policy

package
v0.7.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 2, 2023 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PolicyTypeInvalid is an invalid policy type
	PolicyTypeInvalid PolicyType = "invalid"

	// PolicyTypeCompositeIntersection is the type for composite policies in which all components must be satisfied to grant access
	PolicyTypeCompositeIntersection = "compositeintersection"

	// PolicyTypeCompositeUnion is the type for composite policies in which any component must be satisfied to grant access
	PolicyTypeCompositeUnion = "compositeunion"
)

Variables

This section is empty.

Functions

func RegisterJSVerifier 

func RegisterJSVerifier(v JSVerifier)

RegisterJSVerifier registers a verifier for JS

Types

type AccessPolicy 

type AccessPolicy struct {
	ID          uuid.UUID           `json:"id" validate:"skip"`
	Name        string              `json:"name" validate:"length:1,128" required:"true"`
	Description string              `json:"description"`
	PolicyType  PolicyType          `json:"policy_type" required:"true"`
	TagIDs      uuidarray.UUIDArray `json:"tag_ids" validate:"skip"`
	Version     int                 `json:"version"`
	IsSystem    bool                `` /* 150-byte string literal not displayed */

	Components []AccessPolicyComponent `json:"components" validate:"skip"`
}

AccessPolicy describes an access policy

func (AccessPolicy) GetPaginationKeys added in v0.7.1 

func (AccessPolicy) GetPaginationKeys() pagination.KeyTypes

GetPaginationKeys is part of the pagination.PageableType interface

type AccessPolicyComponent 

type AccessPolicyComponent struct {
	Policy             *userstore.ResourceID `json:"policy,omitempty"`
	Template           *userstore.ResourceID `json:"template,omitempty"`
	TemplateParameters string                `json:"template_parameters,omitempty"`
}

AccessPolicyComponent is either an access policy a template paired with parameters to fill it with

func (AccessPolicyComponent) Validate 

func (a AccessPolicyComponent) Validate() error

Validate implments Validateable

type AccessPolicyContext 

type AccessPolicyContext struct {
	Server ServerContext    `json:"server"`
	Client ClientContext    `json:"client"`
	User   userstore.Record `json:"user"`
}

AccessPolicyContext gets passed to the access policy's function(context, params) at resolution time

type AccessPolicyTemplate 

type AccessPolicyTemplate struct {
	ucdb.SystemAttributeBaseModel `validate:"skip"`
	Name                          string `db:"name" json:"name" validate:"length:1,128" required:"true"`
	Description                   string `db:"description" json:"description"`
	Function                      string `db:"function" json:"function" required:"true"`
	Version                       int    `db:"version" json:"version"`
}

AccessPolicyTemplate describes a template for an access policy

func (*AccessPolicyTemplate) Equals 

func (a *AccessPolicyTemplate) Equals(other *AccessPolicyTemplate) bool

Equals returns true if the two templates are equal, ignoring the ID, description, and version fields

func (AccessPolicyTemplate) GetPaginationKeys added in v0.7.1 

func (AccessPolicyTemplate) GetPaginationKeys() pagination.KeyTypes

GetPaginationKeys is part of the pagination.PageableType interface

type Action 

type Action string

Action identifies the reason access policy is being invoked 

const (
	ActionResolve Action = "Resolve"
	ActionInspect Action = "Inspect"
	ActionLookup  Action = "Lookup"
	ActionDelete  Action = "Delete"
	ActionExecute Action = "Execute" // TODO: should this be a unique action?
)

Different reasons for running access policy

type ClientContext 

type ClientContext map[string]interface{}

ClientContext is passed by the client at resolution time

type JSVerifier 

type JSVerifier interface {
	RunScript(s string, o string, authzClient *authz.Client) (string, error)
}

JSVerifier specifies a minimal interface to allow verification of JS

type PolicyType 

type PolicyType string //revive:disable-line:exported

PolicyType describes the type of an access policy

type ResolverContext 

type ResolverContext struct {
	Username string `json:"username"`
}

ResolverContext contains automatic data about the authenticated user/system at resolution time

type ServerContext 

type ServerContext struct {
	// TODO: add token creation time
	IPAddress string          `json:"ip_address"`
	Resolver  ResolverContext `json:"resolver"`
	Action    Action          `json:"action"`
}

ServerContext is automatically injected by the server at resolution time

type TransformType 

type TransformType string

TransformType describes the type of transform to be performed 

const (
	// TransformTypePassThrough is a no-op transformation
	TransformTypePassThrough TransformType = "passthrough"

	// TransformTypeTransform is a transformation that doesn't tokenize
	TransformTypeTransform TransformType = "transform"

	// TransformTypeTokenizeByValue is a transformation that tokenizes the value passed in
	TransformTypeTokenizeByValue TransformType = "tokenizebyvalue"

	// TransformTypeTokenizeByReference is a transformation that tokenizes the userstore reference to the value passed in
	TransformTypeTokenizeByReference TransformType = "tokenizebyreference"
)

type Transformer 

type Transformer struct {
	ID            uuid.UUID           `json:"id"`
	Name          string              `json:"name" validate:"length:1,128" required:"true"`
	Description   string              `json:"description"`
	InputType     userstore.DataType  `json:"input_type" required:"true"`
	TransformType TransformType       `json:"transform_type" required:"true"`
	TagIDs        uuidarray.UUIDArray `json:"tag_ids" validate:"skip"`
	Function      string              `json:"function" required:"true"`
	Parameters    string              `json:"parameters"`
	IsSystem      bool                `` /* 164-byte string literal not displayed */
}

Transformer describes a token transformer

func (*Transformer) Equals 

func (g *Transformer) Equals(other *Transformer) bool

Equals returns true if the two policies are equal, ignoring the ID and description fields

func (Transformer) GetPaginationKeys added in v0.7.1 

func (Transformer) GetPaginationKeys() pagination.KeyTypes

GetPaginationKeys is part of the pagination.PageableType interface

func (Transformer) IsPolicyRequiredForExecution 

func (g Transformer) IsPolicyRequiredForExecution() bool

IsPolicyRequiredForExecution checks the transformation type and returns if an access policy is required to execute the transformer

type UserstoreDataProvenance 

type UserstoreDataProvenance struct {
	UserID   uuid.UUID `json:"user_id" validate:"notnil"`
	ColumnID uuid.UUID `json:"column_id" validate:"notnil"`
}

UserstoreDataProvenance is used by TransformTypeTokenizeByReference to describe the provenance of the data

type Validator 

type Validator Transformer // TODO: define separate Validator, just piggybacking on Transformer for now

Validator is used to validate a data type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.