{"id":23657891,"url":"https://github.com/hexa-org/policy-mapper","last_synced_at":"2025-07-21T09:04:16.550Z","repository":{"id":65471141,"uuid":"567379599","full_name":"hexa-org/policy-mapper","owner":"hexa-org","description":"Policy Mapper defines packages for use in mapping of Identity Policy between Hexa IDQL and other formats.","archived":false,"fork":false,"pushed_at":"2025-05-16T16:39:55.000Z","size":1278,"stargazers_count":3,"open_issues_count":10,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-16T17:38:48.208Z","etag":null,"topics":["aws","bind","cedar","cel","gcp","hexa","idql"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hexa-org.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-11-17T17:02:06.000Z","updated_at":"2025-05-16T16:40:00.000Z","dependencies_parsed_at":"2023-12-21T04:59:00.382Z","dependency_job_id":"85a68c5a-ee42-491f-8121-60a8f5ff6678","html_url":"https://github.com/hexa-org/policy-mapper","commit_stats":null,"previous_names":[],"tags_count":46,"template":false,"template_full_name":null,"purl":"pkg:github/hexa-org/policy-mapper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexa-org%2Fpolicy-mapper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexa-org%2Fpolicy-mapper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexa-org%2Fpolicy-mapper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexa-org%2Fpolicy-mapper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hexa-org","download_url":"https://codeload.github.com/hexa-org/policy-mapper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexa-org%2Fpolicy-mapper/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266270393,"owners_count":23902733,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","bind","cedar","cel","gcp","hexa","idql"],"created_at":"2024-12-28T22:33:21.647Z","updated_at":"2025-07-21T09:04:16.531Z","avatar_url":"https://github.com/hexa-org.png","language":"Go","readme":"![Hexa](https://hexaorchestration.org/wp-content/themes/hexa/img/logo.svg)\n\n# Hexa Policy Mapper Project\n\nThe Hexa Policy-Mapper Project provides administrative tools and development libraries for provisioning and mapping \nvarious policy systems into a common policy format known as [IDQL](https://github.com/hexa-org/policy/blob/main/specs/IDQL-core-specification.md). With Policy Mapper and IDQL, you can manage \nall your access policies consistently across software providers and cloud systems. The project includes a number of \nprebuilt integrations (we call them providers) as well as guidance on how to build your own providers.\n\nThis project provides:\n* a GoLang SDK which can be used in open source and commercial implementations to leverage this community library.\n* a Hexa CLI command line tool which can be used to provision policies to web accessible policy systems.\n* a GoLang interface ([policyprovider.Provider](/api/policyprovider/platform_interface.go)) enabling the development of new policy provisioning providers.\n\n\u003e [!Tip]\n\u003e [Policy-Orchestrator](https://github.com/hexa-org/policy-orchestrator) is available as a sample web server implementation that uses Policy-Mapper.\n\n\u003e [!Note]\n\u003e This project is currently under initial development and documentation may be out of date.\n\n## Supported Provider Integrations\n\nPolicy Mapper supports the following capabilities:\n\nSyntactical Mapping\n: Policy formats that have a parsable format or language, and can be represented in a \"tuple\" (subject, action, resource, conditions, scope) are considered \"syntactical\". Policy-Mapper can map these formats to and from IDQL JSON format. Examples include: IDQL, Cedar, GCP Bind among others. Syntactical Mapping support is provided for:\n\n * Google Bind Policy and Google Conditional Expression Language (CEL)\n * AWS Verified Permissions and Cedar policy language including support for CEL\n\nRBAC API Mapping\n: Some systems do not directly have a policy language but support role or group based access control settings through an API.\n\nPolicy Provisioning\n: Policy Mapper combines a set of Providers that call APIs to retrieve and map access policy as well as be able to set policy.\n\nPolicy Validation\n: IDQL Policies may be validated against a [Policy Information Model](docs/PolicyInfoModels.md) which specifies entities (subjects, resources), their schema,\nand how actions may be applied by subject entities against resource entities.\n\nPolicy Entity Syntax\n: New [policy syntax is available](docs/EntityValueFormat.md) that may be used in conjunction with Policy Validation. This is also useful when mapping to and from Cedar Policy Language.\n\nProvisioning support is provided for:\n* Google [Policy for IAP Secured Resources](https://cloud.google.com/iap/docs/managing-access) (Application Engine and Compute Engine)\n* [Amazon Verified Permissions](https://aws.amazon.com/verified-permissions/)\n* [OPA Open Policy Agent with Extensions to Support IDQL](https://github.com/hexa-org/policy-opa) and an OPA Extension Plugin to support ABAC policy (conditions) processing\n* Provisioning to RBAC based policy systems including (to be ported from hexa-org/policy-orchestrator):\n * Amazon\n * [Cognito RBAC](https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html)\n * [API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html)\n * Microsoft Azure\n\n \n## Getting Started\n\n### Installation\n\nInstall [go 1.21](https://go.dev), clone and build the project as follows:\n\n```shell\ngit clone https://github.com/hexa-org/policy-mapper.git\n\ncd policy-mapper\n\nsh ./build.sh\n```\n## Hexa CLI Tool\n\nTo test the Hexa SDK and or develop using scripts, use the [Hexa CLI tool](docs/HexaAdmin.md).\n\nTo run the Hexa CLI, simply type `hexa` at the command line once installed.\n\n\u003e [!Note]\n\u003e Hexa CLI currently does not support filenames with spaces. Valid example: add gcp --file=my_key.json\n\n## Hexa Developer Documentation\n\nTo start using the Hexa Mapper SDK in your GoLang project, perform the following get command:\n```shell\ngo get github.com/hexa-org/policy-mapper\n```\nFor more details on how to map or provision policy in either console (shell) form or GoLang, see: [Developer documentation](docs/Developer.md).\n\n## Provider Documentation\n\nEach provider in the `providers` directory structure has its own `README.md` that describes the provider and its capabilities and limitations.\n\n| Provider | Folder | Description | Type | Support |\n|--------------------------------------------------------------------------|-----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|------------------|-------------|\n| [AWS AVP](providers/aws/avpProvider/README.md) | providers/aws/avpProvider | Mapping to/from Cedar Policy language with Get/Set/Reconcile using AVP API | Syntactic Map | SDK,Console |\n| [AWS API Gateway](providers/aws/awsapigwProvider/README.md) | providers/aws/awsapigwProvider | Support for the Amazon API Gateway (**_experimental_**) | RBAC | SDK,Console |\n| [AWS Cognito](providers/aws/cognitoProvider/README.md) | providers/aws/cognitoProvider | Virtual policy support using Cognito Userpools and Groups | RBAC | SDK,Console |\n| [Azure Provider](providers/azure/azureProvider/README.md) | providers/azure/azureProvider | Support for Azure Application Role Policy | RBAC | SDK,Console |\n| [Google Cloud IAP Provider](providers/googlecloud/iapProvider/README.md) | providers/googlecloud/iapProvider | Mapping to/from Google Bind policy and IAP support for Google App Engine and GKE | Syntactic Map | SDK,Console |\n| [Open Policy Agent](providers/openpolicyagent/README.md) | providers/openpolicyagent | Integrates with [Hexa Policy-OPA](https://github.com/hexa-org/policy-opa) and interprets IDQL directly with conditions clause support | IDQL Interpreter | SDK,Console |\n\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhexa-org%2Fpolicy-mapper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhexa-org%2Fpolicy-mapper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhexa-org%2Fpolicy-mapper/lists"}