README
¶
Decision Support Providers
This directory contains providers for the DecisionSupport package which is a middleware package that can be used to call HexaOpa servers.
Documentation
¶
Index ¶
Constants ¶
const EnvOpaDebug string = "HEXAOPA_DETAIL"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DefaultProvider ¶
type DefaultProvider struct {
}
func (DefaultProvider) Allow ¶
func (d DefaultProvider) Allow(_ interface{}) (bool, error)
func (DefaultProvider) BuildInput ¶
type HexaOpaResult ¶
type HexaOpaResult struct {
ActionRights []string `json:"action_rights"` // lists the actions that are allowed by all policies matched
AllowSet []string `json:"allow_set"` // lists policyId values that matched
DenySet []string `json:"deny_set"` // lists policyId values of policies that matched with condition action 'deny'
Allow bool `json:"allow"` // set to true if denySet is 0 and allowSet > 0
PoliciesEvaluated int `json:"policies_evaluated"` // total number of idql policies evaluated
HexaRegoVersion string `json:"hexa_rego_version"` // Current rego policy version used
Scopes []ScopeObligation `json:"scopes,omitempty"` // Scopes obligations returned from policies matched
PolicyErrors []PolicyParseError `json:"error_idql,omitempty"` // Parsing diagnostics detected at run time
}
type MockDecisionProvider ¶
func (*MockDecisionProvider) Allow ¶
func (m *MockDecisionProvider) Allow(_ interface{}) (bool, error)
func (*MockDecisionProvider) BuildInput ¶
type OpaDecisionProvider ¶
type OpaDecisionProvider struct {
Client HTTPClient
Url string
Principal string // Default principal
OidcHandler *oidcSupport.OidcClientHandler
}
A OpaDecisionProvider implements the DecisionProvider interface and is used to convert http request information and other contextual information to call a HexaOPA service for a policy decision
func (OpaDecisionProvider) Allow ¶
func (o OpaDecisionProvider) Allow(any interface{}) (bool, error)
Allow is a convenience method (similar to AllowQuery) that returns either a true or false policy decision result. The parameter any is usually the value from BuildInput func.
func (OpaDecisionProvider) AllowQuery ¶
func (o OpaDecisionProvider) AllowQuery(any interface{}) (*HexaOpaResult, error)
AllowQuery calls the configured HexaOPA server and returns a parsed HexaOpaResult value. The any parameter is actually an opaTools.OpaInfo struct that contains contextual request information from BuildInput function.
func (OpaDecisionProvider) BuildInput ¶
type OpaResponse ¶
type OpaResponse struct {
DecisionId string `json:"decision_id"`
Result HexaOpaResult `json:"result"`
Warning *json.RawMessage `json:"warning"`
Explanation *json.RawMessage `json:"explanation"`
}
type OpaRestQuery ¶
type PolicyParseError ¶
type ScopeObligation ¶
type ScopeObligation struct {
PolicyID string `json:"policyId"`
Scope hexapolicy.ScopeInfo `json:"scope"`
}
Source Files