Documentation
¶
Index ¶
- Constants
- type ActionExpression
- type ActionItem
- type CedarPolicies
- type CedarPolicy
- type CedarPolicyMapper
- func (c *CedarPolicyMapper) MapCedarPoliciesToIdql(cedarPols *CedarPolicies) (*hexapolicy.Policies, error)
- func (c *CedarPolicyMapper) MapCedarPolicyToIdql(policy *CedarPolicy) (*hexapolicy.PolicyInfo, error)
- func (c *CedarPolicyMapper) MapHexaPolicies(policies []hexapolicy.PolicyInfo) (map[string]interface{}, error)
- func (c *CedarPolicyMapper) MapPoliciesToCedar(policies []hexapolicy.PolicyInfo) (*CedarPolicies, error)
- func (c *CedarPolicyMapper) MapPolicyToCedar(idqlPol hexapolicy.PolicyInfo) ([]*CedarPolicy, error)
- func (c *CedarPolicyMapper) MapToHexaPolicy(cedarpolicies map[string]interface{}) ([]hexapolicy.PolicyInfo, error)
- func (c *CedarPolicyMapper) Name() string
- func (c *CedarPolicyMapper) ParseAndMapCedarToHexa(cedarBytes []byte) (*hexapolicy.Policies, error)
- func (c *CedarPolicyMapper) ParseCedarBytes(cedarBytes []byte) (*CedarPolicies, error)
- func (c *CedarPolicyMapper) ParseFile(filename string) (*hexapolicy.Policies, error)
- type ConditionType
- type ConditionalClause
- type PolicyHead
- type PrincipalExpression
- type ResourceExpression
Constants ¶
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ActionExpression ¶
type ActionExpression struct {
Operator string `parser:"@('=''='|'in')"` // @("=" "="|"in"|"IN")`
Actions []ActionItem `parser:"('[' (@@ ','? )* ']')?"`
Action string `parser:"(@(Ident|':'|String)+)?"`
}
func (*ActionExpression) String ¶
func (a *ActionExpression) String() string
type ActionItem ¶
type ActionItem struct {
Item string `parser:"@(Ident|':'|String)+"`
}
type CedarPolicies ¶
type CedarPolicies struct {
Policies []*CedarPolicy `parser:"(@@ ';')+"`
}
type CedarPolicy ¶
type CedarPolicy struct {
Type string `parser:"@('permit'|'forbid')"`
Head *PolicyHead `parser:"'(' @@ ')'"`
Conditions []*ConditionalClause `parser:"@@*"`
}
func (*CedarPolicy) String ¶
func (c *CedarPolicy) String() string
type CedarPolicyMapper ¶
type CedarPolicyMapper struct {
ConditionMapper gcpcel.GoogleConditionMapper
Parser *participle.Parser[CedarPolicies]
}
func New ¶
func New(nameMap map[string]string) *CedarPolicyMapper
func (*CedarPolicyMapper) MapCedarPoliciesToIdql ¶
func (c *CedarPolicyMapper) MapCedarPoliciesToIdql(cedarPols *CedarPolicies) (*hexapolicy.Policies, error)
func (*CedarPolicyMapper) MapCedarPolicyToIdql ¶
func (c *CedarPolicyMapper) MapCedarPolicyToIdql(policy *CedarPolicy) (*hexapolicy.PolicyInfo, error)
func (*CedarPolicyMapper) MapHexaPolicies ¶
func (c *CedarPolicyMapper) MapHexaPolicies(policies []hexapolicy.PolicyInfo) (map[string]interface{}, error)
func (*CedarPolicyMapper) MapPoliciesToCedar ¶
func (c *CedarPolicyMapper) MapPoliciesToCedar(policies []hexapolicy.PolicyInfo) (*CedarPolicies, error)
func (*CedarPolicyMapper) MapPolicyToCedar ¶
func (c *CedarPolicyMapper) MapPolicyToCedar(idqlPol hexapolicy.PolicyInfo) ([]*CedarPolicy, error)
MapPolicyToCedar takes an IDQL Policy and maps it to 1 or more Cedar policies. The need for more than one arises because IDQL supports multiple subjects where Cedar is limited to 1 Principal and 1 Resource.
func (*CedarPolicyMapper) MapToHexaPolicy ¶
func (c *CedarPolicyMapper) MapToHexaPolicy(cedarpolicies map[string]interface{}) ([]hexapolicy.PolicyInfo, error)
func (*CedarPolicyMapper) Name ¶
func (c *CedarPolicyMapper) Name() string
func (*CedarPolicyMapper) ParseAndMapCedarToHexa ¶
func (c *CedarPolicyMapper) ParseAndMapCedarToHexa(cedarBytes []byte) (*hexapolicy.Policies, error)
func (*CedarPolicyMapper) ParseCedarBytes ¶
func (c *CedarPolicyMapper) ParseCedarBytes(cedarBytes []byte) (*CedarPolicies, error)
func (*CedarPolicyMapper) ParseFile ¶
func (c *CedarPolicyMapper) ParseFile(filename string) (*hexapolicy.Policies, error)
type ConditionType ¶
type ConditionType string
func (*ConditionType) Parse ¶
func (c *ConditionType) Parse(lex *lexer.PeekingLexer) error
type ConditionalClause ¶
type ConditionalClause struct {
Type string `parser:"@('when'|'unless')"`
// Condition string `parser:"'{'@(Ident|String|' '|':'|'.'|'='|'&')+'}'"`
// Condition string `parser:"'{' @(~'}' ' '*)+ '}'"`
Condition *ConditionType `parser:"@@"`
}
func (*ConditionalClause) String ¶
func (c *ConditionalClause) String() string
type PolicyHead ¶
type PolicyHead struct {
Principal *PrincipalExpression `parser:"'principal' @@? ','"` // ser:"'principal' @@? ','"`
Actions *ActionExpression `parser:"'action' @@? ','"`
Resource *ResourceExpression `parser:"'resource' @@?"` // `parser:"'resource' @@? "`
}
func (*PolicyHead) String ¶
func (p *PolicyHead) String() string
type PrincipalExpression ¶
type PrincipalExpression struct {
Operator string `parser:"@('=''='|'in'|'IN')"` // `@("=" "="|"in"|"IN")`
// IsTemplate bool `@"?principal"?` // `@"?"?`
// IsTemplate bool `parser:"@('?' 'principal')?"`
Entity string `parser:"@(Ident|':'|String|'?''principal')+"`
}
func (*PrincipalExpression) String ¶
func (e *PrincipalExpression) String() string
type ResourceExpression ¶
type ResourceExpression struct {
Operator string `parser:"@('=''='|'in'|'IN')"`
// IsTemplate bool `@"?resource"?`
Entity string `parser:"@(Ident|':'|String|'?''resource')+"`
}
func (*ResourceExpression) String ¶
func (e *ResourceExpression) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.