hexa-org / policy-mapper Goto Github PK
View Code? Open in Web Editor NEWPolicy Mapper defines packages for use in mapping of Identity Policy between Hexa IDQL and other formats.
License: Apache License 2.0
Policy Mapper defines packages for use in mapping of Identity Policy between Hexa IDQL and other formats.
License: Apache License 2.0
Unlike projectid in AWS providers or GCP provider, projectid is never actually used. Instead the platform project is wrapped up in the bundle url and the access token.
This is important to simplify and avoid confusion.
When using the Hexa CLI and using the OPA HTTP provider. The client actually tries to get policy from the Server URL root rather than <server-rood>/bundles/bundle.tar.gz
The orchestrator "democonfig" service is an implementation of a bundle server that can be used for testing.
This would be moved over to the "examples" directory of policy-mapper to let evaluators set up and run a bundle server and OPA server.
Adding documentation for Azure test harness
The OPA Provider Get Policies function is expecting OPA Bundle server to respond with a file structure of
/bundle/
Instead the current testBundleServer is returning
/default/bundle/
This causes an unexpected file not found error
Adding documentation for the AWS Cognito provider
For some reason, the default policy generated by AVP often includes a when { true }; clause
permit(
principal,
action in [hexa_avp::Action::"ReadAccount",hexa_avp::Action::"Transfer",hexa_avp::Action::"Deposit",hexa_avp::Action::"Withdrawl"],
resource
) when {
true
};
The above when
clause should be converted or just ignored.
This adds support for Scopes which are obligations returned to a PEP. For example a SQL Filter, or IDQL Filter, or a set of attributes or columns allowed to be returned.
Use cases:
Discovered there were some migration issues between old and new policy formats.
Json attributes should all be lower initial case
Adding documentation for the Azure common provider information
Adding documentation for the main models directory
Current Policy-OPA project is using a version of IDQL that has Policy.ID. This has been moved to meta.policyId.
Because of the way the OPA Rego interpreter works, each IDQL policy installed needs to have an identifier.
See: Policy-OPA Issue#2.
Adding documentation for the AWS common provider info
Occasionally for testing purposes and other integration work there is the need to initialize a custom HTTP Client when calling cloud APIs. For example, the custom client can mock the remote server and its responses.
This is currently implemented inside many of Hexa Providers but is not yet exposed through the SDK interface.
This is to publish hexaOpa image so that IDQL enhanced OPA can be easily deployed with docker-compose and on cloud platforms.
At present bundle updates via HTTP can only be done anonymously.
For some reason when kong type=existingfile is used, the value is kept blank after the first use (good or bad).
Remove use of existingfile for now.
Add support for using authorization header values in addition to mutual TLS.
This is needed for AuthZen server.
Currently generates an error when parsing:
permit(
principal == ?principal,
action in [hexa_avp::Action::"ReadAccount"],
resource == ?resource
);
? is unexpected
Adding documentation for the Azure AD provider
Adding documentation for the SDK example
Current OPA provider is downgrading to an old version of IDQL. Should be end-to-end IDQL 0.6
Finalize OPA and integrate with Hexa console
Provide a little more context as to the type of resource. E.g. iap_proxy:backend:xyz
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.