hexapolicy

package
v0.6.15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 16, 2024 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Index

Constants

View Source
const (
	SAnyUser   string = "any"
	SAnyAuth   string = "anyAuthenticated"
	SBasicAuth string = "basic"
	SJwtAuth   string = "jwt"
	SSamlAuth  string = "saml"

	IdqlVersion string = "0.6"
)
View Source
const (
	CompareEqual        string = "EQUAL"
	CompareDifAction    string = "ACTION"
	CompareDifSubject   string = "SUBJECT"
	CompareDifObject    string = "OBJECT"
	CompareDifCondition string = "CONDITION"
)
View Source
const (
	ScopeTypeSQL        string = "sql"
	ScopeTypeIDQL       string = "idql"
	ScopeTypeUnassigned string = "na"
)

Variables

View Source
var (
	ChangeTypeNew    = "NEW"
	ChangeTypeEqual  = "MATCHED"
	ChangeTypeUpdate = "UPDATE"
	ChangeTypeDelete = "DELETE"
	ChangeTypeIgnore = "UNSUPPORTED"
)

Functions

This section is empty.

Types

type ActionInfo

type ActionInfo struct {
	ActionUri string `json:"actionUri" validate:"required"`
}

type MetaInfo

type MetaInfo struct {
	Version      string                 `json:"version,omitempty" validate:"required"` // Version is the idql policy format version
	SourceData   map[string]interface{} `json:"sourceData,omitempty"`                  // SourceData custom map for providers (e.g. AVP), e.g. type, identifiers
	Description  string                 `json:"description,omitempty"`                 // Description is an information description of the policy
	Created      *time.Time             `json:"created,omitempty"`                     // Created is the time the policy was originally created
	Modified     *time.Time             `json:"modified,omitempty"`                    // Modified inicates the last time the policy was updated or created, used in change detection in some providers
	Etag         string                 `json:"etag,omitempty"`                        // Etag holds a calculated hash value used for change detection See Policy.CalculateEtag()
	PolicyId     *string                `json:"policyId,omitempty"`                    // PolicyId is a unique identifier for a policy, may be assigned by the source provider
	PapId        *string                `json:"papId,omitempty"`                       // PapId is the source Policy Application Point or Application where the policy originated
	ProviderType string                 `json:"providerType,omitempty"`                // ProviderType is the SDK provider type indicating the source of the policy
}

type ObjectInfo

type ObjectInfo struct {
	ResourceID string `json:"resource_id" validate:"required"`
}

type Policies

type Policies struct {
	Policies []PolicyInfo `json:"policies"`
	App      *string      `json:"app,omitempty"`
}

func (*Policies) AddPolicies

func (p *Policies) AddPolicies(policies Policies)

func (*Policies) AddPolicy

func (p *Policies) AddPolicy(info PolicyInfo)

func (*Policies) CalculateEtags added in v0.6.1

func (p *Policies) CalculateEtags()

func (*Policies) ReconcilePolicies added in v0.6.1

func (p *Policies) ReconcilePolicies(comparePolicies []PolicyInfo, diffsOnly bool) []PolicyDif

type PolicyDif added in v0.6.1

type PolicyDif struct {
	Type          string
	PolicyId      string
	Hash          string
	DifTypes      []string
	PolicyExist   []PolicyInfo // for n to 1
	PolicyCompare *PolicyInfo
}

func (*PolicyDif) Report added in v0.6.1

func (d *PolicyDif) Report() string

type PolicyInfo

type PolicyInfo struct {
	Meta      MetaInfo                  `json:"meta" validate:"required"`    // Meta holds additional information about the policy including policy management data
	Subject   SubjectInfo               `json:"subject" validate:"required"` // Subject holds the subject clause of an IDQL policy
	Actions   []ActionInfo              `json:"actions" validate:"required"` // Actions holds one or moe action uris
	Object    ObjectInfo                `json:"object" validate:"required"`  // Object the resource, application, or system to which a policy applies
	Condition *conditions.ConditionInfo `json:",omitempty"`                  // Condition is optional // Condition is an IDQL filter condition (e.g. ABAC rule) which must also be met
	Scope     *ScopeInfo                `json:"scope,omitempty"`             // Scope represents obligations returned to a PEP (e.g. attributes, where clause)
}

PolicyInfo holds a single IDQL Policy Statement

func (*PolicyInfo) CalculateEtag added in v0.6.1

func (p *PolicyInfo) CalculateEtag() string

CalculateEtag calculates an ETAG hash value for the policy which includes the Subject, Actions, Object, and Conditions objects only

func (*PolicyInfo) Compare added in v0.6.1

func (p *PolicyInfo) Compare(hexaPolicy PolicyInfo) []string

Compare reports the differences between two policies, one or more of CompareEqual, CompareDifAction, CompareDifSubject, CompareDifObject, CompareDifCondition

func (*PolicyInfo) Equals added in v0.6.1

func (p *PolicyInfo) Equals(hexaPolicy PolicyInfo) bool

Equals compares values to determine if the policies are equal. Note: does NOT compare meta information.

func (*PolicyInfo) String added in v0.6.1

func (p *PolicyInfo) String() string

type ScopeInfo added in v0.6.7

type ScopeInfo struct {
	Filter     *string  `json:"filter,omitempty"`     // Filter urn like value that starts with either sql: or idql: to indicate the filter is either a SQL statement or an IDQL Filter/Condition expression
	Attributes []string `json:"attributes,omitempty"` // Attributes is a list of columns or attributes that may be returned by the PEP
}

ScopeInfo represents obligations passed to a PEP. For example a `Filter` is used to constrain the rows of a database. `Attributes` lists the columns or attributes that may be returned. Scopes are NOT used in determining which policy is applied.

func (*ScopeInfo) Type added in v0.6.7

func (s *ScopeInfo) Type() string

func (*ScopeInfo) Value added in v0.6.7

func (s *ScopeInfo) Value() string

Value returns the raw value without the prefix

type SubjectInfo

type SubjectInfo struct {
	Members []string `json:"members" validate:"required"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL