Kind: "", Verb: "XXX"}, // ignore
{Kind: "z", Verb: "a"},
{Kind: "y", Verb: "b"},
{Kind: "y", Verb: "a"},
})
out, err := json.MarshalIndent(rules, "", " ")
fmt.Printf("%s", string(out))
require.NoError(t, err)
require.JSONEq(t, `[
{
"kind": "x",
"verb": "a"
},
{
"kind": "x",
"verb": "b"
},
{
"kind": "y",
"verb": "a"
},
{
"kind": "y",
"verb": "b"
},
{
"kind": "z",
"verb": "a"
},
{
"kind": "z",
"verb": "b"
}
]`, string(out))
})
}

43
pkg/kinds/role/role_gen.go
View File

@ -1,43 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// K8ResourcesJenny
//
// Run 'make gen-cue' from repository root to regenerate.
package role
import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/grafana/grafana/pkg/kinds"
)
// Resource is the kubernetes style representation of Role. (TODO be better)
type K8sResource = kinds.GrafanaResource[Spec, Status]
// NewResource creates a new instance of the resource with a given name (UID)
func NewK8sResource(name string, s *Spec) K8sResource {
return K8sResource{
TypeMeta: v1.TypeMeta{
Kind: "Role",
APIVersion: "v0-0-alpha",
},
ObjectMeta: v1.ObjectMeta{
Name: name,
Annotations: make(map[string]string),
Labels: make(map[string]string),
},
Spec: s,
}
}
// Resource is the wire representation of Role.
// It currently will soon be merged into the k8s flavor (TODO be better)
type Resource struct {
Metadata Metadata `json:"metadata"`
Spec Spec `json:"spec"`
Status Status `json:"status"`
}

42
pkg/kinds/role/role_metadata_gen.go
View File

@ -1,42 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// K8ResourcesJenny
//
// Run 'make gen-cue' from repository root to regenerate.
package role
import (
"time"
)
// Metadata defines model for Metadata.
type Metadata struct {
CreatedBy string `json:"createdBy"`
CreationTimestamp time.Time `json:"creationTimestamp"`
DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"`
// extraFields is reserved for any fields that are pulled from the API server metadata but do not have concrete fields in the CUE metadata
ExtraFields map[string]any `json:"extraFields"`
Finalizers []string `json:"finalizers"`
Labels map[string]string `json:"labels"`
ResourceVersion string `json:"resourceVersion"`
Uid string `json:"uid"`
UpdateTimestamp time.Time `json:"updateTimestamp"`
UpdatedBy string `json:"updatedBy"`
}
// _kubeObjectMetadata is metadata found in a kubernetes object's metadata field.
// It is not exhaustive and only includes fields which may be relevant to a kind's implementation,
// As it is also intended to be generic enough to function with any API Server.
type KubeObjectMetadata struct {
CreationTimestamp time.Time `json:"creationTimestamp"`
DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"`
Finalizers []string `json:"finalizers"`
Labels map[string]string `json:"labels"`
ResourceVersion string `json:"resourceVersion"`
Uid string `json:"uid"`
}

30
pkg/kinds/role/role_spec_gen.go
View File

@ -1,30 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// GoResourceTypes
//
// Run 'make gen-cue' from repository root to regenerate.
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
package role
type Spec struct {
// The role identifier `managed:builtins:editor:permissions`
Name string `json:"name"`
// Optional display
DisplayName *string `json:"displayName,omitempty"`
// Name of the team.
GroupName *string `json:"groupName,omitempty"`
// Role description
Description *string `json:"description,omitempty"`
// Do not show this role
Hidden bool `json:"hidden"`
}
// NewSpec creates a new Spec object.
func NewSpec() *Spec {
return &Spec{}
}

74
pkg/kinds/role/role_status_gen.go
View File

@ -1,74 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// K8ResourcesJenny
//
// Run 'make gen-cue' from repository root to regenerate.
package role
// Defines values for OperatorStateState.
const (
OperatorStateStateFailed OperatorStateState = "failed"
OperatorStateStateInProgress OperatorStateState = "in_progress"
OperatorStateStateSuccess OperatorStateState = "success"
)
// Defines values for StatusOperatorStateState.
const (
StatusOperatorStateStateFailed StatusOperatorStateState = "failed"
StatusOperatorStateStateInProgress StatusOperatorStateState = "in_progress"
StatusOperatorStateStateSuccess StatusOperatorStateState = "success"
)
// OperatorState defines model for OperatorState.
type OperatorState struct {
// descriptiveState is an optional more descriptive state field which has no requirements on format
DescriptiveState *string `json:"descriptiveState,omitempty"`
// details contains any extra information that is operator-specific
Details map[string]any `json:"details,omitempty"`
// lastEvaluation is the ResourceVersion last evaluated
LastEvaluation string `json:"lastEvaluation"`
// state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
State OperatorStateState `json:"state"`
}
// OperatorStateState state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
type OperatorStateState string
// Status defines model for Status.
type Status struct {
// additionalFields is reserved for future use
AdditionalFields map[string]any `json:"additionalFields,omitempty"`
// operatorStates is a map of operator ID to operator state evaluations.
// Any operator which consumes this kind SHOULD add its state evaluation information to this field.
OperatorStates map[string]StatusOperatorState `json:"operatorStates,omitempty"`
}
// StatusOperatorState defines model for status.#OperatorState.
type StatusOperatorState struct {
// descriptiveState is an optional more descriptive state field which has no requirements on format
DescriptiveState *string `json:"descriptiveState,omitempty"`
// details contains any extra information that is operator-specific
Details map[string]any `json:"details,omitempty"`
// lastEvaluation is the ResourceVersion last evaluated
LastEvaluation string `json:"lastEvaluation"`
// state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
State StatusOperatorStateState `json:"state"`
}
// StatusOperatorStateState state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
type StatusOperatorStateState string

43
pkg/kinds/rolebinding/rolebinding_gen.go
View File

@ -1,43 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// K8ResourcesJenny
//
// Run 'make gen-cue' from repository root to regenerate.
package rolebinding
import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/grafana/grafana/pkg/kinds"
)
// Resource is the kubernetes style representation of RoleBinding. (TODO be better)
type K8sResource = kinds.GrafanaResource[Spec, Status]
// NewResource creates a new instance of the resource with a given name (UID)
func NewK8sResource(name string, s *Spec) K8sResource {
return K8sResource{
TypeMeta: v1.TypeMeta{
Kind: "RoleBinding",
APIVersion: "v0-0-alpha",
},
ObjectMeta: v1.ObjectMeta{
Name: name,
Annotations: make(map[string]string),
Labels: make(map[string]string),
},
Spec: s,
}
}
// Resource is the wire representation of RoleBinding.
// It currently will soon be merged into the k8s flavor (TODO be better)
type Resource struct {
Metadata Metadata `json:"metadata"`
Spec Spec `json:"spec"`
Status Status `json:"status"`
}

42
pkg/kinds/rolebinding/rolebinding_metadata_gen.go
View File

@ -1,42 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// K8ResourcesJenny
//
// Run 'make gen-cue' from repository root to regenerate.
package rolebinding
import (
"time"
)
// Metadata defines model for Metadata.
type Metadata struct {
CreatedBy string `json:"createdBy"`
CreationTimestamp time.Time `json:"creationTimestamp"`
DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"`
// extraFields is reserved for any fields that are pulled from the API server metadata but do not have concrete fields in the CUE metadata
ExtraFields map[string]any `json:"extraFields"`
Finalizers []string `json:"finalizers"`
Labels map[string]string `json:"labels"`
ResourceVersion string `json:"resourceVersion"`
Uid string `json:"uid"`
UpdateTimestamp time.Time `json:"updateTimestamp"`
UpdatedBy string `json:"updatedBy"`
}
// _kubeObjectMetadata is metadata found in a kubernetes object's metadata field.
// It is not exhaustive and only includes fields which may be relevant to a kind's implementation,
// As it is also intended to be generic enough to function with any API Server.
type KubeObjectMetadata struct {
CreationTimestamp time.Time `json:"creationTimestamp"`
DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"`
Finalizers []string `json:"finalizers"`
Labels map[string]string `json:"labels"`
ResourceVersion string `json:"resourceVersion"`
Uid string `json:"uid"`
}

144
pkg/kinds/rolebinding/rolebinding_spec_gen.go
View File

@ -1,144 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// GoResourceTypes
//
// Run 'make gen-cue' from repository root to regenerate.
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
package rolebinding
import (
json "encoding/json"
errors "errors"
fmt "fmt"
)
type BuiltinRoleRef struct {
Kind string `json:"kind"`
Name BuiltinRoleRefName `json:"name"`
}
// NewBuiltinRoleRef creates a new BuiltinRoleRef object.
func NewBuiltinRoleRef() *BuiltinRoleRef {
return &BuiltinRoleRef{
Kind: "BuiltinRole",
}
}
type CustomRoleRef struct {
Kind string `json:"kind"`
Name string `json:"name"`
}
// NewCustomRoleRef creates a new CustomRoleRef object.
func NewCustomRoleRef() *CustomRoleRef {
return &CustomRoleRef{
Kind: "Role",
}
}
type RoleBindingSubject struct {
Kind RoleBindingSubjectKind `json:"kind"`
// The team/user identifier name
Name string `json:"name"`
}
// NewRoleBindingSubject creates a new RoleBindingSubject object.
func NewRoleBindingSubject() *RoleBindingSubject {
return &RoleBindingSubject{}
}
type Spec struct {
// The role we are discussing
Role BuiltinRoleRefOrCustomRoleRef `json:"role"`
// The team or user that has the specified role
Subject RoleBindingSubject `json:"subject"`
}
// NewSpec creates a new Spec object.
func NewSpec() *Spec {
return &Spec{
Role: *NewBuiltinRoleRefOrCustomRoleRef(),
Subject: *NewRoleBindingSubject(),
}
}
type BuiltinRoleRefName string
const (
BuiltinRoleRefNameViewer BuiltinRoleRefName = "viewer"
BuiltinRoleRefNameEditor BuiltinRoleRefName = "editor"
BuiltinRoleRefNameAdmin BuiltinRoleRefName = "admin"
)
type RoleBindingSubjectKind string
const (
RoleBindingSubjectKindTeam RoleBindingSubjectKind = "Team"
RoleBindingSubjectKindUser RoleBindingSubjectKind = "User"
)
type BuiltinRoleRefOrCustomRoleRef struct {
BuiltinRoleRef *BuiltinRoleRef `json:"BuiltinRoleRef,omitempty"`
CustomRoleRef *CustomRoleRef `json:"CustomRoleRef,omitempty"`
}
// NewBuiltinRoleRefOrCustomRoleRef creates a new BuiltinRoleRefOrCustomRoleRef object.
func NewBuiltinRoleRefOrCustomRoleRef() *BuiltinRoleRefOrCustomRoleRef {
return &BuiltinRoleRefOrCustomRoleRef{}
}
// MarshalJSON implements a custom JSON marshalling logic to encode `BuiltinRoleRefOrCustomRoleRef` as JSON.
func (resource BuiltinRoleRefOrCustomRoleRef) MarshalJSON() ([]byte, error) {
if resource.BuiltinRoleRef != nil {
return json.Marshal(resource.BuiltinRoleRef)
}
if resource.CustomRoleRef != nil {
return json.Marshal(resource.CustomRoleRef)
}
return nil, fmt.Errorf("no value for disjunction of refs")
}
// UnmarshalJSON implements a custom JSON unmarshalling logic to decode `BuiltinRoleRefOrCustomRoleRef` from JSON.
func (resource *BuiltinRoleRefOrCustomRoleRef) UnmarshalJSON(raw []byte) error {
if raw == nil {
return nil
}
// FIXME: this is wasteful, we need to find a more efficient way to unmarshal this.
parsedAsMap := make(map[string]any)
if err := json.Unmarshal(raw, &parsedAsMap); err != nil {
return err
}
discriminator, found := parsedAsMap["kind"]
if !found {
return errors.New("discriminator field 'kind' not found in payload")
}
switch discriminator {
case "BuiltinRole":
var builtinRoleRef BuiltinRoleRef
if err := json.Unmarshal(raw, &builtinRoleRef); err != nil {
return err
}
resource.BuiltinRoleRef = &builtinRoleRef
return nil
case "Role":
var customRoleRef CustomRoleRef
if err := json.Unmarshal(raw, &customRoleRef); err != nil {
return err
}
resource.CustomRoleRef = &customRoleRef
return nil
}
return fmt.Errorf("could not unmarshal resource with `kind = %v`", discriminator)
}

74
pkg/kinds/rolebinding/rolebinding_status_gen.go
View File

@ -1,74 +0,0 @@
// Code generated - EDITING IS FUTILE. DO NOT EDIT.
//
// Generated by:
// kinds/gen.go
// Using jennies:
// K8ResourcesJenny
//
// Run 'make gen-cue' from repository root to regenerate.
package rolebinding
// Defines values for OperatorStateState.
const (
OperatorStateStateFailed OperatorStateState = "failed"
OperatorStateStateInProgress OperatorStateState = "in_progress"
OperatorStateStateSuccess OperatorStateState = "success"
)
// Defines values for StatusOperatorStateState.
const (
StatusOperatorStateStateFailed StatusOperatorStateState = "failed"
StatusOperatorStateStateInProgress StatusOperatorStateState = "in_progress"
StatusOperatorStateStateSuccess StatusOperatorStateState = "success"
)
// OperatorState defines model for OperatorState.
type OperatorState struct {
// descriptiveState is an optional more descriptive state field which has no requirements on format
DescriptiveState *string `json:"descriptiveState,omitempty"`
// details contains any extra information that is operator-specific
Details map[string]any `json:"details,omitempty"`
// lastEvaluation is the ResourceVersion last evaluated
LastEvaluation string `json:"lastEvaluation"`
// state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
State OperatorStateState `json:"state"`
}
// OperatorStateState state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
type OperatorStateState string
// Status defines model for Status.
type Status struct {
// additionalFields is reserved for future use
AdditionalFields map[string]any `json:"additionalFields,omitempty"`
// operatorStates is a map of operator ID to operator state evaluations.
// Any operator which consumes this kind SHOULD add its state evaluation information to this field.
OperatorStates map[string]StatusOperatorState `json:"operatorStates,omitempty"`
}
// StatusOperatorState defines model for status.#OperatorState.
type StatusOperatorState struct {
// descriptiveState is an optional more descriptive state field which has no requirements on format
DescriptiveState *string `json:"descriptiveState,omitempty"`
// details contains any extra information that is operator-specific
Details map[string]any `json:"details,omitempty"`
// lastEvaluation is the ResourceVersion last evaluated
LastEvaluation string `json:"lastEvaluation"`
// state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
State StatusOperatorStateState `json:"state"`
}
// StatusOperatorStateState state describes the state of the lastEvaluation.
// It is limited to three possible states for machine evaluation.
type StatusOperatorStateState string

27
pkg/registry/schemas/core_kind.go
View File

@ -30,15 +30,6 @@ func GetCoreKinds() ([]CoreKind, error) {
_, caller, _, _ := runtime.Caller(0)
root := filepath.Join(caller, "../../../..")
accesspolicyCue, err := loadCueFile(ctx, filepath.Join(root, "./kinds/accesspolicy/access_policy_kind.cue"))
if err != nil {
return nil, err
}
kinds = append(kinds, CoreKind{
Name: "accesspolicy",
CueFile: accesspolicyCue,
})
dashboardCue, err := loadCueFile(ctx, filepath.Join(root, "./kinds/dashboard/dashboard_kind.cue"))
if err != nil {
return nil, err
@ -75,24 +66,6 @@ func GetCoreKinds() ([]CoreKind, error) {
CueFile: publicdashboardCue,
})
roleCue, err := loadCueFile(ctx, filepath.Join(root, "./kinds/role/role_kind.cue"))
if err != nil {
return nil, err
}
kinds = append(kinds, CoreKind{
Name: "role",
CueFile: roleCue,
})
rolebindingCue, err := loadCueFile(ctx, filepath.Join(root, "./kinds/rolebinding/role_binding_kind.cue"))
if err != nil {
return nil, err
}
kinds = append(kinds, CoreKind{
Name: "rolebinding",
CueFile: rolebindingCue,
})
return kinds, nil
}