[core][feat] Add IAM edge collection (#2198)

someengineering · Sep 23, 2024 · 077a808 · 077a808
1 parent 61e97ea
commit 077a808
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/fixcore/fixcore/model/graph_access.py b/fixcore/fixcore/model/graph_access.py
@@ -104,9 +104,14 @@ class EdgeTypes:
     # A resource can be deleted, if all outgoing resources are deleted.
     delete: EdgeType = "delete"
 
+    # This edge type defines the IAM relationship.
+    # It models allowed permissions between principals and resources, as well as the inter-principal relationship.
+    # Example: AWS IAM User (principal) has permission to write to an S3 bucket (resource).
+    iam: EdgeType = "iam"
+
     # The set of all allowed edge types.
     # Note: the database schema has to be adapted to support additional edge types.
-    all: Set[EdgeType] = {default, delete}
+    all: Set[EdgeType] = {default, delete, iam}
 
 
 class Direction:

diff --git a/fixcore/fixcore/types.py b/fixcore/fixcore/types.py
@@ -21,7 +21,7 @@
 ValidationResult = Optional[Any]
 ValidationFn = Callable[[Any], ValidationResult]
 
-EdgeType = Literal["default", "delete"]
+EdgeType = Literal["default", "delete", "iam"]
 
 
 # make sure jsons does not do something clever, when a json element needs to be parsed