-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial API definition for providers
- Loading branch information
1 parent
7cf80e8
commit 5ccf97b
Showing
1 changed file
with
47 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/* | ||
Package PolicyProvider defines the common structures and interfaces (the API) to be implemented by each platform that Hexa | ||
integrates with. | ||
*/ | ||
package PolicyProvider | ||
|
||
import ( | ||
"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy" | ||
) | ||
|
||
/* | ||
Provider defines the common interface Hexa uses to connect to platforms to access and update security Policy. Each | ||
new Hexa Provider must implement this interface. | ||
*/ | ||
type Provider interface { | ||
Name() string | ||
DiscoverPolicyContexts(IntegrationInfo) ([]PolicyContext, error) | ||
GetPolicyInfo(IntegrationInfo, PolicyContext) (*hexapolicy.Policies, error) | ||
SetPolicyInfo(IntegrationInfo, PolicyContext, hexapolicy.Policies) (status int, foundErr error) | ||
} | ||
|
||
/* | ||
IntegrationInfo is a structure that provides the basic connectivity information to a platform. | ||
*/ | ||
type IntegrationInfo struct { | ||
Name string // A unique Name identifying the platform integration. | ||
Key []byte // Key is encoded JSON access data or token used to access a platform | ||
} | ||
|
||
/* | ||
ApplicationInfo describes a unique cloud application environment context where one or more policy systems are found | ||
*/ | ||
type ApplicationInfo struct { | ||
ObjectID string `validate:"required"` | ||
Name string // Name corresponds to IntegrationInfo.name | ||
Description string | ||
Service string // Service describes an identifier for a service to be administered | ||
} | ||
|
||
/* | ||
PolicyContext is an extension of ApplicationInfo and it is used where platforms administer policy directly to | ||
a resource. For example, GCP can apply policy to an IAP Proxy Frontend, Backend, etc. | ||
*/ | ||
type PolicyContext struct { | ||
ApplicationInfo | ||
Resource hexapolicy.ObjectInfo // Resource corresponds to an IDQL object resource where policy may be applied | ||
} |