avp

package
v0.6.0-beta.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 14, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

README

Amazon AVP API

ListPolicyStores

Returns a list of all policy stores in the AWS Account.

Request:

{
   "maxResults": number,
   "nextToken": "string"
}

Response:

{
   "nextToken": "string",
   "policyStores": [ 
      { 
         "arn": "string",
         "createdDate": "string",
         "policyStoreId": "string"
      }
   ]
}

ListPolicies

Returns a paginated list of all policies in the specified policy store.

The idea is to be able to get a list of policies that best match a current context (presumably used by isAuthorized)

Request Syntax:

{
   "filter": { 
      "policyTemplateId": "string",
      "policyType": "string",
      "principal": { ... },
      "resource": { ... }
   },
   "maxResults": number,
   "nextToken": "string",
   "policyStoreId": "string"
}

Note: nextToken is used to page through results. Each page is maxResults in size.

Response Syntax:

{
   "nextToken": "string",
   "policies": [ 
      { 
         "createdDate": "string",
         "definition": { ... },
         "lastUpdatedDate": "string",
         "policyId": "string",
         "policyStoreId": "string",
         "policyType": "string",
         "principal": { 
            "entityId": "string",
            "entityType": "string"
         },
         "resource": { 
            "entityId": "string",
            "entityType": "string"
         }
      }
   ]
}

Policies is an array of PolicyItem.

GetPolicy

Retrieves information about a specific policy. (same as PolicyItem above?)

Request Syntax:

{
   "policyId": "string",
   "policyStoreId": "string"
}

Response:

{
   "createdDate": "string",
   "definition": { ... },
   "lastUpdatedDate": "string",
   "policyId": "string",
   "policyStoreId": "string",
   "policyType": "string",
   "principal": { 
      "entityId": "string",
      "entityType": "string"
   },
   "resource": { 
      "entityId": "string",
      "entityType": "string"
   }
}

definition is a PolicyDefinitionDetail object. --> this is one of StaticPolicyDefinition (aka cedar) or TemplateLinkedPolicyDefinition

A StaticDefinitionDetail consists of:

statement : A static policy written in Cedar Policy Language (string)

description : A description of the policy

GetPolicyTemplate

A policy template is a policy that contains placeholders. The placeholders can represent the principal and the resource. Later, you can create a template-linked policy based on the policy template by specifying the exact principal and resource to use for this one policy. Template-linked policies are dynamic, meaning that the new policy stays linked to its policy template. When you change a policy statement in the policy template, any policies linked to that template automatically and immediately use the new statement for all authorization decisions made from that moment forward.

You can use placeholders in a Cedar policy template for only the following two elements of a policy statement:

Principal – ?principal Resource – ?resource You can use either one or both in a policy template.

Placeholders can appear in only the policy head on the right-hand side of the == or in operators.

Then, when you create a policy based on the policy template, you must specify values for each of the placeholders. Those values are combined with the rest of the policy template to form a complete and usable template-linked policy.

As an example, consider the scenario where a common action is to grant certain groups with the ability to view and comment on any photos that are not marked as private. You decide to associate the action with a Share button in your application’s interface. You could create a template that looks like the following example.

Retrieve a policy template...

Request:

{
   "policyStoreId": "string",
   "policyTemplateId": "string"
}

Response:

{
   "createdDate": "string",
   "description": "string",
   "lastUpdatedDate": "string",
   "policyStoreId": "string",
   "policyTemplateId": "string",
   "statement": "string"
}

The cedar policy is stored in statement.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AmazonAvpProvider 

type AmazonAvpProvider struct {
	AwsClientOpts awscommon.AWSClientOptions
	// contains filtered or unexported fields
}

func (*AmazonAvpProvider) DiscoverApplications 

func (a *AmazonAvpProvider) DiscoverApplications(info PolicyProvider.IntegrationInfo) ([]PolicyProvider.ApplicationInfo, error)

func (*AmazonAvpProvider) GetPolicyInfo 

func (a *AmazonAvpProvider) GetPolicyInfo(info PolicyProvider.IntegrationInfo, applicationInfo PolicyProvider.ApplicationInfo) ([]hexapolicy.PolicyInfo, error)

func (*AmazonAvpProvider) Name 

func (a *AmazonAvpProvider) Name() string

func (*AmazonAvpProvider) SetPolicyInfo 

func (a *AmazonAvpProvider) SetPolicyInfo(info PolicyProvider.IntegrationInfo, applicationInfo PolicyProvider.ApplicationInfo, hexaPolicies []hexapolicy.PolicyInfo) (int, error)

type AvpMeta 

type AvpMeta struct {
	PolicyId   *string
	StoreId    *string
	PolicyType string
	Principal  interface{}
	Resource   interface{}
}

func MapAvpMeta 

func MapAvpMeta(item types.PolicyItem) AvpMeta

func MapAvpTemplate 

func MapAvpTemplate(item *verifiedpermissions.GetPolicyTemplateOutput) AvpMeta

Source Files

View all Source files

Directories

Path Synopsis
avpTestSupport

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.