access

package
v0.5.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2025 License: BSD-3-Clause-Clear Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidResource              = errors.New("access: invalid resource")
	ErrFQNNotFound                  = errors.New("access: attribute value FQN not found in memory")
	ErrDefinitionNotFound           = errors.New("access: definition not found for FQN")
	ErrFailedEvaluation             = errors.New("access: failed to evaluate definition")
	ErrMissingRequiredSpecifiedRule = errors.New("access: AttributeDefinition rule cannot be unspecified")
	ErrUnrecognizedRule             = errors.New("access: unrecognized AttributeDefinition rule")
)
View Source 
var (
	ErrInvalidSubjectMapping      = errors.New("access: invalid subject mapping")
	ErrInvalidAttributeDefinition = errors.New("access: invalid attribute definition")
)
View Source 
var (
	ErrMissingRequiredSDK = errors.New("access: missing required SDK")
	ErrInvalidEntityType  = errors.New("access: invalid entity type")
)
View Source 
var (
	ErrInvalidAction                = errors.New("access: invalid action")
	ErrInvalidEntityChain           = errors.New("access: invalid entity chain")
	ErrInvalidEntitledFQNsToActions = errors.New("access: invalid entitled FQNs to actions")
)
View Source 
var (
	ErrMissingRequiredPolicy = errors.New("access: both attribute definitions and subject mappings must be provided or neither")
)

Functions

This section is empty.

Types

type DataRuleResult 

type DataRuleResult struct {
	Passed              bool                 `json:"passed" example:"false"`
	RuleDefinition      *policy.Attribute    `json:"rule_definition"`
	EntitlementFailures []EntitlementFailure `json:"entitlement_failures"`
}

DataRuleResult represents the result of evaluating one rule for an entity.

type Decision 

type Decision struct {
	Access  bool               `json:"access" example:"false"`
	Results []ResourceDecision `json:"entity_rule_result"`
}

Decision represents the overall access decision for an entity.

type EntitlementFailure 

type EntitlementFailure struct {
	AttributeValueFQN string `json:"attribute_value"`
	ActionName        string `json:"action"`
}

EntitlementFailure represents a failure to satisfy an entitlement of the action on the attribute value.

type JustInTimePDP 

type JustInTimePDP struct {
	// contains filtered or unexported fields
}

func NewJustInTimePDP 

func NewJustInTimePDP(
	ctx context.Context,
	l *logger.Logger,
	sdk *otdfSDK.SDK,
) (*JustInTimePDP, error)

JustInTimePDP creates a new Policy Decision Point instance with no in-memory policy and a remote connection via authenticated SDK, then fetches all Attributes and Subject Mappings from the policy services.

func (*JustInTimePDP) GetDecision 

func (p *JustInTimePDP) GetDecision(
	ctx context.Context,
	entityIdentifier *authzV2.EntityIdentifier,
	action *policy.Action,
	resources []*authzV2.Resource,
) ([]*Decision, bool, error)

GetDecision retrieves the decision for the provided entity chain, action, and resources. It resolves the entity chain to get the entity representations and then calls the embedded PDP to get the decision. The decision is returned as a slice of Decision objects, along with a global boolean indicating whether or not all decisions are allowed.

func (*JustInTimePDP) GetEntitlements 

func (p *JustInTimePDP) GetEntitlements(
	ctx context.Context,
	entityIdentifier *authzV2.EntityIdentifier,
	withComprehensiveHierarchy bool,
) ([]*authzV2.EntityEntitlements, error)

GetEntitlements retrieves the entitlements for the provided entity chain. It resolves the entity chain to get the entity representations and then calls the embedded PDP to get the entitlements.

type PolicyDecisionPoint 

type PolicyDecisionPoint struct {
	// contains filtered or unexported fields
}

PolicyDecisionPoint represents the Policy Decision Point component with all of policy passed in by the caller. All decisions and entitlements are evaluated against the in-memory policy.

func NewPolicyDecisionPoint 

func NewPolicyDecisionPoint(
	ctx context.Context,
	l *logger.Logger,
	allAttributeDefinitions []*policy.Attribute,
	allSubjectMappings []*policy.SubjectMapping,

) (*PolicyDecisionPoint, error)

PolicyDecisionPoint creates a new Policy Decision Point instance. It is presumed that all Attribute Definitions and Subject Mappings are valid and contain the entirety of entitlement policy. Attribute Values without Subject Mappings will be ignored in decisioning.

func (*PolicyDecisionPoint) GetDecision 

func (p *PolicyDecisionPoint) GetDecision(
	ctx context.Context,
	entityRepresentation *entityresolutionV2.EntityRepresentation,
	action *policy.Action,
	resources []*authz.Resource,
) (*Decision, error)

GetDecision evaluates the action on the resources for the entity and returns a decision.

func (*PolicyDecisionPoint) GetEntitlements 

func (p *PolicyDecisionPoint) GetEntitlements(
	ctx context.Context,
	entityRepresentations []*entityresolutionV2.EntityRepresentation,
	optionalMatchedSubjectMappings []*policy.SubjectMapping,
	withComprehensiveHierarchy bool,
) ([]*authz.EntityEntitlements, error)

type ResourceDecision 

type ResourceDecision struct {
	Passed          bool             `json:"passed" example:"false"`
	ResourceID      string           `json:"resource_id,omitempty"`
	DataRuleResults []DataRuleResult `json:"data_rule_results"`
}

ResourceDecision represents the result of evaluating the action on one resource for an entity.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.