mirror of
https://github.com/grafana/grafana.git
synced 2024-12-01 21:19:28 -06:00
b1fd399c10
* added before you begin section * just syncing up * added namespace and yaml mainfest sections * started the managed k8s section * added external-ip section * added minikube instructions * added deployment rollout section * added rolling update section * added rollback stratgety section * added the logging section * fixed many typos * Update docs/sources/setup-grafana/installation/kubernetes/index.md * Update docs/sources/setup-grafana/installation/kubernetes/index.md * Update docs/sources/setup-grafana/installation/kubernetes/index.md * Update docs/sources/setup-grafana/installation/kubernetes/index.md * Update docs/sources/setup-grafana/installation/kubernetes/index.md * adjust codeblock spacing * adjusts steps * copy edit throughout * Apply suggestions from code review * more copy edit, updates links * fixed minor typos * Apply suggestions from code review Co-authored-by: Clayton Cornell <131809008+clayton-cornell@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * explained the dry-run example * Move .codespellignore out of Drone so that technical writers can modify it Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Fix spelling errors Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Add .codespellignore CODEOWNER Signed-off-by: Jack Baldry <jack.baldry@grafana.com> --------- Signed-off-by: Jack Baldry <jack.baldry@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Chris Moyer <chris.moyer@grafana.com> Co-authored-by: Clayton Cornell <131809008+clayton-cornell@users.noreply.github.com> Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
52 lines
1.4 KiB
CUE
52 lines
1.4 KiB
CUE
package kind
|
|
|
|
name: "AccessPolicy"
|
|
maturity: "merged"
|
|
description: "Access rules for a scope+role. NOTE there is a unique constraint on role+scope"
|
|
pluralName: "AccessPolicies"
|
|
machineName: "accesspolicy"
|
|
pluralMachineName: "accesspolicies"
|
|
|
|
lineage: schemas: [{
|
|
version: [0, 0]
|
|
schema: {
|
|
spec: {
|
|
// The scope where these policies should apply
|
|
scope: #ResourceRef
|
|
|
|
// The role that must apply this policy
|
|
role: #RoleRef
|
|
|
|
// The set of rules to apply. Note that * is required to modify
|
|
// access policy rules, and that "none" will reject all actions
|
|
rules: [...#AccessRule]
|
|
} @cuetsy(kind="interface")
|
|
|
|
#RoleRef: {
|
|
// Policies can apply to roles, teams, or users
|
|
// Applying policies to individual users is supported, but discouraged
|
|
kind: "Role" | "BuiltinRole" | "Team" | "User"
|
|
name: string
|
|
xname: string // temporary
|
|
} @cuetsy(kind="interface")
|
|
|
|
#ResourceRef: {
|
|
kind: string // explicit resource or folder will cascade
|
|
name: string
|
|
} @cuetsy(kind="interface")
|
|
|
|
#AccessRule: {
|
|
// The kind this rule applies to (dashboards, alert, etc)
|
|
kind: "*" | string
|
|
|
|
// READ, WRITE, CREATE, DELETE, ...
|
|
// should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete"
|
|
verb: "*" | "none" | string
|
|
|
|
// Specific sub-elements like "alert.rules" or "dashboard.permissions"????
|
|
target?: string
|
|
} @cuetsy(kind="interface")
|
|
}
|
|
},
|
|
]
|