policy

package
v0.38.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 7, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ResourceKindStr        = "RESOURCE"
	PrincipalKindStr       = "PRINCIPAL"
	DerivedRolesKindStr    = "DERIVED_ROLES"
	ExportVariablesKindStr = "EXPORT_VARIABLES"
)

Variables

View Source
var IgnoreHashFields = map[string]struct{}{
	"cerbos.policy.v1.Policy.description": {},
	"cerbos.policy.v1.Policy.disabled":    {},
	"cerbos.policy.v1.Policy.json_schema": {},
	"cerbos.policy.v1.Policy.metadata":    {},
}

Functions

func Ancestors added in v0.13.0

func Ancestors(p *policyv1.Policy) []namer.ModuleID

Ancestors returns the module IDs of the ancestors of this policy from most recent to oldest.

func Dependencies

func Dependencies(p *policyv1.Policy) ([]string, []string)

Dependencies returns the module names of dependencies of the policy.

func DerivedRoleConditionProtoPath added in v0.34.0

func DerivedRoleConditionProtoPath(idx int) string

func DerivedRoleRuleProtoPath added in v0.34.0

func DerivedRoleRuleProtoPath(idx int) string

func ExportVariablesVariableProtoPath added in v0.34.0

func ExportVariablesVariableProtoPath() string

func FindPolicy added in v0.34.0

func FindPolicy(src io.Reader, modID namer.ModuleID) (*policyv1.Policy, parser.SourceCtx, error)

FindPolicy finds a policy by ID from the given reader.

func GetHash added in v0.13.0

func GetHash(p *policyv1.Policy) uint64

GetHash returns the hash of the policy.

func GetScope added in v0.30.0

func GetScope(p *policyv1.Policy) string

func GetSourceFile

func GetSourceFile(p *policyv1.Policy) string

GetSourceFile gets the source file name from metadata if it exists.

func ListActions added in v0.35.0

func ListActions(p *policyv1.Policy) []string

ListActions returns unique list of actions in a policy.

func ListExportedDerivedRoles added in v0.37.0

func ListExportedDerivedRoles(drp *policyv1.DerivedRoles) []*responsev1.InspectPoliciesResponse_DerivedRole

ListExportedDerivedRoles returns exported derived roles defined in the given derived roles policy.

func ListPolicySetActions added in v0.35.0

func ListPolicySetActions(ps *runtimev1.RunnablePolicySet) []string

ListPolicySetActions returns unique list of actions in a policy set.

func ListPolicySetDerivedRoles added in v0.37.0

ListPolicySetDerivedRoles returns imported and used derived roles defined in a policy set.

func ListPolicySetVariables added in v0.37.0

ListPolicySetVariables returns local and exported variables defined in a policy set.

func ListVariables added in v0.37.0

ListVariables returns local and exported variables (not imported ones) defined in a policy.

func PrincipalPolicyActionRuleProtoPath added in v0.34.0

func PrincipalPolicyActionRuleProtoPath(parentIdx, idx int) string

func PrincipalPolicyRuleProtoPath added in v0.34.0

func PrincipalPolicyRuleProtoPath(idx int) string

func ReadBinaryPolicy added in v0.9.0

func ReadBinaryPolicy(src io.Reader) (*policyv1.Policy, error)

ReadBinaryPolicy reads a policy from binary (protobuf encoding).

func ReadPolicy

func ReadPolicy(src io.Reader) (*policyv1.Policy, error)

ReadPolicy reads a policy from the given reader.

func ReadPolicyFromFile added in v0.9.0

func ReadPolicyFromFile(fsys fs.FS, path string) (*policyv1.Policy, error)

func ReadPolicyWithSourceContext added in v0.34.0

func ReadPolicyWithSourceContext(fsys fs.FS, path string) (*policyv1.Policy, parser.SourceCtx, error)

ReadPolicyWithSourceContext reads a policy and returns it along with information about its source.

func ReadPolicyWithSourceContextFromReader added in v0.34.0

func ReadPolicyWithSourceContextFromReader(src io.Reader) (*policyv1.Policy, parser.SourceCtx, error)

func RequiredAncestors added in v0.13.0

func RequiredAncestors(p *policyv1.Policy) map[namer.ModuleID]string

RequiredAncestors returns the moduleID to FQN mapping of required ancestors of the policy.

func ResourcePolicyImportDerivedRolesProtoPath added in v0.34.0

func ResourcePolicyImportDerivedRolesProtoPath(idx int) string

func ResourcePolicyPrincipalSchemaProtoPath added in v0.34.0

func ResourcePolicyPrincipalSchemaProtoPath() string

func ResourcePolicyResourceSchemaProtoPath added in v0.34.0

func ResourcePolicyResourceSchemaProtoPath() string

func ResourcePolicyRuleProtoPath added in v0.34.0

func ResourcePolicyRuleProtoPath(idx int) string

func ResourcePolicyRuleReferencedDerivedRoleProtoPath added in v0.34.0

func ResourcePolicyRuleReferencedDerivedRoleProtoPath(ruleIdx, roleIdx int) string

func SchemaReferences added in v0.11.0

func SchemaReferences(p *policyv1.Policy) []string

SchemaReferences returns references to the schemas found in the policy.

func Validate

func Validate(p *policyv1.Policy, sc parser.SourceCtx) error

func VariablesImportProtoPath added in v0.34.0

func VariablesImportProtoPath(p *policyv1.Policy, idx int) string

func VariablesLocalProtoPath added in v0.34.0

func VariablesLocalProtoPath(p *policyv1.Policy) string

func WithHash added in v0.13.0

func WithHash(p *policyv1.Policy) *policyv1.Policy

WithHash calculates the hash for the policy and adds it to metadata.

func WithMetadata

func WithMetadata(p *policyv1.Policy, source string, annotations map[string]string, storeIdentifier string, sourceAttr ...SourceAttribute) *policyv1.Policy

WithMetadata adds metadata to the policy.

func WithSourceAttributes added in v0.33.0

func WithSourceAttributes(p *policyv1.Policy, attrs ...SourceAttribute) *policyv1.Policy

WithSourceAttributes adds given source attributes to the policy.

func WithStoreIdentifier added in v0.13.0

func WithStoreIdentifier(p *policyv1.Policy, storeIdentifier string) *policyv1.Policy

WithStoreIdentifier adds the store identifier to the metadata.

func WriteBinaryPolicy added in v0.9.0

func WriteBinaryPolicy(dest io.Writer, p *policyv1.Policy) error

WriteBinaryPolicy writes a policy as binary (protobuf encoding).

func WritePolicy

func WritePolicy(dest io.Writer, p *policyv1.Policy) error

WritePolicy writes a policy as YAML to the destination.

Types

type CompilationUnit

type CompilationUnit struct {
	Definitions    map[namer.ModuleID]*policyv1.Policy
	SourceContexts map[namer.ModuleID]parser.SourceCtx
	ModID          namer.ModuleID
}

CompilationUnit is the set of policies that need to be compiled together. For example, if a resource policy named R imports derived roles named D, the compilation unit will contain both R and D with the ModID field pointing to R because it is the main policy.

func (*CompilationUnit) AddDefinition

func (cu *CompilationUnit) AddDefinition(id namer.ModuleID, p *policyv1.Policy, sc parser.SourceCtx)

func (*CompilationUnit) Ancestors added in v0.13.0

func (cu *CompilationUnit) Ancestors() []namer.ModuleID

func (*CompilationUnit) Key

func (cu *CompilationUnit) Key() string

Key returns the human readable identifier for the main module.

func (*CompilationUnit) MainPolicy added in v0.9.0

func (cu *CompilationUnit) MainPolicy() *policyv1.Policy

func (*CompilationUnit) MainSourceFile

func (cu *CompilationUnit) MainSourceFile() string

type Kind

type Kind policyv1.Kind

Kind defines the type of policy (resource, principal, derived_roles etc.).

const (
	DerivedRolesKind    Kind = Kind(policyv1.Kind_KIND_DERIVED_ROLES)
	ExportVariablesKind Kind = Kind(policyv1.Kind_KIND_EXPORT_VARIABLES)
	PrincipalKind       Kind = Kind(policyv1.Kind_KIND_PRINCIPAL)
	ResourceKind        Kind = Kind(policyv1.Kind_KIND_RESOURCE)
)

func GetKind

func GetKind(p *policyv1.Policy) Kind

GetKind returns the kind of the given policy.

func KindFromFQN added in v0.29.0

func KindFromFQN(fqn string) Kind

KindFromFQN returns the kind of policy referred to by the given fully-qualified name.

func (Kind) String

func (k Kind) String() string

type SourceAttribute added in v0.33.0

type SourceAttribute struct {
	Value *structpb.Value
	Key   string
}

SourceAttribute holds structured information about the policy from its source.

func SourceDriver added in v0.33.0

func SourceDriver(driver string) SourceAttribute

SourceDriver creates a source attribute for the storage driver.

func SourceFile added in v0.33.0

func SourceFile(source string) SourceAttribute

SourceFile creates a source attribute describing the file name of the policy.

func SourceUpdateTS added in v0.33.0

func SourceUpdateTS(timestamp time.Time) SourceAttribute

SourceUpdateTS creates a source attribute describing the time a policy was updated in a mutable store.

func SourceUpdateTSNow added in v0.33.0

func SourceUpdateTSNow() SourceAttribute

SourceUpdateTSNow creates a source attribute setting the update time to now.

type ValidationError added in v0.34.0

type ValidationError struct {
	Err *sourcev1.Error
}

func (ValidationError) Error added in v0.34.0

func (ve ValidationError) Error() string

type Wrapper

type Wrapper struct {
	*policyv1.Policy
	FQN     string
	Name    string
	Version string
	Scope   string
	ID      namer.ModuleID
	Kind    Kind
}

Wrapper is a convenience layer over the policy definition.

func Wrap

func Wrap(p *policyv1.Policy) Wrapper

Wrap augments a policy with useful information about itself.

func (Wrapper) Dependencies

func (w Wrapper) Dependencies() []namer.ModuleID

func (Wrapper) ToProto added in v0.38.0

func (w Wrapper) ToProto() *sourcev1.PolicyWrapper

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL