policy

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 31, 2024 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PolicyTypeInvalid is an invalid policy type
	PolicyTypeInvalid PolicyType = "invalid"

	// PolicyTypeCompositeAnd is the type for composite policies in which all components must be satisfied to grant access
	PolicyTypeCompositeAnd = "composite_and"

	// PolicyTypeCompositeOr is the type for composite policies in which any component must be satisfied to grant access
	PolicyTypeCompositeOr = "composite_or"

	// PolicyTypeCompositeIntersectionDeprecated replaced by PolicyTypeCompositeAnd
	PolicyTypeCompositeIntersectionDeprecated = "compositeintersection"

	// PolicyTypeCompositeUnionDeprecated replaced by PolicyTypeCompositeOr
	PolicyTypeCompositeUnionDeprecated = "compositeunion"
)

Variables

View Source 
var AccessPolicyAllowAll = AccessPolicy{
	ID: uuid.Must(uuid.FromString("3f380e42-0b21-4570-a312-91e1b80386fa")),
}

AccessPolicyAllowAll access policy that allows anything

View Source 
var AccessPolicyDenyAll = AccessPolicy{
	ID: uuid.Must(uuid.FromString("c9c14750-b8f3-4507-bd3f-5c6562f0a6e6")),
}

AccessPolicyDenyAll access policy that denies everything

View Source 
var AccessPolicyTemplateAllowAll = AccessPolicyTemplate{
	SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("1e742248-fdde-4c88-9ea7-2c2106ec7aa8"))),
}

AccessPolicyTemplateAllowAll access policy that allows anything

View Source 
var AccessPolicyTemplateCheckAttribute = AccessPolicyTemplate{
	SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("aad2bf25-311f-467e-9169-a6a89b6d34a6"))),
}

AccessPolicyTemplateCheckAttribute is a template that calls CheckAttribute

View Source 
var AccessPolicyTemplateDenyAll = AccessPolicyTemplate{
	SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("c88d97a6-a3ae-4af8-b018-2bcddf1fa606"))),
}

AccessPolicyTemplateDenyAll access policy that denies everything

View Source 
var AllPolicyTypes = []PolicyType{
	PolicyTypeCompositeAnd,
	PolicyTypeCompositeIntersectionDeprecated,
	PolicyTypeCompositeOr,
	PolicyTypeCompositeUnionDeprecated,
}

AllPolicyTypes is a slice of all PolicyType values

View Source 
var AllTransformTypes = []TransformType{
	TransformTypePassThrough,
	TransformTypeTokenizeByReference,
	TransformTypeTokenizeByValue,
	TransformTypeTransform,
}

AllTransformTypes is a slice of all TransformType values

View Source 
var TransformerCreditCard = Transformer{
	ID:            uuid.Must(uuid.FromString("618a4ae7-9979-4ee8-bac5-db87335fe4d9")),
	TransformType: TransformTypeTransform,
}

TransformerCreditCard transformer for credit card numbers

View Source 
var TransformerEmail = Transformer{
	ID:            uuid.Must(uuid.FromString("0cedf7a4-86ab-450a-9426-478ad0a60faa")),
	TransformType: TransformTypeTokenizeByValue,
}

TransformerEmail transformer for email by default preserving the domain but not username

View Source 
var TransformerFullName = Transformer{
	ID:            uuid.Must(uuid.FromString("b9bf352f-b1ee-4fb2-a2eb-d0c346c6404b")),
	TransformType: TransformTypeTransform,
}

TransformerFullName transformer for full name, by default preserving the first letters of first and last name

View Source 
var TransformerPassthrough = Transformer{
	ID:            uuid.Must(uuid.FromString("c0b5b2a1-0b1f-4b9f-8b1a-1b1f4b9f8b1a")),
	Name:          "PassthroughUnchangedData",
	TransformType: TransformTypePassThrough,
}

TransformerPassthrough is a transformer that passes through the data without changing it (most immediately useful in secured Accessors)

View Source 
var TransformerSSN = Transformer{
	ID:            uuid.Must(uuid.FromString("3f65ee22-2241-4694-bbe3-72cefbe59ff2")),
	TransformType: TransformTypeTransform,
}

TransformerSSN transformer for SSN

View Source 
var TransformerUUID = Transformer{
	ID:            uuid.Must(uuid.FromString("e3743f5b-521e-4305-b232-ee82549e1477")),
	Name:          "UUID",
	TransformType: TransformTypeTokenizeByValue,
}

TransformerUUID transformer for replacing data with a uuid

Functions

func RegisterJSVerifier 

func RegisterJSVerifier(v JSVerifier)

RegisterJSVerifier registers a verifier for JS

Types

type AccessPolicy 

type AccessPolicy struct {
	ID          uuid.UUID           `json:"id" validate:"skip"`
	Name        string              `json:"name" validate:"length:1,128" required:"true"`
	Description string              `json:"description"`
	PolicyType  PolicyType          `json:"policy_type" required:"true"`
	TagIDs      uuidarray.UUIDArray `json:"tag_ids" validate:"skip"`
	Version     int                 `json:"version"`
	IsSystem    bool                `` /* 150-byte string literal not displayed */

	Components []AccessPolicyComponent `json:"components" validate:"skip"`
}

AccessPolicy describes an access policy

func (AccessPolicy) GetPaginationKeys added in v0.7.1 

func (AccessPolicy) GetPaginationKeys() pagination.KeyTypes

GetPaginationKeys is part of the pagination.PageableType interface

func (AccessPolicy) Validate added in v1.0.0 

func (o AccessPolicy) Validate() error

Validate implements Validateable

type AccessPolicyComponent 

type AccessPolicyComponent struct {
	Policy             *userstore.ResourceID `json:"policy,omitempty"`
	Template           *userstore.ResourceID `json:"template,omitempty"`
	TemplateParameters string                `json:"template_parameters,omitempty"`
}

AccessPolicyComponent is either an access policy a template paired with parameters to fill it with

func (AccessPolicyComponent) Validate 

func (a AccessPolicyComponent) Validate() error

Validate implements Validateable

type AccessPolicyContext 

type AccessPolicyContext struct {
	Server ServerContext    `json:"server"`
	Client ClientContext    `json:"client"`
	User   userstore.Record `json:"user"`
}

AccessPolicyContext gets passed to the access policy's function(context, params) at resolution time

func (AccessPolicyContext) Validate added in v1.0.0 

func (o AccessPolicyContext) Validate() error

Validate implements Validateable

type AccessPolicyTemplate 

type AccessPolicyTemplate struct {
	ucdb.SystemAttributeBaseModel `validate:"skip"`
	Name                          string `db:"name" json:"name" validate:"length:1,128" required:"true"`
	Description                   string `db:"description" json:"description"`
	Function                      string `db:"function" json:"function" required:"true"`
	Version                       int    `db:"version" json:"version"`
}

AccessPolicyTemplate describes a template for an access policy

func (*AccessPolicyTemplate) Equals 

func (a *AccessPolicyTemplate) Equals(other *AccessPolicyTemplate) bool

Equals returns true if the two templates are equal, ignoring the ID, description, and version fields

func (AccessPolicyTemplate) GetPaginationKeys added in v0.7.1 

func (AccessPolicyTemplate) GetPaginationKeys() pagination.KeyTypes

GetPaginationKeys is part of the pagination.PageableType interface

type Action 

type Action string

Action identifies the reason access policy is being invoked 

const (
	ActionResolve Action = "Resolve"
	ActionInspect Action = "Inspect"
	ActionLookup  Action = "Lookup"
	ActionDelete  Action = "Delete"
	ActionExecute Action = "Execute" // TODO: should this be a unique action?
)

Different reasons for running access policy

type ClientContext 

type ClientContext map[string]interface{}

ClientContext is passed by the client at resolution time

type JSVerifier 

type JSVerifier interface {
	RunScript(s string, o string, authzClient *authz.Client) (string, error)
}

JSVerifier specifies a minimal interface to allow verification of JS

type PolicyType 

type PolicyType string //revive:disable-line:exported

PolicyType describes the type of an access policy

func (PolicyType) Enum added in v1.0.0 

func (t PolicyType) Enum() []interface{}

Enum implements Enum

func (PolicyType) MarshalText added in v1.0.0 

func (t PolicyType) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler (for JSON)

func (*PolicyType) UnmarshalText added in v1.0.0 

func (t *PolicyType) UnmarshalText(b []byte) error

UnmarshalText implements encoding.TextMarshaler (for JSON)

func (*PolicyType) Validate added in v1.0.0 

func (t *PolicyType) Validate() error

Validate implements Validateable

type ResolverContext 

type ResolverContext struct {
	Username string `json:"username"`
}

ResolverContext contains automatic data about the authenticated user/system at resolution time

func (ResolverContext) Validate added in v1.0.0 

func (o ResolverContext) Validate() error

Validate implements Validateable

type ServerContext 

type ServerContext struct {
	// TODO: add token creation time
	IPAddress string          `json:"ip_address"`
	Resolver  ResolverContext `json:"resolver"`
	Action    Action          `json:"action"`
}

ServerContext is automatically injected by the server at resolution time

func (ServerContext) Validate added in v1.0.0 

func (o ServerContext) Validate() error

Validate implements Validateable

type TransformType 

type TransformType string

TransformType describes the type of transform to be performed 

const (
	// TransformTypePassThrough is a no-op transformation
	TransformTypePassThrough TransformType = "passthrough"

	// TransformTypeTransform is a transformation that doesn't tokenize
	TransformTypeTransform TransformType = "transform"

	// TransformTypeTokenizeByValue is a transformation that tokenizes the value passed in
	TransformTypeTokenizeByValue TransformType = "tokenizebyvalue"

	// TransformTypeTokenizeByReference is a transformation that tokenizes the userstore reference to the value passed in
	TransformTypeTokenizeByReference TransformType = "tokenizebyreference"
)

func (TransformType) Enum added in v1.0.0 

func (t TransformType) Enum() []interface{}

Enum implements Enum

func (TransformType) MarshalText added in v1.0.0 

func (t TransformType) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler (for JSON)

func (*TransformType) UnmarshalText added in v1.0.0 

func (t *TransformType) UnmarshalText(b []byte) error

UnmarshalText implements encoding.TextMarshaler (for JSON)

func (*TransformType) Validate added in v1.0.0 

func (t *TransformType) Validate() error

Validate implements Validateable

type Transformer 

type Transformer struct {
	ID                 uuid.UUID           `json:"id"`
	Name               string              `json:"name" validate:"length:1,128" required:"true"`
	Description        string              `json:"description"`
	InputType          userstore.DataType  `json:"input_type" required:"true"`
	OutputType         userstore.DataType  `json:"output_type" validate:"skip"`
	ReuseExistingToken bool                `` /* 156-byte string literal not displayed */
	TransformType      TransformType       `json:"transform_type" required:"true"`
	TagIDs             uuidarray.UUIDArray `json:"tag_ids" validate:"skip"`
	Function           string              `json:"function" required:"true"`
	Parameters         string              `json:"parameters"`
	IsSystem           bool                `` /* 164-byte string literal not displayed */
}

Transformer describes a token transformer

func (*Transformer) Equals 

func (g *Transformer) Equals(other *Transformer) bool

Equals returns true if the two policies are equal, ignoring the ID and description fields

func (Transformer) GetPaginationKeys added in v0.7.1 

func (Transformer) GetPaginationKeys() pagination.KeyTypes

GetPaginationKeys is part of the pagination.PageableType interface

func (Transformer) IsPolicyRequiredForExecution 

func (g Transformer) IsPolicyRequiredForExecution() bool

IsPolicyRequiredForExecution checks the transformation type and returns if an access policy is required to execute the transformer

func (Transformer) Validate added in v1.0.0 

func (o Transformer) Validate() error

Validate implements Validateable

type UserstoreDataProvenance 

type UserstoreDataProvenance struct {
	UserID   uuid.UUID `json:"user_id" validate:"notnil"`
	ColumnID uuid.UUID `json:"column_id" validate:"notnil"`
}

UserstoreDataProvenance is used by TransformTypeTokenizeByReference to describe the provenance of the data

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.