Documentation ¶
Index ¶
- Constants
- Variables
- func RegisterJSVerifier(v JSVerifier)
- type AccessPolicy
- type AccessPolicyComponent
- type AccessPolicyContext
- type AccessPolicyTemplate
- type Action
- type ClientContext
- type JSVerifier
- type PolicyType
- type ServerContext
- type TransformType
- type Transformer
- type UserstoreDataProvenance
Constants ¶
const ( // PolicyTypeInvalid is an invalid policy type PolicyTypeInvalid PolicyType = "invalid" // PolicyTypeCompositeAnd is the type for composite policies in which all components must be satisfied to grant access PolicyTypeCompositeAnd = "composite_and" // PolicyTypeCompositeOr is the type for composite policies in which any component must be satisfied to grant access PolicyTypeCompositeOr = "composite_or" )
Variables ¶
var AccessPolicyAllowAll = AccessPolicy{ ID: uuid.Must(uuid.FromString("3f380e42-0b21-4570-a312-91e1b80386fa")), }
AccessPolicyAllowAll access policy that allows anything
var AccessPolicyDenyAll = AccessPolicy{ ID: uuid.Must(uuid.FromString("c9c14750-b8f3-4507-bd3f-5c6562f0a6e6")), }
AccessPolicyDenyAll access policy that denies everything
var AccessPolicyTemplateAllowAll = AccessPolicyTemplate{ SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("1e742248-fdde-4c88-9ea7-2c2106ec7aa8"))), }
AccessPolicyTemplateAllowAll access policy that allows anything
var AccessPolicyTemplateCheckAttribute = AccessPolicyTemplate{ SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("aad2bf25-311f-467e-9169-a6a89b6d34a6"))), }
AccessPolicyTemplateCheckAttribute is a template that calls CheckAttribute
var AccessPolicyTemplateDenyAll = AccessPolicyTemplate{ SystemAttributeBaseModel: ucdb.NewSystemAttributeBaseWithID(uuid.Must(uuid.FromString("c88d97a6-a3ae-4af8-b018-2bcddf1fa606"))), }
AccessPolicyTemplateDenyAll access policy that denies everything
var AllPolicyTypes = []PolicyType{ PolicyTypeCompositeAnd, PolicyTypeCompositeOr, }
AllPolicyTypes is a slice of all PolicyType values
var AllTransformTypes = []TransformType{ TransformTypePassThrough, TransformTypeTokenizeByReference, TransformTypeTokenizeByValue, TransformTypeTransform, }
AllTransformTypes is a slice of all TransformType values
var TransformerCreditCard = Transformer{ ID: uuid.Must(uuid.FromString("618a4ae7-9979-4ee8-bac5-db87335fe4d9")), TransformType: TransformTypeTransform, }
TransformerCreditCard transformer for credit card numbers
var TransformerEmail = Transformer{ ID: uuid.Must(uuid.FromString("0cedf7a4-86ab-450a-9426-478ad0a60faa")), TransformType: TransformTypeTokenizeByValue, }
TransformerEmail transformer for email by default preserving the domain but not username
var TransformerFullName = Transformer{ ID: uuid.Must(uuid.FromString("b9bf352f-b1ee-4fb2-a2eb-d0c346c6404b")), TransformType: TransformTypeTransform, }
TransformerFullName transformer for full name, by default preserving the first letters of first and last name
var TransformerPassthrough = Transformer{ ID: uuid.Must(uuid.FromString("c0b5b2a1-0b1f-4b9f-8b1a-1b1f4b9f8b1a")), Name: "PassthroughUnchangedData", TransformType: TransformTypePassThrough, }
TransformerPassthrough is a transformer that passes through the data without changing it (most immediately useful in secured Accessors)
var TransformerSSN = Transformer{ ID: uuid.Must(uuid.FromString("3f65ee22-2241-4694-bbe3-72cefbe59ff2")), TransformType: TransformTypeTransform, }
TransformerSSN transformer for SSN
var TransformerUUID = Transformer{ ID: uuid.Must(uuid.FromString("e3743f5b-521e-4305-b232-ee82549e1477")), Name: "UUID", TransformType: TransformTypeTokenizeByValue, }
TransformerUUID transformer for replacing data with a uuid
Functions ¶
func RegisterJSVerifier ¶
func RegisterJSVerifier(v JSVerifier)
RegisterJSVerifier registers a verifier for JS
Types ¶
type AccessPolicy ¶
type AccessPolicy struct { ID uuid.UUID `json:"id" validate:"skip"` Name string `json:"name" validate:"length:1,128" required:"true"` Description string `json:"description"` PolicyType PolicyType `json:"policy_type" required:"true"` TagIDs uuidarray.UUIDArray `json:"tag_ids" validate:"skip"` Version int `json:"version"` IsSystem bool `` /* 150-byte string literal not displayed */ IsAutogenerated bool `json:"is_autogenerated" description:"Whether this policy is autogenerated from an accessor or mutator."` Components []AccessPolicyComponent `json:"components" validate:"skip"` }
AccessPolicy describes an access policy
func (AccessPolicy) EqualsIgnoringNilID ¶ added in v1.1.0
func (a AccessPolicy) EqualsIgnoringNilID(other AccessPolicy) bool
EqualsIgnoringNilID returns true if the two policies are equal, ignoring the description, version, and ID if one is nil
func (AccessPolicy) Validate ¶ added in v1.0.0
func (o AccessPolicy) Validate() error
Validate implements Validateable
type AccessPolicyComponent ¶
type AccessPolicyComponent struct { Policy *userstore.ResourceID `json:"policy,omitempty"` Template *userstore.ResourceID `json:"template,omitempty"` TemplateParameters string `json:"template_parameters,omitempty"` }
AccessPolicyComponent is either an access policy a template paired with parameters to fill it with
func (AccessPolicyComponent) Validate ¶
func (a AccessPolicyComponent) Validate() error
Validate implements Validateable
type AccessPolicyContext ¶
type AccessPolicyContext struct { Server ServerContext `json:"server"` Client ClientContext `json:"client"` User userstore.Record `json:"user"` }
AccessPolicyContext gets passed to the access policy's function(context, params) at resolution time
type AccessPolicyTemplate ¶
type AccessPolicyTemplate struct { ucdb.SystemAttributeBaseModel `validate:"skip"` Name string `db:"name" json:"name" validate:"length:1,128" required:"true"` Description string `db:"description" json:"description"` Function string `db:"function" json:"function" required:"true"` Version int `db:"version" json:"version"` }
AccessPolicyTemplate describes a template for an access policy
func (*AccessPolicyTemplate) EqualsIgnoringNilID ¶ added in v1.1.0
func (a *AccessPolicyTemplate) EqualsIgnoringNilID(other *AccessPolicyTemplate) bool
EqualsIgnoringNilID returns true if the two templates are equal, ignoring the description, version, and ID if one is nil
func (AccessPolicyTemplate) GetPaginationKeys ¶ added in v0.7.1
func (AccessPolicyTemplate) GetPaginationKeys() pagination.KeyTypes
GetPaginationKeys is part of the pagination.PageableType interface
type ClientContext ¶
type ClientContext map[string]interface{}
ClientContext is passed by the client at resolution time
type JSVerifier ¶
type JSVerifier interface {
RunScript(s string, o string, authzClient *authz.Client) (string, error)
}
JSVerifier specifies a minimal interface to allow verification of JS
type PolicyType ¶
type PolicyType string //revive:disable-line:exported
PolicyType describes the type of an access policy
func (PolicyType) Enum ¶ added in v1.0.0
func (t PolicyType) Enum() []interface{}
Enum implements Enum
func (PolicyType) MarshalText ¶ added in v1.0.0
func (t PolicyType) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler (for JSON)
func (*PolicyType) UnmarshalText ¶ added in v1.0.0
func (t *PolicyType) UnmarshalText(b []byte) error
UnmarshalText implements encoding.TextMarshaler (for JSON)
func (*PolicyType) Validate ¶ added in v1.0.0
func (t *PolicyType) Validate() error
Validate implements Validateable
type ServerContext ¶
type ServerContext struct { // TODO: add token creation time IPAddress string `json:"ip_address"` Action Action `json:"action"` PurposeNames []string `json:"purpose_names"` Claims map[string]interface{} `json:"claims"` }
ServerContext is automatically injected by the server at resolution time
type TransformType ¶
type TransformType string
TransformType describes the type of transform to be performed
const ( // TransformTypePassThrough is a no-op transformation TransformTypePassThrough TransformType = "passthrough" // TransformTypeTransform is a transformation that doesn't tokenize TransformTypeTransform TransformType = "transform" // TransformTypeTokenizeByValue is a transformation that tokenizes the value passed in TransformTypeTokenizeByValue TransformType = "tokenizebyvalue" // TransformTypeTokenizeByReference is a transformation that tokenizes the userstore reference to the value passed in TransformTypeTokenizeByReference TransformType = "tokenizebyreference" )
func (TransformType) Enum ¶ added in v1.0.0
func (t TransformType) Enum() []interface{}
Enum implements Enum
func (TransformType) MarshalText ¶ added in v1.0.0
func (t TransformType) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler (for JSON)
func (*TransformType) UnmarshalText ¶ added in v1.0.0
func (t *TransformType) UnmarshalText(b []byte) error
UnmarshalText implements encoding.TextMarshaler (for JSON)
func (*TransformType) Validate ¶ added in v1.0.0
func (t *TransformType) Validate() error
Validate implements Validateable
type Transformer ¶
type Transformer struct { ID uuid.UUID `json:"id"` Name string `json:"name" validate:"length:1,128" required:"true"` Description string `json:"description"` InputDataType userstore.ResourceID `json:"input_data_type" validate:"skip"` InputType userstore.DataType `json:"input_type" required:"true"` InputConstraints userstore.ColumnConstraints `json:"input_type_constraints"` OutputDataType userstore.ResourceID `json:"output_data_type" validate:"skip"` OutputType userstore.DataType `json:"output_type" validate:"skip"` OutputConstraints userstore.ColumnConstraints `json:"output_type_constraints"` ReuseExistingToken bool `` /* 157-byte string literal not displayed */ TransformType TransformType `json:"transform_type" required:"true"` TagIDs uuidarray.UUIDArray `json:"tag_ids" validate:"skip"` Function string `json:"function" required:"true"` Parameters string `json:"parameters"` IsSystem bool `` /* 164-byte string literal not displayed */ }
Transformer describes a token transformer
func (*Transformer) EqualsIgnoringNilID ¶ added in v1.1.0
func (g *Transformer) EqualsIgnoringNilID(other *Transformer) bool
EqualsIgnoringNilID returns true if the two policies are equal, ignoring the description and ID if one is nil
func (Transformer) IsPolicyRequiredForExecution ¶
func (g Transformer) IsPolicyRequiredForExecution() bool
IsPolicyRequiredForExecution checks the transformation type and returns if an access policy is required to execute the transformer
func (Transformer) Validate ¶ added in v1.0.0
func (o Transformer) Validate() error
Validate implements Validateable