Documentation
¶
Index ¶
- Constants
- Variables
- type PolicyDbClient
- func (c PolicyDbClient) AssignKeyAccessServerToAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
- func (c PolicyDbClient) AssignKeyAccessServerToValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
- func (c *PolicyDbClient) AttrFqnReindex() (res struct{ ... })
- func (c PolicyDbClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)
- func (c PolicyDbClient) CreateAttributeValue(ctx context.Context, attributeId string, ...) (*policy.Value, error)
- func (c PolicyDbClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)
- func (c PolicyDbClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)
- func (c PolicyDbClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)
- func (c PolicyDbClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)
- func (c PolicyDbClient) DeactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDbClient) DeactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDbClient) DeactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDbClient) DeleteAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDbClient) DeleteAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDbClient) DeleteNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDbClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
- func (c PolicyDbClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
- func (c PolicyDbClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
- func (c PolicyDbClient) GetAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDbClient) GetAttributeByFqn(ctx context.Context, fqn string) (*policy.Attribute, error)
- func (c PolicyDbClient) GetAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDbClient) GetAttributesByNamespace(ctx context.Context, namespaceId string) ([]*policy.Attribute, error)
- func (c *PolicyDbClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, ...)
- func (c PolicyDbClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)
- func (c PolicyDbClient) GetNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDbClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
- func (c PolicyDbClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
- func (c PolicyDbClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
- func (c PolicyDbClient) ListAllAttributeValues(ctx context.Context, state string) ([]*policy.Value, error)
- func (c PolicyDbClient) ListAllAttributes(ctx context.Context, state string) ([]*policy.Attribute, error)
- func (c PolicyDbClient) ListAllAttributesWithout(ctx context.Context, state string) ([]*policy.Attribute, error)
- func (c PolicyDbClient) ListAttributeValues(ctx context.Context, attribute_id string, state string) ([]*policy.Value, error)
- func (c PolicyDbClient) ListNamespaces(ctx context.Context, state string) ([]*policy.Namespace, error)
- func (c PolicyDbClient) ListResourceMappings(ctx context.Context) ([]*policy.ResourceMapping, error)
- func (c PolicyDbClient) ListSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)
- func (c PolicyDbClient) ListSubjectMappings(ctx context.Context) ([]*policy.SubjectMapping, error)
- func (c PolicyDbClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
- func (c PolicyDbClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
- func (c PolicyDbClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)
- func (c PolicyDbClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)
- func (c PolicyDbClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)
- func (c PolicyDbClient) UpdateResourceMapping(ctx context.Context, id string, ...) (*policy.ResourceMapping, error)
- func (c PolicyDbClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)
- func (c PolicyDbClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)
Constants ¶
View Source
const ( StateInactive = "INACTIVE" StateActive = "ACTIVE" StateAny = "ANY" StateUnspecified = "UNSPECIFIED" )
Variables ¶
View Source
var ( TableAttributes = "attribute_definitions" TableAttributeValues = "attribute_values" TableValueMembers = "attribute_value_members" TableNamespaces = "attribute_namespaces" TableAttrFqn = "attribute_fqns" TableAttributeKeyAccessGrants = "attribute_definition_key_access_grants" TableAttributeValueKeyAccessGrants = "attribute_value_key_access_grants" TableResourceMappings = "resource_mappings" TableSubjectMappings = "subject_mappings" TableSubjectConditionSet = "subject_condition_set" )
View Source
var AttributeRuleTypeEnumPrefix = "ATTRIBUTE_RULE_TYPE_ENUM_"
Functions ¶
This section is empty.
Types ¶
type PolicyDbClient ¶
func NewClient ¶
func NewClient(c db.Client) *PolicyDbClient
func (PolicyDbClient) AssignKeyAccessServerToAttribute ¶
func (c PolicyDbClient) AssignKeyAccessServerToAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
func (PolicyDbClient) AssignKeyAccessServerToValue ¶
func (c PolicyDbClient) AssignKeyAccessServerToValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
func (*PolicyDbClient) AttrFqnReindex ¶
func (c *PolicyDbClient) AttrFqnReindex() (res struct { Namespaces []struct { Id string Fqn string } Attributes []struct { Id string Fqn string } Values []struct { Id string Fqn string } }, )
AttrFqnReindex will reindex all namespace, attribute, and attribute_value FQNs
func (PolicyDbClient) CreateAttribute ¶
func (c PolicyDbClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)
func (PolicyDbClient) CreateAttributeValue ¶
func (c PolicyDbClient) CreateAttributeValue(ctx context.Context, attributeId string, v *attributes.CreateAttributeValueRequest) (*policy.Value, error)
func (PolicyDbClient) CreateNamespace ¶
func (c PolicyDbClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)
func (PolicyDbClient) CreateResourceMapping ¶
func (c PolicyDbClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)
func (PolicyDbClient) CreateSubjectConditionSet ¶
func (c PolicyDbClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)
Creates a new subject condition set and returns the id of the created
func (PolicyDbClient) CreateSubjectMapping ¶
func (c PolicyDbClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)
Creates a new subject mapping and returns the id of the created. If an existing subject condition set id is provided, it will be used. If a new subject condition set is provided, it will be created. The existing subject condition set id takes precedence.
func (PolicyDbClient) DeactivateAttribute ¶
func (PolicyDbClient) DeactivateAttributeValue ¶
func (PolicyDbClient) DeactivateNamespace ¶
func (PolicyDbClient) DeleteAttribute ¶
func (PolicyDbClient) DeleteAttributeValue ¶
func (PolicyDbClient) DeleteNamespace ¶
func (PolicyDbClient) DeleteResourceMapping ¶
func (c PolicyDbClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
func (PolicyDbClient) DeleteSubjectConditionSet ¶
func (c PolicyDbClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
Deletes specified subject condition set and returns the id of the deleted
func (PolicyDbClient) DeleteSubjectMapping ¶
func (c PolicyDbClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
Deletes specified subject mapping and returns the id of the deleted
func (PolicyDbClient) GetAttribute ¶
func (PolicyDbClient) GetAttributeByFqn ¶
func (PolicyDbClient) GetAttributeValue ¶
func (PolicyDbClient) GetAttributesByNamespace ¶
func (*PolicyDbClient) GetAttributesByValueFqns ¶
func (c *PolicyDbClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, error)
func (PolicyDbClient) GetMatchedSubjectMappings ¶
func (c PolicyDbClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)
GetMatchedSubjectMappings liberally returns a list of SubjectMappings based on the provided SubjectProperties. The SubjectMappings are returned if there is any single condition found among the structures that matches: 1. The external field, external value, and an IN operator 2. The external field, _no_ external value, and a NOT_IN operator
Without this filtering, if a field was something like 'emailAddress' or 'username', every Subject is probably going to relate to that mapping in some way or another, potentially matching every single attribute in the DB if a policy admin has relied heavily on that field. There is no logic applied beyond a single condition within the query to avoid business logic interpreting the supplied conditions beyond the bare minimum initial filter.
NOTE: This relationship is sometimes called Entitlements or Subject Entitlements. NOTE: if you have any issues, set the log level to 'debug' for more comprehensive context.
func (PolicyDbClient) GetNamespace ¶
func (PolicyDbClient) GetResourceMapping ¶
func (c PolicyDbClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
func (PolicyDbClient) GetSubjectConditionSet ¶
func (c PolicyDbClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
func (PolicyDbClient) GetSubjectMapping ¶
func (c PolicyDbClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
func (PolicyDbClient) ListAllAttributeValues ¶
func (PolicyDbClient) ListAllAttributes ¶
func (PolicyDbClient) ListAllAttributesWithout ¶
func (PolicyDbClient) ListAttributeValues ¶
func (PolicyDbClient) ListNamespaces ¶
func (PolicyDbClient) ListResourceMappings ¶
func (c PolicyDbClient) ListResourceMappings(ctx context.Context) ([]*policy.ResourceMapping, error)
func (PolicyDbClient) ListSubjectConditionSets ¶
func (c PolicyDbClient) ListSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)
func (PolicyDbClient) ListSubjectMappings ¶
func (c PolicyDbClient) ListSubjectMappings(ctx context.Context) ([]*policy.SubjectMapping, error)
func (PolicyDbClient) RemoveKeyAccessServerFromAttribute ¶
func (c PolicyDbClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
func (PolicyDbClient) RemoveKeyAccessServerFromValue ¶
func (c PolicyDbClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
func (PolicyDbClient) UpdateAttribute ¶
func (c PolicyDbClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)
func (PolicyDbClient) UpdateAttributeValue ¶
func (c PolicyDbClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)
func (PolicyDbClient) UpdateNamespace ¶
func (c PolicyDbClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)
func (PolicyDbClient) UpdateResourceMapping ¶
func (c PolicyDbClient) UpdateResourceMapping(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingRequest) (*policy.ResourceMapping, error)
func (PolicyDbClient) UpdateSubjectConditionSet ¶
func (c PolicyDbClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)
Mutates provided fields and returns id of the updated subject condition set
func (PolicyDbClient) UpdateSubjectMapping ¶
func (c PolicyDbClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)
Mutates provided fields and returns id of the updated subject mapping
Source Files
Click to show internal directories.
Click to hide internal directories.