-
Notifications
You must be signed in to change notification settings - Fork 4
/
policy.go
151 lines (126 loc) · 5.99 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package models
import "time"
type CreatePolicyRequest struct {
Name string `json:"name" binding:"required"`
Description string `json:"description"`
PolicyData PolicyData `json:"policy_data" binding:"required"`
Orgwide bool `json:"org_wide"`
}
type UpdatePolicyRequest struct {
Name *string `json:"name"`
Description *string `json:"description"`
PolicyData *PolicyData `json:"policy_data" binding:"required"`
}
type Policy struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
PolicyData PolicyData `json:"policy_data"`
SocketIDs []string `json:"socket_ids"`
OrgID string `json:"org_id"`
OrgWide bool `json:"org_wide"`
CreatedAt time.Time `json:"created_at"`
}
type PolicyTest struct {
Email string `json:"email" binding:"required"`
IPAddress string `json:"ip_address" binding:"required"`
Time string `json:"time" binding:"required"`
}
type PolicyTestRespone struct {
Actions map[string][]string `json:"Actions,omitempty"`
Info struct {
Allowed []string `json:"allowed,omitempty"`
Failed []string `json:"failed,omitempty"`
} `json:"Info,omitempty"`
}
type PolicyData struct {
Version string `json:"version"`
Action any `json:"action"`
Condition Condition `json:"condition" mapstructure:"condition"`
}
type Condition struct {
Who ConditionWho `json:"who,omitempty" mapstructure:"who"`
Where ConditionWhere `json:"where,omitempty" mapstructure:"where"`
When ConditionWhen `json:"when,omitempty" mapstructure:"when"`
}
type ConditionWho struct {
Email []string `json:"email,omitempty" mapstructure:"email"`
Domain []string `json:"domain,omitempty" mapstructure:"domain"`
Group []string `json:"group,omitempty" mapstructure:"group"`
ServiceAccount []string `json:"service_account,omitempty" mapstructure:"service_account"`
}
type ConditionWhere struct {
AllowedIP []string `json:"allowed_ip,omitempty" mapstructure:"allowed_ip"`
Country []string `json:"country,omitempty" mapstructure:"country"`
CountryNot []string `json:"country_not,omitempty" mapstructure:"country_not"`
}
type ConditionWhat struct{}
type ConditionWhen struct {
After string `json:"after,omitempty" mapstructure:"after"`
Before string `json:"before,omitempty" mapstructure:"before"`
TimeOfDayAfter string `json:"time_of_day_after,omitempty" mapstructure:"time_of_day_after"`
TimeOfDayBefore string `json:"time_of_day_before,omitempty" mapstructure:"time_of_day_before"`
}
type PolicyActionUpdateRequest struct {
Action string `json:"action" binding:"required"`
ID string `json:"id" binding:"required"`
}
type AddSocketToPolicyRequest struct {
Actions []PolicyActionUpdateRequest `json:"actions" binding:"required"`
}
type ExtendedAction struct {
Database *DatabaseActions `json:"database" mapstructure:"database"`
Ssh *SSHActions `json:"ssh" mapstructure:"ssh"`
}
type DatabaseActions struct {
Schemas []DatabaseSchemaAction `json:"schemas" mapstructure:"schemas"`
ReadOnly bool `json:"read_only" mapstructure:"read_only"`
AllowedQueryTypes []string `json:"allowed_query_types,omitempty" mapstructure:"allowed_query_types,omitempty"`
MaxSessionDurationSeconds int `json:"max_session_duration_seconds" mapstructure:"max_session_duration_seconds"`
}
type DatabaseSchemaAction struct {
Schema string `json:"schema" mapstructure:"schema"`
AllowedQueryTypes []string `json:"allowed_query_types" mapstructure:"allowed_query_types"`
ReadOnly bool `json:"read_only" mapstructure:"read_only"`
}
type SSHActions struct {
Shell SSHShellAction `json:"shell" mapstructure:"shell"`
Exec SSHExecAction `json:"exec" mapstructure:"exec"`
SFTP SSHSFTPAction `json:"sftp" mapstructure:"sftp"`
TcpForwarding SSHTcpForwardingAction `json:"tcp_forwarding" mapstructure:"tcp_forwarding"`
KubectlExec SSHKubectlExecAction `json:"kubectl_exec" mapstructure:"kubectl_exec"`
DockerExec SSHDockerExecAction `json:"docker_exec" mapstructure:"docker_exec"`
MaxSessionDurationSeconds int `json:"max_session_duration_seconds" mapstructure:"max_session_duration_seconds"`
AllowedUsernames []string `json:"allowed_usernames" mapstructure:"allowed_usernames"`
}
type SSHShellAction struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
}
type SSHExecAction struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
Commands []string `json:"commands" mapstructure:"commands"`
}
type SSHSFTPAction struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
}
type SSHTcpForwardingAction struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
AllowedConnections []SSHTcpForwardingConnection `json:"allowed_connections" mapstructure:"allowed_connections"`
}
type SSHTcpForwardingConnection struct {
DestinationAddress *string `json:"destination_address,omitempty" mapstructure:"destination_address,omitempty"`
DestinationPort *int `json:"destination_port,omitempty" mapstructure:"destination_port,omitempty"`
}
type SSHKubectlExecAction struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
AllowedNamespaces []KubectlExecNamespace `json:"allowed_namespaces" mapstructure:"allowed_namespaces"`
PodSelector map[string]string `json:"pod_selector" mapstructure:"pod_selector"`
}
type KubectlExecNamespace struct {
Namespace string `json:"namespace" mapstructure:"namespace"`
PodSelector map[string]string `json:"pod_selector" mapstructure:"pod_selector"`
}
type SSHDockerExecAction struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
AllowedContainers []string `json:"allowed_containers" mapstructure:"allowed_containers"`
}