sdk

package
v0.8.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 27, 2025 License: Apache-2.0 Imports: 20 Imported by: 2

README

Hexa

Hexa SDK package

This package contains the main GO package for accessing Hexa Providers using a common interface. For more information on how to use this package, see the developer docs page.

Documentation

Index

Constants

View Source 
const (
	ProviderTypeAvp               string = avpProvider.ProviderTypeAvp
	ProviderTypeGoogleCloudIAP           = iapProvider.ProviderTypeGoogleCloudIAP
	ProviderTypeGoogleCloudLegacy        = iapProvider.ProviderTypeGoogleCloud
	ProviderTypeMock              string = test.ProviderTypeMock
	ProviderTypeCognito           string = cognitoProvider.ProviderTypeAwsCognito
	ProviderTypeAwsApiGW          string = awsapigwProvider.ProviderTypeAwsApiGW
	ProviderTypeAzure             string = azureProvider.ProviderTypeAzure
	ProviderTypeOpa                      = openpolicyagent.ProviderTypeOpa
	EnvTestProvider               string = "HEXA_TEST_PROVIDER" // EnvTestProvider overrides whatever provider is requested and uses the specified provider instead (by name)
)

Variables

This section is empty.

Functions

func WithAttributeMap 

func WithAttributeMap(nameMap map[string]string) func(options *Options)

WithAttributeMap may be used with providers that support IDQL conditions. The nameMap value indicates how an IDQL attribute name is mapped to the target attribute name. For example username maps to account. The map is of the form map['<scimName>'] = "<platformName>" Currently supported by syntactic mappers such as AVP Provider and GCP IAP Provider

func WithHttpClient 

func WithHttpClient(client openpolicyagent.HTTPClient) func(options *Options)

func WithIntegrationInfo 

func WithIntegrationInfo(info policyprovider.IntegrationInfo) func(*Options)

WithIntegrationInfo provides a previously defined policyprovider.IntegrationInfo object to configure an integration.

func WithOpaAwsIntegration added in v0.6.3 

func WithOpaAwsIntegration(bucketName string, objectName string, credentialKey []byte) func(options *Options)

WithOpaAwsIntegration is a convenience method to build up an integration to initialize the OPA provider with AWS S3 as the bucket repository. This method overrides information provided with the IntegrationInfo parameter of OpenIntegration

func WithOpaGcpIntegration added in v0.6.3 

func WithOpaGcpIntegration(bucketName string, objectName string, credentialKey []byte) func(options *Options)

WithOpaGcpIntegration is a convenience method to build up an integration to initialize the OPA provider with GCP as the bucket repository. This method overrides information provided with the IntegrationInfo parameter of OpenIntegration

func WithOpaGithubIntegration added in v0.6.3 

func WithOpaGithubIntegration(account string, repo string, bundlePath string, token []byte) func(options *Options)

WithOpaGithubIntegration is a convenience method to build up an integration to initialize the OPA provider with a GitHub repository as the bundle repository. This method overrides information provided with the IntegrationInfo parameter of OpenIntegration

func WithOpaHttpIntegration added in v0.6.3 

func WithOpaHttpIntegration(bundleUrl string, caCert string, token *string) func(options *Options)

WithOpaHttpIntegration is a convenience method to build up an integration to initialize the OPA provider with an HTTP service as the bucket repository. This method overrides information provided with the IntegrationInfo parameter of OpenIntegration The HTTP service must support GET and POST (Form) to retrieve and replace OPA bundles.

func WithOpaHttpOauth2Integration added in v0.6.13 

func WithOpaHttpOauth2Integration(bundleUrl string, caCert string, config *clientcredentials.Config) func(options *Options)

WithOpaHttpOauth2Integration is a convenience method to build up an integration to initialize the OPA provider with an HTTP service as the bundle repository. This method overrides information provided with the IntegrationInfo parameter of OpenIntegration The HTTP service must support GET and POST (Form) to retrieve and replace OPA bundles.

func WithProviderOptions 

func WithProviderOptions(options interface{}) func(*Options)

WithProviderOptions allows provider specific options to be passed through to the provider on initialization For example, AWS AVP Provider supports #awscommon.AWSClientOptions

Types

type Integration 

type Integration struct {
	Alias string                                    `json:"alias"`
	Opts  Options                                   `json:"options"`
	Apps  map[string]policyprovider.ApplicationInfo `json:"apps"`
	// contains filtered or unexported fields
}

func OpenIntegration 

func OpenIntegration(options ...func(*Options)) (*Integration, error)

OpenIntegration accepts a json byte stream and parses into an IntegrationInfo which can be used to invoke the provider features. An IntegrationInfo struct consists of:

- integrationInfo - PolicyProvider.IntegrationInfo information defining the provider type and the credential used to access. If not provided, it must be provided using Options

- options - one or more configuration functions for configuring provider See: sdk.Options

func (*Integration) GetApplicationInfo 

func (i *Integration) GetApplicationInfo(papAlias string) (*policyprovider.ApplicationInfo, error)

func (*Integration) GetPolicies 

func (i *Integration) GetPolicies(papAlias string) (*hexapolicy.Policies, error)

GetPolicies queries the designated 'pap' and returns a set of mapped hexapolicy.PolicyInfo policies.

func (*Integration) GetPolicyApplicationPoints 

func (i *Integration) GetPolicyApplicationPoints(aliasGen func() string) ([]policyprovider.ApplicationInfo, error)

GetPolicyApplicationPoints invokes Provider.DiscoverApplications method to locate applications or policy application points available within a platform Integration. The 'aliasGen' func parameter is used to generate a local alias for the application. If 'nil' is passed, the ObjectId value from ApplicationInfo is used as the alias.

func (*Integration) GetProvider 

func (i *Integration) GetProvider() policyprovider.Provider

func (*Integration) GetType 

func (i *Integration) GetType() string

GetType returns the type of underlying provider. See: sdk.PROVIDER_TYPE_ values. If not defined, "ERROR" is returned.

func (*Integration) ReconcilePolicy 

func (i *Integration) ReconcilePolicy(papAlias string, comparePolicies []hexapolicy.PolicyInfo, diffsOnly bool) ([]hexapolicy.PolicyDif, error)

ReconcilePolicy returns the set of differences between the supplied policies and the policies reported by the specified 'pap'. Setting 'diffsOnly' to false will return results that include matched and unsupported policies (e.g. templates). If the provider implementation does not support reconcile, an error is returned.

func (*Integration) SetPolicyInfo 

func (i *Integration) SetPolicyInfo(papAlias string, policies []hexapolicy.PolicyInfo) (int, error)

SetPolicyInfo applies the specified set of policies to the integrations 'pap'. Depending on the underlying provider, set replaces all policies or does a reconciliation and performs the necessary changes to make the 'pap' have the same set of policies. Note: SetPolicyInfo does not support the setting of an individual policy.

type Options 

type Options struct {
	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
	// implementation if nil.
	HTTPClient   interface{}                     `json:"-"`
	Info         *policyprovider.IntegrationInfo `json:"integrationInfo"`
	AttributeMap map[string]string
	ProviderOpts interface{} `json:"-"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.