diff --git a/kinds/accesspolicy/access_policy_kind.cue b/kinds/accesspolicy/access_policy_kind.cue deleted file mode 100644 index ed9d85a7d82..00000000000 --- a/kinds/accesspolicy/access_policy_kind.cue +++ /dev/null @@ -1,51 +0,0 @@ -package kind - -name: "AccessPolicy" -maturity: "merged" -description: "Access rules for a scope+role. NOTE there is a unique constraint on role+scope" -pluralName: "AccessPolicies" -machineName: "accesspolicy" -pluralMachineName: "accesspolicies" - -lineage: schemas: [{ - version: [0, 0] - schema: { - spec: { - // The scope where these policies should apply - scope: #ResourceRef - - // The role that must apply this policy - role: #RoleRef - - // The set of rules to apply. Note that * is required to modify - // access policy rules, and that "none" will reject all actions - rules: [...#AccessRule] - } @cuetsy(kind="interface") - - #RoleRef: { - // Policies can apply to roles, teams, or users - // Applying policies to individual users is supported, but discouraged - kind: "Role" | "BuiltinRole" | "Team" | "User" - name: string - xname: string // temporary - } @cuetsy(kind="interface") - - #ResourceRef: { - kind: string // explicit resource or folder will cascade - name: string - } @cuetsy(kind="interface") - - #AccessRule: { - // The kind this rule applies to (dashboards, alert, etc) - kind: "*" | string - - // READ, WRITE, CREATE, DELETE, ... - // should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete" - verb: "*" | "none" | string - - // Specific sub-elements like "alert.rules" or "dashboard.permissions"???? - target?: string - } @cuetsy(kind="interface") - } -}, -] diff --git a/kinds/role/role_kind.cue b/kinds/role/role_kind.cue deleted file mode 100644 index 6e80d2abbde..00000000000 --- a/kinds/role/role_kind.cue +++ /dev/null @@ -1,25 +0,0 @@ -package kind - -name: "Role" -maturity: "merged" -description: "Roles represent a set of users+teams that should share similar access" - -lineage: schemas: [{ - version: [0, 0] - schema: { - spec: { - // The role identifier `managed:builtins:editor:permissions` - name: string - // Optional display - displayName?: string - // Name of the team. - groupName?: string - // Role description - description?: string - - // Do not show this role - hidden: bool | false - } @cuetsy(kind="interface") - } -}, -] diff --git a/kinds/rolebinding/role_binding_kind.cue b/kinds/rolebinding/role_binding_kind.cue deleted file mode 100644 index c76a633a721..00000000000 --- a/kinds/rolebinding/role_binding_kind.cue +++ /dev/null @@ -1,36 +0,0 @@ -package kind - -name: "RoleBinding" -maturity: "merged" -description: "Role bindings links a user|team to a configured role" - -lineage: schemas: [{ - version: [0, 0] - schema: { - spec: { - // The role we are discussing - role: #BuiltinRoleRef | #CustomRoleRef - - // The team or user that has the specified role - subject: #RoleBindingSubject - } @cuetsy(kind="interface") - - #CustomRoleRef: { - kind: "Role" - name: string - } @cuetsy(kind="interface") - - #BuiltinRoleRef: { - kind: "BuiltinRole" - name: "viewer" | "editor" | "admin" - } @cuetsy(kind="interface") - - #RoleBindingSubject: { - kind: "Team" | "User" - - // The team/user identifier name - name: string - } @cuetsy(kind="interface") - } -}, -] diff --git a/packages/grafana-schema/src/index.gen.ts b/packages/grafana-schema/src/index.gen.ts index d1d95f5c9ae..637094bd700 100644 --- a/packages/grafana-schema/src/index.gen.ts +++ b/packages/grafana-schema/src/index.gen.ts @@ -7,17 +7,6 @@ // // Run 'make gen-cue' from repository root to regenerate. -// Raw generated types from AccessPolicy kind. -export type { - AccessPolicy, - RoleRef, - ResourceRef, - AccessRule -} from './raw/accesspolicy/x/accesspolicy_types.gen'; - -// Raw generated enums and default consts from accesspolicy kind. -export { defaultAccessPolicy } from './raw/accesspolicy/x/accesspolicy_types.gen'; - // Raw generated types from Dashboard kind. export type { AnnotationTarget, @@ -135,14 +124,3 @@ export { defaultNavbarPreference } from './raw/preferences/x/preferences_types.g // Raw generated types from PublicDashboard kind. export type { PublicDashboard } from './raw/publicdashboard/x/publicdashboard_types.gen'; - -// Raw generated types from Role kind. -export type { Role } from './raw/role/x/role_types.gen'; - -// Raw generated types from RoleBinding kind. -export type { - RoleBinding, - CustomRoleRef, - BuiltinRoleRef, - RoleBindingSubject -} from './raw/rolebinding/x/rolebinding_types.gen'; diff --git a/packages/grafana-schema/src/raw/accesspolicy/x/accesspolicy_types.gen.ts b/packages/grafana-schema/src/raw/accesspolicy/x/accesspolicy_types.gen.ts deleted file mode 100644 index 7e18ea50777..00000000000 --- a/packages/grafana-schema/src/raw/accesspolicy/x/accesspolicy_types.gen.ts +++ /dev/null @@ -1,60 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// TSTypesJenny -// LatestMajorsOrXJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -export interface RoleRef { - /** - * Policies can apply to roles, teams, or users - * Applying policies to individual users is supported, but discouraged - */ - kind: ('Role' | 'BuiltinRole' | 'Team' | 'User'); - name: string; - xname: string; // temporary -} - -export interface ResourceRef { - kind: string; // explicit resource or folder will cascade - name: string; -} - -export interface AccessRule { - /** - * The kind this rule applies to (dashboards, alert, etc) - */ - kind: ('*' | string); - /** - * Specific sub-elements like "alert.rules" or "dashboard.permissions"???? - */ - target?: string; - /** - * READ, WRITE, CREATE, DELETE, ... - * should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete" - */ - verb: ('*' | 'none' | string); -} - -export interface AccessPolicy { - /** - * The role that must apply this policy - */ - role: RoleRef; - /** - * The set of rules to apply. Note that * is required to modify - * access policy rules, and that "none" will reject all actions - */ - rules: Array; - /** - * The scope where these policies should apply - */ - scope: ResourceRef; -} - -export const defaultAccessPolicy: Partial = { - rules: [], -}; diff --git a/packages/grafana-schema/src/raw/role/x/role_types.gen.ts b/packages/grafana-schema/src/raw/role/x/role_types.gen.ts deleted file mode 100644 index 88cadf639fe..00000000000 --- a/packages/grafana-schema/src/raw/role/x/role_types.gen.ts +++ /dev/null @@ -1,32 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// TSTypesJenny -// LatestMajorsOrXJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -export interface Role { - /** - * Role description - */ - description?: string; - /** - * Optional display - */ - displayName?: string; - /** - * Name of the team. - */ - groupName?: string; - /** - * Do not show this role - */ - hidden: (boolean | false); - /** - * The role identifier `managed:builtins:editor:permissions` - */ - name: string; -} diff --git a/packages/grafana-schema/src/raw/rolebinding/x/rolebinding_types.gen.ts b/packages/grafana-schema/src/raw/rolebinding/x/rolebinding_types.gen.ts deleted file mode 100644 index ea6d65fbf4e..00000000000 --- a/packages/grafana-schema/src/raw/rolebinding/x/rolebinding_types.gen.ts +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// TSTypesJenny -// LatestMajorsOrXJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -export interface CustomRoleRef { - kind: 'Role'; - name: string; -} - -export interface BuiltinRoleRef { - kind: 'BuiltinRole'; - name: ('viewer' | 'editor' | 'admin'); -} - -export interface RoleBindingSubject { - kind: ('Team' | 'User'); - /** - * The team/user identifier name - */ - name: string; -} - -export interface RoleBinding { - /** - * The role we are discussing - */ - role: (BuiltinRoleRef | CustomRoleRef); - /** - * The team or user that has the specified role - */ - subject: RoleBindingSubject; -} diff --git a/pkg/kinds/accesspolicy/accesspolicy_gen.go b/pkg/kinds/accesspolicy/accesspolicy_gen.go deleted file mode 100644 index a528ab8ea36..00000000000 --- a/pkg/kinds/accesspolicy/accesspolicy_gen.go +++ /dev/null @@ -1,43 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// K8ResourcesJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -package accesspolicy - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/grafana/grafana/pkg/kinds" -) - -// Resource is the kubernetes style representation of AccessPolicy. (TODO be better) -type K8sResource = kinds.GrafanaResource[Spec, Status] - -// NewResource creates a new instance of the resource with a given name (UID) -func NewK8sResource(name string, s *Spec) K8sResource { - return K8sResource{ - TypeMeta: v1.TypeMeta{ - Kind: "AccessPolicy", - APIVersion: "v0-0-alpha", - }, - ObjectMeta: v1.ObjectMeta{ - Name: name, - Annotations: make(map[string]string), - Labels: make(map[string]string), - }, - Spec: s, - } -} - -// Resource is the wire representation of AccessPolicy. -// It currently will soon be merged into the k8s flavor (TODO be better) -type Resource struct { - Metadata Metadata `json:"metadata"` - Spec Spec `json:"spec"` - Status Status `json:"status"` -} diff --git a/pkg/kinds/accesspolicy/accesspolicy_metadata_gen.go b/pkg/kinds/accesspolicy/accesspolicy_metadata_gen.go deleted file mode 100644 index 689f54c57d1..00000000000 --- a/pkg/kinds/accesspolicy/accesspolicy_metadata_gen.go +++ /dev/null @@ -1,42 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// K8ResourcesJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -package accesspolicy - -import ( - "time" -) - -// Metadata defines model for Metadata. -type Metadata struct { - CreatedBy string `json:"createdBy"` - CreationTimestamp time.Time `json:"creationTimestamp"` - DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` - - // extraFields is reserved for any fields that are pulled from the API server metadata but do not have concrete fields in the CUE metadata - ExtraFields map[string]any `json:"extraFields"` - Finalizers []string `json:"finalizers"` - Labels map[string]string `json:"labels"` - ResourceVersion string `json:"resourceVersion"` - Uid string `json:"uid"` - UpdateTimestamp time.Time `json:"updateTimestamp"` - UpdatedBy string `json:"updatedBy"` -} - -// _kubeObjectMetadata is metadata found in a kubernetes object's metadata field. -// It is not exhaustive and only includes fields which may be relevant to a kind's implementation, -// As it is also intended to be generic enough to function with any API Server. -type KubeObjectMetadata struct { - CreationTimestamp time.Time `json:"creationTimestamp"` - DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` - Finalizers []string `json:"finalizers"` - Labels map[string]string `json:"labels"` - ResourceVersion string `json:"resourceVersion"` - Uid string `json:"uid"` -} diff --git a/pkg/kinds/accesspolicy/accesspolicy_spec_gen.go b/pkg/kinds/accesspolicy/accesspolicy_spec_gen.go deleted file mode 100644 index bb5d2de3235..00000000000 --- a/pkg/kinds/accesspolicy/accesspolicy_spec_gen.go +++ /dev/null @@ -1,79 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// GoResourceTypes -// -// Run 'make gen-cue' from repository root to regenerate. - -// Code generated - EDITING IS FUTILE. DO NOT EDIT. - -package accesspolicy - -type ResourceRef struct { - // explicit resource or folder will cascade - Kind string `json:"kind"` - Name string `json:"name"` -} - -// NewResourceRef creates a new ResourceRef object. -func NewResourceRef() *ResourceRef { - return &ResourceRef{} -} - -type RoleRef struct { - // Policies can apply to roles, teams, or users - // Applying policies to individual users is supported, but discouraged - Kind RoleRefKind `json:"kind"` - Name string `json:"name"` - // temporary - Xname string `json:"xname"` -} - -// NewRoleRef creates a new RoleRef object. -func NewRoleRef() *RoleRef { - return &RoleRef{} -} - -type AccessRule struct { - // The kind this rule applies to (dashboards, alert, etc) - Kind string `json:"kind"` - // READ, WRITE, CREATE, DELETE, ... - // should move to k8s style verbs like: "get", "list", "watch", "create", "update", "patch", "delete" - Verb string `json:"verb"` - // Specific sub-elements like "alert.rules" or "dashboard.permissions"???? - Target *string `json:"target,omitempty"` -} - -// NewAccessRule creates a new AccessRule object. -func NewAccessRule() *AccessRule { - return &AccessRule{} -} - -type Spec struct { - // The scope where these policies should apply - Scope ResourceRef `json:"scope"` - // The role that must apply this policy - Role RoleRef `json:"role"` - // The set of rules to apply. Note that * is required to modify - // access policy rules, and that "none" will reject all actions - Rules []AccessRule `json:"rules"` -} - -// NewSpec creates a new Spec object. -func NewSpec() *Spec { - return &Spec{ - Scope: *NewResourceRef(), - Role: *NewRoleRef(), - } -} - -type RoleRefKind string - -const ( - RoleRefKindRole RoleRefKind = "Role" - RoleRefKindBuiltinRole RoleRefKind = "BuiltinRole" - RoleRefKindTeam RoleRefKind = "Team" - RoleRefKindUser RoleRefKind = "User" -) diff --git a/pkg/kinds/accesspolicy/accesspolicy_status_gen.go b/pkg/kinds/accesspolicy/accesspolicy_status_gen.go deleted file mode 100644 index 5101e417741..00000000000 --- a/pkg/kinds/accesspolicy/accesspolicy_status_gen.go +++ /dev/null @@ -1,74 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// K8ResourcesJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -package accesspolicy - -// Defines values for OperatorStateState. -const ( - OperatorStateStateFailed OperatorStateState = "failed" - OperatorStateStateInProgress OperatorStateState = "in_progress" - OperatorStateStateSuccess OperatorStateState = "success" -) - -// Defines values for StatusOperatorStateState. -const ( - StatusOperatorStateStateFailed StatusOperatorStateState = "failed" - StatusOperatorStateStateInProgress StatusOperatorStateState = "in_progress" - StatusOperatorStateStateSuccess StatusOperatorStateState = "success" -) - -// OperatorState defines model for OperatorState. -type OperatorState struct { - // descriptiveState is an optional more descriptive state field which has no requirements on format - DescriptiveState *string `json:"descriptiveState,omitempty"` - - // details contains any extra information that is operator-specific - Details map[string]any `json:"details,omitempty"` - - // lastEvaluation is the ResourceVersion last evaluated - LastEvaluation string `json:"lastEvaluation"` - - // state describes the state of the lastEvaluation. - // It is limited to three possible states for machine evaluation. - State OperatorStateState `json:"state"` -} - -// OperatorStateState state describes the state of the lastEvaluation. -// It is limited to three possible states for machine evaluation. -type OperatorStateState string - -// Status defines model for Status. -type Status struct { - // additionalFields is reserved for future use - AdditionalFields map[string]any `json:"additionalFields,omitempty"` - - // operatorStates is a map of operator ID to operator state evaluations. - // Any operator which consumes this kind SHOULD add its state evaluation information to this field. - OperatorStates map[string]StatusOperatorState `json:"operatorStates,omitempty"` -} - -// StatusOperatorState defines model for status.#OperatorState. -type StatusOperatorState struct { - // descriptiveState is an optional more descriptive state field which has no requirements on format - DescriptiveState *string `json:"descriptiveState,omitempty"` - - // details contains any extra information that is operator-specific - Details map[string]any `json:"details,omitempty"` - - // lastEvaluation is the ResourceVersion last evaluated - LastEvaluation string `json:"lastEvaluation"` - - // state describes the state of the lastEvaluation. - // It is limited to three possible states for machine evaluation. - State StatusOperatorStateState `json:"state"` -} - -// StatusOperatorStateState state describes the state of the lastEvaluation. -// It is limited to three possible states for machine evaluation. -type StatusOperatorStateState string diff --git a/pkg/kinds/accesspolicy/utils.go b/pkg/kinds/accesspolicy/utils.go deleted file mode 100644 index c043af90761..00000000000 --- a/pkg/kinds/accesspolicy/utils.go +++ /dev/null @@ -1,99 +0,0 @@ -package accesspolicy - -import ( - "sort" - - "github.com/grafana/grafana/pkg/util" -) - -const PermissionsTarget = "permissions" -const AllowAll = "*" -const AllowNone = "none" - -func ReduceRules(rules []AccessRule) []AccessRule { - type verbs struct { - Verb map[string][]string - Terminal string - } - - kinds := make(map[string]*verbs) - for _, rule := range rules { - if rule.Kind == "" || rule.Verb == "" { - continue // invalid - } - - // flip write permission to * - if rule.Target != nil && *rule.Target == PermissionsTarget { - if rule.Verb == "write" { - rule.Verb = AllowAll - } - } - kind, ok := kinds[rule.Kind] - if !ok { - kind = &verbs{ - Verb: make(map[string][]string), - } - kinds[rule.Kind] = kind - } - - terminal := rule.Verb == AllowAll || rule.Verb == AllowNone - if terminal { - if rule.Kind == AllowAll { - return []AccessRule{rule} - } - kind.Terminal = rule.Verb - } else if kind.Terminal == "" { - targets, ok := kind.Verb[rule.Verb] - if !ok { - targets = []string{} - } - if rule.Target != nil && !contains(targets, *rule.Target) { - targets = append(targets, *rule.Target) - sort.Strings(targets) - } - kind.Verb[rule.Verb] = targets - } - } - - results := make([]AccessRule, 0) - for _, kind := range getSortedKeys(kinds) { - verb := kinds[kind] - if verb.Terminal != "" { - results = append(results, AccessRule{Kind: kind, Verb: verb.Terminal}) - } else { - for _, v := range getSortedKeys(verb.Verb) { - targets := verb.Verb[v] - if len(targets) == 0 { - results = append(results, AccessRule{Kind: kind, Verb: v}) - } else { - for _, t := range targets { - results = append(results, AccessRule{ - Kind: kind, - Verb: v, - Target: util.Pointer(t), - }) - } - } - } - } - } - return results -} - -func getSortedKeys[T any](vals map[string]T) []string { - keys := make([]string, 0, len(vals)) - for k := range vals { - keys = append(keys, k) - } - sort.Strings(keys) - return keys -} - -func contains[T comparable](s []T, e T) bool { - for _, v := range s { - if v == e { - return true - } - } - return false -} diff --git a/pkg/kinds/accesspolicy/utils_test.go b/pkg/kinds/accesspolicy/utils_test.go deleted file mode 100644 index 314a8229346..00000000000 --- a/pkg/kinds/accesspolicy/utils_test.go +++ /dev/null @@ -1,68 +0,0 @@ -package accesspolicy - -import ( - "encoding/json" - "fmt" - "testing" - - "github.com/grafana/grafana/pkg/util" - "github.com/stretchr/testify/require" -) - -func TestRuleReducer(t *testing.T) { - t.Run("Check write pointer becomes star", func(t *testing.T) { - rules := ReduceRules([]AccessRule{ - {Kind: "dashboard", Verb: "read"}, - {Kind: "dashboard", Verb: "write", Target: util.Pointer("permissions")}, - {Kind: "dashboard", Verb: "read"}, - }) - require.Len(t, rules, 1) - require.Equal(t, rules[0], AccessRule{Kind: "dashboard", Verb: "*"}) - }) - - t.Run("Check sort", func(t *testing.T) { - rules := ReduceRules([]AccessRule{ - {Kind: "x", Verb: "b"}, - {Kind: "x", Verb: "a"}, - {Kind: "x", Verb: "a"}, // ignore duplicates - {Kind: "x", Verb: "a"}, // ignore duplicates - {Kind: "x", Verb: "a"}, // ignore duplicates - {Kind: "x", Verb: "a"}, - {Kind: "z", Verb: "b"}, - {Kind: "AAA", Verb: ""}, // ignore - {Kind: "", Verb: "XXX"}, // ignore - {Kind: "z", Verb: "a"}, - {Kind: "y", Verb: "b"}, - {Kind: "y", Verb: "a"}, - }) - out, err := json.MarshalIndent(rules, "", " ") - fmt.Printf("%s", string(out)) - require.NoError(t, err) - require.JSONEq(t, `[ - { - "kind": "x", - "verb": "a" - }, - { - "kind": "x", - "verb": "b" - }, - { - "kind": "y", - "verb": "a" - }, - { - "kind": "y", - "verb": "b" - }, - { - "kind": "z", - "verb": "a" - }, - { - "kind": "z", - "verb": "b" - } - ]`, string(out)) - }) -} diff --git a/pkg/kinds/role/role_gen.go b/pkg/kinds/role/role_gen.go deleted file mode 100644 index c054e8c1773..00000000000 --- a/pkg/kinds/role/role_gen.go +++ /dev/null @@ -1,43 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// K8ResourcesJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -package role - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/grafana/grafana/pkg/kinds" -) - -// Resource is the kubernetes style representation of Role. (TODO be better) -type K8sResource = kinds.GrafanaResource[Spec, Status] - -// NewResource creates a new instance of the resource with a given name (UID) -func NewK8sResource(name string, s *Spec) K8sResource { - return K8sResource{ - TypeMeta: v1.TypeMeta{ - Kind: "Role", - APIVersion: "v0-0-alpha", - }, - ObjectMeta: v1.ObjectMeta{ - Name: name, - Annotations: make(map[string]string), - Labels: make(map[string]string), - }, - Spec: s, - } -} - -// Resource is the wire representation of Role. -// It currently will soon be merged into the k8s flavor (TODO be better) -type Resource struct { - Metadata Metadata `json:"metadata"` - Spec Spec `json:"spec"` - Status Status `json:"status"` -} diff --git a/pkg/kinds/role/role_metadata_gen.go b/pkg/kinds/role/role_metadata_gen.go deleted file mode 100644 index 21bd45d3362..00000000000 --- a/pkg/kinds/role/role_metadata_gen.go +++ /dev/null @@ -1,42 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// K8ResourcesJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -package role - -import ( - "time" -) - -// Metadata defines model for Metadata. -type Metadata struct { - CreatedBy string `json:"createdBy"` - CreationTimestamp time.Time `json:"creationTimestamp"` - DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` - - // extraFields is reserved for any fields that are pulled from the API server metadata but do not have concrete fields in the CUE metadata - ExtraFields map[string]any `json:"extraFields"` - Finalizers []string `json:"finalizers"` - Labels map[string]string `json:"labels"` - ResourceVersion string `json:"resourceVersion"` - Uid string `json:"uid"` - UpdateTimestamp time.Time `json:"updateTimestamp"` - UpdatedBy string `json:"updatedBy"` -} - -// _kubeObjectMetadata is metadata found in a kubernetes object's metadata field. -// It is not exhaustive and only includes fields which may be relevant to a kind's implementation, -// As it is also intended to be generic enough to function with any API Server. -type KubeObjectMetadata struct { - CreationTimestamp time.Time `json:"creationTimestamp"` - DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` - Finalizers []string `json:"finalizers"` - Labels map[string]string `json:"labels"` - ResourceVersion string `json:"resourceVersion"` - Uid string `json:"uid"` -} diff --git a/pkg/kinds/role/role_spec_gen.go b/pkg/kinds/role/role_spec_gen.go deleted file mode 100644 index c7a7123c983..00000000000 --- a/pkg/kinds/role/role_spec_gen.go +++ /dev/null @@ -1,30 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// GoResourceTypes -// -// Run 'make gen-cue' from repository root to regenerate. - -// Code generated - EDITING IS FUTILE. DO NOT EDIT. - -package role - -type Spec struct { - // The role identifier `managed:builtins:editor:permissions` - Name string `json:"name"` - // Optional display - DisplayName *string `json:"displayName,omitempty"` - // Name of the team. - GroupName *string `json:"groupName,omitempty"` - // Role description - Description *string `json:"description,omitempty"` - // Do not show this role - Hidden bool `json:"hidden"` -} - -// NewSpec creates a new Spec object. -func NewSpec() *Spec { - return &Spec{} -} diff --git a/pkg/kinds/role/role_status_gen.go b/pkg/kinds/role/role_status_gen.go deleted file mode 100644 index ff9f44bdc5e..00000000000 --- a/pkg/kinds/role/role_status_gen.go +++ /dev/null @@ -1,74 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// K8ResourcesJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -package role - -// Defines values for OperatorStateState. -const ( - OperatorStateStateFailed OperatorStateState = "failed" - OperatorStateStateInProgress OperatorStateState = "in_progress" - OperatorStateStateSuccess OperatorStateState = "success" -) - -// Defines values for StatusOperatorStateState. -const ( - StatusOperatorStateStateFailed StatusOperatorStateState = "failed" - StatusOperatorStateStateInProgress StatusOperatorStateState = "in_progress" - StatusOperatorStateStateSuccess StatusOperatorStateState = "success" -) - -// OperatorState defines model for OperatorState. -type OperatorState struct { - // descriptiveState is an optional more descriptive state field which has no requirements on format - DescriptiveState *string `json:"descriptiveState,omitempty"` - - // details contains any extra information that is operator-specific - Details map[string]any `json:"details,omitempty"` - - // lastEvaluation is the ResourceVersion last evaluated - LastEvaluation string `json:"lastEvaluation"` - - // state describes the state of the lastEvaluation. - // It is limited to three possible states for machine evaluation. - State OperatorStateState `json:"state"` -} - -// OperatorStateState state describes the state of the lastEvaluation. -// It is limited to three possible states for machine evaluation. -type OperatorStateState string - -// Status defines model for Status. -type Status struct { - // additionalFields is reserved for future use - AdditionalFields map[string]any `json:"additionalFields,omitempty"` - - // operatorStates is a map of operator ID to operator state evaluations. - // Any operator which consumes this kind SHOULD add its state evaluation information to this field. - OperatorStates map[string]StatusOperatorState `json:"operatorStates,omitempty"` -} - -// StatusOperatorState defines model for status.#OperatorState. -type StatusOperatorState struct { - // descriptiveState is an optional more descriptive state field which has no requirements on format - DescriptiveState *string `json:"descriptiveState,omitempty"` - - // details contains any extra information that is operator-specific - Details map[string]any `json:"details,omitempty"` - - // lastEvaluation is the ResourceVersion last evaluated - LastEvaluation string `json:"lastEvaluation"` - - // state describes the state of the lastEvaluation. - // It is limited to three possible states for machine evaluation. - State StatusOperatorStateState `json:"state"` -} - -// StatusOperatorStateState state describes the state of the lastEvaluation. -// It is limited to three possible states for machine evaluation. -type StatusOperatorStateState string diff --git a/pkg/kinds/rolebinding/rolebinding_gen.go b/pkg/kinds/rolebinding/rolebinding_gen.go deleted file mode 100644 index 216bd3a9525..00000000000 --- a/pkg/kinds/rolebinding/rolebinding_gen.go +++ /dev/null @@ -1,43 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// K8ResourcesJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -package rolebinding - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/grafana/grafana/pkg/kinds" -) - -// Resource is the kubernetes style representation of RoleBinding. (TODO be better) -type K8sResource = kinds.GrafanaResource[Spec, Status] - -// NewResource creates a new instance of the resource with a given name (UID) -func NewK8sResource(name string, s *Spec) K8sResource { - return K8sResource{ - TypeMeta: v1.TypeMeta{ - Kind: "RoleBinding", - APIVersion: "v0-0-alpha", - }, - ObjectMeta: v1.ObjectMeta{ - Name: name, - Annotations: make(map[string]string), - Labels: make(map[string]string), - }, - Spec: s, - } -} - -// Resource is the wire representation of RoleBinding. -// It currently will soon be merged into the k8s flavor (TODO be better) -type Resource struct { - Metadata Metadata `json:"metadata"` - Spec Spec `json:"spec"` - Status Status `json:"status"` -} diff --git a/pkg/kinds/rolebinding/rolebinding_metadata_gen.go b/pkg/kinds/rolebinding/rolebinding_metadata_gen.go deleted file mode 100644 index 2c2f4b28343..00000000000 --- a/pkg/kinds/rolebinding/rolebinding_metadata_gen.go +++ /dev/null @@ -1,42 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// K8ResourcesJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -package rolebinding - -import ( - "time" -) - -// Metadata defines model for Metadata. -type Metadata struct { - CreatedBy string `json:"createdBy"` - CreationTimestamp time.Time `json:"creationTimestamp"` - DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` - - // extraFields is reserved for any fields that are pulled from the API server metadata but do not have concrete fields in the CUE metadata - ExtraFields map[string]any `json:"extraFields"` - Finalizers []string `json:"finalizers"` - Labels map[string]string `json:"labels"` - ResourceVersion string `json:"resourceVersion"` - Uid string `json:"uid"` - UpdateTimestamp time.Time `json:"updateTimestamp"` - UpdatedBy string `json:"updatedBy"` -} - -// _kubeObjectMetadata is metadata found in a kubernetes object's metadata field. -// It is not exhaustive and only includes fields which may be relevant to a kind's implementation, -// As it is also intended to be generic enough to function with any API Server. -type KubeObjectMetadata struct { - CreationTimestamp time.Time `json:"creationTimestamp"` - DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` - Finalizers []string `json:"finalizers"` - Labels map[string]string `json:"labels"` - ResourceVersion string `json:"resourceVersion"` - Uid string `json:"uid"` -} diff --git a/pkg/kinds/rolebinding/rolebinding_spec_gen.go b/pkg/kinds/rolebinding/rolebinding_spec_gen.go deleted file mode 100644 index 3d3149ef39d..00000000000 --- a/pkg/kinds/rolebinding/rolebinding_spec_gen.go +++ /dev/null @@ -1,144 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// GoResourceTypes -// -// Run 'make gen-cue' from repository root to regenerate. - -// Code generated - EDITING IS FUTILE. DO NOT EDIT. - -package rolebinding - -import ( - json "encoding/json" - errors "errors" - fmt "fmt" -) - -type BuiltinRoleRef struct { - Kind string `json:"kind"` - Name BuiltinRoleRefName `json:"name"` -} - -// NewBuiltinRoleRef creates a new BuiltinRoleRef object. -func NewBuiltinRoleRef() *BuiltinRoleRef { - return &BuiltinRoleRef{ - Kind: "BuiltinRole", - } -} - -type CustomRoleRef struct { - Kind string `json:"kind"` - Name string `json:"name"` -} - -// NewCustomRoleRef creates a new CustomRoleRef object. -func NewCustomRoleRef() *CustomRoleRef { - return &CustomRoleRef{ - Kind: "Role", - } -} - -type RoleBindingSubject struct { - Kind RoleBindingSubjectKind `json:"kind"` - // The team/user identifier name - Name string `json:"name"` -} - -// NewRoleBindingSubject creates a new RoleBindingSubject object. -func NewRoleBindingSubject() *RoleBindingSubject { - return &RoleBindingSubject{} -} - -type Spec struct { - // The role we are discussing - Role BuiltinRoleRefOrCustomRoleRef `json:"role"` - // The team or user that has the specified role - Subject RoleBindingSubject `json:"subject"` -} - -// NewSpec creates a new Spec object. -func NewSpec() *Spec { - return &Spec{ - Role: *NewBuiltinRoleRefOrCustomRoleRef(), - Subject: *NewRoleBindingSubject(), - } -} - -type BuiltinRoleRefName string - -const ( - BuiltinRoleRefNameViewer BuiltinRoleRefName = "viewer" - BuiltinRoleRefNameEditor BuiltinRoleRefName = "editor" - BuiltinRoleRefNameAdmin BuiltinRoleRefName = "admin" -) - -type RoleBindingSubjectKind string - -const ( - RoleBindingSubjectKindTeam RoleBindingSubjectKind = "Team" - RoleBindingSubjectKindUser RoleBindingSubjectKind = "User" -) - -type BuiltinRoleRefOrCustomRoleRef struct { - BuiltinRoleRef *BuiltinRoleRef `json:"BuiltinRoleRef,omitempty"` - CustomRoleRef *CustomRoleRef `json:"CustomRoleRef,omitempty"` -} - -// NewBuiltinRoleRefOrCustomRoleRef creates a new BuiltinRoleRefOrCustomRoleRef object. -func NewBuiltinRoleRefOrCustomRoleRef() *BuiltinRoleRefOrCustomRoleRef { - return &BuiltinRoleRefOrCustomRoleRef{} -} - -// MarshalJSON implements a custom JSON marshalling logic to encode `BuiltinRoleRefOrCustomRoleRef` as JSON. -func (resource BuiltinRoleRefOrCustomRoleRef) MarshalJSON() ([]byte, error) { - if resource.BuiltinRoleRef != nil { - return json.Marshal(resource.BuiltinRoleRef) - } - if resource.CustomRoleRef != nil { - return json.Marshal(resource.CustomRoleRef) - } - - return nil, fmt.Errorf("no value for disjunction of refs") -} - -// UnmarshalJSON implements a custom JSON unmarshalling logic to decode `BuiltinRoleRefOrCustomRoleRef` from JSON. -func (resource *BuiltinRoleRefOrCustomRoleRef) UnmarshalJSON(raw []byte) error { - if raw == nil { - return nil - } - - // FIXME: this is wasteful, we need to find a more efficient way to unmarshal this. - parsedAsMap := make(map[string]any) - if err := json.Unmarshal(raw, &parsedAsMap); err != nil { - return err - } - - discriminator, found := parsedAsMap["kind"] - if !found { - return errors.New("discriminator field 'kind' not found in payload") - } - - switch discriminator { - case "BuiltinRole": - var builtinRoleRef BuiltinRoleRef - if err := json.Unmarshal(raw, &builtinRoleRef); err != nil { - return err - } - - resource.BuiltinRoleRef = &builtinRoleRef - return nil - case "Role": - var customRoleRef CustomRoleRef - if err := json.Unmarshal(raw, &customRoleRef); err != nil { - return err - } - - resource.CustomRoleRef = &customRoleRef - return nil - } - - return fmt.Errorf("could not unmarshal resource with `kind = %v`", discriminator) -} diff --git a/pkg/kinds/rolebinding/rolebinding_status_gen.go b/pkg/kinds/rolebinding/rolebinding_status_gen.go deleted file mode 100644 index 1b4552df63d..00000000000 --- a/pkg/kinds/rolebinding/rolebinding_status_gen.go +++ /dev/null @@ -1,74 +0,0 @@ -// Code generated - EDITING IS FUTILE. DO NOT EDIT. -// -// Generated by: -// kinds/gen.go -// Using jennies: -// K8ResourcesJenny -// -// Run 'make gen-cue' from repository root to regenerate. - -package rolebinding - -// Defines values for OperatorStateState. -const ( - OperatorStateStateFailed OperatorStateState = "failed" - OperatorStateStateInProgress OperatorStateState = "in_progress" - OperatorStateStateSuccess OperatorStateState = "success" -) - -// Defines values for StatusOperatorStateState. -const ( - StatusOperatorStateStateFailed StatusOperatorStateState = "failed" - StatusOperatorStateStateInProgress StatusOperatorStateState = "in_progress" - StatusOperatorStateStateSuccess StatusOperatorStateState = "success" -) - -// OperatorState defines model for OperatorState. -type OperatorState struct { - // descriptiveState is an optional more descriptive state field which has no requirements on format - DescriptiveState *string `json:"descriptiveState,omitempty"` - - // details contains any extra information that is operator-specific - Details map[string]any `json:"details,omitempty"` - - // lastEvaluation is the ResourceVersion last evaluated - LastEvaluation string `json:"lastEvaluation"` - - // state describes the state of the lastEvaluation. - // It is limited to three possible states for machine evaluation. - State OperatorStateState `json:"state"` -} - -// OperatorStateState state describes the state of the lastEvaluation. -// It is limited to three possible states for machine evaluation. -type OperatorStateState string - -// Status defines model for Status. -type Status struct { - // additionalFields is reserved for future use - AdditionalFields map[string]any `json:"additionalFields,omitempty"` - - // operatorStates is a map of operator ID to operator state evaluations. - // Any operator which consumes this kind SHOULD add its state evaluation information to this field. - OperatorStates map[string]StatusOperatorState `json:"operatorStates,omitempty"` -} - -// StatusOperatorState defines model for status.#OperatorState. -type StatusOperatorState struct { - // descriptiveState is an optional more descriptive state field which has no requirements on format - DescriptiveState *string `json:"descriptiveState,omitempty"` - - // details contains any extra information that is operator-specific - Details map[string]any `json:"details,omitempty"` - - // lastEvaluation is the ResourceVersion last evaluated - LastEvaluation string `json:"lastEvaluation"` - - // state describes the state of the lastEvaluation. - // It is limited to three possible states for machine evaluation. - State StatusOperatorStateState `json:"state"` -} - -// StatusOperatorStateState state describes the state of the lastEvaluation. -// It is limited to three possible states for machine evaluation. -type StatusOperatorStateState string diff --git a/pkg/registry/schemas/core_kind.go b/pkg/registry/schemas/core_kind.go index 1827acefff8..a262cc3f6f2 100644 --- a/pkg/registry/schemas/core_kind.go +++ b/pkg/registry/schemas/core_kind.go @@ -30,15 +30,6 @@ func GetCoreKinds() ([]CoreKind, error) { _, caller, _, _ := runtime.Caller(0) root := filepath.Join(caller, "../../../..") - accesspolicyCue, err := loadCueFile(ctx, filepath.Join(root, "./kinds/accesspolicy/access_policy_kind.cue")) - if err != nil { - return nil, err - } - kinds = append(kinds, CoreKind{ - Name: "accesspolicy", - CueFile: accesspolicyCue, - }) - dashboardCue, err := loadCueFile(ctx, filepath.Join(root, "./kinds/dashboard/dashboard_kind.cue")) if err != nil { return nil, err @@ -75,24 +66,6 @@ func GetCoreKinds() ([]CoreKind, error) { CueFile: publicdashboardCue, }) - roleCue, err := loadCueFile(ctx, filepath.Join(root, "./kinds/role/role_kind.cue")) - if err != nil { - return nil, err - } - kinds = append(kinds, CoreKind{ - Name: "role", - CueFile: roleCue, - }) - - rolebindingCue, err := loadCueFile(ctx, filepath.Join(root, "./kinds/rolebinding/role_binding_kind.cue")) - if err != nil { - return nil, err - } - kinds = append(kinds, CoreKind{ - Name: "rolebinding", - CueFile: rolebindingCue, - }) - return kinds, nil }