access

package

v0.10.0 Latest Latest Go to latest Published: Sep 17, 2025 License: BSD-3-Clause-Clear Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/opentdf/platform

Links

Open Source Insights

Documentation ¶

Index ¶

func GetDefinitionFqnFromDefinition(def *policy.Attribute) (string, error)
func GetDefinitionFqnFromValue(v *policy.Value) (string, error)
func GetDefinitionFqnFromValueFqn(valueFqn string) (string, error)
func GroupValueFqnsByDefinition(valueFqns []string) (map[string][]string, error)
type DataRuleResult
type Decision
type Pdp
- func NewPdp(l *logger.Logger) *Pdp
- func (pdp *Pdp) DetermineAccess(ctx context.Context, dataAttributes []*policy.Value, ...) (map[string]*Decision, error)
type ValueFailure

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetDefinitionFqnFromDefinition ¶

func GetDefinitionFqnFromDefinition(def *policy.Attribute) (string, error)

GetDefinitionFqnFromDefinition constructs the FQN for an attribute definition.

func GetDefinitionFqnFromValue ¶

func GetDefinitionFqnFromValue(v *policy.Value) (string, error)

GetDefinitionFqnFromValue extracts the definition FQN from a policy value.

func GetDefinitionFqnFromValueFqn ¶

func GetDefinitionFqnFromValueFqn(valueFqn string) (string, error)

GetDefinitionFqnFromValueFqn extracts the definition FQN from a value FQN string.

func GroupValueFqnsByDefinition ¶

func GroupValueFqnsByDefinition(valueFqns []string) (map[string][]string, error)

GroupValueFqnsByDefinition groups value FQN strings by their attribute definition FQNs.

Types ¶

type DataRuleResult ¶

type DataRuleResult struct {
	Passed         bool              `json:"passed" example:"false"`
	RuleDefinition *policy.Attribute `json:"rule_definition"`
	ValueFailures  []ValueFailure    `json:"value_failures"`
}

DataRuleResult represents the result of evaluating one rule for an entity.

type Decision ¶

type Decision struct {
	Access  bool             `json:"access" example:"false"`
	Results []DataRuleResult `json:"entity_rule_result"`
}

Decision represents the overall access decision for an entity.

type Pdp ¶

type Pdp struct {
	// contains filtered or unexported fields
}

Pdp represents the Policy Decision Point component.

func NewPdp ¶

func NewPdp(l *logger.Logger) *Pdp

NewPdp creates a new Policy Decision Point instance.

func (*Pdp) DetermineAccess ¶

func (pdp *Pdp) DetermineAccess(
	ctx context.Context,
	dataAttributes []*policy.Value,
	entityAttributeSets map[string][]string,
	attributeDefinitions []*policy.Attribute,
) (map[string]*Decision, error)

DetermineAccess will take data Attribute Values, entities mapped entityId to Attribute Value FQNs, and data AttributeDefinitions, compare every data Attribute against every entity's set of Attribute Values, generating a rolled-up decision result for each entity, as well as a detailed breakdown of every data comparison.

type ValueFailure ¶

type ValueFailure struct {
	DataAttribute *policy.Value `json:"data_attribute"`
	Message       string        `json:"message" example:"Criteria NOT satisfied for entity: {entity_id} - lacked attribute value: {attribute}"`
}

ValueFailure represents a specific failure when evaluating a data attribute.

Source Files ¶

View all Source files

pdp.go

Directories ¶

Path	Synopsis
v2
obligations

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL