Documentation ¶
Index ¶
- Constants
- Variables
- type ActionInfo
- type MetaInfo
- type ObjectInfo
- type OldActionInfo
- type OldObjectInfo
- type OldSubjectInfo
- type Policies
- type PolicyDif
- type PolicyInfo
- func (p *PolicyInfo) ActionsEqual(actions []ActionInfo) bool
- func (p *PolicyInfo) CalculateEtag() string
- func (p *PolicyInfo) Compare(hexaPolicy PolicyInfo) []string
- func (p *PolicyInfo) Equals(hexaPolicy PolicyInfo) bool
- func (p *PolicyInfo) String() string
- func (p *PolicyInfo) UnmarshalJSON(data []byte) error
- type ScopeInfo
- type SubjectInfo
Constants ¶
const ( SubjectAnyUser string = "any" SubjectAnyAuth string = "anyAuthenticated" SubjectBasicAuth string = "basic" SubjectJwtAuth string = "jwt" SubjectSamlAuth string = "saml" IdqlVersion string = "0.7" )
const ( CompareEqual string = "EQUAL" CompareDifAction string = "ACTION" CompareDifSubject string = "SUBJECT" CompareDifObject string = "OBJECT" CompareDifCondition string = "CONDITION" )
const ( ScopeTypeSQL string = "sql" ScopeTypeIDQL string = "idql" ScopeTypeUnassigned string = "na" )
Variables ¶
var ( ChangeTypeNew = "NEW" ChangeTypeEqual = "MATCHED" ChangeTypeUpdate = "UPDATE" ChangeTypeDelete = "DELETE" ChangeTypeIgnore = "UNSUPPORTED" )
Functions ¶
This section is empty.
Types ¶
type ActionInfo ¶
type ActionInfo string
func (ActionInfo) Equals ¶ added in v0.7.0
func (a ActionInfo) Equals(action ActionInfo) bool
func (ActionInfo) String ¶ added in v0.7.0
func (a ActionInfo) String() string
type MetaInfo ¶
type MetaInfo struct { Version string `json:"version,omitempty" validate:"required"` // Version is the idql policy format version SourceData map[string]interface{} `json:"sourceData,omitempty"` // SourceData custom map for providers (e.g. AVP), e.g. type, identifiers Description string `json:"description,omitempty"` // Description is an information description of the policy Created *time.Time `json:"created,omitempty"` // Created is the time the policy was originally created Modified *time.Time `json:"modified,omitempty"` // Modified inicates the last time the policy was updated or created, used in change detection in some providers Etag string `json:"etag,omitempty"` // Etag holds a calculated hash value used for change detection See Policy.CalculateEtag() PolicyId *string `json:"policyId,omitempty"` // PolicyId is a unique identifier for a policy, may be assigned by the source provider PapId *string `json:"papId,omitempty"` // PapId is the source Policy Application Point or Application where the policy originated ProviderType string `json:"providerType,omitempty"` // ProviderType is the SDK provider type indicating the source of the policy }
type ObjectInfo ¶
type ObjectInfo string
func (*ObjectInfo) String ¶ added in v0.7.0
func (o *ObjectInfo) String() string
type OldActionInfo ¶ added in v0.7.0
type OldActionInfo struct {
ActionUri string `json:"actionUri" validate:"required"`
}
type OldObjectInfo ¶ added in v0.7.0
type OldObjectInfo struct {
ResourceID string `json:"resource_id" validate:"required"`
}
type OldSubjectInfo ¶ added in v0.7.0
type OldSubjectInfo struct {
Members []string `json:"members" validate:"required"`
}
type Policies ¶
type Policies struct { Policies []PolicyInfo `json:"policies"` App *string `json:"app,omitempty"` }
func (*Policies) AddPolicies ¶
func (*Policies) AddPolicy ¶
func (p *Policies) AddPolicy(info PolicyInfo)
func (*Policies) CalculateEtags ¶ added in v0.6.1
func (p *Policies) CalculateEtags()
func (*Policies) ReconcilePolicies ¶ added in v0.6.1
func (p *Policies) ReconcilePolicies(comparePolicies []PolicyInfo, diffsOnly bool) []PolicyDif
type PolicyDif ¶ added in v0.6.1
type PolicyDif struct { Type string PolicyId string Hash string DifTypes []string PolicyExist []PolicyInfo // for n to 1 PolicyCompare *PolicyInfo }
type PolicyInfo ¶
type PolicyInfo struct { Meta MetaInfo `json:"meta" validate:"required"` // Meta holds additional information about the policy including policy management data Subjects SubjectInfo `json:"subjects,subject" validate:"required"` // Subjects holds the subject clause of an IDQL policy Actions []ActionInfo `json:"actions" validate:"required"` // Actions holds one or moe action uris Object ObjectInfo `json:"object" validate:"required"` // Object the resource, application, or system to which a policy applies Condition *conditions.ConditionInfo `json:"condition,omitempty"` // Condition is optional // Condition is an IDQL filter condition (e.g. ABAC rule) which must also be met Scope *ScopeInfo `json:"scope,omitempty"` // Scope represents obligations returned to a PEP (e.g. attributes, where clause) }
PolicyInfo holds a single IDQL Policy Statement
func (*PolicyInfo) ActionsEqual ¶ added in v0.7.0
func (p *PolicyInfo) ActionsEqual(actions []ActionInfo) bool
func (*PolicyInfo) CalculateEtag ¶ added in v0.6.1
func (p *PolicyInfo) CalculateEtag() string
CalculateEtag calculates an ETAG hash value for the policy which includes the Subjects, Actions, Object, and Conditions objects only
func (*PolicyInfo) Compare ¶ added in v0.6.1
func (p *PolicyInfo) Compare(hexaPolicy PolicyInfo) []string
Compare reports the differences between two policies, one or more of CompareEqual, CompareDifAction, CompareDifSubject, CompareDifObject, CompareDifCondition
func (*PolicyInfo) Equals ¶ added in v0.6.1
func (p *PolicyInfo) Equals(hexaPolicy PolicyInfo) bool
Equals compares values to determine if the policies are equal. Note: does NOT compare meta information.
func (*PolicyInfo) String ¶ added in v0.6.1
func (p *PolicyInfo) String() string
func (*PolicyInfo) UnmarshalJSON ¶ added in v0.7.0
func (p *PolicyInfo) UnmarshalJSON(data []byte) error
type ScopeInfo ¶ added in v0.6.7
type ScopeInfo struct { Filter *string `json:"filter,omitempty"` // Filter urn like value that starts with either sql: or idql: to indicate the filter is either a SQL statement or an IDQL Filter/Condition expression Attributes []string `json:"attributes,omitempty"` // Attributes is a list of columns or attributes that may be returned by the PEP }
ScopeInfo represents obligations passed to a PEP. For example a `Filter` is used to constrain the rows of a database. `Attributes` lists the columns or attributes that may be returned. Scopes are NOT used in determining which policy is applied.
type SubjectInfo ¶
type SubjectInfo []string
func (SubjectInfo) Equals ¶ added in v0.7.0
func (s SubjectInfo) Equals(subjects SubjectInfo) bool
func (SubjectInfo) String ¶ added in v0.7.0
func (s SubjectInfo) String() []string