pdp

package
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 14, 2020 License: Apache-2.0 Imports: 31 Imported by: 8

Documentation

Overview

Package pdp implements Policy Decision Point (PDP). It is responsible for making authorization decisions based on policies it has.

Index

Constants

View Source 
const (
	// AggTypeDisable disables aggregation of content values
	AggTypeDisable = iota
	// AggTypeReturnFirst specifies to return the first encountered value
	AggTypeReturnFirst
	// AggTypeAppend specifies to append content values
	AggTypeAppend
	// AggTypeAppendUnique specifies to append unique content values
	AggTypeAppendUnique
)
View Source 
const (
	// EffectDeny indicates that request is denied.
	EffectDeny = iota
	// EffectPermit indicates that request is permitted.
	EffectPermit

	// EffectNotApplicable indicates that policies don't contain any policy
	// and rule applicable to the request.
	EffectNotApplicable

	// EffectIndeterminate indicates that evaluation can't be done for
	// the request. For example required attribute is missing.
	EffectIndeterminate
	// EffectIndeterminateD indicates that evaluation can't be done for
	// the request but if it could effect would be EffectDeny.
	EffectIndeterminateD
	// EffectIndeterminateD indicates that evaluation can't be done for
	// the request but if it could effect would be EffectPermit.
	EffectIndeterminateP
	// EffectIndeterminateD indicates that evaluation can't be done for
	// the request but if it could effect would be only EffectDeny or
	// EffectPermit.
	EffectIndeterminateDP
)

Effect* constants define possible consequences of decision evaluation.

View Source 
const (
	MissingValueErrorID = 3

	UntaggedPolicyModificationErrorID = 25
	MissingPolicyTagErrorID           = 26
	PolicyTagsNotMatchErrorID         = 27

	MissingContentErrorID = 46

	MissingContentItemErrorID = 48

	UntaggedContentModificationErrorID = 59
	MissingContentTagErrorID           = 60
	ContentTagsNotMatchErrorID         = 61

	ReadOnlySymbolsChangeErrorID = 95

	PathNotFoundErrorID = 115

	ResponseServerErrorID = 177
)

Numeric identifiers of errors.

View Source 
const (
	// MapperPCAExternalOrder stands for external order - sorting in the same
	// order as ids returned by mapper argument.
	MapperPCAExternalOrder = iota
	// MapperPCAInternalOrder designates internal order - sorting by position
	// in parent policy set.
	MapperPCAInternalOrder
)

MapperPCA*Order constants represents all possible values suitable for Order field of MapperPCAParams structure.

View Source 
const (
	// MapperRCAExternalOrder stands for external order - sorting in the same
	// order as ids returned by mapper argument.
	MapperRCAExternalOrder = iota
	// MapperRCAInternalOrder designates internal order - sorting by position
	// in parent policy.
	MapperRCAInternalOrder
)

MapperRCA*Order constants represents all possible values suitable for Order field of MapperRCAParams structure.

View Source 
const (
	// ResponseEffectFieldName holds name of response effect.
	ResponseEffectFieldName = "effect"
	// ResponseStatusFieldName stores name of response status.
	ResponseStatusFieldName = "status"
)

Names of special response fields.

View Source 
const (
	// SelectorOptionDefault defines an expression to return in case of missing value error
	SelectorOptionDefault = "default"
	// SelectorOptionError defines an expression to return in case of error
	SelectorOptionError = "error"
	// SelectorOptionAggregation specifies how to aggregate data
	SelectorOptionAggregation = "aggregation"
)
View Source 
const (
	// UOAdd stands for add operation (add or append item to a collection).
	UOAdd = iota
	// UODelete is delete operation (remove item from collection).
	UODelete
)

Here set of supported update operations is defined.

View Source 
const (
	// TargetCompatibleArgumentAttributeValue stands for AttributeValue
	// expression.
	TargetCompatibleArgumentAttributeValue = iota
	// TargetCompatibleArgumentAttributeDesignator is AttributeDesignator
	// expression.
	TargetCompatibleArgumentAttributeDesignator
)

TargetCompatibleArgument* identify expressions which supported as arguments of target compatible exporessions.

View Source 
const (

	// MinResponseSize represents lower response buffer limit required to return
	// error that real error message or set of obligations are too long.
	MinResponseSize uint = minResponseHeaderSize + uint(len(responseInfoValueTooLong))
)

Variables

View Source 
var (
	// AggTypeIDs maps aggregation keys to aggregation ids.
	AggTypeIDs = map[string]AggType{
		"disable":       AggTypeDisable,
		"return first":  AggTypeReturnFirst,
		"append":        AggTypeAppend,
		"append unique": AggTypeAppendUnique,
	}
	// AggTypeNames maps aggregation ids to aggregation keys.
	AggTypeNames = []string{
		"Disable",
		"Return first",
		"Append",
		"Append unique",
	}
)
View Source 
var (
	// MapperPCAOrderNames is a list of humanreadable option value names.
	// The order must be kept in sync with MapperPCA*Order constants order.
	MapperPCAOrderNames = []string{
		"External",
		"Internal",
	}

	// MapperPCAOrderKeys maps MapperPCA*Order constants to order IDs.
	// The ID is all lower case order name. The slice is filled by init
	// function.
	MapperPCAOrderKeys = []string{}
	// MapperPCAOrderIDs maps order IDs to MapperPCA*Order constants.
	// The map is filled by init function.
	MapperPCAOrderIDs = map[string]int{}
)

MapperPCAOrder* collections bind order value names and IDs.

View Source 
var (
	// MapperRCAOrderNames is a list of humanreadable option value names.
	// The order must be kept in sync with MapperRCA*Order constants order.
	MapperRCAOrderNames = []string{
		"External",
		"Internal",
	}

	// MapperRCAOrderKeys maps MapperRCA*Order constants to order IDs.
	// The ID is all lower case order name. The slice is filled by init
	// function.
	MapperRCAOrderKeys = []string{}
	// MapperRCAOrderIDs maps order IDs to MapperRCA*Order constants.
	// The map is filled by init function.
	MapperRCAOrderIDs = map[string]int{}
)

MapperRCAOrder* collections bind order value names and IDs.

View Source 
var (

	// RuleCombiningAlgs defines map of algorithm id to particular maker of
	// the algorithm. Contains only algorithms which don't require any
	// parameters.
	RuleCombiningAlgs = map[string]RuleCombiningAlgMaker{
		"firstapplicableeffect": makeFirstApplicableEffectRCA,
		"denyoverrides":         makeDenyOverridesRCA}

	// RuleCombiningParamAlgs defines map of algorithm id to particular maker
	// of the algorithm. Contains only algorithms which require parameters.
	RuleCombiningParamAlgs = map[string]RuleCombiningAlgMaker{
		"mapper": makeMapperRCA}
)
View Source 
var (

	// PolicyCombiningAlgs defines map of algorithm id to particular maker
	// of the algorithm. Contains only algorithms which don't require
	// any parameters.
	PolicyCombiningAlgs = map[string]PolicyCombiningAlgMaker{
		"firstapplicableeffect": makeFirstApplicableEffectPCA,
		"denyoverrides":         makeDenyOverridesPCA}

	// PolicyCombiningParamAlgs defines map of algorithm id to particular maker
	// of the algorithm. Contains only algorithms which require parameters.
	PolicyCombiningParamAlgs = map[string]PolicyCombiningAlgMaker{
		"mapper": makeMapperPCA}
)
View Source 
var (
	// UpdateOpIDs maps operation keys to operation ids.
	UpdateOpIDs = map[string]int{
		"add":    UOAdd,
		"delete": UODelete}

	// UpdateOpNames lists operation names in order of operation ids.
	UpdateOpNames = []string{
		"Add",
		"Delete"}
)
View Source 
var (
	// TypeUndefined stands for type of undefined value. The value usually
	// means that evaluation can't be done.
	TypeUndefined = newBuiltinType("Undefined")
	// TypeBoolean is boolean data type.
	TypeBoolean = newBuiltinType("Boolean")
	// TypeString is string data type.
	TypeString = newBuiltinType("String")
	// TypeInteger is integer data type.
	TypeInteger = newBuiltinType("Integer")
	// TypeFloat is float data type.
	TypeFloat = newBuiltinType("Float")
	// TypeAddress is IPv4 or IPv6 address data type.
	TypeAddress = newBuiltinType("Address")
	// TypeNetwork is IPv4 or IPv6 network data type.
	TypeNetwork = newBuiltinType("Network")
	// TypeDomain is domain name data type.
	TypeDomain = newBuiltinType("Domain")
	// TypeSetOfStrings is set of strings data type (internally stores order
	// in which it was created).
	TypeSetOfStrings = newBuiltinType("Set of Strings")
	// TypeSetOfNetworks is set of networks data type (unordered).
	TypeSetOfNetworks = newBuiltinType("Set of Networks")
	// TypeSetOfDomains is set of domains data type (unordered).
	TypeSetOfDomains = newBuiltinType("Set of Domains")
	// TypeListOfStrings is list of strings data type.
	TypeListOfStrings = newBuiltinType("List of Strings")

	// BuiltinTypeIDs maps type keys to Type* constants.
	BuiltinTypes = make(map[string]Type)
)

Type* values represent all built-in data types PDP can work with.

View Source 
var ContentKeyTypes = makeTypeSet(
	TypeString,
	TypeAddress,
	TypeNetwork,
	TypeDomain,
)

ContentKeyTypes gathers all types which can be a key for content map.

View Source 
var (

	// EffectIDs maps all possible values of rule's effect to its id.
	EffectIDs = map[string]int{
		"deny":   EffectDeny,
		"permit": EffectPermit}
)
View Source 
var FunctionArgumentValidators = map[string][]functionArgumentValidator{
	"equal": {
		functionStringEqualValidator,
		functionIntegerEqualValidator,
		functionFloatEqualValidator,
		functionListOfStringsEqualValidator,
		functionSetOfStringsEqualValidator,
	},
	"greater": {
		functionIntegerGreaterValidator,
		functionFloatGreaterValidator,
	},
	"add": {
		functionIntegerAddValidator,
		functionFloatAddValidator,
	},
	"subtract": {
		functionIntegerSubtractValidator,
		functionFloatSubtractValidator,
	},
	"multiply": {
		functionIntegerMultiplyValidator,
		functionFloatMultiplyValidator,
	},
	"divide": {
		functionIntegerDivideValidator,
		functionFloatDivideValidator,
	},
	"contains": {
		functionStringContainsValidator,
		functionListOfStringsContainsValidator,
		functionNetworkContainsAddressValidator,
		functionSetOfStringsContainsValidator,
		functionSetOfNetworksContainsAddressValidator,
		functionSetOfDomainsContainsValidator,
	},
	"not": {functionBooleanNotValidator},
	"or":  {functionBooleanOrValidator},
	"and": {functionBooleanAndValidator},
	"range": {
		functionIntegerRangeValidator,
		functionFloatRangeValidator,
	},
	"list of strings": {
		functionListOfStringsValidator,
	},
	"intersect": {
		functionListOfStringsIntersectValidator,
		functionSetOfStringsIntersectValidator,
	},
	"len": {
		functionListOfStringsLenValidator,
		functionSetOfStringsLenValidator,
	},
	"concat": {
		functionConcatValidator,
	},
	"try": {
		functionTryValidator,
	},
}

FunctionArgumentValidators maps function name to list of validators. For given set of arguments validator returns nil if the function doesn't accept the arguments or function which creates expression based on desired function and set of argument expressions.

View Source 
var TargetCompatibleExpressions = map[string]map[Type]map[Type]twoArgumentsFunctionType{
	"equal": {
		TypeString: {
			TypeString: makeFunctionStringEqual},
		TypeInteger: {
			TypeInteger: makeFunctionIntegerEqual},
		TypeFloat: {
			TypeFloat: makeFunctionFloatEqual},
		TypeListOfStrings: {
			TypeListOfStrings: makeFunctionListOfStringsEqual},
		TypeSetOfStrings: {
			TypeSetOfStrings: makeFunctionSetOfStringsEqual}},
	"greater": {
		TypeInteger: {
			TypeInteger: makeFunctionIntegerGreater},
		TypeFloat: {
			TypeFloat: makeFunctionFloatGreater}},
	"contains": {
		TypeString: {
			TypeString: makeFunctionStringContains},
		TypeAddress: {
			TypeNetwork: makeFunctionNetworkAddressContainedByNetwork},
		TypeNetwork: {
			TypeAddress: makeFunctionNetworkContainsAddress},
		TypeListOfStrings: {
			TypeString: makeFunctionListOfStringsContains},
		TypeSetOfStrings: {
			TypeString: makeFunctionSetOfStringsContains},
		TypeSetOfNetworks: {
			TypeAddress: makeFunctionSetOfNetworksContainsAddress},
		TypeSetOfDomains: {
			TypeDomain: makeFunctionSetOfDomainsContains}}}

TargetCompatibleExpressions maps name of expression and types of its arguments to particular expression maker.

View Source 
var UndefinedValue = AttributeValue{
	// contains filtered or unexported fields
}

UndefinedValue is used to represent a failure to get particular value.

Functions

func AssertAttributeAssignments 

func AssertAttributeAssignments(ef errorF, desc string, a []AttributeAssignment, e ...AttributeAssignment)

func CheckExpressionAsTargetArgument 

func CheckExpressionAsTargetArgument(e Expression) (int, bool)

CheckExpressionAsTargetArgument checks if given expression can be used as target argument. It returns expression kind and flag if the check is passed.

func CheckInfoRequestHeader 

func CheckInfoRequestHeader(b []byte, count uint16) ([]byte, error)

CheckInfoRequestHeader validates if request for additional information has correct header - current version and required number of values.

func EffectNameFromEnum 

func EffectNameFromEnum(effectEnum int) string

EffectNameFromEnum returns human readable name for Effect enum

func GetInfoRequestAddressValue 

func GetInfoRequestAddressValue(b []byte) (net.IP, []byte, error)

GetInfoRequestAddressValue extracts IP address from request for additional information.

func GetInfoRequestBooleanValue 

func GetInfoRequestBooleanValue(b []byte) (bool, []byte, error)

GetInfoRequestBooleanValue extracts boolean value from request for additional information.

func GetInfoRequestDomainValue 

func GetInfoRequestDomainValue(b []byte) (domain.Name, []byte, error)

GetInfoRequestDomainValue extracts domain name from request for additional information.

func GetInfoRequestFloatValue 

func GetInfoRequestFloatValue(b []byte) (float64, []byte, error)

GetInfoRequestFloatValue extracts floating point value from request for additional information.

func GetInfoRequestIntegerValue 

func GetInfoRequestIntegerValue(b []byte) (int64, []byte, error)

GetInfoRequestIntegerValue extracts integer value from request for additional information.

func GetInfoRequestListOfStringsValue 

func GetInfoRequestListOfStringsValue(b []byte) ([]string, []byte, error)

GetInfoRequestListOfStringsValue extracts list of strings from request for additional information.

func GetInfoRequestNetworkValue 

func GetInfoRequestNetworkValue(b []byte) (*net.IPNet, []byte, error)

GetInfoRequestNetworkValue extracts IP network from request for additional information.

func GetInfoRequestSetOfDomainsValue 

func GetInfoRequestSetOfDomainsValue(b []byte) (*domaintree.Node, []byte, error)

GetInfoRequestSetOfDomainsValue extracts set of domains from request for additional information.

func GetInfoRequestSetOfNetworksValue 

func GetInfoRequestSetOfNetworksValue(b []byte) (*iptree.Tree, []byte, error)

GetInfoRequestSetOfNetworksValue extracts set of networks from request for additional information.

func GetInfoRequestSetOfStringsValue 

func GetInfoRequestSetOfStringsValue(b []byte) (*strtree.Tree, []byte, error)

GetInfoRequestSetOfStringsValue extracts set of strings from request for additional information.

func GetInfoRequestStringValue 

func GetInfoRequestStringValue(b []byte) (string, []byte, error)

GetInfoRequestStringValue extracts string from request for additional information.

func InitializeSelectors 

func InitializeSelectors()

InitializeSelectors initializes all registered and enabled selectors.

func MakeIndeterminateResponse 

func MakeIndeterminateResponse(err error) ([]byte, error)

MakeIndeterminateResponse marshals given error as indenterminate response with no obligations as a sequebce of bytes.

func MakeIndeterminateResponseWithAllocator 

func MakeIndeterminateResponseWithAllocator(f func(n int) ([]byte, error), err error) ([]byte, error)

MakeIndeterminateResponseWithAllocator marshals given error as indenterminate response with no obligations as a sequebce of bytes. The allocator is expected to take number of bytes required and return slice of that length.

func MakeIndeterminateResponseWithBuffer 

func MakeIndeterminateResponseWithBuffer(b []byte, err error) (int, error)

MakeIndeterminateResponseWithBuffer marshals given error as indenterminate response with no obligations to given buffer. Caller needs to allocate big enough buffer. It should be at least MinResponseSize to put message that buffer isn't long enough. The function returns number of bytes written to the buffer.

func MarshalInfoError 

func MarshalInfoError(b []byte, fail error) (int, error)

MarshalInfoError marshals error as an information response to given byte buffer. Caller needs to allocate big enough buffer.

func MarshalInfoRequest 

func MarshalInfoRequest(b []byte, path string, in []AttributeValue) (int, error)

MarshalInfoRequest marshals request for additional information as a sequence of bytes to given buffer. The information request is used to get data from PIP and consists of a path and a set of attribute values. The path is used to identify specific data source within the same PIP server. Caller should provide large enough buffer. The function fills given buffer and returns number of bytes written.

func MarshalInfoResponse 

func MarshalInfoResponse(b []byte, value AttributeValue) (int, error)

MarshalInfoResponse marshals information response to given byte buffer. The response in the case is represented by an attribute value. Caller needs to allocate big enough buffer.

func MarshalInfoResponseAddress 

func MarshalInfoResponseAddress(b []byte, value net.IP) (int, error)

MarshalInfoResponseAddress marshals information response to given byte buffer. The response in the case is represented by an IP address. Caller needs to allocate big enough buffer.

func MarshalInfoResponseBoolean 

func MarshalInfoResponseBoolean(b []byte, value bool) (int, error)

MarshalInfoResponseBoolean marshals information response to given byte buffer. The response in the case is represented by a boolean value. Caller needs to allocate big enough buffer.

func MarshalInfoResponseDomain 

func MarshalInfoResponseDomain(b []byte, value domain.Name) (int, error)

MarshalInfoResponseDomain marshals information response to given byte buffer. The response in the case is represented by a domain name. Caller needs to allocate big enough buffer.

func MarshalInfoResponseFloat 

func MarshalInfoResponseFloat(b []byte, value float64) (int, error)

MarshalInfoResponseFloat marshals information response to given byte buffer. The response in the case is represented by a floating point value. Caller needs to allocate big enough buffer.

func MarshalInfoResponseInteger 

func MarshalInfoResponseInteger(b []byte, value int64) (int, error)

MarshalInfoResponseInteger marshals information response to given byte buffer. The response in the case is represented by an integer value. Caller needs to allocate big enough buffer.

func MarshalInfoResponseListOfStrings 

func MarshalInfoResponseListOfStrings(b []byte, value []string) (int, error)

MarshalInfoResponseListOfStrings marshals information response to given byte buffer. The response in the case is represented by a list of strings. Caller needs to allocate big enough buffer.

func MarshalInfoResponseNetwork 

func MarshalInfoResponseNetwork(b []byte, value *net.IPNet) (int, error)

MarshalInfoResponseNetwork marshals information response to given byte buffer. The response in the case is represented by an IP network. Caller needs to allocate big enough buffer.

func MarshalInfoResponseSetOfDomains 

func MarshalInfoResponseSetOfDomains(b []byte, value *domaintree.Node) (int, error)

MarshalInfoResponseSetOfDomains marshals information response to given byte buffer. The response in the case is represented by a set of domain names. Caller needs to allocate big enough buffer.

func MarshalInfoResponseSetOfNetworks 

func MarshalInfoResponseSetOfNetworks(b []byte, value *iptree.Tree) (int, error)

MarshalInfoResponseSetOfNetworks marshals information response to given byte buffer. The response in the case is represented by a set of networks. Caller needs to allocate big enough buffer.

func MarshalInfoResponseSetOfStrings 

func MarshalInfoResponseSetOfStrings(b []byte, value *strtree.Tree) (int, error)

MarshalInfoResponseSetOfStrings marshals information response to given byte buffer. The response in the case is represented by a set of strings. Caller needs to allocate big enough buffer.

func MarshalInfoResponseString 

func MarshalInfoResponseString(b []byte, value string) (int, error)

MarshalInfoResponseString marshals information response to given byte buffer. The response in the case is represented by a string. Caller needs to allocate big enough buffer.

func MarshalRequestAssignments 

func MarshalRequestAssignments(in []AttributeAssignment) ([]byte, error)

MarshalRequestAssignments marshals list of assignments to sequence of bytes. It requires each assignment to have immediate value as an expression (which can be created with MakeStringValue or similar functions).

func MarshalRequestAssignmentsToBuffer 

func MarshalRequestAssignmentsToBuffer(b []byte, in []AttributeAssignment) (int, error)

MarshalRequestAssignmentsToBuffer marshals list of assignments as a sequence of bytes to given buffer. Caller should provide large enough buffer. Function fills the buffer and returns number of bytes written.

func MarshalRequestAssignmentsWithAllocator 

func MarshalRequestAssignmentsWithAllocator(in []AttributeAssignment, f func(n int) ([]byte, error)) ([]byte, error)

MarshalRequestAssignmentsWithAllocator marshals list of assignments to sequence of bytes in the same way as MarshalRequestAssignments. But instead of make function it uses given allocator function to obtain buffer. The allocator expected to take number of bytes and return slice of bytes with given length.

func MarshalRequestReflection 

func MarshalRequestReflection(c int, f func(i int) (string, Type, reflect.Value, error)) ([]byte, error)

MarshalRequestReflection marshals set of attributes wrapped with reflect.Value to sequence of bytes. For each attribute MarshalRequestReflection calls f function with index of the attribute. It expects the function to return attribute id, type and value. For TypeBoolean MarshalRequestReflectionToBuffer expects bool value, for TypeString - string, for TypeInteger - intX, uintX (internally converting to int64), TypeFloat - float32 or float64, TypeAddress - net.IP, TypeNetwork - net.IPNet or *net.IPNet, TypeDomain - string or domain.Name from github.com/infobloxopen/go-trees/domain package, TypeSetOfStrings - *strtree.Tree from github.com/infobloxopen/go-trees/strtree package, TypeSetOfNetworks - *iptree.Node from github.com/infobloxopen/go-trees/iptree, TypeSetOfDomains - *domaintree.Node from github.com/infobloxopen/go-trees/domaintree, TypeListOfStrings - []string.

func MarshalRequestReflectionToBuffer 

func MarshalRequestReflectionToBuffer(b []byte, c int, f func(i int) (string, Type, reflect.Value, error)) (int, error)

MarshalRequestReflectionToBuffer marshals set of attributes wrapped with reflect.Value as a sequence of bytes to given buffer similarly to MarshalRequestReflection. Caller should provide large enough buffer. The function fills given buffer and returns number of bytes written.

func MarshalRequestReflectionWithAllocator 

func MarshalRequestReflectionWithAllocator(c int, f func(i int) (string, Type, reflect.Value, error), g func(n int) ([]byte, error)) ([]byte, error)

MarshalRequestReflectionWithAllocator marshals set of attributes wrapped with reflect.Value to sequence of bytes in the same way as MarshalRequestReflection. But instead of make function it uses given allocator function to obtain buffer. The allocator expected to take number of bytes and return slice of bytes with given length.

func RegisterSelector 

func RegisterSelector(s Selector)

RegisterSelector puts given selector to PDP's registry.

func SortSetOfDomains 

func SortSetOfDomains(v *domaintree.Node) []string

SortSetOfDomains converts set of domains to a slice of strings ordered by assigned integer values. Strings represent human-readable domain names. It panics if given tree contains not int value.

func SortSetOfNetworks 

func SortSetOfNetworks(v *iptree.Tree) []*net.IPNet

SortSetOfNetworks converts set of networks to a slice ordered by assigned integer values. It panics if given tree contains not int value.

func SortSetOfStrings 

func SortSetOfStrings(v *strtree.Tree) []string

SortSetOfStrings converts set of strings to a slice ordered by assigned integer values. It panics if given tree contains not int value.

func UnmarshalInfoRequest 

func UnmarshalInfoRequest(b []byte, out []AttributeValue) (string, int, error)

UnmarshalInfoRequest unmarshals information request from given buffer. It fills given assignment array and returns path and number of attributes. Caller should provide large enough array for assignments.

func UnmarshalRequestReflection 

func UnmarshalRequestReflection(b []byte, f func(string, Type) (reflect.Value, error)) error

UnmarshalRequestReflection parses given sequence of bytes to set of reflected values. It calls f function for each attribute extracted from buffer with attribute id and type. The f function should return value to set. If it returns error UnmarshalRequestReflection stops parsing and exits with the error.

func UnmarshalRequestToAssignmentsArray 

func UnmarshalRequestToAssignmentsArray(b []byte, out []AttributeAssignment) (int, error)

UnmarshalRequestToAssignmentsArray parses given sequence of bytes as a list of assignments to given buffer. Caller should provide large enough out slice. The function returns number of assignments written.

func UnmarshalResponseToAssignmentsArray 

func UnmarshalResponseToAssignmentsArray(b []byte, out []AttributeAssignment) (int, int, error)

UnmarshalResponseToAssignmentsArray unmarshals response from given sequence of bytes. Effect is returned as the first result value. The second returned value gives number of obligations put to out parameter. Finally, the third value is an error occured during unmarshalling or response status if it has type *ResponseServerError. Caller needs to allocate and pass big enough array to out argument.

func UnmarshalResponseToReflection 

func UnmarshalResponseToReflection(b []byte, f func(string, Type) (reflect.Value, error)) error

UnmarshalResponseToReflection unmarshals response from given sequence of bytes to a set reflected values. The function extracts a parameter or obligation from response and calls f function with its name and type. The function should return reflected value to put data to. If f returns error unmarshlling stopped with the error. If f don't want to get value of attribute or response parameter it can return invalid reflect.Value (reflect.Value(nil). For Effect parameter UnmarshalResponseToReflection passes to f ResponseEffectFieldName as name and nil type and expectes value of bool, string, intX or uintX (for bool true means EffectPermit and false all other effects). For Status parameter ResponseStatusFieldName with nil type passed to f and string or error expected as reflected value. For any obligation its name and Type passed to f. Which value is expected depends on attribute type for TypeBoolean - bool, TypeString - string, TypeInteger - intX or uintX (note that small int types can be overflowed while uint can't take negative value), TypeFloat - float32/64, TypeAddress - net.IP, TypeNetwork - net.IPNet or *net.IPNet, TypeDomain - string or domain.Name from github.com/infobloxopen/go-trees/domain package, TypeSetOfStrings - *strtree.Tree from github.com/infobloxopen/go-trees/strtree package, TypeSetOfNetworks - *iptree.Tree from github.com/infobloxopen/go-trees/iptree package, TypeSetOfDomains - *domaintree.Node from github.com/infobloxopen/go-trees/domaintree package, TypeListOfStrings - []string.

Types

type AggType added in v0.0.4 

type AggType int

AggType is a data type for defining a way of aggregation of several content values

type AllOf 

type AllOf struct {
	// contains filtered or unexported fields
}

AllOf groups match expressions into boolean expression which result is true when all of child match expressions are true.

func MakeAllOf 

func MakeAllOf() AllOf

MakeAllOf creates instance of AllOf expression.

func (*AllOf) Append 

func (a *AllOf) Append(item Match)

Append adds match expression to the end of list of child match expressions.

type AnyOf 

type AnyOf struct {
	// contains filtered or unexported fields
}

AnyOf groups AllOf expressions into boolean expression which result is true when at least one of child AllOf expressions is true.

func MakeAnyOf 

func MakeAnyOf() AnyOf

MakeAnyOf creates instance of AnyOf expressions.

func (*AnyOf) Append 

func (a *AnyOf) Append(item AllOf)

Append adds AllOf expression to the end of list of child AllOf expressions.

type AttribAssignFmt 

type AttribAssignFmt struct {
	Name  string
	Type  string
	Value string
}

AttribAssignFmt is the json marshal format of serialized AttributeAssignment

type Attribute 

type Attribute struct {
	// contains filtered or unexported fields
}

Attribute represents attribute definition which binds attribute name and type.

func MakeAttribute 

func MakeAttribute(ID string, t Type) Attribute

MakeAttribute creates new attribute instance. It requires attribute name as "ID" argument and type as "t" argument.

func (Attribute) GetType 

func (a Attribute) GetType() Type

GetType returns attribute type.

type AttributeAssignment 

type AttributeAssignment struct {
	// contains filtered or unexported fields
}

AttributeAssignment represents assignment of arbitrary result to an attribute.

func MakeAddressAssignment 

func MakeAddressAssignment(id string, v net.IP) AttributeAssignment

MakeAddressAssignment creates attribute assignment for address value.

func MakeAttributeAssignment 

func MakeAttributeAssignment(a Attribute, e Expression) AttributeAssignment

MakeAttributeAssignment creates assignment of given expression to given attribute.

func MakeBooleanAssignment 

func MakeBooleanAssignment(id string, v bool) AttributeAssignment

MakeBooleanAssignment creates attribute assignment for boolean value.

func MakeDomainAssignment 

func MakeDomainAssignment(id string, v domain.Name) AttributeAssignment

MakeDomainAssignment creates attribute assignment for domain value.

func MakeExpressionAssignment 

func MakeExpressionAssignment(id string, e Expression) AttributeAssignment

MakeExpressionAssignment creates attribute assignment for attribute with given id and type derived from given expression.

func MakeFlags16Assignment 

func MakeFlags16Assignment(id string, t Type, v uint16) AttributeAssignment

MakeFlags16Assignment creates attribute assignment for flags value which fits 16 bits integer.

func MakeFlags32Assignment 

func MakeFlags32Assignment(id string, t Type, v uint32) AttributeAssignment

MakeFlags32Assignment creates attribute assignment for flags value which fits 32 bits integer.

func MakeFlags64Assignment 

func MakeFlags64Assignment(id string, t Type, v uint64) AttributeAssignment

MakeFlags64Assignment creates attribute assignment for flags value which fits 64 bits integer.

func MakeFlags8Assignment 

func MakeFlags8Assignment(id string, t Type, v uint8) AttributeAssignment

MakeFlags8Assignment creates attribute assignment for flags value which fits 8 bits integer.

func MakeFloatAssignment 

func MakeFloatAssignment(id string, v float64) AttributeAssignment

MakeFloatAssignment creates attribute assignment for float value.

func MakeIntegerAssignment 

func MakeIntegerAssignment(id string, v int64) AttributeAssignment

MakeIntegerAssignment creates attribute assignment for integer value.

func MakeListOfStringsAssignment 

func MakeListOfStringsAssignment(id string, v []string) AttributeAssignment

MakeListOfStringsAssignment creates attribute assignment for list of strings value.

func MakeNetworkAssignment 

func MakeNetworkAssignment(id string, v *net.IPNet) AttributeAssignment

MakeNetworkAssignment creates attribute assignment for network value.

func MakeSetOfDomainsAssignment 

func MakeSetOfDomainsAssignment(id string, v *domaintree.Node) AttributeAssignment

MakeSetOfDomainsAssignment creates attribute assignment for set of domains value.

func MakeSetOfNetworksAssignment 

func MakeSetOfNetworksAssignment(id string, v *iptree.Tree) AttributeAssignment

MakeSetOfNetworksAssignment creates attribute assignment for set of networks value.

func MakeSetOfStringsAssignment 

func MakeSetOfStringsAssignment(id string, v *strtree.Tree) AttributeAssignment

MakeSetOfStringsAssignment creates attribute assignment for set of strings value.

func MakeStringAssignment 

func MakeStringAssignment(id string, v string) AttributeAssignment

MakeStringAssignment creates attribute assignment for string value.

func UnmarshalRequestAssignments 

func UnmarshalRequestAssignments(b []byte) ([]AttributeAssignment, error)

UnmarshalRequestAssignments parses given sequence of bytes as a list of assignments.

func UnmarshalRequestAssignmentsWithAllocator 

func UnmarshalRequestAssignmentsWithAllocator(b []byte, f func(n int) ([]AttributeAssignment, error)) ([]AttributeAssignment, error)

UnmarshalRequestAssignmentsWithAllocator parses given sequence of bytes as a list of assignments. It uses given allocator to make assignments array. The allocator expected to take a number of assignments required and return a slice of at least given length.

func UnmarshalResponseAssignments 

func UnmarshalResponseAssignments(b []byte) (int, []AttributeAssignment, error)

UnmarshalResponseAssignments unmarshals response from given sequence of bytes. Effect is returned as the first result value. The second returned value is an array of obligations. Finally, the third value is an error occured during unmarshalling or response status if it has type *ResponseServerError.

func UnmarshalResponseAssignmentsWithAllocator 

func UnmarshalResponseAssignmentsWithAllocator(b []byte, f func(n int) ([]AttributeAssignment, error)) (int, []AttributeAssignment, error)

UnmarshalResponseAssignmentsWithAllocator works similarly to UnmarshalResponseAssignments but requires custom allocator for obligations. The allocator is expected to take number of obligations and return slice of assignments of that length.

func (AttributeAssignment) GetAddress 

func (a AttributeAssignment) GetAddress(ctx *Context) (net.IP, error)

GetAddress retruns address value of assignment. It returns error if type of assignment is not address.

func (AttributeAssignment) GetBoolean 

func (a AttributeAssignment) GetBoolean(ctx *Context) (bool, error)

GetBoolean returns boolean value of assignment. It returns error if type of assignment is not boolean.

func (AttributeAssignment) GetDomain 

func (a AttributeAssignment) GetDomain(ctx *Context) (domain.Name, error)

GetDomain retruns domain value of assignment. It returns error if type of assignment is not domain.

func (AttributeAssignment) GetFlags16 

func (a AttributeAssignment) GetFlags16(ctx *Context) (uint16, error)

GetFlags16 retruns flags value of assignment which fits 16 bits integer. It returns error if type of assignment is not appropriate flags.

func (AttributeAssignment) GetFlags32 

func (a AttributeAssignment) GetFlags32(ctx *Context) (uint32, error)

GetFlags32 retruns flags value of assignment which fits 32 bits integer. It returns error if type of assignment is not appropriate flags.

func (AttributeAssignment) GetFlags64 

func (a AttributeAssignment) GetFlags64(ctx *Context) (uint64, error)

GetFlags64 retruns flags value of assignment which fits 64 bits integer. It returns error if type of assignment is not appropriate flags.

func (AttributeAssignment) GetFlags8 

func (a AttributeAssignment) GetFlags8(ctx *Context) (uint8, error)

GetFlags8 retruns flags value of assignment which fits 8 bits integer. It returns error if type of assignment is not appropriate flags.

func (AttributeAssignment) GetFloat 

func (a AttributeAssignment) GetFloat(ctx *Context) (float64, error)

GetFloat retruns float value of assignment. It returns error if type of assignment is not float.

func (AttributeAssignment) GetID 

func (a AttributeAssignment) GetID() string

GetID returns id of assignment's attribute.

func (AttributeAssignment) GetInteger 

func (a AttributeAssignment) GetInteger(ctx *Context) (int64, error)

GetInteger retruns integer value of assignment. It returns error if type of assignment is not integer.

func (AttributeAssignment) GetListOfStrings 

func (a AttributeAssignment) GetListOfStrings(ctx *Context) ([]string, error)

GetListOfStrings retruns list of strings value of assignment. It returns error if type of assignment is not list of strings.

func (AttributeAssignment) GetNetwork 

func (a AttributeAssignment) GetNetwork(ctx *Context) (*net.IPNet, error)

GetNetwork retruns network value of assignment. It returns error if type of assignment is not network.

func (AttributeAssignment) GetSetOfDomains 

func (a AttributeAssignment) GetSetOfDomains(ctx *Context) (*domaintree.Node, error)

GetSetOfDomains retruns set of networks value of assignment. It returns error if type of assignment is not set of domains.

func (AttributeAssignment) GetSetOfNetworks 

func (a AttributeAssignment) GetSetOfNetworks(ctx *Context) (*iptree.Tree, error)

GetSetOfNetworks retruns set of networks value of assignment. It returns error if type of assignment is not set of networks.

func (AttributeAssignment) GetSetOfStrings 

func (a AttributeAssignment) GetSetOfStrings(ctx *Context) (*strtree.Tree, error)

GetSetOfStrings retruns set of strings value of assignment. It returns error if type of assignment is not set of strings.

func (AttributeAssignment) GetString 

func (a AttributeAssignment) GetString(ctx *Context) (string, error)

GetString retruns string value of assignment. It returns error if type of assignment is not string.

func (AttributeAssignment) GetValue 

func (a AttributeAssignment) GetValue() (AttributeValue, error)

func (AttributeAssignment) MarshalJSON 

func (a AttributeAssignment) MarshalJSON() ([]byte, error)

MarshalJSON satisfies Marshaler interface Only works for assignment expression where righthand doesn't depend on context E.g.: values, constant expression, selector that don't rely on attributes or local content

func (AttributeAssignment) Serialize 

func (a AttributeAssignment) Serialize(ctx *Context) (string, string, string, error)

Serialize evaluates assignment and returns string representation of resulting attribute name, type and value or error if the evaluaction can't be done.

func (AttributeAssignment) String 

func (a AttributeAssignment) String() string

type AttributeDesignator 

type AttributeDesignator struct {
	// contains filtered or unexported fields
}

AttributeDesignator represents an expression which result is corresponding attribute value from request context.

func MakeAddressDesignator 

func MakeAddressDesignator(id string) AttributeDesignator

MakeAddressDesignator creates boolean designator expression instance for given attribute id.

func MakeAttributeDesignator 

func MakeAttributeDesignator(a Attribute) AttributeDesignator

MakeAttributeDesignator creates designator expression instance for given attribute.

func MakeBooleanDesignator 

func MakeBooleanDesignator(id string) AttributeDesignator

MakeBooleanDesignator creates boolean designator expression instance for given attribute id.

func MakeDesignator 

func MakeDesignator(id string, t Type) AttributeDesignator

MakeDesignator creates designator expression instance for given attribute id and type.

func MakeDomainDesignator 

func MakeDomainDesignator(id string) AttributeDesignator

MakeDomainDesignator creates boolean designator expression instance for given attribute id.

func MakeFloatDesignator 

func MakeFloatDesignator(id string) AttributeDesignator

MakeFloatDesignator creates boolean designator expression instance for given attribute id.

func MakeIntegerDesignator 

func MakeIntegerDesignator(id string) AttributeDesignator

MakeIntegerDesignator creates boolean designator expression instance for given attribute id.

func MakeListOfStringsDesignator 

func MakeListOfStringsDesignator(id string) AttributeDesignator

MakeListOfStringsDesignator creates boolean designator expression instance for given attribute id.

func MakeNetworkDesignator 

func MakeNetworkDesignator(id string) AttributeDesignator

MakeNetworkDesignator creates boolean designator expression instance for given attribute id.

func MakeSetOfDomainsDesignator 

func MakeSetOfDomainsDesignator(id string) AttributeDesignator

MakeSetOfDomainsDesignator creates boolean designator expression instance for given attribute id.

func MakeSetOfNetworksDesignator 

func MakeSetOfNetworksDesignator(id string) AttributeDesignator

MakeSetOfNetworksDesignator creates boolean designator expression instance for given attribute id.

func MakeSetOfStringsDesignator 

func MakeSetOfStringsDesignator(id string) AttributeDesignator

MakeSetOfStringsDesignator creates boolean designator expression instance for given attribute id.

func MakeStringDesignator 

func MakeStringDesignator(id string) AttributeDesignator

MakeStringDesignator creates boolean designator expression instance for given attribute id.

func (AttributeDesignator) Calculate 

func (d AttributeDesignator) Calculate(ctx *Context) (AttributeValue, error)

Calculate implements Expression interface and returns calculated value

func (AttributeDesignator) GetID 

func (d AttributeDesignator) GetID() string

GetID returns ID of wrapped attribute.

func (AttributeDesignator) GetResultType 

func (d AttributeDesignator) GetResultType() Type

GetResultType returns type of wrapped attribute (implements Expression interface).

type AttributeValue 

type AttributeValue struct {
	// contains filtered or unexported fields
}

AttributeValue represents attribute value which binds data type and data. Value with undefined type indicates that evaluation can't get particular value.

func MakeAddressValue 

func MakeAddressValue(v net.IP) AttributeValue

MakeAddressValue creates instance of IP address attribute value.

func MakeBooleanValue 

func MakeBooleanValue(v bool) AttributeValue

MakeBooleanValue creates instance of boolean attribute value.

func MakeDomainValue 

func MakeDomainValue(v domain.Name) AttributeValue

MakeDomainValue creates instance of domain name attribute value. Argument should be valid domain name. Caller is responsible for the validation.

func MakeFlagsValue16 

func MakeFlagsValue16(v uint16, t Type) AttributeValue

MakeFlagsValue16 creates instance of given flags value which fits 16 bits integer.

func MakeFlagsValue32 

func MakeFlagsValue32(v uint32, t Type) AttributeValue

MakeFlagsValue32 creates instance of given flags value which fits 32 bits integer.

func MakeFlagsValue64 

func MakeFlagsValue64(v uint64, t Type) AttributeValue

MakeFlagsValue64 creates instance of given flags value which fits 64 bits integer.

func MakeFlagsValue8 

func MakeFlagsValue8(v uint8, t Type) AttributeValue

MakeFlagsValue8 creates instance of given flags value which fits 8 bits integer.

func MakeFloatValue 

func MakeFloatValue(v float64) AttributeValue

MakeFloatValue creates instance of float attribute value.

func MakeIntegerValue 

func MakeIntegerValue(v int64) AttributeValue

MakeIntegerValue creates instance of integer attribute value.

func MakeListOfStringsValue 

func MakeListOfStringsValue(v []string) AttributeValue

MakeListOfStringsValue creates instance of list of strings attribute value.

func MakeNetworkValue 

func MakeNetworkValue(v *net.IPNet) AttributeValue

MakeNetworkValue creates instance of IP network address attribute value. Argument should not be nil. Caller is responsible for the validation.

func MakeSetOfDomainsValue 

func MakeSetOfDomainsValue(v *domaintree.Node) AttributeValue

MakeSetOfDomainsValue creates instance of set of domains attribute value.

func MakeSetOfNetworksValue 

func MakeSetOfNetworksValue(v *iptree.Tree) AttributeValue

MakeSetOfNetworksValue creates instance of set of networks attribute value.

func MakeSetOfStringsValue 

func MakeSetOfStringsValue(v *strtree.Tree) AttributeValue

MakeSetOfStringsValue creates instance of set of strings attribute value.

func MakeStringValue 

func MakeStringValue(v string) AttributeValue

MakeStringValue creates instance of string attribute value.

func MakeValueFromString 

func MakeValueFromString(t Type, s string) (AttributeValue, error)

MakeValueFromString creates instance of attribute value by given type and string representation. The function performs necessary validation. No covertion defined for undefined type and collection types.

func UnmarshalInfoResponse 

func UnmarshalInfoResponse(b []byte) (AttributeValue, error)

UnmarshalInfoResponse unmarshals informational response from given sequence of bytes to an attribute value or error.

func (AttributeValue) Calculate 

func (v AttributeValue) Calculate(ctx *Context) (AttributeValue, error)

Calculate implements Expression interface and returns calculated value

func (AttributeValue) GetResultType 

func (v AttributeValue) GetResultType() Type

GetResultType returns type of attribute value (implements Expression interface).

func (AttributeValue) Rebind 

func (v AttributeValue) Rebind(t Type) (AttributeValue, error)

Rebind produces copy of the value with given type if the type matches original value type.

func (AttributeValue) Serialize 

func (v AttributeValue) Serialize() (string, error)

Serialize converts attribute value to its string representation. No conversion defined for undefined value.

type ContentDomainFlags16Map 

type ContentDomainFlags16Map struct {
	// contains filtered or unexported fields
}

ContentDomainFlags16Map implements ContentSubItem as map of domain name to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 16 bits flags.

func MakeContentDomainFlags16Map 

func MakeContentDomainFlags16Map(tree *domaintree16.Node) ContentDomainFlags16Map

MakeContentDomainFlags16Map creates instance of ContentDomainFlags16Map based on domaintree16 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 16 bits flags.

type ContentDomainFlags32Map 

type ContentDomainFlags32Map struct {
	// contains filtered or unexported fields
}

ContentDomainFlags32Map implements ContentSubItem as map of domain name to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 32 bits flags.

func MakeContentDomainFlags32Map 

func MakeContentDomainFlags32Map(tree *domaintree32.Node) ContentDomainFlags32Map

MakeContentDomainFlags32Map creates instance of ContentDomainFlags32Map based on domaintree32 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 32 bits flags.

type ContentDomainFlags64Map 

type ContentDomainFlags64Map struct {
	// contains filtered or unexported fields
}

ContentDomainFlags64Map implements ContentSubItem as map of domain name to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 64 bits flags.

func MakeContentDomainFlags64Map 

func MakeContentDomainFlags64Map(tree *domaintree64.Node) ContentDomainFlags64Map

MakeContentDomainFlags64Map creates instance of ContentDomainFlags64Map based on domaintree64 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 64 bits flags.

type ContentDomainFlags8Map 

type ContentDomainFlags8Map struct {
	// contains filtered or unexported fields
}

ContentDomainFlags8Map implements ContentSubItem as map of domain name to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 8 bits flags.

func MakeContentDomainFlags8Map 

func MakeContentDomainFlags8Map(tree *domaintree8.Node) ContentDomainFlags8Map

MakeContentDomainFlags8Map creates instance of ContentDomainFlags8Map based on domaintree8 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 8 bits flags.

type ContentDomainMap 

type ContentDomainMap struct {
	// contains filtered or unexported fields
}

ContentDomainMap implements ContentSubItem as map of domain name to ContentSubItem.

func MakeContentDomainMap 

func MakeContentDomainMap(tree *domaintree.Node) ContentDomainMap

MakeContentDomainMap creates instance of ContentDomainMap based on domaintree from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type.

type ContentItem 

type ContentItem struct {
	// contains filtered or unexported fields
}

ContentItem represents item of particular content. It can be mapping object with defined set of keys to access value of particular type or immediate value of defined type.

func MakeContentMappingItem 

func MakeContentMappingItem(id string, t Type, k []Type, v ContentSubItem) *ContentItem

MakeContentMappingItem creates mapping content item. Argument t is type of final value while k list is a list of types from ContentKeyTypes and defines which maps the item consists from.

func MakeContentValueItem 

func MakeContentValueItem(id string, t Type, v interface{}) *ContentItem

MakeContentValueItem creates content item which represents immediate value of given type.

func (*ContentItem) Get 

func (c *ContentItem) Get(path []Expression, ctx *Context) (AttributeValue, error)

Get returns value from content item by given path. It sequentially evaluates path expressions and extracts next subitem until gets final value or error.

func (*ContentItem) GetAggregated added in v0.0.4 

func (c *ContentItem) GetAggregated(path []Expression, ctx *Context, at AggType) (AttributeValue, error)

GetAggregated returns value from content item by given path. It sequentially evaluates path expressions and extracts next subitem until gets final value or error. Get may aggregate values from different paths if the "list of strings" key is provided where "string" key is expected

func (*ContentItem) GetByValues 

func (c *ContentItem) GetByValues(path []AttributeValue, a AggType) (AttributeValue, error)

GetByValues returns value from content item by given path which must consist of attribute values.

func (*ContentItem) GetType 

func (c *ContentItem) GetType() Type

GetType returns content item type

type ContentNetworkFlags16Map 

type ContentNetworkFlags16Map struct {
	// contains filtered or unexported fields
}

ContentNetworkFlags16Map implements ContentSubItem as map of string to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 16 bits flags.

func MakeContentNetworkFlags16Map 

func MakeContentNetworkFlags16Map(tree *iptree16.Tree) ContentNetworkFlags16Map

MakeContentNetworkFlags16Map creates instance of ContentNetworkFlags16Map based on strtree16 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 16 bits flags.

type ContentNetworkFlags32Map 

type ContentNetworkFlags32Map struct {
	// contains filtered or unexported fields
}

ContentNetworkFlags32Map implements ContentSubItem as map of string to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 32 bits flags.

func MakeContentNetworkFlags32Map 

func MakeContentNetworkFlags32Map(tree *iptree32.Tree) ContentNetworkFlags32Map

MakeContentNetworkFlags32Map creates instance of ContentNetworkFlags32Map based on strtree32 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 32 bits flags.

type ContentNetworkFlags64Map 

type ContentNetworkFlags64Map struct {
	// contains filtered or unexported fields
}

ContentNetworkFlags64Map implements ContentSubItem as map of string to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 64 bits flags.

func MakeContentNetworkFlags64Map 

func MakeContentNetworkFlags64Map(tree *iptree64.Tree) ContentNetworkFlags64Map

MakeContentNetworkFlags64Map creates instance of ContentNetworkFlags64Map based on strtree64 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 64 bits flags.

type ContentNetworkFlags8Map 

type ContentNetworkFlags8Map struct {
	// contains filtered or unexported fields
}

ContentNetworkFlags8Map implements ContentSubItem as map of string to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 8 bits flags.

func MakeContentNetworkFlags8Map 

func MakeContentNetworkFlags8Map(tree *iptree8.Tree) ContentNetworkFlags8Map

MakeContentNetworkFlags8Map creates instance of ContentNetworkFlags8Map based on strtree8 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 8 bits flags.

type ContentNetworkMap 

type ContentNetworkMap struct {
	// contains filtered or unexported fields
}

ContentNetworkMap implements ContentSubItem as map of IP address or network to ContentSubItem.

func MakeContentNetworkMap 

func MakeContentNetworkMap(tree *iptree.Tree) ContentNetworkMap

MakeContentNetworkMap creates instance of ContentNetworkMap based on iptree from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type.

type ContentStringFlags16Map 

type ContentStringFlags16Map struct {
	// contains filtered or unexported fields
}

ContentStringFlags16Map implements ContentSubItem as map of string to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 16 bits flags.

func MakeContentStringFlags16Map 

func MakeContentStringFlags16Map(tree *strtree16.Tree) ContentStringFlags16Map

MakeContentStringFlags16Map creates instance of ContentStringFlags16Map based on strtree16 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 16 bits flags.

type ContentStringFlags32Map 

type ContentStringFlags32Map struct {
	// contains filtered or unexported fields
}

ContentStringFlags32Map implements ContentSubItem as map of string to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 32 bits flags.

func MakeContentStringFlags32Map 

func MakeContentStringFlags32Map(tree *strtree32.Tree) ContentStringFlags32Map

MakeContentStringFlags32Map creates instance of ContentStringFlags32Map based on strtree32 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 32 bits flags.

type ContentStringFlags64Map 

type ContentStringFlags64Map struct {
	// contains filtered or unexported fields
}

ContentStringFlags64Map implements ContentSubItem as map of string to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 64 bits flags.

func MakeContentStringFlags64Map 

func MakeContentStringFlags64Map(tree *strtree64.Tree) ContentStringFlags64Map

MakeContentStringFlags64Map creates instance of ContentStringFlags64Map based on strtree64 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 64 bits flags.

type ContentStringFlags8Map 

type ContentStringFlags8Map struct {
	// contains filtered or unexported fields
}

ContentStringFlags8Map implements ContentSubItem as map of string to ContentSubItem. In the case resulting ContentSubItem can be only a ContentValue instance which holds 8 bits flags.

func MakeContentStringFlags8Map 

func MakeContentStringFlags8Map(tree *strtree8.Tree) ContentStringFlags8Map

MakeContentStringFlags8Map creates instance of ContentStringFlags8Map based on strtree8 from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type wrapping 8 bits flags.

type ContentStringMap 

type ContentStringMap struct {
	// contains filtered or unexported fields
}

ContentStringMap implements ContentSubItem as map of string to ContentSubItem.

func MakeContentStringMap 

func MakeContentStringMap(tree *strtree.Tree) ContentStringMap

MakeContentStringMap creates instance of ContentStringMap based on strtree from github.com/infobloxopen/go-trees. Nodes should be of the same ContentSubItem compatible type.

type ContentSubItem 

type ContentSubItem interface {
	// contains filtered or unexported methods
}

ContentSubItem interface abstracts all possible mapping objects and immediate content value.

type ContentTagsNotMatchError 

type ContentTagsNotMatchError struct {
	ID string
	// contains filtered or unexported fields
}

ContentTagsNotMatchError indicates that update tag doesn't match content before modification.

func (*ContentTagsNotMatchError) Error 

func (e *ContentTagsNotMatchError) Error() string

Error implements error interface.

type ContentUpdate 

type ContentUpdate struct {
	// contains filtered or unexported fields
}

ContentUpdate encapsulates list of changes to particular content.

func NewContentUpdate 

func NewContentUpdate(cID string, oldTag, newTag uuid.UUID) *ContentUpdate

NewContentUpdate creates empty update for given content and sets tags. Content must have oldTag so update can be applied. newTag will be set to content after the update.

func (*ContentUpdate) Append 

func (u *ContentUpdate) Append(op int, path []string, entity *ContentItem)

Append inserts particular change to the end of changes list. Op is an operation (like add or delete), path identifies content part to perform operation and entity item to add (and ignored in case of delete operation).

func (*ContentUpdate) String 

func (u *ContentUpdate) String() string

String implements Stringer interface.

type ContentValue 

type ContentValue struct {
	// contains filtered or unexported fields
}

ContentValue implements ContentSubItem as immediate value.

func MakeContentValue 

func MakeContentValue(value interface{}) ContentValue

MakeContentValue creates instance of ContentValue with given data. Argument value should be value of golang type which corresponds to one of supported attribute types.

type Context 

type Context struct {
	// contains filtered or unexported fields
}

Context represents request context. The context contains all information needed to evaluate request.

func NewContext 

func NewContext(c *LocalContentStorage, count int, f func(i int) (string, AttributeValue, error)) (*Context, error)

NewContext creates new instance of context. It requires pointer to local content storage and request attributes. The storage can be nil only if there is no policies or rules require it (otherwise evaluation may crash reaching it). Context collects input attributes by calling "f" function. The function is called "count" times and on each call it gets incrementing number starting from 0. The function should return attribute name and value. If "f" function returns error NewContext stops iterations and returns the same error. All pairs of attribute name and type should be unique.

func NewContextFromBytes 

func NewContextFromBytes(c *LocalContentStorage, b []byte) (*Context, error)

NewContextFromBytes creates new instance of context. It requires a pointer to local content storage and a request represented as a byte sequence. Requirements for the storage are the same as NewContext function has. The request umarshaled to sequence of attributes as descirbed by (Un)MarshalRequest* functions help.

func (*Context) GetContentItem 

func (c *Context) GetContentItem(cID, iID string) (*ContentItem, error)

GetContentItem returns content item value

func (*Context) String 

func (c *Context) String() string

String implements Stringer interface.

type Evaluable 

type Evaluable interface {
	GetID() (string, bool)
	Calculate(ctx *Context) Response
	Append(path []string, v interface{}) (Evaluable, error)
	Delete(path []string) (Evaluable, error)
	// contains filtered or unexported methods
}

Evaluable interface defines abstract PDP's entity which can be evaluated for given context (policy set or policy).

type Expression 

type Expression interface {
	GetResultType() Type
	Calculate(ctx *Context) (AttributeValue, error)
}

Expression abstracts any PDP expression. The GetResultType method returns type of particular expression. The Calculate method returns calculated value for particular expression.

func MakeSelector 

func MakeSelector(uri *url.URL, path []Expression, t Type, opts ...SelectorOption) (Expression, error)

MakeSelector returns new selector for given uri with path as a set of arguments and desired result type.

type FlagsType 

type FlagsType struct {
	// contains filtered or unexported fields
}

FlagsType instance represents cutom flags type.

func (*FlagsType) Capacity 

func (t *FlagsType) Capacity() int

Capacity gets number of bits required to represent any flags combination.

func (*FlagsType) GetFlagBit 

func (t *FlagsType) GetFlagBit(f string) int

GetFlagBit method returns bit number for given flag name. If there is no flag with the name it returns -1.

func (*FlagsType) GetKey 

func (t *FlagsType) GetKey() string

GetKey method returns case insensitive (always lowercase) type key.

func (*FlagsType) Match 

func (t *FlagsType) Match(ot Type) bool

Match checks equivalence of different flags types. Flags types match iff they are defined for the same number of flags.

func (*FlagsType) String 

func (t *FlagsType) String() string

String method returns human readable type name.

type LocalContent 

type LocalContent struct {
	// contains filtered or unexported fields
}

LocalContent represents content object which can be accessed by its id and independently tagged and updated. It holds content items which represent mapping objects (or immediate values) of different type.

func NewLocalContent 

func NewLocalContent(id string, tag *uuid.UUID, symbols Symbols, items []*ContentItem) *LocalContent

NewLocalContent creates content of given id with given tag and set of content items. Nil tag makes the content untagged. Such content can't be incrementally updated.

func (*LocalContent) Get 

func (c *LocalContent) Get(ID string) (*ContentItem, error)

Get returns content item of given id.

func (*LocalContent) String 

func (c *LocalContent) String() string

String implements Stringer interface.

type LocalContentStorage 

type LocalContentStorage struct {
	// contains filtered or unexported fields
}

LocalContentStorage is a storage of all independent local contents.

func NewLocalContentStorage 

func NewLocalContentStorage(items []*LocalContent) *LocalContentStorage

NewLocalContentStorage creates new LocalContentStorage instance. It's filled with given contents.

func (*LocalContentStorage) Add 

func (s *LocalContentStorage) Add(c *LocalContent) *LocalContentStorage

Add puts new content to storage. It returns copy of existing storage with new content in it. Existing storage isn't affected by the operation.

func (*LocalContentStorage) Get 

func (s *LocalContentStorage) Get(cID, iID string) (*ContentItem, error)

Get returns content item by given content id and nested content item id.

func (*LocalContentStorage) GetLocalContent 

func (s *LocalContentStorage) GetLocalContent(cID string, tag *uuid.UUID) (*LocalContent, error)

GetLocalContent returns content from storage by given id only if the content has its own tag and the tag matches to tag argument.

func (*LocalContentStorage) NewTransaction 

func (s *LocalContentStorage) NewTransaction(cID string, tag *uuid.UUID) (*LocalContentStorageTransaction, error)

NewTransaction creates new transaction for given content in the storage.

func (*LocalContentStorage) String 

func (s *LocalContentStorage) String() string

String implements Stringer interface.

type LocalContentStorageTransaction 

type LocalContentStorageTransaction struct {
	ID string
	// contains filtered or unexported fields
}

LocalContentStorageTransaction represents transaction for local content. Transaction aggregates updates and then can be committed to LocalContentStorage to make all the updates visible at once.

func (*LocalContentStorageTransaction) Apply 

func (t *LocalContentStorageTransaction) Apply(u *ContentUpdate) error

Apply updates captured content with given content update.

func (*LocalContentStorageTransaction) Commit 

func (t *LocalContentStorageTransaction) Commit(s *LocalContentStorage) (*LocalContentStorage, error)

Commit creates new content storage with updated content previously captured by transaction. Each commit creates copy of storage with only its changes applied. So applications must ensure that all commits to the same storage are made sequentially and that there is only one transaction for the same content id (all pairs of NewTransaction and Commit for the same content id go sequentially).

func (*LocalContentStorageTransaction) Symbols 

func (t *LocalContentStorageTransaction) Symbols() Symbols

Symbols returns symbol tables captured from content storage on transaction creation.

type MapperPCAParams 

type MapperPCAParams struct {
	// Argument represent expression which value is used to get nested policy
	// set or policy (or list of them).
	Argument Expression

	// DefOk indicates if Def contains valid value.
	DefOk bool
	// Def contains id of default policy set or policy (the default policy
	// is used when Argument expression evaluates to a value which doesn't
	// match to any id). This value is used only if DefOk is true.
	Def string

	// ErrOk indicateis if Err contains valid value.
	ErrOk bool
	// Err ontains id of policy set or policy to use in case of error (when
	// Argument can't be evaluated).
	Err string

	// Order selects how to sort choosen policies if argument returns several
	// ids. Currently mapper supports two options: external order - sort
	// policies in the same order as ids returned, internal - sort by position
	// in parent policy set.
	Order int

	// Algorithm is additional policy combining algorithm which is used when
	// argument can return several ids.
	Algorithm PolicyCombiningAlg
}

MapperPCAParams gathers all parameters of mapper policy combining algorithm.

type MapperRCAParams 

type MapperRCAParams struct {
	// Argument represent expression which value is used to get nested rule
	// (or list of them).
	Argument Expression

	// DefOk indicates if Def contains valid value.
	DefOk bool
	// Def contains id of default rule (the default rule is used when Argument
	// expression evaluates to a value which doesn't match to any id).
	// This value is used only if DefOk is true.
	Def string

	// ErrOk indicateis if Err contains valid value.
	ErrOk bool
	// Err ontains id of rule to use in case of error (when  Argument can't be
	// evaluated).
	Err string

	// Order selects how to sort choosen rules if argument returns several ids.
	// Currently mapper supports two options: external order - sort rules
	// in the same order as ids returned, internal - sort by position in parent
	// policy.
	Order int

	// Algorithm is additional rule combining algorithm which is used when
	// argument can return several ids.
	Algorithm RuleCombiningAlg
}

MapperRCAParams gathers all parameters of mapper rule combining algorithm.

type Match 

type Match struct {
	// contains filtered or unexported fields
}

Match represents match expression. Specific kind of boolean expression which can have two arguments. One of arguments should be immediate value and other should be attribute designator.

func MakeMatch 

func MakeMatch(e Expression) Match

MakeMatch creates instance of match expression.

type MissingContentError 

type MissingContentError struct {
	ID string
	// contains filtered or unexported fields
}

MissingContentError indicates that there is no desired content.

func (*MissingContentError) Error 

func (e *MissingContentError) Error() string

Error implements error interface.

type MissingContentItemError 

type MissingContentItemError struct {
	ID string
	// contains filtered or unexported fields
}

MissingContentItemError indicates that content doesn't have desired item.

func (*MissingContentItemError) Error 

func (e *MissingContentItemError) Error() string

Error implements error interface.

type MissingContentTagError 

type MissingContentTagError struct {
	// contains filtered or unexported fields
}

MissingContentTagError indicates that update has no tag to match content before modification.

func (*MissingContentTagError) Error 

func (e *MissingContentTagError) Error() string

Error implements error interface.

type MissingPolicyTagError 

type MissingPolicyTagError struct {
	// contains filtered or unexported fields
}

MissingPolicyTagError indicates that update has no tag to match policy before modification.

func (*MissingPolicyTagError) Error 

func (e *MissingPolicyTagError) Error() string

Error implements error interface.

type MissingValueError 

type MissingValueError struct {
	// contains filtered or unexported fields
}

MissingValueError indicates that content doesn't have desired value.

func (*MissingValueError) Error 

func (e *MissingValueError) Error() string

Error implements error interface.

type PathNotFoundError 

type PathNotFoundError struct {
	// contains filtered or unexported fields
}

PathNotFoundError indicates a non-existent path when traversing path.

func (*PathNotFoundError) Error 

func (e *PathNotFoundError) Error() string

Error implements error interface.

type Policy 

type Policy struct {
	// contains filtered or unexported fields
}

Policy represent PDP policy (minimal evaluable entity).

func NewPolicy 

func NewPolicy(ID string, hidden bool, target Target, rules []*Rule, makeRCA RuleCombiningAlgMaker, params interface{}, obligations []AttributeAssignment) *Policy

NewPolicy creates new instance of policy with given id (or hidden), target, set of rules, algorithm and obligations. To make instance of algorithm it uses one of makers from RuleCombiningAlgs or RuleCombiningParamAlgs and its parameters if it requires any.

func (*Policy) Append 

func (p *Policy) Append(path []string, v interface{}) (Evaluable, error)

Append implements Evaluable interface and puts new rule to the policy. Argument path should be empty and v should contain a pointer to rule. Append can't put hidden rule to policy or any rule to hidden policy.

func (*Policy) Calculate 

func (p *Policy) Calculate(ctx *Context) Response

Calculate implements Evaluable interface and evaluates policy for given request contest.

func (*Policy) Delete 

func (p *Policy) Delete(path []string) (Evaluable, error)

Delete implements Evaluable interface and removes rule from the policy. Argument path should contain exactly one string which is id of rule to remove. Delete can't remove a rule from hidden policy.

func (*Policy) GetID 

func (p *Policy) GetID() (string, bool)

GetID implements Evaluable interface and returns policy id if policy isn't hidden.

func (Policy) MarshalWithDepth 

func (p Policy) MarshalWithDepth(out io.Writer, depth int) error

MarshalWithDepth implements StorageMarshal

type PolicyCombiningAlg 

type PolicyCombiningAlg interface {
	MarshalJSON() ([]byte, error)
	// contains filtered or unexported methods
}

PolicyCombiningAlg represent abstract policy combining algorithm. The algorithm defines how to evaluate child policy sets and policies for given policy and how to get paticular result.

type PolicyCombiningAlgMaker 

type PolicyCombiningAlgMaker func(policies []Evaluable, params interface{}) PolicyCombiningAlg

PolicyCombiningAlgMaker creates instance of policy combining algorithm. The function accepts set of child policy sets and policies and parameters of algorithm.

type PolicySet 

type PolicySet struct {
	// contains filtered or unexported fields
}

PolicySet represens PDP policy set (the set groups other policy sets and policies).

func NewPolicySet 

func NewPolicySet(ID string, hidden bool, target Target, policies []Evaluable, makePCA PolicyCombiningAlgMaker, params interface{}, obligations []AttributeAssignment) *PolicySet

NewPolicySet creates new instance of policy set with given id (or hidden), target, set of policy sets or policies, algorithm and obligations. To make instance of algorithm it uses one of makers from PolicyCombiningAlgs or PolicyCombiningParamAlgs and its parameters if it requires any.

func (*PolicySet) Append 

func (p *PolicySet) Append(path []string, v interface{}) (Evaluable, error)

Append implements Evaluable interface and puts new policy set, policy or rule to the policy set or one of its children. Argument path should be empty to put policy set or policy to current policy set or contain ids of nested policy sets or policies to recurcively get to point where value of v argument can be appended. Value of v should be policy set or policy if path leads to policy set or rule if path leads to policy. Append can't put hidden item or any item to hidden policy set or policy.

func (*PolicySet) Calculate 

func (p *PolicySet) Calculate(ctx *Context) Response

Calculate implements Evaluable interface and evaluates policy set for given request context.

func (*PolicySet) Delete 

func (p *PolicySet) Delete(path []string) (Evaluable, error)

Delete implements Evaluable interface and removes item from the policy set or one of its children. Argument path should contain at least one string and should lead to item to delete. Delete can't remove an item from hidden policy set or policy.

func (*PolicySet) GetID 

func (p *PolicySet) GetID() (string, bool)

GetID implements Evaluable interface and returns policy set id if policy set isn't hidden.

func (PolicySet) MarshalWithDepth 

func (p PolicySet) MarshalWithDepth(out io.Writer, depth int) error

MarshalWithDepth implements StorageMarshal

type PolicyStorage 

type PolicyStorage struct {
	// contains filtered or unexported fields
}

PolicyStorage is a storage for policies.

func NewPolicyStorage 

func NewPolicyStorage(p Evaluable, s Symbols, t *uuid.UUID) *PolicyStorage

NewPolicyStorage creates new policy storage with given root policy set or policy, symbol table (which maps attribute names to its definitions) and tag. Tag can be nil in which case policies can't be updated incrementally.

func (*PolicyStorage) CheckTag 

func (s *PolicyStorage) CheckTag(tag *uuid.UUID) error

CheckTag checks if given tag matches to the storage tag. If the storage doesn't have any tag, no tag matches the storage and vice versa nil tag doesn't match any storage.

func (PolicyStorage) GetAtPath 

func (s PolicyStorage) GetAtPath(path []string) (StorageMarshal, error)

GetAtPath obtains a marshalable node found at path specified

func (*PolicyStorage) NewTransaction 

func (s *PolicyStorage) NewTransaction(tag *uuid.UUID) (*PolicyStorageTransaction, error)

NewTransaction creates new transaction for given policy storage.

func (*PolicyStorage) Root 

func (s *PolicyStorage) Root() Evaluable

Root returns root policy from the storage.

type PolicyStorageTransaction 

type PolicyStorageTransaction struct {
	// contains filtered or unexported fields
}

PolicyStorageTransaction represents transaction for policy storage. Transaction aggregates updates and then can be committed to policy storage to make all the updates visible at once.

func (*PolicyStorageTransaction) Apply 

func (t *PolicyStorageTransaction) Apply(u *PolicyUpdate) error

Apply updates captured policies with given policy update.

func (*PolicyStorageTransaction) Commit 

func (t *PolicyStorageTransaction) Commit() (*PolicyStorage, error)

Commit creates new policy storage with updated policies. Each commit creates copy of storage with only its changes applied so applications must ensure that all pairs of NewTransaction and Commit for the same content id go sequentially.

func (*PolicyStorageTransaction) Symbols 

func (t *PolicyStorageTransaction) Symbols() Symbols

Symbols returns symbol tables captured from policy storage on transaction creation.

type PolicyTagsNotMatchError 

type PolicyTagsNotMatchError struct {
	// contains filtered or unexported fields
}

PolicyTagsNotMatchError indicates that update tag doesn't match policy before modification.

func (*PolicyTagsNotMatchError) Error 

func (e *PolicyTagsNotMatchError) Error() string

Error implements error interface.

type PolicyUpdate 

type PolicyUpdate struct {
	// contains filtered or unexported fields
}

PolicyUpdate encapsulates list of changes to particular policy storage.

func NewPolicyUpdate 

func NewPolicyUpdate(oldTag, newTag uuid.UUID) *PolicyUpdate

NewPolicyUpdate creates empty update for policy storage and sets update tags. Policy storage must have oldTag so update can be applied. newTag will be set to storage after update.

func (*PolicyUpdate) Append 

func (u *PolicyUpdate) Append(op int, path []string, entity interface{})

Append inserts particular change to the end of changes list. Op is an operation (like add or delete), path identifies policy set, policy or rule to perform operation and entity to add (and ignored in case of delete operation).

func (*PolicyUpdate) String 

func (u *PolicyUpdate) String() string

String implements Stringer interface.

type ReadOnlySymbolsChangeError 

type ReadOnlySymbolsChangeError struct {
	// contains filtered or unexported fields
}

ReadOnlySymbolsChangeError indicates attempt to modify read-only symbol table.

func (*ReadOnlySymbolsChangeError) Error 

func (e *ReadOnlySymbolsChangeError) Error() string

Error implements error interface.

type Response 

type Response struct {
	// Effect is resulting effect.
	Effect int
	// Status contains an error if any occurs on response evaluation.
	Status error
	// Obligations constain set of obligations collected during evaluation.
	Obligations []AttributeAssignment
}

Response represent result of policies evaluation.

func (Response) Marshal 

func (r Response) Marshal(ctx *Context) ([]byte, error)

Marshal encodes response as a sequence of bytes.

func (Response) MarshalToBuffer 

func (r Response) MarshalToBuffer(b []byte, ctx *Context) (int, error)

MarshalToBuffer fills given byte array with marshalled representation of the response. The method returns number of bytes filled or error.

func (Response) MarshalWithAllocator 

func (r Response) MarshalWithAllocator(f func(n int) ([]byte, error), ctx *Context) ([]byte, error)

MarshalWithAllocator encodes response as a sequence of bytes. It uses given allocator to create required response buffer. The allocator is expected to take number of bytes required and return slice of that length.

type ResponseServerError 

type ResponseServerError struct {
	// contains filtered or unexported fields
}

ResponseServerError indicates that server returned an error message.

func (*ResponseServerError) Error 

func (e *ResponseServerError) Error() string

Error implements error interface.

type Rule 

type Rule struct {
	// contains filtered or unexported fields
}

Rule represents PDP rule (child or PDP policy).

func NewRule 

func NewRule(ID string, hidden bool, target Target, condition Expression, effect int, obligations []AttributeAssignment) *Rule

NewRule creates new instance of rule with given id (or hidden), target, condition, effect and obligations.

func (Rule) GetID 

func (r Rule) GetID() (string, bool)

GetID returns rule id if the rule isn't hidden.

func (Rule) MarshalWithDepth 

func (r Rule) MarshalWithDepth(out io.Writer, depth int) error

MarshalWithDepth implements StorageMarshal

type RuleCombiningAlg 

type RuleCombiningAlg interface {
	MarshalJSON() ([]byte, error)
	// contains filtered or unexported methods
}

RuleCombiningAlg represent abstract rule combining algorithm. The algorithm defines how to evaluate policy rules and how to get paticular result.

type RuleCombiningAlgMaker 

type RuleCombiningAlgMaker func(rules []*Rule, params interface{}) RuleCombiningAlg

RuleCombiningAlgMaker creates instance of rule combining algorithm. The function accepts set of policy rules and parameters of algorithm.

type Selector 

type Selector interface {
	// Enabled returns true for active selector. Disabled selector isn't
	// initialized and can't be used in policies.
	Enabled() bool
	// Scheme returns a name of URI scheme associated with selector.
	Scheme() string
	// Initialize is called for all registered and enabled selectors
	// by InitializeSelectors.
	Initialize()
	// SelectorFunc returns selector expression for given URI,
	// set of arguments and desired result type.
	SelectorFunc(*url.URL, []Expression, Type, ...SelectorOption) (Expression, error)
}

Selector provides a generic way to access external data may required by policies.

func GetSelector 

func GetSelector(scheme string) Selector

GetSelector returns selector registered for given schema.

type SelectorOption added in v0.0.4 

type SelectorOption struct {
	Name string
	Data interface{}
}

SelectorOption defines an optional parameter of selector.

type Signature 

type Signature []Type

Signature is an ordered sequence of types.

func MakeSignature 

func MakeSignature(t ...Type) Signature

MakeSignature function creates signature from given types.

func (Signature) String 

func (s Signature) String() string

String method returns a string containing list of types separated by slash.

type StorageMarshal 

type StorageMarshal interface {
	GetID() (id string, hidden bool)
	MarshalWithDepth(out io.Writer, depth int) error
}

StorageMarshal interface defines functions to capturing storage state information

type Symbols 

type Symbols struct {
	// contains filtered or unexported fields
}

Symbols wraps type and attribute symbol tables.

func MakeSymbols 

func MakeSymbols() Symbols

MakeSymbols create symbol tables without any types and attributes.

func (Symbols) GetAttribute 

func (s Symbols) GetAttribute(ID string) (Attribute, bool)

GetAttribute returns attribute by id.

func (Symbols) GetType 

func (s Symbols) GetType(ID string) Type

GetType returns type by id. It can be built-in type or type stored in the symbol table.

func (Symbols) PutAttribute 

func (s Symbols) PutAttribute(a Attribute) error

PutAttribute stores given attribute in the symbol table.

func (Symbols) PutType 

func (s Symbols) PutType(t Type) error

PutType stores given type in the symbol table.

type Target 

type Target struct {
	// contains filtered or unexported fields
}

Target represents target expression for policy set, policy and rule. It gathers set of AnyOf expressions and matches to the request when all of child AnyOf expressions are true.

func MakeTarget 

func MakeTarget() Target

MakeTarget creates instance of target.

func (*Target) Append 

func (t *Target) Append(item AnyOf)

Append adds AnyOf expression to the end of list of child AnyOf expressions.

type Type 

type Type interface {
	// String returns human readable type name.
	String() string
	// GetKey returns case insensitive (always lowercase) type key.
	GetKey() string
	// Match checks if type matches to other type. Built-in types match
	// iff they are equal.
	Match(t Type) bool
}

Type is generic data type.

func NewFlagsType 

func NewFlagsType(name string, flags ...string) (Type, error)

NewFlagsType function creates new custom type with given name. A value of the type can take any combination of listed flags (including empty set). It supports up to 64 flags and flag names should be unique for the type.

type TypeSet 

type TypeSet map[Type]struct{}

TypeSet represent an unordered set of types.

func (TypeSet) Contains 

func (s TypeSet) Contains(t Type) bool

Contains method checks whether the set contains a type.

func (TypeSet) String 

func (s TypeSet) String() string

String method returns a string containing type names separated by comma.

type UntaggedContentModificationError 

type UntaggedContentModificationError struct {
	ID string
	// contains filtered or unexported fields
}

UntaggedContentModificationError indicates attempt to modify incrementally a content which has no tag.

func (*UntaggedContentModificationError) Error 

func (e *UntaggedContentModificationError) Error() string

Error implements error interface.

type UntaggedPolicyModificationError 

type UntaggedPolicyModificationError struct {
	// contains filtered or unexported fields
}

UntaggedPolicyModificationError indicates attempt to modify incrementally a policy which has no tag.

func (*UntaggedPolicyModificationError) Error 

func (e *UntaggedPolicyModificationError) Error() string

Error implements error interface.

Source Files

View all Source files

Directories

Path Synopsis
ast
Package ast implements policies Abstract Syntax Tree (AST) parsers.
 Package ast implements policies Abstract Syntax Tree (AST) parsers.
jast
Package jast implements policies JSON AST (JAST) parser.
 Package jast implements policies JSON AST (JAST) parser.
yast
Package yast implements policies YAML AST (YAST) parser.
 Package yast implements policies YAML AST (YAST) parser.
Package jcon implements JSON content (JCON) parser.
 Package jcon implements JSON content (JCON) parser.
local
pip

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.