hexapolicy

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 10, 2024 License: Apache-2.0 Imports: 9 Imported by: 1

Documentation

Index

Constants

View Source
const (
	SubjectAnyUser   string = "any"
	SubjectAnyAuth   string = "anyAuthenticated"
	SubjectBasicAuth string = "basic"
	SubjectJwtAuth   string = "jwt"
	SubjectSamlAuth  string = "saml"

	IdqlVersion string = "0.7"
)
View Source
const (
	CompareEqual        string = "EQUAL"
	CompareDifAction    string = "ACTION"
	CompareDifSubject   string = "SUBJECT"
	CompareDifObject    string = "OBJECT"
	CompareDifCondition string = "CONDITION"
)
View Source
const (
	ScopeTypeSQL        string = "sql"
	ScopeTypeIDQL       string = "idql"
	ScopeTypeUnassigned string = "na"
)

Variables

View Source
var (
	ChangeTypeNew    = "NEW"
	ChangeTypeEqual  = "MATCHED"
	ChangeTypeUpdate = "UPDATE"
	ChangeTypeDelete = "DELETE"
	ChangeTypeIgnore = "UNSUPPORTED"
)

Functions

func EnhanceError added in v0.8.0

func EnhanceError(err error, data []byte) error

EnhanceError adds improved details by adding information from parsed json that was invalid

Types

type ActionInfo

type ActionInfo string

func (ActionInfo) EntityPath added in v0.8.0

func (a ActionInfo) EntityPath() *types.Entity

func (ActionInfo) Equals added in v0.7.0

func (a ActionInfo) Equals(action ActionInfo) bool

func (ActionInfo) String added in v0.7.0

func (a ActionInfo) String() string

type MetaInfo

type MetaInfo struct {
	Version      string                 `json:"version,omitempty" validate:"required"` // Version is the idql policy format version
	SourceData   map[string]interface{} `json:"sourceData,omitempty"`                  // SourceData custom map for providers (e.g. AVP), e.g. type, identifiers
	Description  string                 `json:"description,omitempty"`                 // Description is an information description of the policy
	Created      *time.Time             `json:"created,omitempty"`                     // Created is the time the policy was originally created
	Modified     *time.Time             `json:"modified,omitempty"`                    // Modified inicates the last time the policy was updated or created, used in change detection in some providers
	Etag         string                 `json:"etag,omitempty"`                        // Etag holds a calculated hash value used for change detection See Policy.CalculateEtag()
	PolicyId     *string                `json:"policyId,omitempty"`                    // PolicyId is a unique identifier for a policy, may be assigned by the source provider
	PapId        *string                `json:"papId,omitempty"`                       // PapId is the source Policy Application Point or Application where the policy originated
	ProviderType string                 `json:"providerType,omitempty"`                // ProviderType is the SDK provider type indicating the source of the policy
}

type ObjectInfo

type ObjectInfo string

func (*ObjectInfo) Entity added in v0.8.0

func (o *ObjectInfo) Entity() *types.Entity

func (*ObjectInfo) String added in v0.7.0

func (o *ObjectInfo) String() string

type OldActionInfo added in v0.7.0

type OldActionInfo struct {
	ActionUri string `json:"actionUri" validate:"required"`
}

type OldObjectInfo added in v0.7.0

type OldObjectInfo struct {
	ResourceID string `json:"resource_id" validate:"required"`
}

type OldSubjectInfo added in v0.7.0

type OldSubjectInfo struct {
	Members []string `json:"members" validate:"required"`
}

type Policies

type Policies struct {
	Policies []PolicyInfo `json:"policies"`
	App      *string      `json:"app,omitempty"`
}

func (*Policies) AddPolicies

func (p *Policies) AddPolicies(policies Policies)

func (*Policies) AddPolicy

func (p *Policies) AddPolicy(info PolicyInfo)

func (*Policies) CalculateEtags added in v0.6.1

func (p *Policies) CalculateEtags()

func (*Policies) ReconcilePolicies added in v0.6.1

func (p *Policies) ReconcilePolicies(comparePolicies []PolicyInfo, diffsOnly bool) []PolicyDif

type PolicyDif added in v0.6.1

type PolicyDif struct {
	Type          string
	PolicyId      string
	Hash          string
	DifTypes      []string
	PolicyExist   []PolicyInfo // for n to 1
	PolicyCompare *PolicyInfo
}

func (*PolicyDif) Report added in v0.6.1

func (d *PolicyDif) Report() string

type PolicyInfo

type PolicyInfo struct {
	Meta      MetaInfo                  `json:"meta" validate:"required"`             // Meta holds additional information about the policy including policy management data
	Subjects  SubjectInfo               `json:"subjects,subject" validate:"required"` // Subjects holds the subject clause of an IDQL policy
	Actions   []ActionInfo              `json:"actions" validate:"required"`          // Actions holds one or moe action uris
	Object    ObjectInfo                `json:"object" validate:"required"`           // Object the resource, application, or system to which a policy applies
	Condition *conditions.ConditionInfo `json:"condition,omitempty"`                  // Condition is optional // Condition is an IDQL filter condition (e.g. ABAC rule) which must also be met
	Scope     *ScopeInfo                `json:"scope,omitempty"`                      // Scope represents obligations returned to a PEP (e.g. attributes, where clause)
}

PolicyInfo holds a single IDQL Policy Statement

func (*PolicyInfo) ActionsEqual added in v0.7.0

func (p *PolicyInfo) ActionsEqual(actions []ActionInfo) bool

func (*PolicyInfo) CalculateEtag added in v0.6.1

func (p *PolicyInfo) CalculateEtag() string

CalculateEtag calculates an ETAG hash value for the policy which includes the Subjects, Actions, Object, and Conditions objects only

func (*PolicyInfo) Compare added in v0.6.1

func (p *PolicyInfo) Compare(hexaPolicy PolicyInfo) []string

Compare reports the differences between two policies, one or more of CompareEqual, CompareDifAction, CompareDifSubject, CompareDifObject, CompareDifCondition

func (*PolicyInfo) Equals added in v0.6.1

func (p *PolicyInfo) Equals(hexaPolicy PolicyInfo) bool

Equals compares values to determine if the policies are equal. Note: does NOT compare meta information.

func (*PolicyInfo) String added in v0.6.1

func (p *PolicyInfo) String() string

func (*PolicyInfo) UnmarshalJSON added in v0.7.0

func (p *PolicyInfo) UnmarshalJSON(data []byte) error

type ScopeInfo added in v0.6.7

type ScopeInfo struct {
	Filter     *string  `json:"filter,omitempty"`     // Filter urn like value that starts with either sql: or idql: to indicate the filter is either a SQL statement or an IDQL Filter/Condition expression
	Attributes []string `json:"attributes,omitempty"` // Attributes is a list of columns or attributes that may be returned by the PEP
}

ScopeInfo represents obligations passed to a PEP. For example a `Filter` is used to constrain the rows of a database. `Attributes` lists the columns or attributes that may be returned. Scopes are NOT used in determining which policy is applied.

func (*ScopeInfo) Equals added in v0.7.0

func (s *ScopeInfo) Equals(scope *ScopeInfo) bool

Equals returns equality based on string compare. This does not lexically compare filters. This function is intended to determine if a policy element has changed.

func (*ScopeInfo) Type added in v0.6.7

func (s *ScopeInfo) Type() string

func (*ScopeInfo) Value added in v0.6.7

func (s *ScopeInfo) Value() string

Value returns the raw value without the prefix

type SubjectInfo

type SubjectInfo []string

func (SubjectInfo) EntityPaths added in v0.8.0

func (s SubjectInfo) EntityPaths() *[]types.Entity

func (SubjectInfo) Equals added in v0.7.0

func (s SubjectInfo) Equals(subjects SubjectInfo) bool

func (SubjectInfo) String added in v0.7.0

func (s SubjectInfo) String() []string

Directories

Path Synopsis
Package parser is used to parse values that represent entities that are contained within IDQL `PolicyInfo` for `SubjectInfo`, `ActionInfo`, and `Object`.
Package parser is used to parse values that represent entities that are contained within IDQL `PolicyInfo` for `SubjectInfo`, `ActionInfo`, and `Object`.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL