handlers

package
v0.9.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 13, 2024 License: BSD-3-Clause-Clear Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AttributeRuleAllOf     = "ALL_OF"
	AttributeRuleAnyOf     = "ANY_OF"
	AttributeRuleHierarchy = "HIERARCHY"
)
View Source 
const (
	OTDFCTL_CLIENT_ID_CACHE_KEY = "OTDFCTL_DEFAULT_CLIENT_ID"
	OTDFCTL_OIDC_TOKEN_KEY      = "OTDFCTL_OIDC_TOKEN"
)
View Source 
const (
	SubjectMappingOperatorIn          = "IN"
	SubjectMappingOperatorNotIn       = "NOT_IN"
	SubjectMappingOperatorUnspecified = "UNSPECIFIED"
)

Variables

View Source 
var (
	SDK *sdk.SDK

	ErrUnauthenticated = errors.New("unauthenticated")
)
View Source 
var ErrTDFInspectFailNotInspectable = errors.New("file or input is not inspectable")
View Source 
var ErrTDFInspectFailNotValidTDF = errors.New("file or input is not a valid TDF")
View Source 
var ErrTDFUnableToReadAttributes = errors.New("unable to read attributes from TDF")
View Source 
var ErrTDFUnableToReadUnencryptedMetadata = errors.New("unable to read unencrypted metadata from TDF")
View Source 
var SubjectMappingOperatorEnumChoices = []string{SubjectMappingOperatorIn, SubjectMappingOperatorNotIn, SubjectMappingOperatorUnspecified}

Functions

func CheckTokenExpiration 

func CheckTokenExpiration(tokenString string) (bool, error)

CheckTokenExpiration checks if an OIDC token has expired. Returns true if the token is still valid, false otherwise.

func ClearCachedCredentials 

func ClearCachedCredentials(endpoint string) error

func GetAttributeFqn 

func GetAttributeFqn(namespace string, name string) string

func GetAttributeRuleFromAttributeType 

func GetAttributeRuleFromAttributeType(rule policy.AttributeRuleTypeEnum) string

Provides the un-prefixed human-readable attribute rule

func GetAttributeRuleFromReadableString 

func GetAttributeRuleFromReadableString(rule string) (policy.AttributeRuleTypeEnum, error)

func GetAttributeRuleOptions 

func GetAttributeRuleOptions() []string

func GetClientIDFromCache 

func GetClientIDFromCache(endpoint string) (string, error)

GetClientIDFromCache retrieves the client ID from the keyring.

func GetClientSecretFromCache 

func GetClientSecretFromCache(endpoint string, clientID string) (string, error)

GetClientSecretFromCache retrieves the client secret from the keyring.

func GetOIDCTokenFromCache 

func GetOIDCTokenFromCache(endpoint string) (string, error)

GetOIDCTokenFromCache retrieves the OIDC token from the keyring.

func GetSubjectMappingOperatorChoiceFromEnum 

func GetSubjectMappingOperatorChoiceFromEnum(enum policy.SubjectMappingOperatorEnum) string

func GetSubjectMappingOperatorFromChoice 

func GetSubjectMappingOperatorFromChoice(readable string) policy.SubjectMappingOperatorEnum

func GetTokenWithClientCreds 

func GetTokenWithClientCreds(ctx context.Context, endpoint string, clientID string, clientSecret string, tlsNoVerify bool) error

Uses the OAuth2 client credentials flow to obtain a token.

func ProcessSubjectContext 

func ProcessSubjectContext(subject interface{}, currSelector string, result []*policy.SubjectProperty) ([]*policy.SubjectProperty, error)

Recursively process json into a list of jq syntax selectors and their values when applying the jq selector to the input json

func TestSubjectContext 

func TestSubjectContext(subject interface{}, selectors []string) ([]*policy.SubjectProperty, error)

Types

type ClientCreds 

type ClientCreds struct {
	ClientID     string `json:"clientId"`
	ClientSecret string `json:"clientSecret"`
}

Client ID and Secret for use in the client credentials flow.

func GetClientCreds 

func GetClientCreds(endpoint string, file string, credsJSON []byte) (ClientCreds, error)

func GetClientCredsFromCache 

func GetClientCredsFromCache(endpoint string) (ClientCreds, error)

Retrieves the client secret from the keyring.

func GetClientCredsFromFile 

func GetClientCredsFromFile(filepath string) (ClientCreds, error)

Retrieves credentials by reading specified file

func GetClientCredsFromJSON 

func GetClientCredsFromJSON(credsJSON []byte) (ClientCreds, error)

Parse the JSON and return the client ID and secret

type CreateAttributeError 

type CreateAttributeError struct {
	ValueErrors map[string]error

	Err error
}

func (*CreateAttributeError) Error 

func (e *CreateAttributeError) Error() string

type Handler 

type Handler struct {
	OIDC_TOKEN string
	// contains filtered or unexported fields
}

func New 

func New(platformEndpoint string, tlsNoVerify bool, sdkOpts ...sdk.Option) (Handler, error)

Creates a new handler wrapping the SDK, which is authenticated through the cached client-credentials flow tokens

func NewWithCredentials 

func NewWithCredentials(endpoint string, clientId string, clientSecret string, tlsNoVerify bool) (Handler, error)

func (Handler) Close 

func (h Handler) Close() error

func (Handler) CreateAttribute 

func (h Handler) CreateAttribute(name string, rule string, namespace string, values []string, metadata *common.MetadataMutable) (*policy.Attribute, error)

Creates and returns the created attribute

func (*Handler) CreateAttributeValue 

func (h *Handler) CreateAttributeValue(attributeId string, value string, metadata *common.MetadataMutable) (*policy.Value, error)

Creates and returns the created value

func (Handler) CreateKasRegistryEntry 

func (h Handler) CreateKasRegistryEntry(uri string, publicKey *policy.PublicKey, metadata *common.MetadataMutable) (*policy.KeyAccessServer, error)

Creates the KAS registry and then returns the KAS

func (Handler) CreateNamespace 

func (h Handler) CreateNamespace(name string, metadata *common.MetadataMutable) (*policy.Namespace, error)

Creates and returns the created n

func (Handler) CreateNewSubjectMapping 

func (h Handler) CreateNewSubjectMapping(attrValId string, actions []*policy.Action, existingSCSId string, newScs *subjectmapping.SubjectConditionSetCreate, m *common.MetadataMutable) (*policy.SubjectMapping, error)

Creates and returns the created subject mapping

func (*Handler) CreateResourceMapping 

func (h *Handler) CreateResourceMapping(attributeId string, terms []string, metadata *common.MetadataMutable) (*policy.ResourceMapping, error)

Creates and returns the created resource mapping

func (Handler) CreateSubjectConditionSet 

func (h Handler) CreateSubjectConditionSet(ss []*policy.SubjectSet, metadata *common.MetadataMutable) (*policy.SubjectConditionSet, error)

Creates and returns the created subject condition set

func (Handler) DeactivateAttribute 

func (h Handler) DeactivateAttribute(id string) (*policy.Attribute, error)

Deactivates and returns deactivated attribute

func (*Handler) DeactivateAttributeValue 

func (h *Handler) DeactivateAttributeValue(id string) (*policy.Value, error)

Deactivates and returns deactivated value

func (Handler) DeactivateNamespace 

func (h Handler) DeactivateNamespace(id string) (*policy.Namespace, error)

Deactivates and returns the deactivated namespace

func (Handler) DecryptNanoTDF 

func (h Handler) DecryptNanoTDF(toDecrypt []byte) (*bytes.Buffer, error)

func (Handler) DecryptTDF 

func (h Handler) DecryptTDF(toDecrypt []byte) (*bytes.Buffer, error)

func (Handler) DeleteKasGrantFromAttribute 

func (h Handler) DeleteKasGrantFromAttribute(attr_id string, kas_id string) (*attributes.AttributeKeyAccessServer, error)

func (Handler) DeleteKasGrantFromValue 

func (h Handler) DeleteKasGrantFromValue(val_id string, kas_id string) (*attributes.ValueKeyAccessServer, error)

func (Handler) DeleteKasRegistryEntry 

func (h Handler) DeleteKasRegistryEntry(id string) (*policy.KeyAccessServer, error)

Deletes the KAS registry and returns the deleted KAS

func (*Handler) DeleteResourceMapping 

func (h *Handler) DeleteResourceMapping(id string) (*policy.ResourceMapping, error)

func (Handler) DeleteSubjectConditionSet 

func (h Handler) DeleteSubjectConditionSet(id string) error

func (Handler) DeleteSubjectMapping 

func (h Handler) DeleteSubjectMapping(id string) (*policy.SubjectMapping, error)

func (Handler) Direct 

func (h Handler) Direct() *sdk.SDK

func (Handler) EncryptBytes 

func (h Handler) EncryptBytes(b []byte, values []string, mimeType string, kasUrlPath string) (*bytes.Buffer, error)

func (Handler) EncryptNanoBytes 

func (h Handler) EncryptNanoBytes(b []byte, values []string, kasUrlPath string) (*bytes.Buffer, error)

func (Handler) GetAttribute 

func (h Handler) GetAttribute(id string) (*policy.Attribute, error)

func (*Handler) GetAttributeValue 

func (h *Handler) GetAttributeValue(id string) (*policy.Value, error)

func (Handler) GetKasRegistryEntry 

func (h Handler) GetKasRegistryEntry(id string) (*policy.KeyAccessServer, error)

func (Handler) GetNamespace 

func (h Handler) GetNamespace(id string) (*policy.Namespace, error)

func (*Handler) GetResourceMapping 

func (h *Handler) GetResourceMapping(id string) (*policy.ResourceMapping, error)

func (Handler) GetSubjectConditionSet 

func (h Handler) GetSubjectConditionSet(id string) (*policy.SubjectConditionSet, error)

func (Handler) GetSubjectMapping 

func (h Handler) GetSubjectMapping(id string) (*policy.SubjectMapping, error)

func (Handler) InspectTDF 

func (h Handler) InspectTDF(toInspect []byte) (TDFInspect, []error)

func (*Handler) ListAttributeValues 

func (h *Handler) ListAttributeValues(attributeId string, state common.ActiveStateEnum) ([]*policy.Value, error)

func (Handler) ListAttributes 

func (h Handler) ListAttributes(state common.ActiveStateEnum) ([]*policy.Attribute, error)

func (Handler) ListKasRegistryEntries 

func (h Handler) ListKasRegistryEntries() ([]*policy.KeyAccessServer, error)

func (Handler) ListNamespaces 

func (h Handler) ListNamespaces(state common.ActiveStateEnum) ([]*policy.Namespace, error)

func (*Handler) ListResourceMappings 

func (h *Handler) ListResourceMappings() ([]*policy.ResourceMapping, error)

func (Handler) ListSubjectConditionSets 

func (h Handler) ListSubjectConditionSets() ([]*policy.SubjectConditionSet, error)

func (Handler) ListSubjectMappings 

func (h Handler) ListSubjectMappings() ([]*policy.SubjectMapping, error)

func (Handler) UnsafeDeleteAttribute 

func (h Handler) UnsafeDeleteAttribute(id, fqn string) error

Deletes and returns error if deletion failed

func (Handler) UnsafeDeleteAttributeValue 

func (h Handler) UnsafeDeleteAttributeValue(id, fqn string) error

Deletes and returns error if deletion failed

func (Handler) UnsafeDeleteNamespace 

func (h Handler) UnsafeDeleteNamespace(id string, fqn string) error

Deletes and returns the deleted namespace

func (Handler) UnsafeReactivateAttribute 

func (h Handler) UnsafeReactivateAttribute(id string) (*policy.Attribute, error)

Reactivates and returns reactivated attribute

func (Handler) UnsafeReactivateAttributeValue 

func (h Handler) UnsafeReactivateAttributeValue(id string) (*policy.Value, error)

Reactivates and returns reactivated attribute

func (Handler) UnsafeReactivateNamespace 

func (h Handler) UnsafeReactivateNamespace(id string) (*policy.Namespace, error)

Reactivates and returns the reactivated namespace

func (Handler) UnsafeUpdateAttribute 

func (h Handler) UnsafeUpdateAttribute(id, name, rule string, values_order []string) error

Deletes and returns error if deletion failed

func (Handler) UnsafeUpdateAttributeValue 

func (h Handler) UnsafeUpdateAttributeValue(id, value string) error

Deletes and returns error if deletion failed

func (Handler) UnsafeUpdateNamespace 

func (h Handler) UnsafeUpdateNamespace(id, name string) (*policy.Namespace, error)

Unsafely updates the namespace and returns the renamed namespace

func (*Handler) UpdateAttribute 

func (h *Handler) UpdateAttribute(
	id string,
	metadata *common.MetadataMutable,
	behavior common.MetadataUpdateEnum,
) (*policy.Attribute, error)

Updates and returns updated attribute

func (*Handler) UpdateAttributeValue 

func (h *Handler) UpdateAttributeValue(id string, metadata *common.MetadataMutable, behavior common.MetadataUpdateEnum) (*policy.Value, error)

Updates and returns updated value

func (Handler) UpdateKasGrantForAttribute 

func (h Handler) UpdateKasGrantForAttribute(attr_id string, kas_id string) (*attributes.AttributeKeyAccessServer, error)

func (Handler) UpdateKasGrantForValue 

func (h Handler) UpdateKasGrantForValue(val_id string, kas_id string) (*attributes.ValueKeyAccessServer, error)

func (Handler) UpdateKasRegistryEntry 

func (h Handler) UpdateKasRegistryEntry(id string, uri string, publickey *policy.PublicKey, metadata *common.MetadataMutable, behavior common.MetadataUpdateEnum) (*policy.KeyAccessServer, error)

Updates the KAS registry and then returns the KAS

func (Handler) UpdateNamespace 

func (h Handler) UpdateNamespace(id string, metadata *common.MetadataMutable, behavior common.MetadataUpdateEnum) (*policy.Namespace, error)

Updates and returns the updated namespace

func (*Handler) UpdateResourceMapping 

func (h *Handler) UpdateResourceMapping(id string, attrValueId string, terms []string, metadata *common.MetadataMutable, behavior common.MetadataUpdateEnum) (*policy.ResourceMapping, error)

TODO: verify updation behavior Updates and returns the updated resource mapping

func (Handler) UpdateSubjectConditionSet 

func (h Handler) UpdateSubjectConditionSet(id string, ss []*policy.SubjectSet, metadata *common.MetadataMutable, behavior common.MetadataUpdateEnum) (*policy.SubjectConditionSet, error)

Updates and returns the updated subject condition set

func (Handler) UpdateSubjectMapping 

func (h Handler) UpdateSubjectMapping(id string, updatedSCSId string, updatedActions []*policy.Action, metadata *common.MetadataMutable, metadataBehavior common.MetadataUpdateEnum) (*policy.SubjectMapping, error)

Updates and returns the updated subject mapping

func (Handler) WithLabelMetadata 

func (h Handler) WithLabelMetadata(metadata *common.MetadataMutable, key, value string) func(*common.MetadataMutable) *common.MetadataMutable

Append a label to the metadata

func (Handler) WithReplaceLabelsMetadata 

func (h Handler) WithReplaceLabelsMetadata(metadata *common.MetadataMutable, labels map[string]string) func(*common.MetadataMutable) *common.MetadataMutable

Replace all labels in the metadata

type ResourceMapping 

type ResourceMapping struct {
	Id          string
	AttributeId string
	Terms       []string
}

type TDFInspect 

type TDFInspect struct {
	Manifest            sdk.Manifest
	Attributes          []string
	UnencryptedMetadata []byte
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.