From 077a8086e8f3029e52bdf18a3c8a963ee93cba3d Mon Sep 17 00:00:00 2001 From: Matthias Veit Date: Mon, 23 Sep 2024 12:15:18 +0200 Subject: [PATCH] [core][feat] Add IAM edge collection (#2198) --- fixcore/fixcore/model/graph_access.py | 7 ++++++- fixcore/fixcore/types.py | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/fixcore/fixcore/model/graph_access.py b/fixcore/fixcore/model/graph_access.py index ed126fbf6d..7824e3de89 100644 --- a/fixcore/fixcore/model/graph_access.py +++ b/fixcore/fixcore/model/graph_access.py @@ -104,9 +104,14 @@ class EdgeTypes: # A resource can be deleted, if all outgoing resources are deleted. delete: EdgeType = "delete" + # This edge type defines the IAM relationship. + # It models allowed permissions between principals and resources, as well as the inter-principal relationship. + # Example: AWS IAM User (principal) has permission to write to an S3 bucket (resource). + iam: EdgeType = "iam" + # The set of all allowed edge types. # Note: the database schema has to be adapted to support additional edge types. - all: Set[EdgeType] = {default, delete} + all: Set[EdgeType] = {default, delete, iam} class Direction: diff --git a/fixcore/fixcore/types.py b/fixcore/fixcore/types.py index ec142c96a4..fa49fd28f9 100644 --- a/fixcore/fixcore/types.py +++ b/fixcore/fixcore/types.py @@ -21,7 +21,7 @@ ValidationResult = Optional[Any] ValidationFn = Callable[[Any], ValidationResult] -EdgeType = Literal["default", "delete"] +EdgeType = Literal["default", "delete", "iam"] # make sure jsons does not do something clever, when a json element needs to be parsed