Documentation ¶
Index ¶
- Constants
- Variables
- func GetDBStateTypeTransformedEnum(state common.ActiveStateEnum) string
- type PolicyDBClient
- func (c PolicyDBClient) AssignKeyAccessServerToAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
- func (c PolicyDBClient) AssignKeyAccessServerToValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
- func (c *PolicyDBClient) AttrFqnReindex() (res struct{ ... })
- func (c PolicyDBClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)
- func (c PolicyDBClient) CreateAttributeValue(ctx context.Context, attributeID string, ...) (*policy.Value, error)
- func (c PolicyDBClient) CreateKeyAccessServer(ctx context.Context, r *kasregistry.CreateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)
- func (c PolicyDBClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)
- func (c PolicyDBClient) DeactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDBClient) DeactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDBClient) DeactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDBClient) DeleteAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDBClient) DeleteAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDBClient) DeleteKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) DeleteNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDBClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
- func (c PolicyDBClient) GetAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDBClient) GetAttributeByFqn(ctx context.Context, fqn string) (*policy.Attribute, error)
- func (c PolicyDBClient) GetAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDBClient) GetAttributesByNamespace(ctx context.Context, namespaceID string) ([]*policy.Attribute, error)
- func (c *PolicyDBClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, ...)
- func (c PolicyDBClient) GetKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)
- func (c PolicyDBClient) GetNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDBClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
- func (c PolicyDBClient) ListAllAttributeValues(ctx context.Context, state string) ([]*policy.Value, error)
- func (c PolicyDBClient) ListAllAttributes(ctx context.Context, state string, namespace string) ([]*policy.Attribute, error)
- func (c PolicyDBClient) ListAllAttributesWithout(ctx context.Context, state string) ([]*policy.Attribute, error)
- func (c PolicyDBClient) ListAttributeValues(ctx context.Context, attributeID string, state string) ([]*policy.Value, error)
- func (c PolicyDBClient) ListKeyAccessServers(ctx context.Context) ([]*policy.KeyAccessServer, error)
- func (c PolicyDBClient) ListNamespaces(ctx context.Context, state string) ([]*policy.Namespace, error)
- func (c PolicyDBClient) ListResourceMappings(ctx context.Context) ([]*policy.ResourceMapping, error)
- func (c PolicyDBClient) ListSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) ListSubjectMappings(ctx context.Context) ([]*policy.SubjectMapping, error)
- func (c PolicyDBClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
- func (c PolicyDBClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
- func (c PolicyDBClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)
- func (c PolicyDBClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)
- func (c PolicyDBClient) UpdateKeyAccessServer(ctx context.Context, id string, r *kasregistry.UpdateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)
- func (c PolicyDBClient) UpdateResourceMapping(ctx context.Context, id string, ...) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)
Constants ¶
const ( StateInactive = "INACTIVE" StateActive = "ACTIVE" StateAny = "ANY" StateUnspecified = "UNSPECIFIED" )
Variables ¶
var ( TableAttributes = "attribute_definitions" TableAttributeValues = "attribute_values" TableValueMembers = "attribute_value_members" TableNamespaces = "attribute_namespaces" TableAttrFqn = "attribute_fqns" TableAttributeKeyAccessGrants = "attribute_definition_key_access_grants" TableAttributeValueKeyAccessGrants = "attribute_value_key_access_grants" TableResourceMappings = "resource_mappings" TableSubjectMappings = "subject_mappings" TableSubjectConditionSet = "subject_condition_set" TableKeyAccessServerRegistry = "key_access_servers" )
var AttributeRuleTypeEnumPrefix = "ATTRIBUTE_RULE_TYPE_ENUM_"
var Tables struct { Attributes db.Table AttributeValues db.Table ValueMembers db.Table Namespaces db.Table AttrFqn db.Table AttributeKeyAccessGrants db.Table AttributeValueKeyAccessGrants db.Table ResourceMappings db.Table SubjectMappings db.Table SubjectConditionSet db.Table KeyAccessServerRegistry db.Table }
Functions ¶
func GetDBStateTypeTransformedEnum ¶
func GetDBStateTypeTransformedEnum(state common.ActiveStateEnum) string
Types ¶
type PolicyDBClient ¶
func NewClient ¶
func NewClient(c *db.Client) PolicyDBClient
func (PolicyDBClient) AssignKeyAccessServerToAttribute ¶
func (c PolicyDBClient) AssignKeyAccessServerToAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
func (PolicyDBClient) AssignKeyAccessServerToValue ¶
func (c PolicyDBClient) AssignKeyAccessServerToValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
func (*PolicyDBClient) AttrFqnReindex ¶
func (c *PolicyDBClient) AttrFqnReindex() (res struct { Namespaces []struct { Id string Fqn string } Attributes []struct { Id string Fqn string } Values []struct { Id string Fqn string } }, )
AttrFqnReindex will reindex all namespace, attribute, and attribute_value FQNs
func (PolicyDBClient) CreateAttribute ¶
func (c PolicyDBClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)
func (PolicyDBClient) CreateAttributeValue ¶
func (c PolicyDBClient) CreateAttributeValue(ctx context.Context, attributeID string, v *attributes.CreateAttributeValueRequest) (*policy.Value, error)
func (PolicyDBClient) CreateKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) CreateKeyAccessServer(ctx context.Context, r *kasregistry.CreateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
func (PolicyDBClient) CreateNamespace ¶
func (c PolicyDBClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)
func (PolicyDBClient) CreateResourceMapping ¶
func (c PolicyDBClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)
func (PolicyDBClient) CreateSubjectConditionSet ¶
func (c PolicyDBClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)
Creates a new subject condition set and returns the id of the created
func (PolicyDBClient) CreateSubjectMapping ¶
func (c PolicyDBClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)
Creates a new subject mapping and returns the id of the created. If an existing subject condition set id is provided, it will be used. If a new subject condition set is provided, it will be created. The existing subject condition set id takes precedence.
func (PolicyDBClient) DeactivateAttribute ¶
func (PolicyDBClient) DeactivateAttributeValue ¶
func (PolicyDBClient) DeactivateNamespace ¶
func (PolicyDBClient) DeleteAttribute ¶
func (PolicyDBClient) DeleteAttributeValue ¶
func (PolicyDBClient) DeleteKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) DeleteKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
func (PolicyDBClient) DeleteNamespace ¶
func (PolicyDBClient) DeleteResourceMapping ¶
func (c PolicyDBClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
func (PolicyDBClient) DeleteSubjectConditionSet ¶
func (c PolicyDBClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
Deletes specified subject condition set and returns the id of the deleted
func (PolicyDBClient) DeleteSubjectMapping ¶
func (c PolicyDBClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
Deletes specified subject mapping and returns the id of the deleted
func (PolicyDBClient) GetAttribute ¶
func (PolicyDBClient) GetAttributeByFqn ¶
func (PolicyDBClient) GetAttributeValue ¶
func (PolicyDBClient) GetAttributesByNamespace ¶
func (*PolicyDBClient) GetAttributesByValueFqns ¶
func (c *PolicyDBClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, error)
func (PolicyDBClient) GetKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) GetKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
func (PolicyDBClient) GetMatchedSubjectMappings ¶
func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)
GetMatchedSubjectMappings liberally returns a list of SubjectMappings based on the provided SubjectProperties. The SubjectMappings are returned if there is any single condition found among the structures that matches: 1. The external field, external value, and an IN operator 2. The external field, _no_ external value, and a NOT_IN operator
Without this filtering, if a field was something like '.emailAddress' or '.username', every Subject is probably going to relate to that mapping in some way or another, potentially matching every single attribute in the DB if a policy admin has relied heavily on that field. There is no logic applied beyond a single condition within the query to avoid business logic interpreting the supplied conditions beyond the bare minimum initial filter.
NOTE: This relationship is sometimes called Entitlements or Subject Entitlements. NOTE: if you have any issues, set the log level to 'debug' for more comprehensive context.
func (PolicyDBClient) GetNamespace ¶
func (PolicyDBClient) GetResourceMapping ¶
func (c PolicyDBClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
func (PolicyDBClient) GetSubjectConditionSet ¶
func (c PolicyDBClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
func (PolicyDBClient) GetSubjectMapping ¶
func (c PolicyDBClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
func (PolicyDBClient) ListAllAttributeValues ¶
func (PolicyDBClient) ListAllAttributes ¶
func (PolicyDBClient) ListAllAttributesWithout ¶
func (PolicyDBClient) ListAttributeValues ¶
func (PolicyDBClient) ListKeyAccessServers ¶ added in v0.2.0
func (c PolicyDBClient) ListKeyAccessServers(ctx context.Context) ([]*policy.KeyAccessServer, error)
func (PolicyDBClient) ListNamespaces ¶
func (PolicyDBClient) ListResourceMappings ¶
func (c PolicyDBClient) ListResourceMappings(ctx context.Context) ([]*policy.ResourceMapping, error)
func (PolicyDBClient) ListSubjectConditionSets ¶
func (c PolicyDBClient) ListSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)
func (PolicyDBClient) ListSubjectMappings ¶
func (c PolicyDBClient) ListSubjectMappings(ctx context.Context) ([]*policy.SubjectMapping, error)
func (PolicyDBClient) RemoveKeyAccessServerFromAttribute ¶
func (c PolicyDBClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
func (PolicyDBClient) RemoveKeyAccessServerFromValue ¶
func (c PolicyDBClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
func (PolicyDBClient) UpdateAttribute ¶
func (c PolicyDBClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)
func (PolicyDBClient) UpdateAttributeValue ¶
func (c PolicyDBClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)
func (PolicyDBClient) UpdateKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) UpdateKeyAccessServer(ctx context.Context, id string, r *kasregistry.UpdateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
func (PolicyDBClient) UpdateNamespace ¶
func (c PolicyDBClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)
func (PolicyDBClient) UpdateResourceMapping ¶
func (c PolicyDBClient) UpdateResourceMapping(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingRequest) (*policy.ResourceMapping, error)
func (PolicyDBClient) UpdateSubjectConditionSet ¶
func (c PolicyDBClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)
Mutates provided fields and returns id of the updated subject condition set
func (PolicyDBClient) UpdateSubjectMapping ¶
func (c PolicyDBClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)
Mutates provided fields and returns id of the updated subject mapping