diff --git a/internal/website/permstable/permstable.go b/internal/website/permstable/permstable.go index cd806949f0..214f5b392c 100644 --- a/internal/website/permstable/permstable.go +++ b/internal/website/permstable/permstable.go @@ -74,7 +74,9 @@ func main() { name := strings.Replace(res.String(), "-", " ", 1) singularName := name switch []rune(strings.ToLower(singularName))[0] { - case 'a', 'e', 'i', 'o', 'u': + case 'a', 'e', 'i', 'o': + // 'u' is not included since our only u word is 'user' which + // should use an 'a'. singularName = "an " + singularName default: singularName = "a " + singularName @@ -95,8 +97,13 @@ func main() { panic("This shouldn't happen!") } for a := range colActions { + actionName := a.String() examples := []string{ - fmt.Sprintf("type=;actions=%s", a.String()), + fmt.Sprintf("type=;actions=%s", actionName), + } + if strings.Contains(actionName, ":") { + parentActionName := strings.SplitN(actionName, ":", 1)[0] + examples = append([]string{fmt.Sprintf("type=;actions=%s", parentActionName)}, examples...) } collectionEndpoints.Actions = append(collectionEndpoints.Actions, &Action{ Name: a.String(), @@ -139,9 +146,7 @@ func main() { return strings.Compare(a.String(), b.String()) - aWeight + bWeight }) - fmt.Printf("======= Resource ======: %s\n", res.String()) for _, a := range idActions { - fmt.Printf("Action: %s\n", a.String()) if a == action.NoOp { continue } @@ -158,13 +163,17 @@ func main() { }) } + endpoints := make([]*Endpoint, 0, 2) + if len(collectionEndpoints.Actions) > 0 { + endpoints = append(endpoints, collectionEndpoints) + } + if len(idEndpoints.Actions) > 0 { + endpoints = append(endpoints, idEndpoints) + } pr := &Resource{ - Type: name, - Scopes: info.scopes, - Endpoints: []*Endpoint{ - collectionEndpoints, - idEndpoints, - }, + Type: name, + Scopes: info.scopes, + Endpoints: endpoints, } page.Resources = append(page.Resources, pr) @@ -243,11 +252,13 @@ func (r *Resource) Marshal() (ret []string) { for _, s := range r.Scopes { scopes = append(scopes, fmt.Sprintf("**%s**", s)) } - ret = append(ret, fmt.Sprintf( - "The **%s** resource type supports the following scopes: %s\n", - toSentenceCase(r.Type), - strings.TrimSpace(strings.Join(scopes, ", ")), - )) + if len(scopes) > 0 { + ret = append(ret, fmt.Sprintf( + "The **%s** resource type supports the following scopes: %s\n", + toSentenceCase(r.Type), + strings.TrimSpace(strings.Join(scopes, ", ")), + )) + } // Table Header ret = append(ret, fmt.Sprintf("| %s |", strings.Join(tableHeaders, " | "))) @@ -350,14 +361,19 @@ func (i info) description(t action.Type, singleResourceName string) string { case action.Create: return fmt.Sprintf("Create %s", singleResourceName) } - // TODO: Add something here which follows the template - // "Add Xs to an R" - // "Set the full set of Xs on an R" - // "Remove Xs from an R" switch { case strings.HasPrefix(t.String(), "add-"): + thing := strings.SplitN(t.String(), "-", 2)[1] + thing = strings.ReplaceAll(thing, "-", " ") + return fmt.Sprintf("Add %s to %s", thing, singleResourceName) case strings.HasPrefix(t.String(), "set-"): + thing := strings.SplitN(t.String(), "-", 2)[1] + thing = strings.ReplaceAll(thing, "-", " ") + return fmt.Sprintf("Set the full set of %s on %s", thing, singleResourceName) case strings.HasPrefix(t.String(), "remove-"): + thing := strings.SplitN(t.String(), "-", 2)[1] + thing = strings.ReplaceAll(thing, "-", " ") + return fmt.Sprintf("Remove %s from %s", thing, singleResourceName) } return "" } @@ -370,6 +386,9 @@ var resources = map[resource.Type]info{ action.ChangePassword: "Change a password on an account given the current password", }, }, + resource.Alias: { + scopes: append(iamScopes, infraScope...), + }, resource.AuthMethod: { scopes: iamScopes, actionDescriptions: map[action.Type]string{ @@ -379,13 +398,17 @@ var resources = map[resource.Type]info{ resource.AuthToken: { scopes: iamScopes, }, + resource.Credential: { + scopes: infraScope, + }, + resource.CredentialLibrary: { + scopes: infraScope, + }, + resource.CredentialStore: { + scopes: infraScope, + }, resource.Group: { scopes: append(iamScopes, infraScope...), - actionDescriptions: map[action.Type]string{ - action.AddMembers: "Add members to a group", - action.SetMembers: "Set the full set of members on a group", - action.RemoveMembers: "Remove members from a group", - }, }, resource.Host: { scopes: infraScope, @@ -395,25 +418,12 @@ var resources = map[resource.Type]info{ }, resource.HostSet: { scopes: infraScope, - actionDescriptions: map[action.Type]string{ - action.AddHosts: "Add hosts to a host-set", - action.SetHosts: "Set the full set of hosts on a host set", - action.RemoveHosts: "Remove hosts from a host set", - }, }, resource.ManagedGroup: { scopes: iamScopes, }, resource.Role: { scopes: append(iamScopes, infraScope...), - actionDescriptions: map[action.Type]string{ - action.AddPrincipals: "Add principals to a role", - action.SetPrincipals: "Set the full set of principals on a role", - action.RemovePrincipals: "Remove principals from a role", - action.AddGrants: "Add grants to a role", - action.SetGrants: "Set the full set of grants on a role", - action.RemoveGrants: "Remove grants from a role", - }, }, resource.Scope: { scopes: iamScopes, @@ -439,22 +449,11 @@ var resources = map[resource.Type]info{ resource.Target: { scopes: infraScope, actionDescriptions: map[action.Type]string{ - action.AddHostSources: "Add host sources to a target", - action.SetHostSources: "Set the full set of host sources on a target", - action.RemoveHostSources: "Remove host sources from a target", - action.AddCredentialSources: "Add credential sources to a target", - action.SetCredentialSources: "Set the full set of credential sources on a target", - action.RemoveCredentialSources: "Remove credential sources from a target", - action.AuthorizeSession: "Authorize a session via the target", + action.AuthorizeSession: "Authorize a session via the target", }, }, resource.User: { scopes: iamScopes, - actionDescriptions: map[action.Type]string{ - action.AddAccounts: "Add accounts to a user", - action.SetAccounts: "Set the full set of accounts on a user", - action.RemoveAccounts: "Remove accounts from a user", - }, }, resource.Worker: { scopes: []string{"Global"}, diff --git a/website/content/docs/concepts/security/permissions/resource-table.mdx b/website/content/docs/concepts/security/permissions/resource-table.mdx index 578318d518..629c374931 100644 --- a/website/content/docs/concepts/security/permissions/resource-table.mdx +++ b/website/content/docs/concepts/security/permissions/resource-table.mdx @@ -52,7 +52,7 @@ The **Account** resource type supports the following scopes: **Global**, **Org** ## Alias -The **Alias** resource type supports the following scopes: +The **Alias** resource type supports the following scopes: **Global**, **Org**, **Project** | API endpoint | Parameters into permissions engine | Available actions / examples | | ------------ | ---------------------------------- | ---------------------------- | @@ -79,16 +79,13 @@ The **Auth token** resource type supports the following scopes: **Global**, **Or ## Billing -The **Billing** resource type supports the following scopes: - | API endpoint | Parameters into permissions engine | Available actions / examples | | ------------ | ---------------------------------- | ---------------------------- | | /billing |
  • Type
    • billing
|
  • monthly-active-users:
    • `type=;actions=monthly-active-users`
| -| /billing/<id> |
  • ID
    • <id>
  • Type
    • billing
|
    | ## Credential -The **Credential** resource type supports the following scopes: +The **Credential** resource type supports the following scopes: **Project** | API endpoint | Parameters into permissions engine | Available actions / examples | | ------------ | ---------------------------------- | ---------------------------- | @@ -97,7 +94,7 @@ The **Credential** resource type supports the following scopes: ## Credential library -The **Credential library** resource type supports the following scopes: +The **Credential library** resource type supports the following scopes: **Project** | API endpoint | Parameters into permissions engine | Available actions / examples | | ------------ | ---------------------------------- | ---------------------------- | @@ -106,7 +103,7 @@ The **Credential library** resource type supports the following scopes: ## Credential store -The **Credential store** resource type supports the following scopes: +The **Credential store** resource type supports the following scopes: **Project** | API endpoint | Parameters into permissions engine | Available actions / examples | | ------------ | ---------------------------------- | ---------------------------- | @@ -147,7 +144,7 @@ The **Host set** resource type supports the following scopes: **Project** | API endpoint | Parameters into permissions engine | Available actions / examples | | ------------ | ---------------------------------- | ---------------------------- | | /host-sets |
    • Type
      • host-set
    |
    • create: Create a host set
      • `type=;actions=create`
    • list: List host sets
      • `type=;actions=list`
    | -| /host-sets/<id> |
    • ID
      • <id>
    • Pin
      • <host-catalog-id>
    • Type
      • host-set
    |
    • read: Read a host set
      • `ids=;actions=read`
      • `ids=;type=;actions=read`
    • update: Update a host set
      • `ids=;actions=update`
      • `ids=;type=;actions=update`
    • delete: Delete a host set
      • `ids=;actions=delete`
      • `ids=;type=;actions=delete`
    • add-hosts: Add hosts to a host-set
      • `ids=;actions=add-hosts`
      • `ids=;type=;actions=add-hosts`
    • remove-hosts: Remove hosts from a host set
      • `ids=;actions=remove-hosts`
      • `ids=;type=;actions=remove-hosts`
    • set-hosts: Set the full set of hosts on a host set
      • `ids=;actions=set-hosts`
      • `ids=;type=;actions=set-hosts`
    | +| /host-sets/<id> |
    • ID
      • <id>
    • Pin
      • <host-catalog-id>
    • Type
      • host-set
    |
    • read: Read a host set
      • `ids=;actions=read`
      • `ids=;type=;actions=read`
    • update: Update a host set
      • `ids=;actions=update`
      • `ids=;type=;actions=update`
    • delete: Delete a host set
      • `ids=;actions=delete`
      • `ids=;type=;actions=delete`
    • add-hosts: Add hosts to a host set
      • `ids=;actions=add-hosts`
      • `ids=;type=;actions=add-hosts`
    • remove-hosts: Remove hosts from a host set
      • `ids=;actions=remove-hosts`
      • `ids=;type=;actions=remove-hosts`
    • set-hosts: Set the full set of hosts on a host set
      • `ids=;actions=set-hosts`
      • `ids=;type=;actions=set-hosts`
    | ## Managed group @@ -160,8 +157,6 @@ The **Managed group** resource type supports the following scopes: **Global**, * ## Policy -The **Policy** resource type supports the following scopes: - | API endpoint | Parameters into permissions engine | Available actions / examples | | ------------ | ---------------------------------- | ---------------------------- | | /policies |
    • Type
      • policy
    |
    • create: Create a policy
      • `type=;actions=create`
    • list: List policys
      • `type=;actions=list`
    | @@ -174,7 +169,7 @@ The **Role** resource type supports the following scopes: **Global**, **Org**, * | API endpoint | Parameters into permissions engine | Available actions / examples | | ------------ | ---------------------------------- | ---------------------------- | | /roles |
    • Type
      • role
    |
    • create: Create a role
      • `type=;actions=create`
    • list: List roles
      • `type=;actions=list`
    | -| /roles/<id> |
    • ID
      • <id>
    • Type
      • role
    |
    • read: Read a role
      • `ids=;actions=read`
    • update: Update a role
      • `ids=;actions=update`
    • delete: Delete a role
      • `ids=;actions=delete`
    • add-grant-scopes:
      • `ids=;actions=add-grant-scopes`
    • add-grants: Add grants to a role
      • `ids=;actions=add-grants`
    • add-principals: Add principals to a role
      • `ids=;actions=add-principals`
    • remove-grant-scopes:
      • `ids=;actions=remove-grant-scopes`
    • remove-grants: Remove grants from a role
      • `ids=;actions=remove-grants`
    • remove-principals: Remove principals from a role
      • `ids=;actions=remove-principals`
    • set-grant-scopes:
      • `ids=;actions=set-grant-scopes`
    • set-grants: Set the full set of grants on a role
      • `ids=;actions=set-grants`
    • set-principals: Set the full set of principals on a role
      • `ids=;actions=set-principals`
    | +| /roles/<id> |
    • ID
      • <id>
    • Type
      • role
    |
    • read: Read a role
      • `ids=;actions=read`
    • update: Update a role
      • `ids=;actions=update`
    • delete: Delete a role
      • `ids=;actions=delete`
    • add-grant-scopes: Add grant scopes to a role
      • `ids=;actions=add-grant-scopes`
    • add-grants: Add grants to a role
      • `ids=;actions=add-grants`
    • add-principals: Add principals to a role
      • `ids=;actions=add-principals`
    • remove-grant-scopes: Remove grant scopes from a role
      • `ids=;actions=remove-grant-scopes`
    • remove-grants: Remove grants from a role
      • `ids=;actions=remove-grants`
    • remove-principals: Remove principals from a role
      • `ids=;actions=remove-principals`
    • set-grant-scopes: Set the full set of grant scopes on a role
      • `ids=;actions=set-grant-scopes`
    • set-grants: Set the full set of grants on a role
      • `ids=;actions=set-grants`
    • set-principals: Set the full set of principals on a role
      • `ids=;actions=set-principals`
    | ## Scope @@ -227,8 +222,8 @@ The **User** resource type supports the following scopes: **Global**, **Org** | API endpoint | Parameters into permissions engine | Available actions / examples | | ------------ | ---------------------------------- | ---------------------------- | -| /users |
    • Type
      • user
    |
    • create: Create an user
      • `type=;actions=create`
    • list: List users
      • `type=;actions=list`
    | -| /users/<id> |
    • ID
      • <id>
    • Type
      • user
    |
    • read: Read an user
      • `ids=;actions=read`
    • update: Update an user
      • `ids=;actions=update`
    • delete: Delete an user
      • `ids=;actions=delete`
    • add-accounts: Add accounts to a user
      • `ids=;actions=add-accounts`
    • list-resolvable-aliases:
      • `ids=;actions=list-resolvable-aliases`
    • remove-accounts: Remove accounts from a user
      • `ids=;actions=remove-accounts`
    • set-accounts: Set the full set of accounts on a user
      • `ids=;actions=set-accounts`
    | +| /users |
    • Type
      • user
    |
    • create: Create a user
      • `type=;actions=create`
    • list: List users
      • `type=;actions=list`
    | +| /users/<id> |
    • ID
      • <id>
    • Type
      • user
    |
    • read: Read a user
      • `ids=;actions=read`
    • update: Update a user
      • `ids=;actions=update`
    • delete: Delete a user
      • `ids=;actions=delete`
    • add-accounts: Add accounts to a user
      • `ids=;actions=add-accounts`
    • list-resolvable-aliases:
      • `ids=;actions=list-resolvable-aliases`
    • remove-accounts: Remove accounts from a user
      • `ids=;actions=remove-accounts`
    • set-accounts: Set the full set of accounts on a user
      • `ids=;actions=set-accounts`
    | ## Worker @@ -236,8 +231,8 @@ The **Worker** resource type supports the following scopes: **Global** | API endpoint | Parameters into permissions engine | Available actions / examples | | ------------ | ---------------------------------- | ---------------------------- | -| /workers |
    • Type
      • worker
    |
    • create:controller-led: Create a worker using the controller-led workflow
      • `type=;actions=create:controller-led`
    • create:worker-led: Create a worker using the worker-led workflow
      • `type=;actions=create:worker-led`
    • list: List workers
      • `type=;actions=list`
    • read-certificate-authority:
      • `type=;actions=read-certificate-authority`
    • reinitialize-certificate-authority:
      • `type=;actions=reinitialize-certificate-authority`
    | -| /workers/<id> |
    • ID
      • <id>
    • Type
      • worker
    |
    • read: Read a worker
      • `ids=;actions=read`
    • update: Update a worker
      • `ids=;actions=update`
    • delete: Delete a worker
      • `ids=;actions=delete`
    • add-worker-tags:
      • `ids=;actions=add-worker-tags`
    • remove-worker-tags:
      • `ids=;actions=remove-worker-tags`
    • set-worker-tags:
      • `ids=;actions=set-worker-tags`
    | +| /workers |
    • Type
      • worker
    |
    • create:controller-led: Create a worker using the controller-led workflow
      • `type=;actions=create:controller-led`
      • `type=;actions=create:controller-led`
    • create:worker-led: Create a worker using the worker-led workflow
      • `type=;actions=create:worker-led`
      • `type=;actions=create:worker-led`
    • list: List workers
      • `type=;actions=list`
    • read-certificate-authority:
      • `type=;actions=read-certificate-authority`
    • reinitialize-certificate-authority:
      • `type=;actions=reinitialize-certificate-authority`
    | +| /workers/<id> |
    • ID
      • <id>
    • Type
      • worker
    |
    • read: Read a worker
      • `ids=;actions=read`
    • update: Update a worker
      • `ids=;actions=update`
    • delete: Delete a worker
      • `ids=;actions=delete`
    • add-worker-tags: Add worker tags to a worker
      • `ids=;actions=add-worker-tags`
    • remove-worker-tags: Remove worker tags from a worker
      • `ids=;actions=remove-worker-tags`
    • set-worker-tags: Set the full set of worker tags on a worker
      • `ids=;actions=set-worker-tags`
    |