policy

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 12, 2024 License: MIT Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PolicyTypeInvalid is an invalid policy type
	PolicyTypeInvalid PolicyType = "invalid"

	// PolicyTypeCompositeAnd is the type for composite policies in which all components must be satisfied to grant access
	PolicyTypeCompositeAnd = "composite_and"

	// PolicyTypeCompositeOr is the type for composite policies in which any component must be satisfied to grant access
	PolicyTypeCompositeOr = "composite_or"
)

Variables

View Source 
var AccessPolicyAllowAll = AccessPolicy{
	ID: uuid.Must(uuid.FromString("3f380e42-0b21-4570-a312-91e1b80386fa")),
}

AccessPolicyAllowAll access policy that allows anything

View Source 
var AccessPolicyDenyAll = AccessPolicy{
	ID: uuid.Must(uuid.FromString("c9c14750-b8f3-4507-bd3f-5c6562f0a6e6")),
}

AccessPolicyDenyAll access policy that denies everything

View Source 
var AccessPolicyGlobalAccessorID = uuid.Must(uuid.FromString("a78f1f88-3684-4e59-a01d-c121e259ec96"))

AccessPolicyGlobalAccessorID is the ID of the global accessor policy

View Source 
var AccessPolicyGlobalMutatorID = uuid.Must(uuid.FromString("804e84f1-7fa4-4bb4-b785-4c89e1ceaba0"))

AccessPolicyGlobalMutatorID is the ID of the global mutator policy

View Source 
var AccessPolicyTemplateAllowAll = AccessPolicyTemplate{
	SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("1e742248-fdde-4c88-9ea7-2c2106ec7aa8"))),
}

AccessPolicyTemplateAllowAll access policy that allows anything

View Source 
var AccessPolicyTemplateCheckAttribute = AccessPolicyTemplate{
	SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("aad2bf25-311f-467e-9169-a6a89b6d34a6"))),
}

AccessPolicyTemplateCheckAttribute is a template that calls CheckAttribute

View Source 
var AccessPolicyTemplateDenyAll = AccessPolicyTemplate{
	SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("c88d97a6-a3ae-4af8-b018-2bcddf1fa606"))),
}

AccessPolicyTemplateDenyAll access policy that denies everything

View Source 
var AllPolicyTypes = []PolicyType{
	PolicyTypeCompositeAnd,
	PolicyTypeCompositeOr,
}

AllPolicyTypes is a slice of all PolicyType values

View Source 
var AllTransformTypes = []TransformType{
	TransformTypePassThrough,
	TransformTypeTokenizeByReference,
	TransformTypeTokenizeByValue,
	TransformTypeTransform,
}

AllTransformTypes is a slice of all TransformType values

View Source 
var TransformerCreditCard = Transformer{
	ID:            uuid.Must(uuid.FromString("618a4ae7-9979-4ee8-bac5-db87335fe4d9")),
	TransformType: TransformTypeTransform,
}

TransformerCreditCard transformer for credit card numbers

View Source 
var TransformerEmail = Transformer{
	ID:            uuid.Must(uuid.FromString("0cedf7a4-86ab-450a-9426-478ad0a60faa")),
	TransformType: TransformTypeTokenizeByValue,
}

TransformerEmail transformer for email by default preserving the domain but not username

View Source 
var TransformerFullName = Transformer{
	ID:            uuid.Must(uuid.FromString("b9bf352f-b1ee-4fb2-a2eb-d0c346c6404b")),
	TransformType: TransformTypeTransform,
}

TransformerFullName transformer for full name, by default preserving the first letters of first and last name

View Source 
var TransformerPassthrough = Transformer{
	ID:            uuid.Must(uuid.FromString("c0b5b2a1-0b1f-4b9f-8b1a-1b1f4b9f8b1a")),
	Name:          "PassthroughUnchangedData",
	TransformType: TransformTypePassThrough,
}

TransformerPassthrough is a transformer that passes through the data without changing it (most immediately useful in secured Accessors)

View Source 
var TransformerSSN = Transformer{
	ID:            uuid.Must(uuid.FromString("3f65ee22-2241-4694-bbe3-72cefbe59ff2")),
	TransformType: TransformTypeTransform,
}

TransformerSSN transformer for SSN

View Source 
var TransformerUUID = Transformer{
	ID:            uuid.Must(uuid.FromString("e3743f5b-521e-4305-b232-ee82549e1477")),
	Name:          "UUID",
	TransformType: TransformTypeTokenizeByValue,
}

TransformerUUID transformer for replacing data with a uuid

Functions

This section is empty.

Types

type AccessPolicy 

type AccessPolicy struct {
	ID              uuid.UUID           `json:"id" validate:"skip"`
	Name            string              `json:"name" validate:"length:1,128" required:"true"`
	Description     string              `json:"description"`
	PolicyType      PolicyType          `json:"policy_type" required:"true"`
	TagIDs          uuidarray.UUIDArray `json:"tag_ids" validate:"skip"`
	Version         int                 `json:"version"`
	IsSystem        bool                `` /* 150-byte string literal not displayed */
	IsAutogenerated bool                `json:"is_autogenerated" description:"Whether this policy is autogenerated from an accessor or mutator."`

	Components []AccessPolicyComponent `json:"components" validate:"skip"`

	RequiredContext map[string]string      `json:"required_context" validate:"skip" description:"What context is required for this policy to be executed"`
	Thresholds      AccessPolicyThresholds `json:"thresholds" validate:"skip" description:"Execution thresholds for users of this access policy"`
}

AccessPolicy describes an access policy

func (AccessPolicy) EqualsIgnoringNilID added in v1.1.0 

func (a AccessPolicy) EqualsIgnoringNilID(other AccessPolicy) bool

EqualsIgnoringNilID returns true if the two policies are equal, ignoring the description, version, and ID if one is nil

func (AccessPolicy) IsAllowAll added in v1.6.0 

func (a AccessPolicy) IsAllowAll() bool

IsAllowAll returns true if the access policy or all of its components are AccessPolicyAllowAll

func (AccessPolicy) Validate added in v1.0.0 

func (o AccessPolicy) Validate() error

Validate implements Validateable

type AccessPolicyComponent 

type AccessPolicyComponent struct {
	Policy             *userstore.ResourceID `json:"policy,omitempty"`
	Template           *userstore.ResourceID `json:"template,omitempty"`
	TemplateParameters string                `json:"template_parameters,omitempty"`
}

AccessPolicyComponent is either an access policy a template paired with parameters to fill it with

func (AccessPolicyComponent) Validate 

func (a AccessPolicyComponent) Validate() error

Validate implements Validateable

type AccessPolicyContext 

type AccessPolicyContext struct {
	Server  ServerContext     `json:"server"`
	Client  ClientContext     `json:"client"`
	User    userstore.Record  `json:"user,omitempty"`
	Query   map[string]string `json:"query,omitempty"`
	RowData map[string]string `json:"row_data,omitempty"`
}

AccessPolicyContext gets passed to the access policy's function(context, params) at resolution time

type AccessPolicyTemplate 

type AccessPolicyTemplate struct {
	ucdb.SystemAttributeBaseModel `validate:"skip"`

	Name        string `json:"name" validate:"length:1,128" required:"true"`
	Description string `json:"description"`
	Function    string `json:"function" required:"true"`
	Version     int    `json:"version"`
}

AccessPolicyTemplate describes a template for an access policy

func (AccessPolicyTemplate) EqualsIgnoringNilID added in v1.1.0 

func (a AccessPolicyTemplate) EqualsIgnoringNilID(other AccessPolicyTemplate) bool

EqualsIgnoringNilID returns true if the two templates are equal, ignoring the description, version, and ID if one is nil

type AccessPolicyThresholds added in v1.3.0 

type AccessPolicyThresholds struct {
	AnnounceMaxExecutionFailure bool `` /* 177-byte string literal not displayed */
	AnnounceMaxResultFailure    bool `` /* 158-byte string literal not displayed */
	MaxExecutions               int  `` /* 144-byte string literal not displayed */
	MaxExecutionDurationSeconds int  `` /* 204-byte string literal not displayed */
	MaxResultsPerExecution      int  `json:"max_results_per_execution" description:"If non-zero, specifies the max number of results that an action can involve."`
}

AccessPolicyThresholds describes the thresholds for an access policy

type Action 

type Action string

Action identifies the reason access policy is being invoked 

const (
	ActionResolve Action = "Resolve"
	ActionInspect Action = "Inspect"
	ActionLookup  Action = "Lookup"
	ActionDelete  Action = "Delete"
	ActionExecute Action = "Execute" // TODO: should this be a unique action?
)

Different reasons for running access policy

type ClientContext 

type ClientContext map[string]interface{}

ClientContext is passed by the client at resolution time

type PolicyType 

type PolicyType string //revive:disable-line:exported

PolicyType describes the type of an access policy

func (PolicyType) Enum added in v1.0.0 

func (t PolicyType) Enum() []interface{}

Enum implements Enum

func (PolicyType) MarshalText added in v1.0.0 

func (t PolicyType) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler (for JSON)

func (*PolicyType) UnmarshalText added in v1.0.0 

func (t *PolicyType) UnmarshalText(b []byte) error

UnmarshalText implements encoding.TextMarshaler (for JSON)

func (*PolicyType) Validate added in v1.0.0 

func (t *PolicyType) Validate() error

Validate implements Validateable

type ServerContext 

type ServerContext struct {
	// TODO: add token creation time
	IPAddress    string                 `json:"ip_address"`
	Action       Action                 `json:"action"`
	PurposeNames []string               `json:"purpose_names"`
	Claims       map[string]interface{} `json:"claims"`
}

ServerContext is automatically injected by the server at resolution time

type TransformType 

type TransformType string

TransformType describes the type of transform to be performed 

const (
	// TransformTypePassThrough is a no-op transformation
	TransformTypePassThrough TransformType = "passthrough"

	// TransformTypeTransform is a transformation that doesn't tokenize
	TransformTypeTransform TransformType = "transform"

	// TransformTypeTokenizeByValue is a transformation that tokenizes the value passed in
	TransformTypeTokenizeByValue TransformType = "tokenizebyvalue"

	// TransformTypeTokenizeByReference is a transformation that tokenizes the userstore reference to the value passed in
	TransformTypeTokenizeByReference TransformType = "tokenizebyreference"
)

func (TransformType) Enum added in v1.0.0 

func (t TransformType) Enum() []interface{}

Enum implements Enum

func (TransformType) MarshalText added in v1.0.0 

func (t TransformType) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler (for JSON)

func (*TransformType) UnmarshalText added in v1.0.0 

func (t *TransformType) UnmarshalText(b []byte) error

UnmarshalText implements encoding.TextMarshaler (for JSON)

func (*TransformType) Validate added in v1.0.0 

func (t *TransformType) Validate() error

Validate implements Validateable

type Transformer 

type Transformer struct {
	ID                 uuid.UUID                   `json:"id"`
	Name               string                      `json:"name" validate:"length:1,128" required:"true"`
	Description        string                      `json:"description"`
	InputDataType      userstore.ResourceID        `json:"input_data_type" required:"true"`
	InputType          string                      `json:"input_type" validate:"skip"`
	InputConstraints   userstore.ColumnConstraints `json:"input_type_constraints" validate:"skip"`
	OutputDataType     userstore.ResourceID        `json:"output_data_type" required:"true"`
	OutputType         string                      `json:"output_type" validate:"skip"`
	OutputConstraints  userstore.ColumnConstraints `json:"output_type_constraints" validate:"skip"`
	ReuseExistingToken bool                        `` /* 157-byte string literal not displayed */
	TransformType      TransformType               `json:"transform_type" required:"true"`
	TagIDs             uuidarray.UUIDArray         `json:"tag_ids" validate:"skip"`
	Function           string                      `json:"function" required:"true"`
	Parameters         string                      `json:"parameters"`
	Version            int                         `json:"version"`
	IsSystem           bool                        `` /* 164-byte string literal not displayed */
}

Transformer describes a token transformer

func (Transformer) IsPolicyRequiredForExecution 

func (g Transformer) IsPolicyRequiredForExecution() bool

IsPolicyRequiredForExecution checks the transformation type and returns if an access policy is required to execute the transformer

func (Transformer) Validate added in v1.0.0 

func (o Transformer) Validate() error

Validate implements Validateable

type UserstoreDataProvenance 

type UserstoreDataProvenance struct {
	UserID   uuid.UUID `json:"user_id" validate:"notnil"`
	ColumnID uuid.UUID `json:"column_id" validate:"notnil"`
}

UserstoreDataProvenance is used by TransformTypeTokenizeByReference to describe the provenance of the data

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.