policy

package
v0.0.0-...-1ac4089 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2024 License: BSD-3-Clause-Clear Imports: 7 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	AttributeRuleTypeEnum_name = map[int32]string{
		0: "ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED",
		1: "ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF",
		2: "ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF",
		3: "ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY",
	}
	AttributeRuleTypeEnum_value = map[string]int32{
		"ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED": 0,
		"ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF":      1,
		"ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF":      2,
		"ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY":   3,
	}
)

Enum value maps for AttributeRuleTypeEnum.

View Source 
var (
	SubjectMappingOperatorEnum_name = map[int32]string{
		0: "SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED",
		1: "SUBJECT_MAPPING_OPERATOR_ENUM_IN",
		2: "SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN",
	}
	SubjectMappingOperatorEnum_value = map[string]int32{
		"SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED": 0,
		"SUBJECT_MAPPING_OPERATOR_ENUM_IN":          1,
		"SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN":      2,
	}
)

Enum value maps for SubjectMappingOperatorEnum.

View Source 
var (
	ConditionBooleanTypeEnum_name = map[int32]string{
		0: "CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED",
		1: "CONDITION_BOOLEAN_TYPE_ENUM_AND",
		2: "CONDITION_BOOLEAN_TYPE_ENUM_OR",
	}
	ConditionBooleanTypeEnum_value = map[string]int32{
		"CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED": 0,
		"CONDITION_BOOLEAN_TYPE_ENUM_AND":         1,
		"CONDITION_BOOLEAN_TYPE_ENUM_OR":          2,
	}
)

Enum value maps for ConditionBooleanTypeEnum.

View Source 
var (
	Action_StandardAction_name = map[int32]string{
		0: "STANDARD_ACTION_UNSPECIFIED",
		1: "STANDARD_ACTION_DECRYPT",
		2: "STANDARD_ACTION_TRANSMIT",
	}
	Action_StandardAction_value = map[string]int32{
		"STANDARD_ACTION_UNSPECIFIED": 0,
		"STANDARD_ACTION_DECRYPT":     1,
		"STANDARD_ACTION_TRANSMIT":    2,
	}
)

Enum value maps for Action_StandardAction.

View Source 
var File_policy_objects_proto protoreflect.FileDescriptor
View Source 
var File_policy_selectors_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Action 

type Action struct {

	// Types that are assignable to Value:
	//
	//	*Action_Standard
	//	*Action_Custom
	Value isAction_Value `protobuf_oneof:"value"`
	// contains filtered or unexported fields
}

An action an entity can take

func (*Action) Descriptor deprecated 

func (*Action) Descriptor() ([]byte, []int)

Deprecated: Use Action.ProtoReflect.Descriptor instead.

func (*Action) GetCustom 

func (x *Action) GetCustom() string

func (*Action) GetStandard 

func (x *Action) GetStandard() Action_StandardAction

func (*Action) GetValue 

func (m *Action) GetValue() isAction_Value

func (*Action) ProtoMessage 

func (*Action) ProtoMessage()

func (*Action) ProtoReflect 

func (x *Action) ProtoReflect() protoreflect.Message

func (*Action) Reset 

func (x *Action) Reset()

func (*Action) String 

func (x *Action) String() string

type Action_Custom 

type Action_Custom struct {
	Custom string `protobuf:"bytes,2,opt,name=custom,proto3,oneof"`
}

type Action_Standard 

type Action_Standard struct {
	Standard Action_StandardAction `protobuf:"varint,1,opt,name=standard,proto3,enum=policy.Action_StandardAction,oneof"`
}

type Action_StandardAction 

type Action_StandardAction int32

Standard actions supported by the platform 

const (
	Action_STANDARD_ACTION_UNSPECIFIED Action_StandardAction = 0
	Action_STANDARD_ACTION_DECRYPT     Action_StandardAction = 1
	Action_STANDARD_ACTION_TRANSMIT    Action_StandardAction = 2
)

func (Action_StandardAction) Descriptor 

func (Action_StandardAction) Descriptor() protoreflect.EnumDescriptor

func (Action_StandardAction) Enum 

func (x Action_StandardAction) Enum() *Action_StandardAction

func (Action_StandardAction) EnumDescriptor deprecated 

func (Action_StandardAction) EnumDescriptor() ([]byte, []int)

Deprecated: Use Action_StandardAction.Descriptor instead.

func (Action_StandardAction) Number 

func (x Action_StandardAction) Number() protoreflect.EnumNumber

func (Action_StandardAction) String 

func (x Action_StandardAction) String() string

func (Action_StandardAction) Type 

func (Action_StandardAction) Type() protoreflect.EnumType

type Attribute 

type Attribute struct {
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// namespace of the attribute
	Namespace *Namespace `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// attribute name
	Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
	// attribute rule enum
	Rule   AttributeRuleTypeEnum `protobuf:"varint,4,opt,name=rule,proto3,enum=policy.AttributeRuleTypeEnum" json:"rule,omitempty"`
	Values []*Value              `protobuf:"bytes,5,rep,name=values,proto3" json:"values,omitempty"`
	Grants []*KeyAccessServer    `protobuf:"bytes,6,rep,name=grants,proto3" json:"grants,omitempty"`
	Fqn    string                `protobuf:"bytes,7,opt,name=fqn,proto3" json:"fqn,omitempty"`
	// active by default until explicitly deactivated
	Active *wrapperspb.BoolValue `protobuf:"bytes,8,opt,name=active,proto3" json:"active,omitempty"`
	// Common metadata
	Metadata *common.Metadata `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// contains filtered or unexported fields
}

func (*Attribute) Descriptor deprecated 

func (*Attribute) Descriptor() ([]byte, []int)

Deprecated: Use Attribute.ProtoReflect.Descriptor instead.

func (*Attribute) GetActive 

func (x *Attribute) GetActive() *wrapperspb.BoolValue

func (*Attribute) GetFqn 

func (x *Attribute) GetFqn() string

func (*Attribute) GetGrants 

func (x *Attribute) GetGrants() []*KeyAccessServer

func (*Attribute) GetId 

func (x *Attribute) GetId() string

func (*Attribute) GetMetadata 

func (x *Attribute) GetMetadata() *common.Metadata

func (*Attribute) GetName 

func (x *Attribute) GetName() string

func (*Attribute) GetNamespace 

func (x *Attribute) GetNamespace() *Namespace

func (*Attribute) GetRule 

func (x *Attribute) GetRule() AttributeRuleTypeEnum

func (*Attribute) GetValues 

func (x *Attribute) GetValues() []*Value

func (*Attribute) ProtoMessage 

func (*Attribute) ProtoMessage()

func (*Attribute) ProtoReflect 

func (x *Attribute) ProtoReflect() protoreflect.Message

func (*Attribute) Reset 

func (x *Attribute) Reset()

func (*Attribute) String 

func (x *Attribute) String() string

type AttributeDefinitionSelector 

type AttributeDefinitionSelector struct {
	WithKeyAccessGrants bool                                           `protobuf:"varint,1,opt,name=with_key_access_grants,json=withKeyAccessGrants,proto3" json:"with_key_access_grants,omitempty"`
	WithNamespace       *AttributeDefinitionSelector_NamespaceSelector `protobuf:"bytes,10,opt,name=with_namespace,json=withNamespace,proto3" json:"with_namespace,omitempty"`
	WithValues          *AttributeDefinitionSelector_ValueSelector     `protobuf:"bytes,11,opt,name=with_values,json=withValues,proto3" json:"with_values,omitempty"`
	// contains filtered or unexported fields
}

func (*AttributeDefinitionSelector) Descriptor deprecated 

func (*AttributeDefinitionSelector) Descriptor() ([]byte, []int)

Deprecated: Use AttributeDefinitionSelector.ProtoReflect.Descriptor instead.

func (*AttributeDefinitionSelector) GetWithKeyAccessGrants 

func (x *AttributeDefinitionSelector) GetWithKeyAccessGrants() bool

func (*AttributeDefinitionSelector) GetWithNamespace 

func (x *AttributeDefinitionSelector) GetWithNamespace() *AttributeDefinitionSelector_NamespaceSelector

func (*AttributeDefinitionSelector) GetWithValues 

func (x *AttributeDefinitionSelector) GetWithValues() *AttributeDefinitionSelector_ValueSelector

func (*AttributeDefinitionSelector) ProtoMessage 

func (*AttributeDefinitionSelector) ProtoMessage()

func (*AttributeDefinitionSelector) ProtoReflect 

func (x *AttributeDefinitionSelector) ProtoReflect() protoreflect.Message

func (*AttributeDefinitionSelector) Reset 

func (x *AttributeDefinitionSelector) Reset()

func (*AttributeDefinitionSelector) String 

func (x *AttributeDefinitionSelector) String() string

type AttributeDefinitionSelector_NamespaceSelector 

type AttributeDefinitionSelector_NamespaceSelector struct {
	// contains filtered or unexported fields
}

func (*AttributeDefinitionSelector_NamespaceSelector) Descriptor deprecated 

func (*AttributeDefinitionSelector_NamespaceSelector) Descriptor() ([]byte, []int)

Deprecated: Use AttributeDefinitionSelector_NamespaceSelector.ProtoReflect.Descriptor instead.

func (*AttributeDefinitionSelector_NamespaceSelector) ProtoMessage 

func (*AttributeDefinitionSelector_NamespaceSelector) ProtoMessage()

func (*AttributeDefinitionSelector_NamespaceSelector) ProtoReflect 

func (x *AttributeDefinitionSelector_NamespaceSelector) ProtoReflect() protoreflect.Message

func (*AttributeDefinitionSelector_NamespaceSelector) Reset 

func (x *AttributeDefinitionSelector_NamespaceSelector) Reset()

func (*AttributeDefinitionSelector_NamespaceSelector) String 

func (x *AttributeDefinitionSelector_NamespaceSelector) String() string

type AttributeDefinitionSelector_ValueSelector 

type AttributeDefinitionSelector_ValueSelector struct {
	WithKeyAccessGrants bool `protobuf:"varint,1,opt,name=with_key_access_grants,json=withKeyAccessGrants,proto3" json:"with_key_access_grants,omitempty"`
	WithSubjectMaps     bool `protobuf:"varint,2,opt,name=with_subject_maps,json=withSubjectMaps,proto3" json:"with_subject_maps,omitempty"`
	WithResourceMaps    bool `protobuf:"varint,3,opt,name=with_resource_maps,json=withResourceMaps,proto3" json:"with_resource_maps,omitempty"`
	// contains filtered or unexported fields
}

func (*AttributeDefinitionSelector_ValueSelector) Descriptor deprecated 

func (*AttributeDefinitionSelector_ValueSelector) Descriptor() ([]byte, []int)

Deprecated: Use AttributeDefinitionSelector_ValueSelector.ProtoReflect.Descriptor instead.

func (*AttributeDefinitionSelector_ValueSelector) GetWithKeyAccessGrants 

func (x *AttributeDefinitionSelector_ValueSelector) GetWithKeyAccessGrants() bool

func (*AttributeDefinitionSelector_ValueSelector) GetWithResourceMaps 

func (x *AttributeDefinitionSelector_ValueSelector) GetWithResourceMaps() bool

func (*AttributeDefinitionSelector_ValueSelector) GetWithSubjectMaps 

func (x *AttributeDefinitionSelector_ValueSelector) GetWithSubjectMaps() bool

func (*AttributeDefinitionSelector_ValueSelector) ProtoMessage 

func (*AttributeDefinitionSelector_ValueSelector) ProtoMessage()

func (*AttributeDefinitionSelector_ValueSelector) ProtoReflect 

func (x *AttributeDefinitionSelector_ValueSelector) ProtoReflect() protoreflect.Message

func (*AttributeDefinitionSelector_ValueSelector) Reset 

func (x *AttributeDefinitionSelector_ValueSelector) Reset()

func (*AttributeDefinitionSelector_ValueSelector) String 

func (x *AttributeDefinitionSelector_ValueSelector) String() string

type AttributeNamespaceSelector 

type AttributeNamespaceSelector struct {
	WithAttributes *AttributeNamespaceSelector_AttributeSelector `protobuf:"bytes,10,opt,name=with_attributes,json=withAttributes,proto3" json:"with_attributes,omitempty"`
	// contains filtered or unexported fields
}

func (*AttributeNamespaceSelector) Descriptor deprecated 

func (*AttributeNamespaceSelector) Descriptor() ([]byte, []int)

Deprecated: Use AttributeNamespaceSelector.ProtoReflect.Descriptor instead.

func (*AttributeNamespaceSelector) GetWithAttributes 

func (x *AttributeNamespaceSelector) GetWithAttributes() *AttributeNamespaceSelector_AttributeSelector

func (*AttributeNamespaceSelector) ProtoMessage 

func (*AttributeNamespaceSelector) ProtoMessage()

func (*AttributeNamespaceSelector) ProtoReflect 

func (x *AttributeNamespaceSelector) ProtoReflect() protoreflect.Message

func (*AttributeNamespaceSelector) Reset 

func (x *AttributeNamespaceSelector) Reset()

func (*AttributeNamespaceSelector) String 

func (x *AttributeNamespaceSelector) String() string

type AttributeNamespaceSelector_AttributeSelector 

type AttributeNamespaceSelector_AttributeSelector struct {
	WithKeyAccessGrants bool                                                        `protobuf:"varint,1,opt,name=with_key_access_grants,json=withKeyAccessGrants,proto3" json:"with_key_access_grants,omitempty"`
	WithValues          *AttributeNamespaceSelector_AttributeSelector_ValueSelector `protobuf:"bytes,10,opt,name=with_values,json=withValues,proto3" json:"with_values,omitempty"`
	// contains filtered or unexported fields
}

func (*AttributeNamespaceSelector_AttributeSelector) Descriptor deprecated 

func (*AttributeNamespaceSelector_AttributeSelector) Descriptor() ([]byte, []int)

Deprecated: Use AttributeNamespaceSelector_AttributeSelector.ProtoReflect.Descriptor instead.

func (*AttributeNamespaceSelector_AttributeSelector) GetWithKeyAccessGrants 

func (x *AttributeNamespaceSelector_AttributeSelector) GetWithKeyAccessGrants() bool

func (*AttributeNamespaceSelector_AttributeSelector) GetWithValues 

func (x *AttributeNamespaceSelector_AttributeSelector) GetWithValues() *AttributeNamespaceSelector_AttributeSelector_ValueSelector

func (*AttributeNamespaceSelector_AttributeSelector) ProtoMessage 

func (*AttributeNamespaceSelector_AttributeSelector) ProtoMessage()

func (*AttributeNamespaceSelector_AttributeSelector) ProtoReflect 

func (x *AttributeNamespaceSelector_AttributeSelector) ProtoReflect() protoreflect.Message

func (*AttributeNamespaceSelector_AttributeSelector) Reset 

func (x *AttributeNamespaceSelector_AttributeSelector) Reset()

func (*AttributeNamespaceSelector_AttributeSelector) String 

func (x *AttributeNamespaceSelector_AttributeSelector) String() string

type AttributeNamespaceSelector_AttributeSelector_ValueSelector 

type AttributeNamespaceSelector_AttributeSelector_ValueSelector struct {
	WithKeyAccessGrants bool `protobuf:"varint,1,opt,name=with_key_access_grants,json=withKeyAccessGrants,proto3" json:"with_key_access_grants,omitempty"`
	WithSubjectMaps     bool `protobuf:"varint,2,opt,name=with_subject_maps,json=withSubjectMaps,proto3" json:"with_subject_maps,omitempty"`
	WithResourceMaps    bool `protobuf:"varint,3,opt,name=with_resource_maps,json=withResourceMaps,proto3" json:"with_resource_maps,omitempty"`
	// contains filtered or unexported fields
}

func (*AttributeNamespaceSelector_AttributeSelector_ValueSelector) Descriptor deprecated 

func (*AttributeNamespaceSelector_AttributeSelector_ValueSelector) Descriptor() ([]byte, []int)

Deprecated: Use AttributeNamespaceSelector_AttributeSelector_ValueSelector.ProtoReflect.Descriptor instead.

func (*AttributeNamespaceSelector_AttributeSelector_ValueSelector) GetWithKeyAccessGrants 

func (x *AttributeNamespaceSelector_AttributeSelector_ValueSelector) GetWithKeyAccessGrants() bool

func (*AttributeNamespaceSelector_AttributeSelector_ValueSelector) GetWithResourceMaps 

func (x *AttributeNamespaceSelector_AttributeSelector_ValueSelector) GetWithResourceMaps() bool

func (*AttributeNamespaceSelector_AttributeSelector_ValueSelector) GetWithSubjectMaps 

func (x *AttributeNamespaceSelector_AttributeSelector_ValueSelector) GetWithSubjectMaps() bool

func (*AttributeNamespaceSelector_AttributeSelector_ValueSelector) ProtoMessage 

func (*AttributeNamespaceSelector_AttributeSelector_ValueSelector) ProtoMessage()

func (*AttributeNamespaceSelector_AttributeSelector_ValueSelector) ProtoReflect 

func (x *AttributeNamespaceSelector_AttributeSelector_ValueSelector) ProtoReflect() protoreflect.Message

func (*AttributeNamespaceSelector_AttributeSelector_ValueSelector) Reset 

func (x *AttributeNamespaceSelector_AttributeSelector_ValueSelector) Reset()

func (*AttributeNamespaceSelector_AttributeSelector_ValueSelector) String 

func (x *AttributeNamespaceSelector_AttributeSelector_ValueSelector) String() string

type AttributeRuleTypeEnum 

type AttributeRuleTypeEnum int32

buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren't violated when users add new enum values to an enum in a given package 

const (
	AttributeRuleTypeEnum_ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED AttributeRuleTypeEnum = 0
	AttributeRuleTypeEnum_ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF      AttributeRuleTypeEnum = 1
	AttributeRuleTypeEnum_ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF      AttributeRuleTypeEnum = 2
	AttributeRuleTypeEnum_ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY   AttributeRuleTypeEnum = 3
)

func (AttributeRuleTypeEnum) Descriptor 

func (AttributeRuleTypeEnum) Descriptor() protoreflect.EnumDescriptor

func (AttributeRuleTypeEnum) Enum 

func (x AttributeRuleTypeEnum) Enum() *AttributeRuleTypeEnum

func (AttributeRuleTypeEnum) EnumDescriptor deprecated 

func (AttributeRuleTypeEnum) EnumDescriptor() ([]byte, []int)

Deprecated: Use AttributeRuleTypeEnum.Descriptor instead.

func (AttributeRuleTypeEnum) Number 

func (x AttributeRuleTypeEnum) Number() protoreflect.EnumNumber

func (AttributeRuleTypeEnum) String 

func (x AttributeRuleTypeEnum) String() string

func (AttributeRuleTypeEnum) Type 

func (AttributeRuleTypeEnum) Type() protoreflect.EnumType

type AttributeValueSelector 

type AttributeValueSelector struct {
	WithKeyAccessGrants bool                                      `protobuf:"varint,1,opt,name=with_key_access_grants,json=withKeyAccessGrants,proto3" json:"with_key_access_grants,omitempty"`
	WithSubjectMaps     bool                                      `protobuf:"varint,2,opt,name=with_subject_maps,json=withSubjectMaps,proto3" json:"with_subject_maps,omitempty"`
	WithResourceMaps    bool                                      `protobuf:"varint,3,opt,name=with_resource_maps,json=withResourceMaps,proto3" json:"with_resource_maps,omitempty"`
	WithAttribute       *AttributeValueSelector_AttributeSelector `protobuf:"bytes,10,opt,name=with_attribute,json=withAttribute,proto3" json:"with_attribute,omitempty"`
	// contains filtered or unexported fields
}

func (*AttributeValueSelector) Descriptor deprecated 

func (*AttributeValueSelector) Descriptor() ([]byte, []int)

Deprecated: Use AttributeValueSelector.ProtoReflect.Descriptor instead.

func (*AttributeValueSelector) GetWithAttribute 

func (x *AttributeValueSelector) GetWithAttribute() *AttributeValueSelector_AttributeSelector

func (*AttributeValueSelector) GetWithKeyAccessGrants 

func (x *AttributeValueSelector) GetWithKeyAccessGrants() bool

func (*AttributeValueSelector) GetWithResourceMaps 

func (x *AttributeValueSelector) GetWithResourceMaps() bool

func (*AttributeValueSelector) GetWithSubjectMaps 

func (x *AttributeValueSelector) GetWithSubjectMaps() bool

func (*AttributeValueSelector) ProtoMessage 

func (*AttributeValueSelector) ProtoMessage()

func (*AttributeValueSelector) ProtoReflect 

func (x *AttributeValueSelector) ProtoReflect() protoreflect.Message

func (*AttributeValueSelector) Reset 

func (x *AttributeValueSelector) Reset()

func (*AttributeValueSelector) String 

func (x *AttributeValueSelector) String() string

type AttributeValueSelector_AttributeSelector 

type AttributeValueSelector_AttributeSelector struct {
	WithKeyAccessGrants bool                                                        `protobuf:"varint,1,opt,name=with_key_access_grants,json=withKeyAccessGrants,proto3" json:"with_key_access_grants,omitempty"`
	WithNamespace       *AttributeValueSelector_AttributeSelector_NamespaceSelector `protobuf:"bytes,10,opt,name=with_namespace,json=withNamespace,proto3" json:"with_namespace,omitempty"`
	// contains filtered or unexported fields
}

func (*AttributeValueSelector_AttributeSelector) Descriptor deprecated 

func (*AttributeValueSelector_AttributeSelector) Descriptor() ([]byte, []int)

Deprecated: Use AttributeValueSelector_AttributeSelector.ProtoReflect.Descriptor instead.

func (*AttributeValueSelector_AttributeSelector) GetWithKeyAccessGrants 

func (x *AttributeValueSelector_AttributeSelector) GetWithKeyAccessGrants() bool

func (*AttributeValueSelector_AttributeSelector) GetWithNamespace 

func (x *AttributeValueSelector_AttributeSelector) GetWithNamespace() *AttributeValueSelector_AttributeSelector_NamespaceSelector

func (*AttributeValueSelector_AttributeSelector) ProtoMessage 

func (*AttributeValueSelector_AttributeSelector) ProtoMessage()

func (*AttributeValueSelector_AttributeSelector) ProtoReflect 

func (x *AttributeValueSelector_AttributeSelector) ProtoReflect() protoreflect.Message

func (*AttributeValueSelector_AttributeSelector) Reset 

func (x *AttributeValueSelector_AttributeSelector) Reset()

func (*AttributeValueSelector_AttributeSelector) String 

func (x *AttributeValueSelector_AttributeSelector) String() string

type AttributeValueSelector_AttributeSelector_NamespaceSelector 

type AttributeValueSelector_AttributeSelector_NamespaceSelector struct {
	// contains filtered or unexported fields
}

func (*AttributeValueSelector_AttributeSelector_NamespaceSelector) Descriptor deprecated 

func (*AttributeValueSelector_AttributeSelector_NamespaceSelector) Descriptor() ([]byte, []int)

Deprecated: Use AttributeValueSelector_AttributeSelector_NamespaceSelector.ProtoReflect.Descriptor instead.

func (*AttributeValueSelector_AttributeSelector_NamespaceSelector) ProtoMessage 

func (*AttributeValueSelector_AttributeSelector_NamespaceSelector) ProtoMessage()

func (*AttributeValueSelector_AttributeSelector_NamespaceSelector) ProtoReflect 

func (x *AttributeValueSelector_AttributeSelector_NamespaceSelector) ProtoReflect() protoreflect.Message

func (*AttributeValueSelector_AttributeSelector_NamespaceSelector) Reset 

func (x *AttributeValueSelector_AttributeSelector_NamespaceSelector) Reset()

func (*AttributeValueSelector_AttributeSelector_NamespaceSelector) String 

func (x *AttributeValueSelector_AttributeSelector_NamespaceSelector) String() string

type Condition 

type Condition struct {

	// a jq syntax expression to select a value from an externally known field (such as from idP/LDAP)
	SubjectExternalSelectorValue string `` /* 149-byte string literal not displayed */
	// the evaluation operator of relation
	Operator SubjectMappingOperatorEnum `protobuf:"varint,2,opt,name=operator,proto3,enum=policy.SubjectMappingOperatorEnum" json:"operator,omitempty"`
	// list of comparison values for the result of applying the subject_external_selector_value with jq on a Subject, evaluated by the operator
	SubjectExternalValues []string `` /* 126-byte string literal not displayed */
	// contains filtered or unexported fields
}

* A Condition defines a rule of <the value by a jq 'selector value' expression> <operator> <subject external values>

Example: Subjects with a field selected by the jq syntax "'.division'" and a value of "Accounting" or "Marketing": { "subject_external_selector_value": "'.division'", "operator": "SUBJECT_MAPPING_OPERATOR_ENUM_IN", "subject_external_values" : ["Accounting", "Marketing"] }

Example: Subjects that are not part of the Fantastic Four according to their alias field: { "subject_external_selector_value": "'.data[0].alias'", "operator": "SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN", "subject_external_values" : ["mister_fantastic", "the_thing", "human_torch", "invisible_woman"] }

func (*Condition) Descriptor deprecated 

func (*Condition) Descriptor() ([]byte, []int)

Deprecated: Use Condition.ProtoReflect.Descriptor instead.

func (*Condition) GetOperator 

func (x *Condition) GetOperator() SubjectMappingOperatorEnum

func (*Condition) GetSubjectExternalSelectorValue 

func (x *Condition) GetSubjectExternalSelectorValue() string

func (*Condition) GetSubjectExternalValues 

func (x *Condition) GetSubjectExternalValues() []string

func (*Condition) ProtoMessage 

func (*Condition) ProtoMessage()

func (*Condition) ProtoReflect 

func (x *Condition) ProtoReflect() protoreflect.Message

func (*Condition) Reset 

func (x *Condition) Reset()

func (*Condition) String 

func (x *Condition) String() string

type ConditionBooleanTypeEnum 

type ConditionBooleanTypeEnum int32

buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren't violated when users add new enum values to an enum in a given package 

const (
	ConditionBooleanTypeEnum_CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED ConditionBooleanTypeEnum = 0
	ConditionBooleanTypeEnum_CONDITION_BOOLEAN_TYPE_ENUM_AND         ConditionBooleanTypeEnum = 1
	ConditionBooleanTypeEnum_CONDITION_BOOLEAN_TYPE_ENUM_OR          ConditionBooleanTypeEnum = 2
)

func (ConditionBooleanTypeEnum) Descriptor 

func (ConditionBooleanTypeEnum) Descriptor() protoreflect.EnumDescriptor

func (ConditionBooleanTypeEnum) Enum 

func (x ConditionBooleanTypeEnum) Enum() *ConditionBooleanTypeEnum

func (ConditionBooleanTypeEnum) EnumDescriptor deprecated 

func (ConditionBooleanTypeEnum) EnumDescriptor() ([]byte, []int)

Deprecated: Use ConditionBooleanTypeEnum.Descriptor instead.

func (ConditionBooleanTypeEnum) Number 

func (x ConditionBooleanTypeEnum) Number() protoreflect.EnumNumber

func (ConditionBooleanTypeEnum) String 

func (x ConditionBooleanTypeEnum) String() string

func (ConditionBooleanTypeEnum) Type 

func (ConditionBooleanTypeEnum) Type() protoreflect.EnumType

type ConditionGroup 

type ConditionGroup struct {
	Conditions []*Condition `protobuf:"bytes,1,rep,name=conditions,proto3" json:"conditions,omitempty"`
	// the boolean evaluation type across the conditions
	BooleanOperator ConditionBooleanTypeEnum `` /* 144-byte string literal not displayed */
	// contains filtered or unexported fields
}

A collection of Conditions evaluated by the boolean_operator provided

func (*ConditionGroup) Descriptor deprecated 

func (*ConditionGroup) Descriptor() ([]byte, []int)

Deprecated: Use ConditionGroup.ProtoReflect.Descriptor instead.

func (*ConditionGroup) GetBooleanOperator 

func (x *ConditionGroup) GetBooleanOperator() ConditionBooleanTypeEnum

func (*ConditionGroup) GetConditions 

func (x *ConditionGroup) GetConditions() []*Condition

func (*ConditionGroup) ProtoMessage 

func (*ConditionGroup) ProtoMessage()

func (*ConditionGroup) ProtoReflect 

func (x *ConditionGroup) ProtoReflect() protoreflect.Message

func (*ConditionGroup) Reset 

func (x *ConditionGroup) Reset()

func (*ConditionGroup) String 

func (x *ConditionGroup) String() string

type KeyAccessServer 

type KeyAccessServer struct {
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Address of a KAS instance
	Uri       string     `protobuf:"bytes,2,opt,name=uri,proto3" json:"uri,omitempty"`
	PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// Common metadata
	Metadata *common.Metadata `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// contains filtered or unexported fields
}

Key Access Server Registry

func (*KeyAccessServer) Descriptor deprecated 

func (*KeyAccessServer) Descriptor() ([]byte, []int)

Deprecated: Use KeyAccessServer.ProtoReflect.Descriptor instead.

func (*KeyAccessServer) GetId 

func (x *KeyAccessServer) GetId() string

func (*KeyAccessServer) GetMetadata 

func (x *KeyAccessServer) GetMetadata() *common.Metadata

func (*KeyAccessServer) GetPublicKey 

func (x *KeyAccessServer) GetPublicKey() *PublicKey

func (*KeyAccessServer) GetUri 

func (x *KeyAccessServer) GetUri() string

func (*KeyAccessServer) ProtoMessage 

func (*KeyAccessServer) ProtoMessage()

func (*KeyAccessServer) ProtoReflect 

func (x *KeyAccessServer) ProtoReflect() protoreflect.Message

func (*KeyAccessServer) Reset 

func (x *KeyAccessServer) Reset()

func (*KeyAccessServer) String 

func (x *KeyAccessServer) String() string

type Namespace 

type Namespace struct {

	// generated uuid in database
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// used to partition Attribute Definitions, support by namespace AuthN and enable federation
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	Fqn  string `protobuf:"bytes,3,opt,name=fqn,proto3" json:"fqn,omitempty"`
	// active by default until explicitly deactivated
	Active   *wrapperspb.BoolValue `protobuf:"bytes,4,opt,name=active,proto3" json:"active,omitempty"`
	Metadata *common.Metadata      `protobuf:"bytes,5,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// contains filtered or unexported fields
}

func (*Namespace) Descriptor deprecated 

func (*Namespace) Descriptor() ([]byte, []int)

Deprecated: Use Namespace.ProtoReflect.Descriptor instead.

func (*Namespace) GetActive 

func (x *Namespace) GetActive() *wrapperspb.BoolValue

func (*Namespace) GetFqn 

func (x *Namespace) GetFqn() string

func (*Namespace) GetId 

func (x *Namespace) GetId() string

func (*Namespace) GetMetadata 

func (x *Namespace) GetMetadata() *common.Metadata

func (*Namespace) GetName 

func (x *Namespace) GetName() string

func (*Namespace) ProtoMessage 

func (*Namespace) ProtoMessage()

func (*Namespace) ProtoReflect 

func (x *Namespace) ProtoReflect() protoreflect.Message

func (*Namespace) Reset 

func (x *Namespace) Reset()

func (*Namespace) String 

func (x *Namespace) String() string

type PublicKey 

type PublicKey struct {

	// Types that are assignable to PublicKey:
	//
	//	*PublicKey_Remote
	//	*PublicKey_Local
	PublicKey isPublicKey_PublicKey `protobuf_oneof:"public_key"`
	// contains filtered or unexported fields
}

func (*PublicKey) Descriptor deprecated 

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetLocal 

func (x *PublicKey) GetLocal() string

func (*PublicKey) GetPublicKey 

func (m *PublicKey) GetPublicKey() isPublicKey_PublicKey

func (*PublicKey) GetRemote 

func (x *PublicKey) GetRemote() string

func (*PublicKey) ProtoMessage 

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect 

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) Reset 

func (x *PublicKey) Reset()

func (*PublicKey) String 

func (x *PublicKey) String() string

type PublicKey_Local 

type PublicKey_Local struct {
	// public key - optional since can also be retrieved via url
	Local string `protobuf:"bytes,2,opt,name=local,proto3,oneof"`
}

type PublicKey_Remote 

type PublicKey_Remote struct {
	// kas public key url - optional since can also be retrieved via public key
	Remote string `protobuf:"bytes,1,opt,name=remote,proto3,oneof"`
}

type ResourceMapping 

type ResourceMapping struct {
	Id             string           `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Metadata       *common.Metadata `protobuf:"bytes,2,opt,name=metadata,proto3" json:"metadata,omitempty"`
	AttributeValue *Value           `protobuf:"bytes,3,opt,name=attribute_value,json=attributeValue,proto3" json:"attribute_value,omitempty"`
	Terms          []string         `protobuf:"bytes,4,rep,name=terms,proto3" json:"terms,omitempty"`
	// contains filtered or unexported fields
}

Resource Mappings (aka Access Control Resource Encodings aka ACRE) are structures supporting the mapping of Resources and Attribute Values

func (*ResourceMapping) Descriptor deprecated 

func (*ResourceMapping) Descriptor() ([]byte, []int)

Deprecated: Use ResourceMapping.ProtoReflect.Descriptor instead.

func (*ResourceMapping) GetAttributeValue 

func (x *ResourceMapping) GetAttributeValue() *Value

func (*ResourceMapping) GetId 

func (x *ResourceMapping) GetId() string

func (*ResourceMapping) GetMetadata 

func (x *ResourceMapping) GetMetadata() *common.Metadata

func (*ResourceMapping) GetTerms 

func (x *ResourceMapping) GetTerms() []string

func (*ResourceMapping) ProtoMessage 

func (*ResourceMapping) ProtoMessage()

func (*ResourceMapping) ProtoReflect 

func (x *ResourceMapping) ProtoReflect() protoreflect.Message

func (*ResourceMapping) Reset 

func (x *ResourceMapping) Reset()

func (*ResourceMapping) String 

func (x *ResourceMapping) String() string

type SubjectConditionSet 

type SubjectConditionSet struct {
	Id          string           `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	SubjectSets []*SubjectSet    `protobuf:"bytes,3,rep,name=subject_sets,json=subjectSets,proto3" json:"subject_sets,omitempty"`
	Metadata    *common.Metadata `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// contains filtered or unexported fields
}

A container for multiple Subject Sets, each containing Condition Groups, each containing Conditions. Multiple Subject Sets in a SubjectConditionSet are evaluated with AND logic. As each Subject Mapping has only one Attribute Value, the SubjectConditionSet is reusable across multiple Subject Mappings / Attribute Values and is an independent unit.

func (*SubjectConditionSet) Descriptor deprecated 

func (*SubjectConditionSet) Descriptor() ([]byte, []int)

Deprecated: Use SubjectConditionSet.ProtoReflect.Descriptor instead.

func (*SubjectConditionSet) GetId 

func (x *SubjectConditionSet) GetId() string

func (*SubjectConditionSet) GetMetadata 

func (x *SubjectConditionSet) GetMetadata() *common.Metadata

func (*SubjectConditionSet) GetSubjectSets 

func (x *SubjectConditionSet) GetSubjectSets() []*SubjectSet

func (*SubjectConditionSet) ProtoMessage 

func (*SubjectConditionSet) ProtoMessage()

func (*SubjectConditionSet) ProtoReflect 

func (x *SubjectConditionSet) ProtoReflect() protoreflect.Message

func (*SubjectConditionSet) Reset 

func (x *SubjectConditionSet) Reset()

func (*SubjectConditionSet) String 

func (x *SubjectConditionSet) String() string

type SubjectMapping 

type SubjectMapping struct {
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"
	AttributeValue *Value `protobuf:"bytes,2,opt,name=attribute_value,json=attributeValue,proto3" json:"attribute_value,omitempty"`
	// the reusable SubjectConditionSet mapped to the given Attribute Value
	SubjectConditionSet *SubjectConditionSet `protobuf:"bytes,3,opt,name=subject_condition_set,json=subjectConditionSet,proto3" json:"subject_condition_set,omitempty"`
	// The actions permitted by subjects in this mapping
	Actions  []*Action        `protobuf:"bytes,4,rep,name=actions,proto3" json:"actions,omitempty"`
	Metadata *common.Metadata `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// contains filtered or unexported fields
}

Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute value + action(s) combination

Example: Subjects in sets 1 and 2 are entitled attribute value http://wwww.example.org/attr/example/value/one with permitted actions TRANSMIT and DECRYPT { "id": "someid", "attribute_value": {example_one_attribute_value...}, "subject_condition_set": {"subject_sets":[{subject_set_1},{subject_set_2}]...}, "actions": [{"standard": "STANDARD_ACTION_DECRYPT"}", {"standard": "STANDARD_ACTION_TRANSMIT"}] }

func (*SubjectMapping) Descriptor deprecated 

func (*SubjectMapping) Descriptor() ([]byte, []int)

Deprecated: Use SubjectMapping.ProtoReflect.Descriptor instead.

func (*SubjectMapping) GetActions 

func (x *SubjectMapping) GetActions() []*Action

func (*SubjectMapping) GetAttributeValue 

func (x *SubjectMapping) GetAttributeValue() *Value

func (*SubjectMapping) GetId 

func (x *SubjectMapping) GetId() string

func (*SubjectMapping) GetMetadata 

func (x *SubjectMapping) GetMetadata() *common.Metadata

func (*SubjectMapping) GetSubjectConditionSet 

func (x *SubjectMapping) GetSubjectConditionSet() *SubjectConditionSet

func (*SubjectMapping) ProtoMessage 

func (*SubjectMapping) ProtoMessage()

func (*SubjectMapping) ProtoReflect 

func (x *SubjectMapping) ProtoReflect() protoreflect.Message

func (*SubjectMapping) Reset 

func (x *SubjectMapping) Reset()

func (*SubjectMapping) String 

func (x *SubjectMapping) String() string

type SubjectMappingOperatorEnum 

type SubjectMappingOperatorEnum int32

buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren't violated when users add new enum values to an enum in a given package 

const (
	SubjectMappingOperatorEnum_SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED SubjectMappingOperatorEnum = 0
	SubjectMappingOperatorEnum_SUBJECT_MAPPING_OPERATOR_ENUM_IN          SubjectMappingOperatorEnum = 1
	SubjectMappingOperatorEnum_SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN      SubjectMappingOperatorEnum = 2
)

func (SubjectMappingOperatorEnum) Descriptor 

func (SubjectMappingOperatorEnum) Descriptor() protoreflect.EnumDescriptor

func (SubjectMappingOperatorEnum) Enum 

func (x SubjectMappingOperatorEnum) Enum() *SubjectMappingOperatorEnum

func (SubjectMappingOperatorEnum) EnumDescriptor deprecated 

func (SubjectMappingOperatorEnum) EnumDescriptor() ([]byte, []int)

Deprecated: Use SubjectMappingOperatorEnum.Descriptor instead.

func (SubjectMappingOperatorEnum) Number 

func (x SubjectMappingOperatorEnum) Number() protoreflect.EnumNumber

func (SubjectMappingOperatorEnum) String 

func (x SubjectMappingOperatorEnum) String() string

func (SubjectMappingOperatorEnum) Type 

func (SubjectMappingOperatorEnum) Type() protoreflect.EnumType

type SubjectProperty 

type SubjectProperty struct {
	ExternalSelectorValue string `` /* 126-byte string literal not displayed */
	ExternalValue         string `protobuf:"bytes,2,opt,name=external_value,json=externalValue,proto3" json:"external_value,omitempty"`
	// contains filtered or unexported fields
}

A property of a Subject/Entity as its selector expression -> value result pair. This would mirror external user attributes retrieved from an authoritative source such as an IDP (Identity Provider) or User Store. Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must contain both a selector expression & a resulting value.

The external_selector_value is a jq syntax expression to select a value from an externally known field (such as from idP/LDAP), and the external_value is the value selected by the external_selector_value on that Subject's Context. These mirror the Condition.

func (*SubjectProperty) Descriptor deprecated 

func (*SubjectProperty) Descriptor() ([]byte, []int)

Deprecated: Use SubjectProperty.ProtoReflect.Descriptor instead.

func (*SubjectProperty) GetExternalSelectorValue 

func (x *SubjectProperty) GetExternalSelectorValue() string

func (*SubjectProperty) GetExternalValue 

func (x *SubjectProperty) GetExternalValue() string

func (*SubjectProperty) ProtoMessage 

func (*SubjectProperty) ProtoMessage()

func (*SubjectProperty) ProtoReflect 

func (x *SubjectProperty) ProtoReflect() protoreflect.Message

func (*SubjectProperty) Reset 

func (x *SubjectProperty) Reset()

func (*SubjectProperty) String 

func (x *SubjectProperty) String() string

type SubjectSet 

type SubjectSet struct {

	// multiple Condition Groups are evaluated with AND logic
	ConditionGroups []*ConditionGroup `protobuf:"bytes,1,rep,name=condition_groups,json=conditionGroups,proto3" json:"condition_groups,omitempty"`
	// contains filtered or unexported fields
}

A collection of Condition Groups

func (*SubjectSet) Descriptor deprecated 

func (*SubjectSet) Descriptor() ([]byte, []int)

Deprecated: Use SubjectSet.ProtoReflect.Descriptor instead.

func (*SubjectSet) GetConditionGroups 

func (x *SubjectSet) GetConditionGroups() []*ConditionGroup

func (*SubjectSet) ProtoMessage 

func (*SubjectSet) ProtoMessage()

func (*SubjectSet) ProtoReflect 

func (x *SubjectSet) ProtoReflect() protoreflect.Message

func (*SubjectSet) Reset 

func (x *SubjectSet) Reset()

func (*SubjectSet) String 

func (x *SubjectSet) String() string

type Value 

type Value struct {

	// generated uuid in database
	Id        string     `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Attribute *Attribute `protobuf:"bytes,2,opt,name=attribute,proto3" json:"attribute,omitempty"`
	Value     string     `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
	// list of attribute values that this value is related to (attribute group)
	Members []*Value `protobuf:"bytes,4,rep,name=members,proto3" json:"members,omitempty"`
	// list of key access servers
	Grants []*KeyAccessServer `protobuf:"bytes,5,rep,name=grants,proto3" json:"grants,omitempty"`
	Fqn    string             `protobuf:"bytes,6,opt,name=fqn,proto3" json:"fqn,omitempty"`
	// active by default until explicitly deactivated
	Active *wrapperspb.BoolValue `protobuf:"bytes,7,opt,name=active,proto3" json:"active,omitempty"`
	// subject mapping
	SubjectMappings []*SubjectMapping `protobuf:"bytes,8,rep,name=subject_mappings,json=subjectMappings,proto3" json:"subject_mappings,omitempty"`
	// Common metadata
	Metadata *common.Metadata `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// contains filtered or unexported fields
}

func (*Value) Descriptor deprecated 

func (*Value) Descriptor() ([]byte, []int)

Deprecated: Use Value.ProtoReflect.Descriptor instead.

func (*Value) GetActive 

func (x *Value) GetActive() *wrapperspb.BoolValue

func (*Value) GetAttribute 

func (x *Value) GetAttribute() *Attribute

func (*Value) GetFqn 

func (x *Value) GetFqn() string

func (*Value) GetGrants 

func (x *Value) GetGrants() []*KeyAccessServer

func (*Value) GetId 

func (x *Value) GetId() string

func (*Value) GetMembers 

func (x *Value) GetMembers() []*Value

func (*Value) GetMetadata 

func (x *Value) GetMetadata() *common.Metadata

func (*Value) GetSubjectMappings 

func (x *Value) GetSubjectMappings() []*SubjectMapping

func (*Value) GetValue 

func (x *Value) GetValue() string

func (*Value) ProtoMessage 

func (*Value) ProtoMessage()

func (*Value) ProtoReflect 

func (x *Value) ProtoReflect() protoreflect.Message

func (*Value) Reset 

func (x *Value) Reset()

func (*Value) String 

func (x *Value) String() string

Source Files

View all Source files

Directories

Path Synopsis
Package attributes is a reverse proxy.
 Package attributes is a reverse proxy.
Package kasregistry is a reverse proxy.
 Package kasregistry is a reverse proxy.
Package namespaces is a reverse proxy.
 Package namespaces is a reverse proxy.
Package resourcemapping is a reverse proxy.
 Package resourcemapping is a reverse proxy.
Package subjectmapping is a reverse proxy.
 Package subjectmapping is a reverse proxy.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.