policy

package

v1.2.0 Latest Latest Go to latest Published: Apr 9, 2024 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/userclouds/sdk-golang

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func RegisterJSVerifier(v JSVerifier)
type AccessPolicy
- func (a AccessPolicy) EqualsIgnoringNilID(other AccessPolicy) bool
- func (o AccessPolicy) Validate() error
type AccessPolicyComponent
- func (a AccessPolicyComponent) Validate() error
type AccessPolicyContext
type AccessPolicyTemplate
- func (a *AccessPolicyTemplate) EqualsIgnoringNilID(other *AccessPolicyTemplate) bool
- func (AccessPolicyTemplate) GetPaginationKeys() pagination.KeyTypes
type Action
type ClientContext
type JSVerifier
type PolicyType
- func (t PolicyType) Enum() []interface{}
- func (t PolicyType) MarshalText() ([]byte, error)
- func (t *PolicyType) UnmarshalText(b []byte) error
- func (t *PolicyType) Validate() error
type ServerContext
type TransformType
- func (t TransformType) Enum() []interface{}
- func (t TransformType) MarshalText() ([]byte, error)
- func (t *TransformType) UnmarshalText(b []byte) error
- func (t *TransformType) Validate() error
type Transformer
- func (g *Transformer) EqualsIgnoringNilID(other *Transformer) bool
- func (g Transformer) IsPolicyRequiredForExecution() bool
- func (o Transformer) Validate() error
type UserstoreDataProvenance

Constants ¶

View Source

const (
	// PolicyTypeInvalid is an invalid policy type
	PolicyTypeInvalid PolicyType = "invalid"

	// PolicyTypeCompositeAnd is the type for composite policies in which all components must be satisfied to grant access
	PolicyTypeCompositeAnd = "composite_and"

	// PolicyTypeCompositeOr is the type for composite policies in which any component must be satisfied to grant access
	PolicyTypeCompositeOr = "composite_or"
)

Variables ¶

View Source

var AccessPolicyAllowAll = AccessPolicy{
	ID: uuid.Must(uuid.FromString("3f380e42-0b21-4570-a312-91e1b80386fa")),
}

AccessPolicyAllowAll access policy that allows anything

View Source

var AccessPolicyDenyAll = AccessPolicy{
	ID: uuid.Must(uuid.FromString("c9c14750-b8f3-4507-bd3f-5c6562f0a6e6")),
}

AccessPolicyDenyAll access policy that denies everything

View Source

var AccessPolicyTemplateAllowAll = AccessPolicyTemplate{
	SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("1e742248-fdde-4c88-9ea7-2c2106ec7aa8"))),
}

AccessPolicyTemplateAllowAll access policy that allows anything

View Source

var AccessPolicyTemplateCheckAttribute = AccessPolicyTemplate{
	SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("aad2bf25-311f-467e-9169-a6a89b6d34a6"))),
}

AccessPolicyTemplateCheckAttribute is a template that calls CheckAttribute

View Source

var AccessPolicyTemplateDenyAll = AccessPolicyTemplate{
	SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("c88d97a6-a3ae-4af8-b018-2bcddf1fa606"))),
}

AccessPolicyTemplateDenyAll access policy that denies everything

View Source

var AllPolicyTypes = []PolicyType{
	PolicyTypeCompositeAnd,
	PolicyTypeCompositeOr,
}

AllPolicyTypes is a slice of all PolicyType values

View Source

var AllTransformTypes = []TransformType{
	TransformTypePassThrough,
	TransformTypeTokenizeByReference,
	TransformTypeTokenizeByValue,
	TransformTypeTransform,
}

AllTransformTypes is a slice of all TransformType values

View Source

var TransformerCreditCard = Transformer{
	ID:            uuid.Must(uuid.FromString("618a4ae7-9979-4ee8-bac5-db87335fe4d9")),
	TransformType: TransformTypeTransform,
}

TransformerCreditCard transformer for credit card numbers

View Source

var TransformerEmail = Transformer{
	ID:            uuid.Must(uuid.FromString("0cedf7a4-86ab-450a-9426-478ad0a60faa")),
	TransformType: TransformTypeTokenizeByValue,
}

TransformerEmail transformer for email by default preserving the domain but not username

View Source

var TransformerFullName = Transformer{
	ID:            uuid.Must(uuid.FromString("b9bf352f-b1ee-4fb2-a2eb-d0c346c6404b")),
	TransformType: TransformTypeTransform,
}

TransformerFullName transformer for full name, by default preserving the first letters of first and last name

View Source

var TransformerPassthrough = Transformer{
	ID:            uuid.Must(uuid.FromString("c0b5b2a1-0b1f-4b9f-8b1a-1b1f4b9f8b1a")),
	Name:          "PassthroughUnchangedData",
	TransformType: TransformTypePassThrough,
}

TransformerPassthrough is a transformer that passes through the data without changing it (most immediately useful in secured Accessors)

View Source

var TransformerSSN = Transformer{
	ID:            uuid.Must(uuid.FromString("3f65ee22-2241-4694-bbe3-72cefbe59ff2")),
	TransformType: TransformTypeTransform,
}

TransformerSSN transformer for SSN

View Source

var TransformerUUID = Transformer{
	ID:            uuid.Must(uuid.FromString("e3743f5b-521e-4305-b232-ee82549e1477")),
	Name:          "UUID",
	TransformType: TransformTypeTokenizeByValue,
}

TransformerUUID transformer for replacing data with a uuid

Functions ¶

func RegisterJSVerifier ¶

func RegisterJSVerifier(v JSVerifier)

RegisterJSVerifier registers a verifier for JS

Types ¶

type AccessPolicy ¶

type AccessPolicy struct {
	ID              uuid.UUID           `json:"id" validate:"skip"`
	Name            string              `json:"name" validate:"length:1,128" required:"true"`
	Description     string              `json:"description"`
	PolicyType      PolicyType          `json:"policy_type" required:"true"`
	TagIDs          uuidarray.UUIDArray `json:"tag_ids" validate:"skip"`
	Version         int                 `json:"version"`
	IsSystem        bool                `` /* 150-byte string literal not displayed */
	IsAutogenerated bool                `json:"is_autogenerated" description:"Whether this policy is autogenerated from an accessor or mutator."`

	Components []AccessPolicyComponent `json:"components" validate:"skip"`
}

AccessPolicy describes an access policy

func (AccessPolicy) EqualsIgnoringNilID ¶ added in v1.1.0

func (a AccessPolicy) EqualsIgnoringNilID(other AccessPolicy) bool

EqualsIgnoringNilID returns true if the two policies are equal, ignoring the description, version, and ID if one is nil

func (AccessPolicy) Validate ¶ added in v1.0.0

func (o AccessPolicy) Validate() error

Validate implements Validateable

type AccessPolicyComponent ¶

type AccessPolicyComponent struct {
	Policy             *userstore.ResourceID `json:"policy,omitempty"`
	Template           *userstore.ResourceID `json:"template,omitempty"`
	TemplateParameters string                `json:"template_parameters,omitempty"`
}

AccessPolicyComponent is either an access policy a template paired with parameters to fill it with

func (AccessPolicyComponent) Validate ¶

func (a AccessPolicyComponent) Validate() error

Validate implements Validateable

type AccessPolicyContext ¶

type AccessPolicyContext struct {
	Server ServerContext    `json:"server"`
	Client ClientContext    `json:"client"`
	User   userstore.Record `json:"user"`
}

AccessPolicyContext gets passed to the access policy's function(context, params) at resolution time

type AccessPolicyTemplate ¶

type AccessPolicyTemplate struct {
	ucdb.SystemAttributeBaseModel `validate:"skip"`
	Name                          string `db:"name" json:"name" validate:"length:1,128" required:"true"`
	Description                   string `db:"description" json:"description"`
	Function                      string `db:"function" json:"function" required:"true"`
	Version                       int    `db:"version" json:"version"`
}

AccessPolicyTemplate describes a template for an access policy

func (*AccessPolicyTemplate) EqualsIgnoringNilID ¶ added in v1.1.0

func (a *AccessPolicyTemplate) EqualsIgnoringNilID(other *AccessPolicyTemplate) bool

EqualsIgnoringNilID returns true if the two templates are equal, ignoring the description, version, and ID if one is nil

func (AccessPolicyTemplate) GetPaginationKeys ¶ added in v0.7.1

func (AccessPolicyTemplate) GetPaginationKeys() pagination.KeyTypes

GetPaginationKeys is part of the pagination.PageableType interface

type Action ¶

type Action string

Action identifies the reason access policy is being invoked

const (
	ActionResolve Action = "Resolve"
	ActionInspect Action = "Inspect"
	ActionLookup  Action = "Lookup"
	ActionDelete  Action = "Delete"
	ActionExecute Action = "Execute" // TODO: should this be a unique action?
)

Different reasons for running access policy

type ClientContext ¶

type ClientContext map[string]interface{}

ClientContext is passed by the client at resolution time

type JSVerifier ¶

type JSVerifier interface {
	RunScript(s string, o string, authzClient *authz.Client) (string, error)
}

JSVerifier specifies a minimal interface to allow verification of JS

type PolicyType ¶

type PolicyType string //revive:disable-line:exported

PolicyType describes the type of an access policy

func (PolicyType) Enum ¶ added in v1.0.0

func (t PolicyType) Enum() []interface{}

Enum implements Enum

func (PolicyType) MarshalText ¶ added in v1.0.0

func (t PolicyType) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler (for JSON)

func (*PolicyType) UnmarshalText ¶ added in v1.0.0

func (t *PolicyType) UnmarshalText(b []byte) error

UnmarshalText implements encoding.TextMarshaler (for JSON)

func (*PolicyType) Validate ¶ added in v1.0.0

func (t *PolicyType) Validate() error

Validate implements Validateable

type ServerContext ¶

type ServerContext struct {
	// TODO: add token creation time
	IPAddress    string                 `json:"ip_address"`
	Action       Action                 `json:"action"`
	PurposeNames []string               `json:"purpose_names"`
	Claims       map[string]interface{} `json:"claims"`
}

ServerContext is automatically injected by the server at resolution time

type TransformType ¶

type TransformType string

TransformType describes the type of transform to be performed

const (
	// TransformTypePassThrough is a no-op transformation
	TransformTypePassThrough TransformType = "passthrough"

	// TransformTypeTransform is a transformation that doesn't tokenize
	TransformTypeTransform TransformType = "transform"

	// TransformTypeTokenizeByValue is a transformation that tokenizes the value passed in
	TransformTypeTokenizeByValue TransformType = "tokenizebyvalue"

	// TransformTypeTokenizeByReference is a transformation that tokenizes the userstore reference to the value passed in
	TransformTypeTokenizeByReference TransformType = "tokenizebyreference"
)

func (TransformType) Enum ¶ added in v1.0.0

func (t TransformType) Enum() []interface{}

Enum implements Enum

func (TransformType) MarshalText ¶ added in v1.0.0

func (t TransformType) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler (for JSON)

func (*TransformType) UnmarshalText ¶ added in v1.0.0

func (t *TransformType) UnmarshalText(b []byte) error

UnmarshalText implements encoding.TextMarshaler (for JSON)

func (*TransformType) Validate ¶ added in v1.0.0

func (t *TransformType) Validate() error

Validate implements Validateable

type Transformer ¶

type Transformer struct {
	ID                 uuid.UUID                   `json:"id"`
	Name               string                      `json:"name" validate:"length:1,128" required:"true"`
	Description        string                      `json:"description"`
	InputDataType      userstore.ResourceID        `json:"input_data_type" validate:"skip"`
	InputType          userstore.DataType          `json:"input_type" required:"true"`
	InputConstraints   userstore.ColumnConstraints `json:"input_type_constraints"`
	OutputDataType     userstore.ResourceID        `json:"output_data_type" validate:"skip"`
	OutputType         userstore.DataType          `json:"output_type" validate:"skip"`
	OutputConstraints  userstore.ColumnConstraints `json:"output_type_constraints"`
	ReuseExistingToken bool                        `` /* 157-byte string literal not displayed */
	TransformType      TransformType               `json:"transform_type" required:"true"`
	TagIDs             uuidarray.UUIDArray         `json:"tag_ids" validate:"skip"`
	Function           string                      `json:"function" required:"true"`
	Parameters         string                      `json:"parameters"`
	IsSystem           bool                        `` /* 164-byte string literal not displayed */
}

Transformer describes a token transformer

func (*Transformer) EqualsIgnoringNilID ¶ added in v1.1.0

func (g *Transformer) EqualsIgnoringNilID(other *Transformer) bool

EqualsIgnoringNilID returns true if the two policies are equal, ignoring the description and ID if one is nil

func (Transformer) IsPolicyRequiredForExecution ¶

func (g Transformer) IsPolicyRequiredForExecution() bool

IsPolicyRequiredForExecution checks the transformation type and returns if an access policy is required to execute the transformer

func (Transformer) Validate ¶ added in v1.0.0

func (o Transformer) Validate() error

Validate implements Validateable

type UserstoreDataProvenance ¶

type UserstoreDataProvenance struct {
	UserID   uuid.UUID `json:"user_id" validate:"notnil"`
	ColumnID uuid.UUID `json:"column_id" validate:"notnil"`
}

UserstoreDataProvenance is used by TransformTypeTokenizeByReference to describe the provenance of the data

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL