Documentation ¶
Index ¶
Constants ¶
const ( SAnyUser string = "any" SAnyAuth string = "anyAuthenticated" SBasicAuth string = "basic" SJwtAuth string = "jwt" SSamlAuth string = "saml" SCidr string = "net" IdqlVersion string = "0.6" )
const ( CompareEqual string = "EQUAL" CompareDifAction string = "ACTION" CompareDifSubject string = "SUBJECT" CompareDifObject string = "OBJECT" CompareDifCondition string = "CONDITION" )
const ( ScopeTypeSQL string = "sql" ScopeTypeIDQL string = "idql" ScopeTypeUnassigned string = "na" )
Variables ¶
var ( ChangeTypeNew = "NEW" ChangeTypeEqual = "MATCHED" ChangeTypeUpdate = "UPDATE" ChangeTypeDelete = "DELETE" ChangeTypeIgnore = "UNSUPPORTED" )
Functions ¶
This section is empty.
Types ¶
type ActionInfo ¶
type ActionInfo struct {
ActionUri string `json:"actionUri" validate:"required"`
}
type MetaInfo ¶
type MetaInfo struct { Version string `json:"version,omitempty" validate:"required"` // Version is the idql policy format version SourceData map[string]interface{} `json:"sourceData,omitempty"` // SourceData custom map for providers (e.g. AVP), e.g. type, identifiers Description string `json:"description,omitempty"` // Description is an information description of the policy Created *time.Time `json:"created,omitempty"` // Created is the time the policy was originally created Modified *time.Time `json:"modified,omitempty"` // Modified inicates the last time the policy was updated or created, used in change detection in some providers Etag string `json:"etag,omitempty"` // Etag holds a calculated hash value used for change detection See Policy.CalculateEtag() PolicyId *string `json:"policyId,omitempty"` // PolicyId is a unique identifier for a policy, may be assigned by the source provider PapId *string `json:"papId,omitempty"` // PapId is the source Policy Application Point or Application where the policy originated ProviderType string `json:"providerType,omitempty"` // ProviderType is the SDK provider type indicating the source of the policy }
type ObjectInfo ¶
type ObjectInfo struct {
ResourceID string `json:"resource_id" validate:"required"`
}
type Policies ¶
type Policies struct { Policies []PolicyInfo `json:"policies"` App *string `json:"app,omitempty"` }
func (*Policies) AddPolicies ¶
func (*Policies) AddPolicy ¶
func (p *Policies) AddPolicy(info PolicyInfo)
func (*Policies) CalculateEtags ¶ added in v0.6.1
func (p *Policies) CalculateEtags()
func (*Policies) ReconcilePolicies ¶ added in v0.6.1
func (p *Policies) ReconcilePolicies(comparePolicies []PolicyInfo, diffsOnly bool) []PolicyDif
type PolicyDif ¶ added in v0.6.1
type PolicyDif struct { Type string PolicyId string Hash string DifTypes []string PolicyExist *[]PolicyInfo // for n to 1 PolicyCompare *PolicyInfo }
type PolicyInfo ¶
type PolicyInfo struct { Meta MetaInfo `json:"meta" validate:"required"` // Meta holds additional information about the policy including policy management data Subject SubjectInfo `json:"subject" validate:"required"` // Subject holds the subject clause of an IDQL policy Actions []ActionInfo `json:"actions" validate:"required"` // Actions holds one or moe action uris Object ObjectInfo `json:"object" validate:"required"` // Object the resource, application, or system to which a policy applies Condition *conditions.ConditionInfo `json:",omitempty"` // Condition is optional // Condition is an IDQL filter condition (e.g. ABAC rule) which must also be met Scope *ScopeInfo `json:"scope,omitempty"` // Scope represents obligations returned to a PEP (e.g attributes, where clause) }
PolicyInfo holds a single IDQL Policy Statement
func (*PolicyInfo) CalculateEtag ¶ added in v0.6.1
func (p *PolicyInfo) CalculateEtag() string
CalculateEtag calculates an ETAG hash value for the policy which includes the Subject, Actions, Object, and Conditions objects only
func (*PolicyInfo) Compare ¶ added in v0.6.1
func (p *PolicyInfo) Compare(hexaPolicy PolicyInfo) []string
Compare reports the differences between two policies, one or more of CompareEqual, CompareDifAction, CompareDifSubject, CompareDifObject, CompareDifCondition
func (*PolicyInfo) Equals ¶ added in v0.6.1
func (p *PolicyInfo) Equals(hexaPolicy PolicyInfo) bool
Equals compares values to determine if the policies are equal. Note: does NOT compare meta information.
func (*PolicyInfo) String ¶ added in v0.6.1
func (p *PolicyInfo) String() string
type ScopeInfo ¶ added in v0.6.7
type ScopeInfo struct { Filter *string `json:"filter,omitempty"` // Filter is a urn like value that starts with either sql: or idql: to indicate the filter is either a SQL statement or an IDQL Filter/Condition expression Attributes []string `json:"attributes,omitempty"` // Attributes is a list of columns or attributes that may be returned by the PEP }
ScopeInfo represents obligations passed to a PEP. For example a `Filter` is used to constrain the rows of a database. `Attributes` lists the columns or attributes that may be returned. Scopes are NOT used in determining which policy is applied.
type SubjectInfo ¶
type SubjectInfo struct {
Members []string `json:"members" validate:"required"`
}