policy

Documentation

Index

• Constants
• func Dependencies(p *policyv1.Policy) []string
• func GetSourceFile(p *policyv1.Policy) string
• func ReadGeneratedPolicy(src io.Reader) (*policyv1.GeneratedPolicy, error)
• func ReadPolicy(src io.Reader) (*policyv1.Policy, error)
• func Validate(p *policyv1.Policy) error
• func WithMetadata(p *policyv1.Policy, source string, annotations map[string]string) *policyv1.Policy
• func WriteGeneratedPolicy(dest io.Writer, p *policyv1.GeneratedPolicy) error
• func WritePolicy(dest io.Writer, p *policyv1.Policy) error
• type CompilationUnit
  • func (cu *CompilationUnit) AddDefinition(id namer.ModuleID, p *policyv1.Policy)
  • func (cu *CompilationUnit) AddGenerated(id namer.ModuleID, p *policyv1.GeneratedPolicy)
  • func (cu *CompilationUnit) Key() string
  • func (cu *CompilationUnit) MainSourceFile() string
  • func (cu *CompilationUnit) Query() string
• type Kind
  • func GetKind(p *policyv1.Policy) Kind
  • func (k Kind) String() string
• type Wrapper
  • func Wrap(p *policyv1.Policy) Wrapper

Constants

const (
	ResourceKindStr     = "RESOURCE"
	PrincipalKindStr    = "PRINCIPAL"
	DerivedRolesKindStr = "DERIVED_ROLES"
)

Functions

func Dependencies

func Dependencies(p *policyv1.Policy) []string

Dependencies returns the module names of dependencies of the policy.

func GetSourceFile

func GetSourceFile(p *policyv1.Policy) string

GetSourceFile gets the source file name from metadata if it exists.

func ReadGeneratedPolicy

func ReadGeneratedPolicy(src io.Reader) (*policyv1.GeneratedPolicy, error)

func ReadPolicy

func ReadPolicy(src io.Reader) (*policyv1.Policy, error)

ReadPolicy reads a policy from the given reader.

func Validate

func Validate(p *policyv1.Policy) error

func WithMetadata

func WithMetadata(p *policyv1.Policy, source string, annotations map[string]string) *policyv1.Policy

WithMetadata adds metadata to the policy.

func WriteGeneratedPolicy

func WriteGeneratedPolicy(dest io.Writer, p *policyv1.GeneratedPolicy) error

WriteGeneratedPolicy writes a generated policy to the destination.

func WritePolicy

func WritePolicy(dest io.Writer, p *policyv1.Policy) error

WritePolicy writes a policy as YAML to the destination.

Types

type CompilationUnit

type CompilationUnit struct {
	ModID       namer.ModuleID
	Definitions map[namer.ModuleID]*policyv1.Policy
	Generated   map[namer.ModuleID]*policyv1.GeneratedPolicy
}

CompilationUnit is the set of policies that need to be compiled together. For example, if a resource policy named R imports derived roles named D, the compilation unit will contain both R and D with the ModID field pointing to R because it is the main policy.

func (*CompilationUnit) AddDefinition

func (cu *CompilationUnit) AddDefinition(id namer.ModuleID, p *policyv1.Policy)

func (*CompilationUnit) AddGenerated

func (cu *CompilationUnit) AddGenerated(id namer.ModuleID, p *policyv1.GeneratedPolicy)

func (*CompilationUnit) Key

func (cu *CompilationUnit) Key() string

Key returns the human readable identifier for the main module.

func (*CompilationUnit) MainSourceFile

func (cu *CompilationUnit) MainSourceFile() string

func (*CompilationUnit) Query

func (cu *CompilationUnit) Query() string

Query returns the query that is expected to be evaluated from this policy set.

type Kind

type Kind int

Kind defines the type of policy (resource, principal, derived_roles etc.).

const (
	// ResourceKind points to a resource policy.
	ResourceKind Kind = iota
	PrincipalKind
	DerivedRolesKind
)

func GetKind

func GetKind(p *policyv1.Policy) Kind

GetKind returns the kind of the given policy.

func (Kind) String

func (k Kind) String() string

type Wrapper

type Wrapper struct {
	ID           namer.ModuleID
	FQN          string
	Kind         string
	Name         string
	Version      string
	Dependencies []namer.ModuleID
	*policyv1.Policy
}

Wrapper is a convenience layer over the policy definition.

func Wrap

func Wrap(p *policyv1.Policy) Wrapper