ads

package
v0.0.0-...-1643d90 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2020 License: UPL-1.0 Imports: 2 Imported by: 0

Documentation

Overview

Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. Licensed under the Universal Permissive License (UPL) Version 1.0 as shown at http://oss.oracle.com/licenses/upl.

Index

Constants

View Source 
const (
	Evaluation_TakeEffect      string = "takeEffect"
	Evaluation_ConditionFailed string = "conditionFailed"
	Evaluation_Ignored         string = "ignored"
)
View Source 
const (
	BuiltIn_Role_Anonymous     = "anonymous_role"
	BuiltIn_Role_Authenticated = "authenticated_role"
	BuiltIn_Role_Everyone      = "everyone_role"

	BuiltIn_Attr_RequestUser     = "request_user"
	BuiltIn_Attr_RequestGroups   = "request_groups"
	BuiltIn_Attr_RequestResource = "request_resource"
	BuiltIn_Attr_RequestAction   = "request_action"
	BuiltIn_Attr_RequestEntity   = "request_entity"

	BuiltIn_Attr_RequestTime    = "request_time"
	BuiltIn_Attr_RequestYear    = "request_year"
	BuiltIn_Attr_RequestMonth   = "request_month"
	BuiltIn_Attr_RequestDay     = "request_day"
	BuiltIn_Attr_RequestHour    = "request_hour"
	BuiltIn_Attr_RequestWeekday = "request_weekday"
)
View Source 
const (
	PRINCIPAL_TYPE_USER   = "user"
	PRINCIPAL_TYPE_GROUP  = "group"
	PRINCIPAL_TYPE_ROLE   = "role"
	PRINCIPAL_TYPE_ENTITY = "entity"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Diagnose 

type Diagnose interface {
	// returns all the policies related to a subject
	Diagnose(c RequestContext) (*EvaluationResult, error)
}

type Discover 

type Discover interface {
	// always returns true in Resource Discovery Mode
	Discover(c RequestContext) (allowed bool, reason Reason, err error)
}

type EvaluatedCondition 

type EvaluatedCondition struct {
	ConditionExpression string `json:"conditionExpression,omitempty"`
	EvaluationResult    string `json:"evaluationResult,omitempty"`
}

type EvaluatedPolicy 

type EvaluatedPolicy struct {
	Status      string              `json:"status,omitempty"`
	ID          string              `json:"id,omitempty"`
	Name        string              `json:"name,omitempty"`
	Effect      string              `json:"effect,omitempty"`
	Permissions []pms.Permission    `json:"permissions,omitempty"`
	Principals  [][]string          `json:"principals,omitempty"`
	Condition   *EvaluatedCondition `json:"condition,omitempty"`
}

type EvaluatedRolePolicy 

type EvaluatedRolePolicy struct {
	Status              string              `json:"status,omitempty"`
	ID                  string              `json:"id,omitempty"`
	Name                string              `json:"name,omitempty"`
	Effect              string              `json:"effect,omitempty"`
	Roles               []string            `json:"roles,omitempty"`
	Principals          []string            `json:"principals,omitempty"`
	Resources           []string            `json:"resources,omitempty"`
	ResourceExpressions []string            `json:"resourceExpression,omitempty"`
	Condition           *EvaluatedCondition `json:"condition,omitempty"`
}

type EvaluationResult 

type EvaluationResult struct {
	Allowed      bool                   `json:"allowed"`
	Reason       Reason                 `json:"reason"`
	RequestCtx   *RequestContext        `json:"requestContext,omitempty"`
	Attributes   map[string]interface{} `json:"attributes,omitempty"`
	GrantedRoles []string               `json:"grantedRoles,omitempty"`
	RolePolicies []*EvaluatedRolePolicy `json:"rolePolicies,omitempty"`
	Policies     []*EvaluatedPolicy     `json:"policies,omitempty"`
}

func (*EvaluationResult) AddPolicies 

func (p *EvaluationResult) AddPolicies(grantedPolicies []*pms.Policy, deniedPolicies []*pms.Policy)

func (*EvaluationResult) AddPolicy 

func (p *EvaluationResult) AddPolicy(policy *pms.Policy, policyStatus string, result bool)

func (*EvaluationResult) AddRolePolicy 

func (p *EvaluationResult) AddRolePolicy(rolePolicy *pms.RolePolicy, result bool)

type PolicyEvaluator 

type PolicyEvaluator interface {
	// IsAllowed returns if the subject has been granted to a resource specified by a request context
	IsAllowed(c RequestContext) (allowed bool, reason Reason, err error)

	// GetAllGrantedRoles returns the granted app roles in an application.
	GetAllGrantedRoles(c RequestContext) ([]string, error)

	// GetAllGrantedPermissions returns the granted resources in an application.
	GetAllGrantedPermissions(cl RequestContext) ([]pms.Permission, error)

	Refresh() error

	Discover

	Diagnose
}

type Principal 

type Principal struct {
	Type string `json:"type,omitempty"`
	Name string `json:"name,omitempty"`
	IDD  string `json:"idd,omitempty"`
}

func (*Principal) String 

func (p *Principal) String() string

type Reason 

type Reason int32

reason for evaluation result 

const (
	GRANT_POLICY_FOUND Reason = iota
	DENY_POLICY_FOUND
	SERVICE_NOT_FOUND
	NO_APPLICABLE_POLICIES
	ERROR_IN_EVALUATION
	DISCOVER_MODE
	REASON_NOT_AVAILABLE
)

func (Reason) String 

func (m Reason) String() string

String returns the English name of the Reason

type RequestContext 

type RequestContext struct {
	Subject     *Subject               `json:"subject,omitempty"`
	ServiceName string                 `json:"serviceName,omitempty"`
	Resource    string                 `json:"resource,omitempty"`
	Action      string                 `json:"action,omitempty"`
	Attributes  map[string]interface{} `json:"attributes,omitempty"`
}

type Subject 

type Subject struct {
	Principals []*Principal `json:"principals,omitempty"`
	TokenType  string       `json:"tokenType,omitempty"`
	Token      string       `json:"token,omitempty"`
	Asserted   bool         `json:"asserted,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.