package security

// Permission grants a set of actions to all members of a UserGroup.
type Permission struct {
	UserGroup string
	Actions   []string
}

// AgentPolicy assigns a set of permissions to all agents in an AgentGroup.
// AgentGroup may be a group name defined in SecurityPolicy.AgentGroups,
// or a direct agent ID (without defining a group).
type AgentPolicy struct {
	AgentGroup  string
	Permissions []Permission
}

// SecurityPolicy is the top-level pure data structure that describes
// who can do what across which agents.
type SecurityPolicy struct {
	UserGroups  []UserGroup
	AgentGroups []AgentGroup
	Policies    []AgentPolicy
}