hexapolicy

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2024 License: Apache-2.0 Imports: 8 Imported by: 1

Documentation

Index

Constants

View Source
const (
	SubjectAnyUser   string = "any"
	SubjectAnyAuth   string = "anyAuthenticated"
	SubjectBasicAuth string = "basic"
	SubjectJwtAuth   string = "jwt"
	SubjectSamlAuth  string = "saml"

	IdqlVersion string = "0.7"
)
View Source
const (
	CompareEqual        string = "EQUAL"
	CompareDifAction    string = "ACTION"
	CompareDifSubject   string = "SUBJECT"
	CompareDifObject    string = "OBJECT"
	CompareDifCondition string = "CONDITION"
)
View Source
const (
	ScopeTypeSQL        string = "sql"
	ScopeTypeIDQL       string = "idql"
	ScopeTypeUnassigned string = "na"
)

Variables

View Source
var (
	ChangeTypeNew    = "NEW"
	ChangeTypeEqual  = "MATCHED"
	ChangeTypeUpdate = "UPDATE"
	ChangeTypeDelete = "DELETE"
	ChangeTypeIgnore = "UNSUPPORTED"
)

Functions

This section is empty.

Types

type ActionInfo

type ActionInfo string

func (ActionInfo) Equals added in v0.7.0

func (a ActionInfo) Equals(action ActionInfo) bool

func (ActionInfo) String added in v0.7.0

func (a ActionInfo) String() string

type MetaInfo

type MetaInfo struct {
	Version      string                 `json:"version,omitempty" validate:"required"` // Version is the idql policy format version
	SourceData   map[string]interface{} `json:"sourceData,omitempty"`                  // SourceData custom map for providers (e.g. AVP), e.g. type, identifiers
	Description  string                 `json:"description,omitempty"`                 // Description is an information description of the policy
	Created      *time.Time             `json:"created,omitempty"`                     // Created is the time the policy was originally created
	Modified     *time.Time             `json:"modified,omitempty"`                    // Modified inicates the last time the policy was updated or created, used in change detection in some providers
	Etag         string                 `json:"etag,omitempty"`                        // Etag holds a calculated hash value used for change detection See Policy.CalculateEtag()
	PolicyId     *string                `json:"policyId,omitempty"`                    // PolicyId is a unique identifier for a policy, may be assigned by the source provider
	PapId        *string                `json:"papId,omitempty"`                       // PapId is the source Policy Application Point or Application where the policy originated
	ProviderType string                 `json:"providerType,omitempty"`                // ProviderType is the SDK provider type indicating the source of the policy
}

type ObjectInfo

type ObjectInfo string

func (*ObjectInfo) String added in v0.7.0

func (o *ObjectInfo) String() string

type OldActionInfo added in v0.7.0

type OldActionInfo struct {
	ActionUri string `json:"actionUri" validate:"required"`
}

type OldObjectInfo added in v0.7.0

type OldObjectInfo struct {
	ResourceID string `json:"resource_id" validate:"required"`
}

type OldSubjectInfo added in v0.7.0

type OldSubjectInfo struct {
	Members []string `json:"members" validate:"required"`
}

type Policies

type Policies struct {
	Policies []PolicyInfo `json:"policies"`
	App      *string      `json:"app,omitempty"`
}

func (*Policies) AddPolicies

func (p *Policies) AddPolicies(policies Policies)

func (*Policies) AddPolicy

func (p *Policies) AddPolicy(info PolicyInfo)

func (*Policies) CalculateEtags added in v0.6.1

func (p *Policies) CalculateEtags()

func (*Policies) ReconcilePolicies added in v0.6.1

func (p *Policies) ReconcilePolicies(comparePolicies []PolicyInfo, diffsOnly bool) []PolicyDif

type PolicyDif added in v0.6.1

type PolicyDif struct {
	Type          string
	PolicyId      string
	Hash          string
	DifTypes      []string
	PolicyExist   []PolicyInfo // for n to 1
	PolicyCompare *PolicyInfo
}

func (*PolicyDif) Report added in v0.6.1

func (d *PolicyDif) Report() string

type PolicyInfo

type PolicyInfo struct {
	Meta      MetaInfo                  `json:"meta" validate:"required"`             // Meta holds additional information about the policy including policy management data
	Subjects  SubjectInfo               `json:"subjects,subject" validate:"required"` // Subjects holds the subject clause of an IDQL policy
	Actions   []ActionInfo              `json:"actions" validate:"required"`          // Actions holds one or moe action uris
	Object    ObjectInfo                `json:"object" validate:"required"`           // Object the resource, application, or system to which a policy applies
	Condition *conditions.ConditionInfo `json:"condition,omitempty"`                  // Condition is optional // Condition is an IDQL filter condition (e.g. ABAC rule) which must also be met
	Scope     *ScopeInfo                `json:"scope,omitempty"`                      // Scope represents obligations returned to a PEP (e.g. attributes, where clause)
}

PolicyInfo holds a single IDQL Policy Statement

func (*PolicyInfo) ActionsEqual added in v0.7.0

func (p *PolicyInfo) ActionsEqual(actions []ActionInfo) bool

func (*PolicyInfo) CalculateEtag added in v0.6.1

func (p *PolicyInfo) CalculateEtag() string

CalculateEtag calculates an ETAG hash value for the policy which includes the Subjects, Actions, Object, and Conditions objects only

func (*PolicyInfo) Compare added in v0.6.1

func (p *PolicyInfo) Compare(hexaPolicy PolicyInfo) []string

Compare reports the differences between two policies, one or more of CompareEqual, CompareDifAction, CompareDifSubject, CompareDifObject, CompareDifCondition

func (*PolicyInfo) Equals added in v0.6.1

func (p *PolicyInfo) Equals(hexaPolicy PolicyInfo) bool

Equals compares values to determine if the policies are equal. Note: does NOT compare meta information.

func (*PolicyInfo) String added in v0.6.1

func (p *PolicyInfo) String() string

func (*PolicyInfo) UnmarshalJSON added in v0.7.0

func (p *PolicyInfo) UnmarshalJSON(data []byte) error

type ScopeInfo added in v0.6.7

type ScopeInfo struct {
	Filter     *string  `json:"filter,omitempty"`     // Filter urn like value that starts with either sql: or idql: to indicate the filter is either a SQL statement or an IDQL Filter/Condition expression
	Attributes []string `json:"attributes,omitempty"` // Attributes is a list of columns or attributes that may be returned by the PEP
}

ScopeInfo represents obligations passed to a PEP. For example a `Filter` is used to constrain the rows of a database. `Attributes` lists the columns or attributes that may be returned. Scopes are NOT used in determining which policy is applied.

func (*ScopeInfo) Equals added in v0.7.0

func (s *ScopeInfo) Equals(scope *ScopeInfo) bool

Equals returns equality based on string compare. This does not lexically compare filters. This function is intended to determine if a policy element has changed.

func (*ScopeInfo) Type added in v0.6.7

func (s *ScopeInfo) Type() string

func (*ScopeInfo) Value added in v0.6.7

func (s *ScopeInfo) Value() string

Value returns the raw value without the prefix

type SubjectInfo

type SubjectInfo []string

func (SubjectInfo) Equals added in v0.7.0

func (s SubjectInfo) Equals(subjects SubjectInfo) bool

func (SubjectInfo) String added in v0.7.0

func (s SubjectInfo) String() []string

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL