policy

package
v0.24.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 9, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ResourceKindStr     = "RESOURCE"
	PrincipalKindStr    = "PRINCIPAL"
	DerivedRolesKindStr = "DERIVED_ROLES"
)

Variables

View Source
var IgnoreHashFields = map[string]struct{}{
	"cerbos.policy.v1.Policy.metadata":    {},
	"cerbos.policy.v1.Policy.disabled":    {},
	"cerbos.policy.v1.Policy.description": {},
}

Functions

func Ancestors added in v0.13.0

func Ancestors(p *policyv1.Policy) []namer.ModuleID

Ancestors returns the module IDs of the ancestors of this policy from most recent to oldest.

func Dependencies

func Dependencies(p *policyv1.Policy) []string

Dependencies returns the module names of dependencies of the policy.

func GetHash added in v0.13.0

func GetHash(p *policyv1.Policy) uint64

GetHash returns the hash of the policy.

func GetSourceFile

func GetSourceFile(p *policyv1.Policy) string

GetSourceFile gets the source file name from metadata if it exists.

func ReadBinaryPolicy added in v0.9.0

func ReadBinaryPolicy(src io.Reader) (*policyv1.Policy, error)

ReadBinaryPolicy reads a policy from binary (protobuf encoding).

func ReadPolicy

func ReadPolicy(src io.Reader) (*policyv1.Policy, error)

ReadPolicy reads a policy from the given reader.

func ReadPolicyFromFile added in v0.9.0

func ReadPolicyFromFile(fsys fs.FS, path string) (*policyv1.Policy, error)

func RequiredAncestors added in v0.13.0

func RequiredAncestors(p *policyv1.Policy) map[namer.ModuleID]string

RequiredAncestors returns the moduleID to FQN mapping of required ancestors of the policy.

func SchemaReferences added in v0.11.0

func SchemaReferences(p *policyv1.Policy) []string

SchemaReferences returns references to the schemas found in the policy.

func Validate

func Validate(p *policyv1.Policy) error

func WithHash added in v0.13.0

func WithHash(p *policyv1.Policy) *policyv1.Policy

WithHash calculates the hash for the policy and adds it to metadata.

func WithMetadata

func WithMetadata(p *policyv1.Policy, source string, annotations map[string]string, storeIdentifier string) *policyv1.Policy

WithMetadata adds metadata to the policy.

func WithStoreIdentifier added in v0.13.0

func WithStoreIdentifier(p *policyv1.Policy, storeIdentifier string) *policyv1.Policy

WithStoreIdentifier adds the store identifier to the metadata.

func WriteBinaryPolicy added in v0.9.0

func WriteBinaryPolicy(dest io.Writer, p *policyv1.Policy) error

WriteBinaryPolicy writes a policy as binary (protobuf encoding).

func WritePolicy

func WritePolicy(dest io.Writer, p *policyv1.Policy) error

WritePolicy writes a policy as YAML to the destination.

Types

type CompilationUnit

type CompilationUnit struct {
	Definitions map[namer.ModuleID]*policyv1.Policy
	ModID       namer.ModuleID
}

CompilationUnit is the set of policies that need to be compiled together. For example, if a resource policy named R imports derived roles named D, the compilation unit will contain both R and D with the ModID field pointing to R because it is the main policy.

func (*CompilationUnit) AddDefinition

func (cu *CompilationUnit) AddDefinition(id namer.ModuleID, p *policyv1.Policy)

func (*CompilationUnit) Ancestors added in v0.13.0

func (cu *CompilationUnit) Ancestors() []namer.ModuleID

func (*CompilationUnit) Key

func (cu *CompilationUnit) Key() string

Key returns the human readable identifier for the main module.

func (*CompilationUnit) MainPolicy added in v0.9.0

func (cu *CompilationUnit) MainPolicy() *policyv1.Policy

func (*CompilationUnit) MainSourceFile

func (cu *CompilationUnit) MainSourceFile() string

type Kind

type Kind int

Kind defines the type of policy (resource, principal, derived_roles etc.).

const (
	// ResourceKind points to a resource policy.
	ResourceKind Kind = iota
	PrincipalKind
	DerivedRolesKind
)

func GetKind

func GetKind(p *policyv1.Policy) Kind

GetKind returns the kind of the given policy.

func (Kind) String

func (k Kind) String() string

type Wrapper

type Wrapper struct {
	*policyv1.Policy
	FQN     string
	Name    string
	Version string
	Scope   string
	ID      namer.ModuleID
	Kind    Kind
}

Wrapper is a convenience layer over the policy definition.

func Wrap

func Wrap(p *policyv1.Policy) Wrapper

Wrap augments a policy with useful information about itself.

func (Wrapper) Dependencies

func (pw Wrapper) Dependencies() []namer.ModuleID

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL