Skip to main content

Managing Policy

Creating a Namespace
package main

import (
	"context"
	"log"

	"github.com/opentdf/platform/protocol/go/policy/namespaces"
	"github.com/opentdf/platform/sdk"
)

func main() {

	platformEndpoint := "https://opentdf.io"

	// Create a new client
	client, err := sdk.New(
		platformEndpoint,
		sdk.WithClientCredentials("opentdf", "secret", nil),
	)

	if err != nil {
		log.Fatal(err)
	}

	// Create Namesapce
	namespace := &namespaces.CreateNamespaceRequest{
		Name: "opentdf.io",
	}

	_, err = client.Namespaces.CreateNamespace(context.Background(), namespace)
	if err != nil {
		log.Fatal(err)
	}
}
List Namespaces
package main

import (
	"context"
	"log"

	"github.com/opentdf/platform/protocol/go/policy/namespaces"
	"github.com/opentdf/platform/sdk"
)

func main() {

	platformEndpoint := "http://localhost:9002"

	// Create a new client
	client, err := sdk.New(
		platformEndpoint,
		sdk.WithClientCredentials("opentdf", "secret", nil),
	)

	if err != nil {
		log.Fatal(err)
	}

	// List All Namespaces
	namespaces, err := client.Namespaces.ListNamespaces(context.Background(), &namespaces.ListNamespacesRequest{})
	if err != nil {
		log.Fatal(err)
	}
	for _, namespace := range namespaces.GetNamespaces() {
		log.Printf("Namespace: %s\n", namespace.GetName())
	}
}
Create Attribute
package main

import (
	"context"
	"log"

	"github.com/opentdf/platform/protocol/go/policy"
	"github.com/opentdf/platform/protocol/go/policy/attributes"
	"github.com/opentdf/platform/sdk"
)

func main() {

	platformEndpoint := "http://localhost:9002"

	// Create a new client
	client, err := sdk.New(
		platformEndpoint,
		sdk.WithClientCredentials("opentdf", "secret", nil),
	)

	if err != nil {
		log.Fatal(err)
	}

	// Create a new attribute
	namespaceID := "f9ac9403-a12f-4ed3-b3c9-a46910361b4d"

	attrRequest := &attributes.CreateAttributeRequest{
		NamespaceId: namespaceID,
		Name:        "role",
		Rule:        policy.AttributeRuleTypeEnum_ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF,
		Values:      []string{"admin", "developer", "guest"},
	}

	_, err = client.Attributes.CreateAttribute(context.Background(), attrRequest)
	if err != nil {
		log.Fatal(err)
	}
}
List Attributes
package main

import (
	"context"
	"log"

	"github.com/opentdf/platform/protocol/go/policy/attributes"
	"github.com/opentdf/platform/sdk"
)

func main() {

	platformEndpoint := "http://localhost:9002"

	// Create a new client
	client, err := sdk.New(
		platformEndpoint,
		sdk.WithClientCredentials("opentdf", "secret", nil),
	)

	if err != nil {
		log.Fatal(err)
	}

	// List attributes

	attrs, err := client.Attributes.ListAttributes(context.Background(), &attributes.ListAttributesRequest{})
	if err != nil {
		log.Fatal(err)
	}

	for _, attr := range attrs.GetAttributes() {
		log.Printf("Attribute: %s, ID: %s, ", attr.GetName(), attr.GetId())
		for _, value := range attr.Values {
			log.Printf("Value: %s, ID: %s", value.GetValue(), value.GetId())
		}
	}
}
Create Subject Condition Set
package main

import (
	"context"
	"log"

	"github.com/opentdf/platform/protocol/go/policy"
	"github.com/opentdf/platform/protocol/go/policy/subjectmapping"
	"github.com/opentdf/platform/sdk"
)

func main() {

	platformEndpoint := "http://localhost:9002"

	// Create a new client
	client, err := sdk.New(
		platformEndpoint,
		sdk.WithClientCredentials("opentdf", "secret", nil),
	)

	if err != nil {
		log.Fatal(err)
	}

	// Create Subject Condition Set

	coditionset := &subjectmapping.CreateSubjectConditionSetRequest{
		SubjectConditionSet: &subjectmapping.SubjectConditionSetCreate{
			SubjectSets: []*policy.SubjectSet{
				{
					ConditionGroups: []*policy.ConditionGroup{
						{
							BooleanOperator: policy.ConditionBooleanTypeEnum_CONDITION_BOOLEAN_TYPE_ENUM_AND,
							Conditions: []*policy.Condition{
								{
									SubjectExternalSelectorValue: ".clientId",
									Operator:                     policy.SubjectMappingOperatorEnum_SUBJECT_MAPPING_OPERATOR_ENUM_IN,
									SubjectExternalValues:        []string{"opentdf"},
								},
							},
						},
					},
				},
			},
		},
	}

	_, err = client.SubjectMapping.CreateSubjectConditionSet(context.Background(), coditionset)
	if err != nil {
		log.Fatal(err)
	}

}
Create Subject Mapping
package main

import (
	"context"
	"log"

	"github.com/opentdf/platform/protocol/go/policy"
	"github.com/opentdf/platform/protocol/go/policy/subjectmapping"
	"github.com/opentdf/platform/sdk"
)

func main() {

	platformEndpoint := "http://localhost:9002"

	// Create a new client
	client, err := sdk.New(
		platformEndpoint,
		sdk.WithClientCredentials("opentdf", "secret", nil),
	)

	if err != nil {
		log.Fatal(err)
	}

	// Create Subject Mapping
	subjectMapping := &subjectmapping.CreateSubjectMappingRequest{
		AttributeValueId: "224c9d29-2cd4-4a38-b6ad-5f025ca93a8c",
		Actions: []*policy.Action{
			{
				Value: &policy.Action_Standard{
					Standard: policy.Action_STANDARD_ACTION_DECRYPT,
				},
			},
		},
		ExistingSubjectConditionSetId: "890b26db-4ee4-447f-ae8a-2862d922eeef",
	}

	_, err = client.SubjectMapping.CreateSubjectMapping(context.Background(), subjectMapping)
	if err != nil {
		log.Fatal(err)
	}
}
List Subject Mappings
package main

import (
	"context"
	"log"

	"github.com/opentdf/platform/protocol/go/policy/subjectmapping"
	"github.com/opentdf/platform/sdk"
)

func main() {

	platformEndpoint := "http://localhost:9002"

	// Create a new client
	client, err := sdk.New(
		platformEndpoint,
		sdk.WithClientCredentials("opentdf", "secret", nil),
	)

	if err != nil {
		log.Fatal(err)
	}

	// List Subject Mapping

	subjectmappings, err := client.SubjectMapping.ListSubjectMappings(context.Background(), &subjectmapping.ListSubjectMappingsRequest{})
	if err != nil {
		log.Fatal(err)
	}

	for _, sm := range subjectmappings.GetSubjectMappings() {
		log.Printf("Subject Mapping: %s", sm.GetId())
	}
}