README
¶
Hexa SDK package
This package contains the main GO package for accessing Hexa Providers using a common interface. For more information on how to use this package, see the developer docs page.
Documentation
¶
Index ¶
- Constants
- func WithAttributeMap(nameMap map[string]string) func(options *Options)
- func WithIntegrationInfo(info policyprovider.IntegrationInfo) func(*Options)
- func WithOpaAwsIntegration(bucketName string, objectName string, credentialKey []byte) func(options *Options)
- func WithOpaGcpIntegration(bucketName string, objectName string, credentialKey []byte) func(options *Options)
- func WithOpaGithubIntegration(account string, repo string, bundlePath string, token []byte) func(options *Options)
- func WithOpaHttpIntegration(bundleUrl string, caCert string, token *string) func(options *Options)
- func WithProviderOptions(options interface{}) func(*Options)
- type Integration
- func (i *Integration) GetApplicationInfo(papAlias string) (*policyprovider.ApplicationInfo, error)
- func (i *Integration) GetPolicies(papAlias string) (*hexapolicy.Policies, error)
- func (i *Integration) GetPolicyApplicationPoints(aliasGen func() string) ([]policyprovider.ApplicationInfo, error)
- func (i *Integration) GetProvider() policyprovider.Provider
- func (i *Integration) GetType() string
- func (i *Integration) ReconcilePolicy(papAlias string, comparePolicies []hexapolicy.PolicyInfo, diffsOnly bool) ([]hexapolicy.PolicyDif, error)
- func (i *Integration) SetPolicyInfo(papAlias string, policies []hexapolicy.PolicyInfo) (int, error)
- type Options
Constants ¶
const ( ProviderTypeAvp string = avpProvider.ProviderTypeAvp ProviderTypeGoogleCloudIAP = iapProvider.ProviderTypeGoogleCloudIAP ProviderTypeGoogleCloudLegacy = iapProvider.ProviderTypeGoogleCloud ProviderTypeMock string = test.ProviderTypeMock ProviderTypeCognito string = cognitoProvider.ProviderTypeAwsCognito ProviderTypeAwsApiGW string = awsapigwProvider.ProviderTypeAwsApiGW ProviderTypeAzure string = azureProvider.ProviderTypeAzure ProviderTypeOpa = openpolicyagent.ProviderTypeOpa EnvTestProvider string = "HEXA_TEST_PROVIDER" // EnvTestProvider overrides whatever provider is requested and uses the specified provider instead (by name) )
Variables ¶
This section is empty.
Functions ¶
func WithAttributeMap ¶
WithAttributeMap may be used with providers that support IDQL conditions. The nameMap value indicates how an IDQL attribute name is mapped to the target attribute name. For example username maps to account. The map is of the form map['<scimName>'] = "<platformName>" Currently supported by syntactic mappers such as AVP Provider and GCP IAP Provider
func WithIntegrationInfo ¶
func WithIntegrationInfo(info policyprovider.IntegrationInfo) func(*Options)
WithIntegrationInfo provides a previously defined policyprovider.IntegrationInfo object to configure an integration.
func WithOpaAwsIntegration ¶ added in v0.6.3
func WithOpaAwsIntegration(bucketName string, objectName string, credentialKey []byte) func(options *Options)
WithOpaAwsIntegration is a convenience method to build up an integration to initialize the OPA provider with AWS S3 as the bucket repository. This method overrides information provided with the IntegrationInfo parameter of OpenIntegration
func WithOpaGcpIntegration ¶ added in v0.6.3
func WithOpaGcpIntegration(bucketName string, objectName string, credentialKey []byte) func(options *Options)
WithOpaGcpIntegration is a convenience method to build up an integration to initialize the OPA provider with GCP as the bucket repository. This method overrides information provided with the IntegrationInfo parameter of OpenIntegration
func WithOpaGithubIntegration ¶ added in v0.6.3
func WithOpaGithubIntegration(account string, repo string, bundlePath string, token []byte) func(options *Options)
WithOpaGithubIntegration is a convenience method to build up an integration to initialize the OPA provider with a GitHub repository as the bucket repository. This method overrides information provided with the IntegrationInfo parameter of OpenIntegration
func WithOpaHttpIntegration ¶ added in v0.6.3
WithOpaHttpIntegration is a convenience method to build up an integration to initialize the OPA provider with an HTTP service as the bucket repository. This method overrides information provided with the IntegrationInfo parameter of OpenIntegration The HTTP service must support GET and POST (Form) to retrieve and replace OPA bundles.
func WithProviderOptions ¶
func WithProviderOptions(options interface{}) func(*Options)
WithProviderOptions allows provider specific options to be passed through to the provider on initialization For example, AWS AVP Provider supports #awscommon.AWSClientOptions
Types ¶
type Integration ¶
type Integration struct {
Alias string `json:"alias"`
Opts Options `json:"options"`
Apps map[string]policyprovider.ApplicationInfo `json:"apps"`
// contains filtered or unexported fields
}
func OpenIntegration ¶
func OpenIntegration(options ...func(*Options)) (*Integration, error)
OpenIntegration accepts a json byte stream and parses into an IntegrationInfo which can be used to invoke the provider features. An IntegrationInfo struct consists of:
- integrationInfo - PolicyProvider.IntegrationInfo information defining the provider type and the credential used to access. If not provided, it must be provided using Options
- options - one or more configuration functions for configuring provider See: sdk.Options
func (*Integration) GetApplicationInfo ¶
func (i *Integration) GetApplicationInfo(papAlias string) (*policyprovider.ApplicationInfo, error)
func (*Integration) GetPolicies ¶
func (i *Integration) GetPolicies(papAlias string) (*hexapolicy.Policies, error)
GetPolicies queries the designated 'pap' and returns a set of mapped hexapolicy.PolicyInfo policies.
func (*Integration) GetPolicyApplicationPoints ¶
func (i *Integration) GetPolicyApplicationPoints(aliasGen func() string) ([]policyprovider.ApplicationInfo, error)
GetPolicyApplicationPoints invokes Provider.DiscoverApplications method to locate applications or policy application points available within a platform Integration. The 'aliasGen' func parameter is used to generate a local alias for the application. If 'nil' is passed, the ObjectId value from ApplicationInfo is used as the alias.
func (*Integration) GetProvider ¶
func (i *Integration) GetProvider() policyprovider.Provider
func (*Integration) GetType ¶
func (i *Integration) GetType() string
GetType returns the type of underlying provider. See: sdk.PROVIDER_TYPE_ values. If not defined, "ERROR" is returned.
func (*Integration) ReconcilePolicy ¶
func (i *Integration) ReconcilePolicy(papAlias string, comparePolicies []hexapolicy.PolicyInfo, diffsOnly bool) ([]hexapolicy.PolicyDif, error)
ReconcilePolicy returns the set of differences between the supplied policies and the policies reported by the specified 'pap'. Setting 'diffsOnly' to false will return results that include matched and unsupported policies (e.g. templates). If the provider implementation does not support reconcile, an error is returned.
func (*Integration) SetPolicyInfo ¶
func (i *Integration) SetPolicyInfo(papAlias string, policies []hexapolicy.PolicyInfo) (int, error)
SetPolicyInfo applies the specified set of policies to the integrations 'pap'. Depending on the underlying provider, set replaces all policies or does a reconciliation and performs the necessary changes to make the 'pap' have the same set of policies. Note: SetPolicyInfo does not support the setting of an individual policy.
type Options ¶
type Options struct {
// The HTTP client to invoke API calls with. Defaults to client's default HTTP
// implementation if nil.
HTTPClient interface{} `json:"-"`
Info *policyprovider.IntegrationInfo `json:"integrationInfo"`
AttributeMap map[string]string
ProviderOpts interface{} `json:"-"`
}
Source Files