Documentation
¶
Overview ¶
Package types contains primitive, plain-old-data types including:
- Cedar data types, which implement the Value interface
- Entity and friends, including a JSON marshaler for interacting with JSON-encoded entities
- The Pattern struct, used for both programmatic and textual/JSON AST construction
- Authorization types used by both the cedar package and the experimental batch package, in order to avoid a circular dependency
Types contained herein which are generally useful to the public are re-exported via the cedar package; it should be unlikely that users need to import this package directly.
Index ¶
- Constants
- func UnmarshalJSON(b []byte, v *Value) error
- type Annotations
- type Boolean
- type Datetime
- func (d Datetime) Equal(bi Value) bool
- func (d Datetime) LessThan(bi Value) (bool, error)
- func (d Datetime) LessThanOrEqual(bi Value) (bool, error)
- func (d Datetime) MarshalCedar() []byte
- func (d Datetime) MarshalJSON() ([]byte, error)
- func (d Datetime) Milliseconds() int64
- func (d Datetime) String() string
- func (d Datetime) Time() time.Time
- func (d *Datetime) UnmarshalJSON(b []byte) error
- type Decimal
- type Decision
- type Diagnostic
- type DiagnosticError
- type DiagnosticReason
- type Duration
- func (d Duration) Duration() (time.Duration, error)
- func (d Duration) Equal(bi Value) bool
- func (d Duration) LessThan(bi Value) (bool, error)
- func (d Duration) LessThanOrEqual(bi Value) (bool, error)
- func (d Duration) MarshalCedar() []byte
- func (d Duration) MarshalJSON() ([]byte, error)
- func (d Duration) String() string
- func (d Duration) ToDays() int64
- func (d Duration) ToHours() int64
- func (d Duration) ToMilliseconds() int64
- func (d Duration) ToMinutes() int64
- func (d Duration) ToSeconds() int64
- func (d *Duration) UnmarshalJSON(b []byte) error
- type Effect
- type Entity
- type EntityGetter
- type EntityMap
- type EntityType
- type EntityUID
- type EntityUIDSet
- type IPAddr
- func (i IPAddr) Addr() netip.Addr
- func (i IPAddr) Contains(o IPAddr) bool
- func (i IPAddr) Equal(bi Value) bool
- func (i IPAddr) IsIPv4() bool
- func (i IPAddr) IsIPv6() bool
- func (i IPAddr) IsLoopback() bool
- func (i IPAddr) IsMulticast() bool
- func (i IPAddr) MarshalCedar() []byte
- func (i IPAddr) MarshalJSON() ([]byte, error)
- func (i IPAddr) Prefix() netip.Prefix
- func (i IPAddr) String() string
- func (i *IPAddr) UnmarshalJSON(b []byte) error
- type Ident
- type ImplicitlyMarshaledEntityUID
- type Long
- type Path
- type Pattern
- type PolicyID
- type Position
- type Record
- func (r Record) All() iter.Seq2[String, Value]
- func (r Record) Equal(bi Value) bool
- func (r Record) Get(s String) (Value, bool)
- func (r Record) Iterate(iter RecordIterator)deprecated
- func (r Record) Keys() iter.Seq[String]
- func (r Record) Len() int
- func (r Record) Map() RecordMap
- func (r Record) MarshalCedar() []byte
- func (r Record) MarshalJSON() ([]byte, error)
- func (r Record) String() string
- func (r *Record) UnmarshalJSON(b []byte) error
- func (r Record) Values() iter.Seq[Value]
- type RecordIterator
- type RecordMap
- type Request
- type Set
- func (s Set) All() iter.Seq[Value]
- func (s Set) Contains(v Value) bool
- func (s Set) Equal(bi Value) bool
- func (s Set) Iterate(iter SetIterator)deprecated
- func (s Set) Len() int
- func (s Set) MarshalCedar() []byte
- func (s Set) MarshalJSON() ([]byte, error)
- func (s Set) Slice() []Value
- func (s Set) String() string
- func (s *Set) UnmarshalJSON(b []byte) error
- type SetIterator
- type String
- type Value
- type Wildcard
Constants ¶
const ( Allow = Decision(true) Deny = Decision(false) )
Each authorization results in one of these Decisions.
const ( Permit = Effect(true) Forbid = Effect(false) )
Each Policy has a Permit or Forbid effect that is determined during parsing.
const ( True = Boolean(true) False = Boolean(false) )
Variables ¶
This section is empty.
Functions ¶
func UnmarshalJSON ¶
Types ¶
type Annotations ¶ added in v0.3.1
An Annotations is a map of key, value pairs found in the policy. Annotations have no impact on policy evaluation.
type Boolean ¶
type Boolean bool
A Boolean is a value that is either true or false.
func (Boolean) MarshalCedar ¶
MarshalCedar produces a valid MarshalCedar language representation of the Boolean, e.g. `true`.
type Datetime ¶ added in v0.3.2
type Datetime struct {
// contains filtered or unexported fields
}
Datetime represents a Cedar datetime value
func NewDatetime ¶ added in v1.0.0
NewDatetime returns a Cedar Datetime from a Go time.Time value
func NewDatetimeFromMillis ¶ added in v1.0.0
NewDatetimeFromMillis returns a Datetime from a count of milliseconds since January 1, 1970 @ 00:00:00 UTC.
func ParseDatetime ¶ added in v0.3.2
ParseDatetime returns a Cedar datetime when the argument provided represents a compatible datetime or an error
Cedar RFC 80 defines valid datetime strings as one of:
- "YYYY-MM-DD" (date only, with implied time 00:00:00, UTC) - "YYYY-MM-DDThh:mm:ssZ" (date and time, UTC) - "YYYY-MM-DDThh:mm:ss.SSSZ" (date and time with millisecond, UTC) - "YYYY-MM-DDThh:mm:ss(+/-)hhmm" (date and time, time zone offset) - "YYYY-MM-DDThh:mm:ss.SSS(+/-)hhmm" (date and time with millisecond, time zone offset)
func (Datetime) Equal ¶ added in v0.3.2
Equal returns true if the input represents the same timestamp.
func (Datetime) LessThan ¶ added in v0.3.2
LessThan returns true if value is less than the argument and they are both Datetime values, or an error indicating they aren't comparable otherwise
func (Datetime) LessThanOrEqual ¶ added in v0.3.2
LessThan returns true if value is less than or equal to the argument and they are both Datetime values, or an error indicating they aren't comparable otherwise
func (Datetime) MarshalCedar ¶ added in v0.3.2
MarshalCedar returns a []byte which, when parsed by the Cedar Parser, returns an Equal Datetime value
func (Datetime) MarshalJSON ¶ added in v0.3.2
MarshalJSON marshals a Cedar Datetime with the explicit representation
func (Datetime) Milliseconds ¶ added in v0.3.2
Milliseconds returns the number of milliseconds since the Unix epoch
func (*Datetime) UnmarshalJSON ¶ added in v0.3.2
UnmarshalJSON implements encoding/json.Unmarshaler for Datetime
It is capable of unmarshaling 3 different representations supported by Cedar
- { "__extn": { "fn": "datetime", "arg": "1970-01-01" }}
- { "fn": "datetime", "arg": "1970-01-01" }
- "1970-01-01"
type Decimal ¶
type Decimal struct {
// contains filtered or unexported fields
}
A Decimal is a value with both a whole number part and a decimal part of no more than four digits. A decimal value can range from -922337203685477.5808 to 922337203685477.5807.
func NewDecimal ¶ added in v1.0.0
NewDecimal returns a Decimal value of i * 10^exponent.
func NewDecimalFromFloat ¶ added in v1.0.0
func NewDecimalFromFloat[T constraints.Float](f T) (Decimal, error)
NewDecimalFromFloat returns a Decimal that approximates the given floating point value. The value of the Decimal is calculated by multiplying it by 10^4, truncating it to an int64 representation to cut off any digits beyond the four allowed, and passing it as an integer to NewDecimal() with -4 as the exponent.
WARNING: decimal representations of more than 6 significant digits for float32s and 15 significant digits for float64s can be lossy in terms of precision. To create a precise Decimal above those sizes, use the NewDecimal constructor.
func NewDecimalFromInt ¶ added in v1.0.0
func NewDecimalFromInt[T constraints.Signed](i T) (Decimal, error)
NewDecimalFromInt returns a Decimal with the whole integer value provided
func ParseDecimal ¶
ParseDecimal takes a string representation of a decimal number and converts it into a Decimal type.
func (Decimal) Compare ¶ added in v1.0.0
Compare returns
-1 if d is less than other, 0 if d equals other, +1 if d is greater than other.
func (Decimal) Float ¶ added in v1.0.7
Float returns a float64 representation of a Decimal. Warning: some precision may be lost during this conversion.
func (Decimal) MarshalCedar ¶
MarshalCedar produces a valid MarshalCedar language representation of the Decimal, e.g. `decimal("12.34")`.
func (Decimal) MarshalJSON ¶
MarshalJSON marshals the Decimal into JSON using the explicit form.
func (*Decimal) UnmarshalJSON ¶
UnmarshalJSON implements encoding/json.Unmarshaler for Decimal
It is capable of unmarshaling 3 different representations supported by Cedar
- { "__extn": { "fn": "decimal", "arg": "1234.5678" }}
- { "fn": "decimal", "arg": "1234.5678" }
- "1234.5678"
type Decision ¶ added in v0.3.1
type Decision bool
A Decision is the result of the authorization.
func (Decision) MarshalJSON ¶ added in v0.3.1
func (*Decision) UnmarshalJSON ¶ added in v0.3.1
type Diagnostic ¶ added in v0.3.1
type Diagnostic struct {
Reasons []DiagnosticReason `json:"reasons,omitempty"`
Errors []DiagnosticError `json:"errors,omitempty"`
}
A Diagnostic details the errors and reasons for an authorization decision.
type DiagnosticError ¶ added in v0.3.1
type DiagnosticError struct {
PolicyID PolicyID `json:"policy"`
Position Position `json:"position"`
Message string `json:"message"`
}
An DiagnosticError details the PolicyID within a PolicySet, the Position within the text document if applicable, and the resulting error message.
func (DiagnosticError) String ¶ added in v0.3.1
func (e DiagnosticError) String() string
type DiagnosticReason ¶ added in v0.3.1
type DiagnosticReason struct {
PolicyID PolicyID `json:"policy"`
Position Position `json:"position"`
}
A DiagnosticReason details the PolicyID within a PolicySet and the Position within the text document, if applicable.
type Duration ¶ added in v0.3.2
type Duration struct {
// contains filtered or unexported fields
}
A Duration is a value representing a span of time in milliseconds.
func NewDuration ¶ added in v1.0.0
NewDuration returns a Cedar Duration from a Go time.Duration
func NewDurationFromMillis ¶ added in v1.0.0
NewDurationFromMillis returns a Duration from milliseconds
func ParseDuration ¶ added in v0.3.2
ParseDuration parses a Cedar Duration from a string
Cedar RFC 80 defines a valid duration string as collapsed sequence of quantity-unit pairs, possibly with a leading `-`, indicating a negative duration. The units must appear in order from longest timeframe to smallest. - d: days - h: hours - m: minutes - s: seconds - ms: milliseconds
func (Duration) Duration ¶ added in v1.0.7
Duration returns a time.Duration representation of a Duration. An error is returned if the duration cannot be converted to a time.Duration.
func (Duration) Equal ¶ added in v0.3.2
Equal returns true if the input represents the same duration
func (Duration) LessThan ¶ added in v0.3.2
LessThan returns true if value is less than the argument and they are both Duration values, or an error indicating they aren't comparable otherwise
func (Duration) LessThanOrEqual ¶ added in v0.3.2
LessThan returns true if value is less than or equal to the argument and they are both Duration values, or an error indicating they aren't comparable otherwise
func (Duration) MarshalCedar ¶ added in v0.3.2
MarshalCedar produces a valid MarshalCedar language representation of the Duration, e.g. `decimal("12.34")`.
func (Duration) MarshalJSON ¶ added in v0.3.2
MarshalJSON marshals the Duration into JSON using the explicit form.
func (Duration) ToDays ¶ added in v0.3.2
ToDays returns the number of days this Duration represents, truncating when fractional
func (Duration) ToHours ¶ added in v0.3.2
ToHours returns the number of hours this Duration represents, truncating when fractional
func (Duration) ToMilliseconds ¶ added in v0.3.2
ToMilliseconds returns the number of milliseconds this Duration represents
func (Duration) ToMinutes ¶ added in v0.3.2
ToMinutes returns the number of minutes this Duration represents, truncating when fractional
func (Duration) ToSeconds ¶ added in v0.3.2
ToSeconds returns the number of seconds this Duration represents, truncating when fractional
func (*Duration) UnmarshalJSON ¶ added in v0.3.2
UnmarshalJSON implements encoding/json.Unmarshaler for Duration
It is capable of unmarshaling 3 different representations supported by Cedar
- { "__extn": { "fn": "duration", "arg": "1h10m" }}
- { "fn": "duration", "arg": "1h10m" }
- "1h10m"
type Effect ¶ added in v0.3.1
type Effect bool
An Effect specifies the intent of the policy, to either permit or forbid any request that matches the scope and conditions specified in the policy.
type Entity ¶
type Entity struct {
UID EntityUID `json:"uid"`
Parents EntityUIDSet `json:"parents"`
Attributes Record `json:"attrs"`
Tags Record `json:"tags"`
}
An Entity defines the parents and attributes for an EntityUID.
func (Entity) MarshalJSON ¶ added in v1.0.0
MarshalJSON serializes Entity as a JSON object, using the implicit form of EntityUID encoding to match the Rust SDK's behavior.
type EntityGetter ¶ added in v1.0.4
An EntityGetter is an interface for retrieving an Entity by EntityUID.
type EntityMap ¶ added in v1.0.0
An EntityMap is a collection of all the entities that are needed to evaluate authorization requests. The key is an EntityUID which uniquely identifies the Entity (it must be the same as the UID within the Entity itself.)
func (EntityMap) MarshalJSON ¶ added in v1.0.0
func (*EntityMap) UnmarshalJSON ¶ added in v1.0.0
type EntityUID ¶
type EntityUID struct {
Type EntityType
ID String
}
An EntityUID is the identifier for a principal, action, or resource.
func NewEntityUID ¶
func NewEntityUID(typ EntityType, id String) EntityUID
NewEntityUID returns an EntityUID given an EntityType and identifier
func (EntityUID) MarshalCedar ¶
MarshalCedar produces a valid MarshalCedar language representation of the EntityUID, e.g. `Type::"id"`.
func (EntityUID) MarshalJSON ¶
MarshalJSON marshals the EntityUID into JSON using the explicit form.
func (EntityUID) String ¶
String produces a string representation of the EntityUID, e.g. `Type::"id"`.
func (*EntityUID) UnmarshalJSON ¶
type EntityUIDSet ¶ added in v1.0.0
type EntityUIDSet = mapset.ImmutableMapSet[EntityUID]
func NewEntityUIDSet ¶ added in v1.0.0
func NewEntityUIDSet(args ...EntityUID) EntityUIDSet
NewEntityUIDSet returns an immutable EntityUIDSet ready for use.
type IPAddr ¶
An IPAddr is value that represents an IP address. It can be either IPv4 or IPv6. The value can represent an individual address or a range of addresses.
func ParseIPAddr ¶
ParseIPAddr takes a string representation of an IP address and converts it into an IPAddr type.
func (IPAddr) IsLoopback ¶
func (IPAddr) IsMulticast ¶
func (IPAddr) MarshalCedar ¶
MarshalCedar produces a valid MarshalCedar language representation of the IPAddr, e.g. `ip("127.0.0.1")`.
func (IPAddr) MarshalJSON ¶
MarshalJSON marshals the IPAddr into JSON using the explicit form.
func (*IPAddr) UnmarshalJSON ¶
UnmarshalJSON implements encoding/json.Unmarshaler for IPAddr
It is capable of unmarshaling 3 different representations supported by Cedar
- { "__extn": { "fn": "ip", "arg": "12.34.56.78" }}
- { "fn": "ip", "arg": "12.34.56.78" }
- "12.34.56.78"
type Ident ¶
type Ident string
Ident is the type for a single unquoted identifier in cedar, e.g. in `context.key`, `key` is an ident.
type ImplicitlyMarshaledEntityUID ¶ added in v1.0.0
type ImplicitlyMarshaledEntityUID EntityUID
ImplicitlyMarshaledEntityUID exists to allow the marshaling of the EntityUID into JSON using the implicit form. Users can opt in to this form if they know that this EntityUID will be serialized to a place where its type will be unambiguous.
func (ImplicitlyMarshaledEntityUID) MarshalJSON ¶ added in v1.0.0
func (i ImplicitlyMarshaledEntityUID) MarshalJSON() ([]byte, error)
type Long ¶
type Long int64
A Long is a whole number without decimals that can range from -9223372036854775808 to 9223372036854775807.
func (Long) MarshalCedar ¶
MarshalCedar produces a valid MarshalCedar language representation of the Long, e.g. `42`.
type Pattern ¶
type Pattern struct {
// contains filtered or unexported fields
}
Pattern is used to define a string used for the like operator. It does not conform to the Value interface, as it is not one of the Cedar types.
func NewPattern ¶
NewPattern permits for the programmatic construction of a Pattern out of a slice of pattern components. The pattern components may be one of string, types.String, or types.Wildcard. Any other types will cause a panic.
func (Pattern) MarshalCedar ¶
func (Pattern) MarshalJSON ¶
func (Pattern) Match ¶
Match reports whether name matches the shell file name pattern. The pattern syntax is:
pattern:
{ term }
term:
'*' matches any sequence of non-Separator characters
c matches character c (c != '*')
func (*Pattern) UnmarshalJSON ¶
type PolicyID ¶ added in v0.3.1
type PolicyID string
PolicyID is a string identifier for the policy within the PolicySet
type Position ¶ added in v0.3.1
type Position struct {
// Filename is the optional name of the source file for the enclosing policy, "" if the source is unknown or not a named file
Filename string `json:"filename"`
// Offset is the byte offset, starting at 0
Offset int `json:"offset"`
// Line is the line number, starting at 1
Line int `json:"line"`
// Column is the column number, starting at 1 (character count per line)
Column int `json:"column"`
}
A Position describes an arbitrary source position including the file, line, and column location.
type Record ¶
type Record struct {
// contains filtered or unexported fields
}
A Record is an immutable collection of attributes. Each attribute consists of a name and an associated value. Names are simple strings. Values can be of any type.
func NewRecord ¶ added in v0.4.0
NewRecord returns an immutable Record given a Go map of Strings to Values
func (Record) All ¶ added in v1.2.0
All returns an iterator over the keys and values in the Record. Iteration order is non-deterministic.
func (Record) Get ¶ added in v0.4.0
Get returns (v, true) where v is the Value associated with key s, if Record contains key s. Get returns (nil, false) if Record does not contain key s.
func (Record) Iterate
deprecated
added in
v0.4.0
func (r Record) Iterate(iter RecordIterator)
Iterate calls iter for each key/value pair in the record. Iteration order is non-deterministic.
Deprecated: Use All(), Keys(), or Values() instead.
func (Record) Keys ¶ added in v1.2.0
Keys returns an iterator over the keys in the Record. Iteration order is non-deterministic.
func (Record) Map ¶ added in v0.4.0
Map returns a clone of the Record's internal RecordMap which is safe to mutate.
func (Record) MarshalCedar ¶
MarshalCedar produces a valid MarshalCedar language representation of the Record, e.g. `{"a":1,"b":2,"c":3}`.
func (Record) MarshalJSON ¶
MarshalJSON marshals the Record into JSON, the marshaller uses the explicit JSON form for all the values in the Record.
func (Record) String ¶
String produces a string representation of the Record, e.g. `{"a":1,"b":2,"c":3}`.
func (*Record) UnmarshalJSON ¶
type RecordIterator ¶ added in v0.4.0
RecordIterator is called for each item in the Record when passed to Iterate. Returning false from this function causes iteration to cease.
type Request ¶ added in v0.3.1
type Request struct {
Principal EntityUID `json:"principal"`
Action EntityUID `json:"action"`
Resource EntityUID `json:"resource"`
Context Record `json:"context"`
}
A Request is the Principal, Action, Resource, and Context portion of an authorization request.
type Set ¶
type Set struct {
// contains filtered or unexported fields
}
A Set is an immutable collection of elements that can be of the same or different types.
func NewSet ¶ added in v0.4.0
NewSet returns an immutable Set given a variadic set of Values. Duplicates are removed and order is not preserved.
func (Set) All ¶ added in v1.2.0
All returns an iterator over elements in the set. Iteration order is non-deterministic.
func (Set) Iterate
deprecated
added in
v0.4.0
func (s Set) Iterate(iter SetIterator)
Iterate calls iter for each item in the Set. Returning false from the iter function causes iteration to cease. Iteration order is non-deterministic.
Deprecated: use All() instead.
func (Set) MarshalCedar ¶
MarshalCedar produces a valid MarshalCedar language representation of the Set, e.g. `[1,2,3]`. Set elements are rendered in hash order, which may differ from the original order.
func (Set) MarshalJSON ¶
MarshalJSON marshals the Set into JSON. Set elements are rendered in hash order, which may differ from the original order.
func (Set) Slice ¶ added in v0.4.0
Slice returns a slice of the Values in the Set which is safe to mutate. The order of the values is non-deterministic.
func (*Set) UnmarshalJSON ¶
UnmarshalJSON parses a JSON-encoded Cedar set literal into a Set
type SetIterator ¶ added in v0.4.0
SetIterator defines the type of the iteration callback function
type String ¶
type String string
A String is a sequence of characters consisting of letters, numbers, or symbols.
func (String) MarshalCedar ¶
MarshalCedar produces a valid MarshalCedar language representation of the String, e.g. `"hello"`.
type Value ¶
type Value interface {
fmt.Stringer
// MarshalCedar produces a valid MarshalCedar language representation of the Value.
MarshalCedar() []byte
Equal(Value) bool
// contains filtered or unexported methods
}
Value defines the interface for all Cedar values (String, Long, Set, Record, Boolean, etc ...)
Implementations of Value _must_ be able to be safely copied shallowly, which means they must either be immutable or be made up of data structures that are free of pointers (e.g. slices and maps).
Source Files