The general goal is to be able to represent Conjur policy as objects in Go, and to be able to emit valid Conjur policy from objects in Go.
For this Go representation:
policy := PolicyBody{
Policy{
Id: "dev",
Owner: UserRef("admin"),
Body: PolicyBody{
Group{
Id: "bar",
Owner: UserRef("foo"),
},
User{
Id: "foo",
Owner: UserRef("admin"),
},
},
},
Policy{
Owner: UserRef("admin"),
Id: "pcf/prod",
Body: PolicyBody{
Group{
Id: "bar",
Owner: UserRef("foo"),
},
User{
Id: "foo",
Owner: UserRef("admin"),
},
},
},
}Outputs this YAML (and vice-versa):
- !policy
id: dev
owner: !user admin
body:
- !group
id: bar
owner: !user foo
- !user
id: foo
owner: !user admin
- !policy
id: pcf/prod
owner: !user admin
body:
- !group
id: bar
owner: !user foo
- !user
id: foo
owner: !user adminWhat is needed to achieve feature parity with ruby implementation?
- marshal models to YAML compliant with conjur syntax
- unmarshal conjur syntax YAML to models
- handle edge-cases (like empty policy)
- special handling of inlined id on objects with single attribute
- validate attribute duplications
- provide negative test-cases (e.g. invalid syntax)
- add license
- provide docs
- support for all entities policy statements
- verify fields available on model entities
- tag reference strong typing
- annotations stronger typing - support for conjur based annotations
- support inclusion of other yaml files
On another layer build on top of the parser
- restricted_to support with CIDR validation
- validate relative and absolute paths
- dependency order resolution
To be confirmed