cognitoProvider

package

v0.6.3 Latest Latest Go to latest Published: Mar 21, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hexa-org/policy-mapper

Links

Open Source Insights

README ¶

Amazon Cognito Provider

The Cognito Provider is a virtual provider that processes a Cognito User Pool and converts the RBAC relationships defined in the Groups to generate equivalent IDQL policy. The provider does this by interrogating User Pools and their associated resources. In general, Groups are mapped to IDQL Actions, and Resources are mapped to resource_id.

Feature	Description	Platform Support	Provider Support
RBAC	Support for basic translation of role-based access policy	Yes	Yes
ABAC	Support for attribute conditions	No	No
Type	Policy is described 'syntactically' in an exportable format or implied through 'role' based relationships	Directory Groups	Virtual RBAC
Attribute Mapping	Attribute names in policy can be mapped to platform		N/A
Hexa Console	Supported in the Hexa Console application		Yes
Discovery	Supports discovery of Policy Application Points	List UserPools and Resources	Yes
Get Policies	Supports retrieval of all policies from a PAP	Conversion	Yes
Set Policies	Supports the ability to apply a set of policies to a PAP	Conversion	Yes
Reconcile	Returns the differences between an existing set of policies (e.g. at the source) and another set (updates)		virtual

Policy Support Notes

The following is an example IDQL mapped Policy from Cognito:

{
  "meta": {
    "version": "0.6",
    "providerType": "cognito"
  },
  "subject": {
    "members": [
      "user:saagarwal@gmail.com"
    ]
  },
  "actions": [
    {
      "actionUri": "GET/humanresources/eu"
    }
  ],
  "object": {
    "resource_id": "canarybankapi"
  }
}

Limitations:

Condition clauses cannot be mapped (RBAC only)

Documentation ¶

Constants ¶

View Source

const ProviderTypeAwsCognito string = "cognito"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CognitoProvider ¶ added in v0.6.2

type CognitoProvider struct {
	AwsClientOpts awscommon.AWSClientOptions
}

func (*CognitoProvider) DiscoverApplications ¶ added in v0.6.2

func (a *CognitoProvider) DiscoverApplications(info policyprovider.IntegrationInfo) ([]policyprovider.ApplicationInfo, error)

func (*CognitoProvider) GetPolicyInfo ¶ added in v0.6.2

func (a *CognitoProvider) GetPolicyInfo(info policyprovider.IntegrationInfo, applicationInfo policyprovider.ApplicationInfo) ([]hexapolicy.PolicyInfo, error)

func (*CognitoProvider) Name ¶ added in v0.6.2

func (a *CognitoProvider) Name() string

func (*CognitoProvider) SetPolicyInfo ¶ added in v0.6.2

func (a *CognitoProvider) SetPolicyInfo(info policyprovider.IntegrationInfo, applicationInfo policyprovider.ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (int, error)

Source Files ¶

View all Source files

cognito_provider.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL