kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add PAM support (#3438)

Browse Source 
* PAM first pass

* Add factory and extend to organization

* Extend to project, add examples

* Add additionalProperties to all objects

* Fix boilerplate

* Expose pam_entitlements to project-factory

* Fix readme

* Move entitlements to second folder/project pass

* extend tests

* Fix readme

* Remove timeouts from inventories
This commit is contained in:
Julio Castillo
2025-10-20 14:50:37 +02:00
committed by GitHub
parent 0759cf5454
commit 48f6b4cd49
36 changed files with 1962 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
modules/organization/schemas/pam-entitlements.schema.json Normal file
View File

@@ -0,0 +1,115 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"patternProperties": {
"^[a-z][a-z0-9-]{0,61}[a-z0-9]$": {
"type": "object",
"properties": {
"max_request_duration": {
"type": "string"
},
"eligible_users": {
"type": "array",
"items": {
"type": "string"
}
},
"privileged_access": {
"type": "array",
"items": {
"type": "object",
"properties": {
"role": {
"type": "string"
},
"condition": {
"type": "string"
}
},
"required": [
"role"
],
"additionalProperties": false
}
},
"requester_justification_config": {
"type": "object",
"properties": {
"not_mandatory": {
"type": "boolean"
},
"unstructured": {
"type": "boolean"
}
},
"additionalProperties": false
},
"manual_approvals": {
"type": "object",
"properties": {
"require_approver_justification": {
"type": "boolean"
},
"steps": {
"type": "array",
"items": {
"type": "object",
"properties": {
"approvers": {
"type": "array",
"items": {
"type": "string"
}
},
"approvals_needed": {
"type": "number"
},
"approver_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"approvers"
],
"additionalProperties": false
}
}
},
"required": [
"require_approver_justification",
"steps"
],
"additionalProperties": false
},
"additional_notification_targets": {
"type": "object",
"properties": {
"admin_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
},
"requester_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"required": [
"max_request_duration",
"eligible_users",
"privileged_access"
],
"additionalProperties": false
}
},
"additionalProperties": false
}

43
modules/organization/schemas/pam-entitlements.schema.md Normal file
View File

@@ -0,0 +1,43 @@
# None
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **`^[a-z][a-z0-9-]{0,61}[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**max_request_duration**: *string*
- ⁺**eligible_users**: *array*
- items: *string*
- ⁺**privileged_access**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**role**: *string*
- **condition**: *string*
- **requester_justification_config**: *object*
<br>*additional properties: false*
- **not_mandatory**: *boolean*
- **unstructured**: *boolean*
- **manual_approvals**: *object*
<br>*additional properties: false*
- ⁺**require_approver_justification**: *boolean*
- ⁺**steps**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**approvers**: *array*
- items: *string*
- **approvals_needed**: *number*
- **approver_email_recipients**: *array*
- items: *string*
- **additional_notification_targets**: *object*
<br>*additional properties: false*
- **admin_email_recipients**: *array*
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*
## Definitions