Documentation ¶
Index ¶
- Constants
- func ParseConditionRuleAst(condition ConditionInfo) (*filtersupport.Expression, error)
- func ParseExpressionAst(expression string) (*filtersupport.Expression, error)
- func SerializeExpression(ast *filtersupport.Expression) string
- type ActionInfo
- type AttributeMap
- type ConditionInfo
- type ConditionMapper
- type MetaInfo
- type NameMapper
- type ObjectInfo
- type Policies
- type PolicyInfo
- type SubjectInfo
Constants ¶
View Source
const ( AAllow string = "allow" ADeny string = "deny" AAudit string = "audit" )
Variables ¶
This section is empty.
Functions ¶
func ParseConditionRuleAst ¶
func ParseConditionRuleAst(condition ConditionInfo) (*filtersupport.Expression, error)
ParseConditionRuleAst is used by mapping providers to get the IDQL condition rule AST tree
func ParseExpressionAst ¶
func ParseExpressionAst(expression string) (*filtersupport.Expression, error)
func SerializeExpression ¶
func SerializeExpression(ast *filtersupport.Expression) string
SerializeExpression walks the AST and emits the condition in string form. It preserves precedence over the normal filter.String() method
Types ¶
type ActionInfo ¶
type ActionInfo struct {
ActionUri string `validate:"required"`
}
type AttributeMap ¶
type AttributeMap struct {
// contains filtered or unexported fields
}
func NewNameMapper ¶
func NewNameMapper(attributeMap map[string]string) *AttributeMap
NewNameMapper is called by a condition mapper provider to instantiate an attribute name translator using interface NameMapper
func (*AttributeMap) GetHexaFilterAttributePath ¶
func (n *AttributeMap) GetHexaFilterAttributePath(provName string) string
func (*AttributeMap) GetProviderAttributeName ¶
func (n *AttributeMap) GetProviderAttributeName(hexaName string) string
type ConditionInfo ¶
type ConditionMapper ¶
type ConditionMapper interface { /* MapConditionToProvider takes an IDQL Condition expression and converts it to a string usable the target provider. For example from RFC7644, Section-3.4.2.2 to Google Common Expression Language */ MapConditionToProvider(condition ConditionInfo) interface{} /* MapProviderToCondition take a string expression from a platform policy and converts it to RFC7644: Section-3.4.2.2. */ MapProviderToCondition(expression string) (ConditionInfo, error) }
type NameMapper ¶
type NameMapper interface { // GetProviderAttributeName returns a simple string representation of the mapped attribute name (usually in name[.sub-attribute] form). GetProviderAttributeName(hexaName string) string // GetHexaFilterAttributePath returns a filterAttributePath which is used to build a SCIM Filter AST GetHexaFilterAttributePath(provName string) string }
type ObjectInfo ¶
type ObjectInfo struct {
ResourceID string `json:"resource_id" validate:"required"`
}
type Policies ¶
type Policies struct {
Policies []PolicyInfo `json:"policies"`
}
func (*Policies) AddPolicies ¶
func (*Policies) AddPolicy ¶
func (p *Policies) AddPolicy(info PolicyInfo)
type PolicyInfo ¶
type PolicyInfo struct { Meta MetaInfo `validate:"required"` Subject SubjectInfo `validate:"required"` Actions []ActionInfo `validate:"required"` Object ObjectInfo `validate:"required"` Condition *ConditionInfo `json:",omitempty"` // Condition is optional }
type SubjectInfo ¶
type SubjectInfo struct {
Members []string `validate:"required"`
}
Click to show internal directories.
Click to hide internal directories.