Documentation
¶
Index ¶
- Constants
- Variables
- func Ancestors(p *policyv1.Policy) []namer.ModuleID
- func Dependencies(p *policyv1.Policy) []string
- func GetHash(p *policyv1.Policy) uint64
- func GetSourceFile(p *policyv1.Policy) string
- func ReadBinaryPolicy(src io.Reader) (*policyv1.Policy, error)
- func ReadPolicy(src io.Reader) (*policyv1.Policy, error)
- func ReadPolicyFromFile(fsys fs.FS, path string) (*policyv1.Policy, error)
- func RequiredAncestors(p *policyv1.Policy) map[namer.ModuleID]string
- func SchemaReferences(p *policyv1.Policy) []string
- func Validate(p *policyv1.Policy) error
- func WithHash(p *policyv1.Policy) *policyv1.Policy
- func WithMetadata(p *policyv1.Policy, source string, annotations map[string]string, ...) *policyv1.Policy
- func WithStoreIdentifier(p *policyv1.Policy, storeIdentifier string) *policyv1.Policy
- func WriteBinaryPolicy(dest io.Writer, p *policyv1.Policy) error
- func WritePolicy(dest io.Writer, p *policyv1.Policy) error
- type CompilationUnit
- type Kind
- type Wrapper
Constants ¶
const ( ResourceKindStr = "RESOURCE" PrincipalKindStr = "PRINCIPAL" DerivedRolesKindStr = "DERIVED_ROLES" )
Variables ¶
var IgnoreHashFields = map[string]struct{}{
"cerbos.policy.v1.Policy.metadata": {},
"cerbos.policy.v1.Policy.disabled": {},
"cerbos.policy.v1.Policy.description": {},
}
Functions ¶
func Ancestors ¶ added in v0.13.0
Ancestors returns the module IDs of the ancestors of this policy from most recent to oldest.
func Dependencies ¶
Dependencies returns the module names of dependencies of the policy.
func GetSourceFile ¶
GetSourceFile gets the source file name from metadata if it exists.
func ReadBinaryPolicy ¶ added in v0.9.0
ReadBinaryPolicy reads a policy from binary (protobuf encoding).
func ReadPolicy ¶
ReadPolicy reads a policy from the given reader.
func ReadPolicyFromFile ¶ added in v0.9.0
func RequiredAncestors ¶ added in v0.13.0
RequiredAncestors returns the moduleID to FQN mapping of required ancestors of the policy.
func SchemaReferences ¶ added in v0.11.0
SchemaReferences returns references to the schemas found in the policy.
func WithHash ¶ added in v0.13.0
WithHash calculates the hash for the policy and adds it to metadata.
func WithMetadata ¶
func WithMetadata(p *policyv1.Policy, source string, annotations map[string]string, storeIdentifier string) *policyv1.Policy
WithMetadata adds metadata to the policy.
func WithStoreIdentifier ¶ added in v0.13.0
WithStoreIdentifier adds the store identifier to the metadata.
func WriteBinaryPolicy ¶ added in v0.9.0
WriteBinaryPolicy writes a policy as binary (protobuf encoding).
Types ¶
type CompilationUnit ¶
type CompilationUnit struct {
Definitions map[namer.ModuleID]*policyv1.Policy
ModID namer.ModuleID
}
CompilationUnit is the set of policies that need to be compiled together. For example, if a resource policy named R imports derived roles named D, the compilation unit will contain both R and D with the ModID field pointing to R because it is the main policy.
func (*CompilationUnit) AddDefinition ¶
func (cu *CompilationUnit) AddDefinition(id namer.ModuleID, p *policyv1.Policy)
func (*CompilationUnit) Ancestors ¶ added in v0.13.0
func (cu *CompilationUnit) Ancestors() []namer.ModuleID
func (*CompilationUnit) Key ¶
func (cu *CompilationUnit) Key() string
Key returns the human readable identifier for the main module.
func (*CompilationUnit) MainPolicy ¶ added in v0.9.0
func (cu *CompilationUnit) MainPolicy() *policyv1.Policy
func (*CompilationUnit) MainSourceFile ¶
func (cu *CompilationUnit) MainSourceFile() string
type Kind ¶
type Kind int
Kind defines the type of policy (resource, principal, derived_roles etc.).
Source Files