Documentation
¶
Overview ¶
Package parser is used to parse values that represent entities that are contained within IDQL `PolicyInfo` for `SubjectInfo`, `ActionInfo`, and `Object`. This package will be used by the schema validator to evaluate whether an IDQL policy conforms to policy.
Index ¶
Constants ¶
const ( RelTypeAny = "any" // Used for allowing any subject including anonymous RelTypeAnyAuthenticated = "anyAuthenticated" // Used for allowing any subject that was authenticated RelTypeIs = "is" // Matching by type such as `User:` RelTypeIsIn = "isIn" // Type is in set such as `User[Group:admins]` RelTypeIn = "in" // Matching through membership in a set or entity [Group:admins] RelTypeEquals = "eq" RelTypeEmpty = "nil" // Matches a specific type and identifier e.g. `User:alice@example.co` )
const ( TypeVariable = iota TypeString TypeNumber TypeDate TypeBool TypeArray TypeObject TypeUnassigned )
const ( // PR is an abbreviation for 'present'. PR string = "pr" // EQ is an abbreviation for 'equals'. EQ string = "eq" // NE is an abbreviation for 'not equals'. NE string = "ne" // CO is an abbreviation for 'contains'. CO string = "co" // IN is an abbreviation for 'in'. IN string = "in" // SW is an abbreviation for 'starts with'. SW string = "sw" // EW an abbreviation for 'ends with'. EW string = "ew" // GT is an abbreviation for 'greater than'. GT string = "gt" // LT is an abbreviation for 'less than'. LT string = "lt" // GE is an abbreviation for 'greater or equal than'. GE string = "ge" // LE is an abbreviation for 'less or equal than'. LE string = "le" // IS allows comparison of Object/Resource Types - added for Cedar compat IS string = "is" )
These constants are intended to match the IDQL filter parser constants (duplicated here to prevent dependence loop)
Variables ¶
This section is empty.
Functions ¶
func CompareValues ¶
func CompareValues(left, right ComparableValue, op string) (bool, bool)
Types ¶
type Boolean ¶
type Boolean struct {
// contains filtered or unexported fields
}
func (Boolean) Equals ¶
func (e Boolean) Equals(obj ComparableValue) bool
type ComparableValue ¶
type ComparableValue interface {
Value
LessThan(obj ComparableValue) (result bool, incompatible bool)
Equals(obj ComparableValue) (result bool)
}
ComparableValue is a subset of operators that can be used in LessThan or Equals comparison and have actual data values. Typically, an operator like an Entity is converted into a comparable value before calling CompareValues.
func NewBoolean ¶
func NewBoolean(value string) ComparableValue
func NewDate ¶
func NewDate(value string) (ComparableValue, error)
func NewEmptyValue ¶
func NewEmptyValue(pathEntity Entity) ComparableValue
func NewNumeric ¶
func NewNumeric(value string) (ComparableValue, error)
func NewString ¶
func NewString(value string) ComparableValue
type Date ¶
type Date struct {
// contains filtered or unexported fields
}
func (Date) Equals ¶
func (d Date) Equals(obj ComparableValue) bool
type EmptyValue ¶
type EmptyValue struct {
// contains filtered or unexported fields
}
EmptyValue is a placeholder value for an entity that has no value. Instead of a value it captures the entity that was used to define it (typically for error responses)
func (EmptyValue) Equals ¶
func (s EmptyValue) Equals(obj ComparableValue) bool
func (EmptyValue) GetPath ¶
func (e EmptyValue) GetPath() string
func (EmptyValue) LessThan ¶
func (e EmptyValue) LessThan(_ ComparableValue) (bool, bool)
func (EmptyValue) String ¶
func (e EmptyValue) String() string
func (EmptyValue) Value ¶
func (e EmptyValue) Value() interface{}
func (EmptyValue) ValueType ¶
func (e EmptyValue) ValueType() int
type Entity ¶
type Entity struct {
Types []string // Types is the parsed entity structure e.g. PhotoApp:Photo
Type string // The type of relationship being expressed (see RelTypeEquals, ...)
Id *string // The id of a specific entity instance within type. (e.g. myvactionphoto.jpg)
In *[]Entity // When an entity represents a set of entities (e.g. [PhotoApp:Photo:picture1.jpg,PhotoApp:Photo:picture2.jpg])
}
Entity represents a path that points to an entity used in IDQL policy (Subjects, Actions, Object).
func ParseEntity ¶
ParseEntity takes a string value from an IDQL Subject, Action, or Object parses it into an Entity struct.
func (Entity) GetNamespace ¶
GetNamespace returns the entity's namespace if it is defined, otherwise returns defaultNamespace. For example, for PhotoApp:Photo:vacation.jpg would return PhotoApp. Photo:vacation.jpg would return the value of defaultNamespace.
func (Entity) GetType ¶
GetType returns the immediate parent type. For example: for PhotoApp:User:smith, the type is User If no parent is defined an empty string "" is returned
type Numeric ¶
type Numeric struct {
// contains filtered or unexported fields
}
func (Numeric) Equals ¶
func (n Numeric) Equals(obj ComparableValue) bool
type Object ¶
type Object struct {
// contains filtered or unexported fields
}
func (*Object) UnmarshalJSON ¶
type String ¶
type String struct {
// contains filtered or unexported fields
}
func (String) Equals ¶
func (s String) Equals(obj ComparableValue) bool
type Value ¶
type Value interface {
fmt.Stringer // returns the string value
ValueType() int
Value() interface{} // returns the raw value
}
Value defines the interface for all parsable operators in an IDQL filter.
func NewArray ¶
func NewArray(values []ComparableValue) Value
func ParseArray ¶
ParseArray detects an array of comma separated values ofr values within square brackets
Source Files