Documentation
¶
Index ¶
- Constants
- Variables
- func AppendIfUnique[T comparable](slice1 []T, slice2 []T) []T
- func Contains[T comparable](s []T, e T) bool
- func GetNamespace(namespaceID string) string
- func GetRoleID(n, r string) string
- func GetRoleName(r string) string
- func ParseConfigYaml(fileBytes []byte) (map[string]ResourceConfig, error)
- func PermissionInheritanceFormatter(permissionName, namespaceName string) string
- func SpiceDBPermissionInheritanceFormatter(roleName string) string
- type ActionService
- type AppConfig
- type AuthzEngine
- type Config
- type ConfigYAML
- type FileService
- type InheritedNamespace
- type NamespaceConfig
- type NamespaceConfigMapType
- func GetNamespaceFromConfig(name string, rolesConfigs []RoleConfig, permissionConfigs []PermissionsConfig, ...) NamespaceConfigMapType
- func GetNamespacesForResourceGroup(name string, c ResourceConfig) NamespaceConfigMapType
- func MergeNamespaceConfigMap(smallMap, largeMap NamespaceConfigMapType) NamespaceConfigMapType
- type NamespaceService
- type NamespaceType
- type PGRepository
- type PermissionsConfig
- type PolicyService
- type ResourceConfig
- type ResourceTypeConfig
- type RoleConfig
- type RoleService
- type SchemaMigrationConfig
- type SchemaService
- type Transactor
- type UserRepository
Constants ¶
View Source
const ( // namespace OrganizationNamespace = "shield/organization" ProjectNamespace = "shield/project" GroupNamespace = "shield/group" ServiceDataKeyNamespace = "shield/servicedata_key" // relation OrganizationRelationName = "organization" ProjectRelationName = "project" GroupRelationName = "group" // roles OwnerRole = "owner" EditorRole = "editor" ViewerRole = "viewer" ManagerRole = "manager" MemberRole = "member" // permissions ViewPermission = "view" EditPermission = "edit" DeletePermission = "delete" // synthetic permission MembershipPermission = "membership" // principals UserPrincipal = "shield/user" GroupPrincipal = "shield/group" UserPrincipalWildcard = "shield/user:*" )
SpiceDB readable format is stored in predefined_schema.txt
View Source
const ( RESOURCES_CONFIG_STORAGE_PG = "postgres" RESOURCES_CONFIG_STORAGE_GS = "gs" RESOURCES_CONFIG_STORAGE_FILE = "file" RESOURCES_CONFIG_STORAGE_MEM = "mem" )
Variables ¶
View Source
var ( SystemNamespace NamespaceType = "system_namespace" ResourceGroupNamespace NamespaceType = "resource_group_namespace" ErrMigration = errors.New("error in migrating authz schema") ErrInvalidDetail = errors.New("error in schema config") )
View Source
var GroupNamespaceConfig = NamespaceConfig{ InheritedNamespaces: []InheritedNamespace{ { Name: OrganizationRelationName, NamespaceId: OrganizationNamespace, }, }, Roles: map[string][]string{ MemberRole: {UserPrincipal}, ManagerRole: {UserPrincipal}, }, Permissions: map[string][]string{ EditPermission: { ManagerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), }, ViewPermission: { ManagerRole, MemberRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(OrganizationRelationName, ViewerRole), }, DeletePermission: { ManagerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), }, MembershipPermission: { MemberRole, ManagerRole, }, }, }
View Source
var InheritedRelations = map[string]bool{ OrganizationRelationName: true, ProjectRelationName: true, }
View Source
var OrganizationNamespaceConfig = NamespaceConfig{ Roles: map[string][]string{ OwnerRole: {UserPrincipal, GroupPrincipal}, EditorRole: {UserPrincipal, GroupPrincipal}, ViewerRole: {UserPrincipal, GroupPrincipal}, }, Permissions: map[string][]string{ EditPermission: { OwnerRole, EditorRole, }, ViewPermission: { OwnerRole, EditorRole, ViewerRole, }, }, }
View Source
var PreDefinedResourceGroupNamespaceConfig = NamespaceConfig{ Type: ResourceGroupNamespace, InheritedNamespaces: []InheritedNamespace{ { Name: OrganizationRelationName, NamespaceId: OrganizationNamespace, }, { Name: ProjectRelationName, NamespaceId: ProjectNamespace, }, }, Roles: map[string][]string{ OwnerRole: {UserPrincipal, GroupPrincipal}, EditorRole: {UserPrincipal, GroupPrincipal}, ViewerRole: {UserPrincipal, GroupPrincipal}, }, Permissions: map[string][]string{ EditPermission: { OwnerRole, EditorRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, EditorRole), }, ViewPermission: { OwnerRole, EditorRole, ViewerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(OrganizationRelationName, ViewerRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, EditorRole), PermissionInheritanceFormatter(ProjectRelationName, ViewerRole), }, DeletePermission: { OwnerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), }, }, }
View Source
var PreDefinedSystemNamespaceConfig = NamespaceConfigMapType{ UserPrincipal: NamespaceConfig{}, OrganizationNamespace: OrganizationNamespaceConfig, ProjectNamespace: ProjectNamespaceConfig, GroupNamespace: GroupNamespaceConfig, }
View Source
var ProjectNamespaceConfig = NamespaceConfig{ InheritedNamespaces: []InheritedNamespace{ { Name: OrganizationRelationName, NamespaceId: OrganizationNamespace, }, }, Roles: map[string][]string{ OwnerRole: {UserPrincipal, GroupPrincipal}, EditorRole: {UserPrincipal, GroupPrincipal}, ViewerRole: {UserPrincipal, GroupPrincipal}, }, Permissions: map[string][]string{ EditPermission: { OwnerRole, EditorRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), }, ViewPermission: { OwnerRole, EditorRole, ViewerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(OrganizationRelationName, ViewerRole), }, DeletePermission: { OwnerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), }, }, }
View Source
var ServiceDataKeyConfig = NamespaceConfig{ InheritedNamespaces: []InheritedNamespace{ { Name: OrganizationRelationName, NamespaceId: OrganizationNamespace, }, { Name: ProjectRelationName, NamespaceId: ProjectNamespace, }, }, Roles: map[string][]string{ EditorRole: {UserPrincipal, GroupPrincipal, UserPrincipalWildcard}, ViewerRole: {UserPrincipal, GroupPrincipal, UserPrincipalWildcard}, OwnerRole: {UserPrincipal, GroupPrincipal}, }, Permissions: map[string][]string{ EditPermission: { OwnerRole, EditorRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, EditorRole), }, ViewPermission: { OwnerRole, EditorRole, ViewerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(OrganizationRelationName, ViewerRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, EditorRole), PermissionInheritanceFormatter(ProjectRelationName, ViewerRole), }, DeletePermission: { OwnerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), }, }, }
Functions ¶
func AppendIfUnique ¶
func AppendIfUnique[T comparable](slice1 []T, slice2 []T) []T
func Contains ¶
func Contains[T comparable](s []T, e T) bool
func GetNamespace ¶
func GetRoleName ¶
func ParseConfigYaml ¶ added in v0.6.34
func ParseConfigYaml(fileBytes []byte) (map[string]ResourceConfig, error)
Types ¶
type ActionService ¶
type AuthzEngine ¶
type AuthzEngine interface {
WriteSchema(ctx context.Context, schema NamespaceConfigMapType) error
}
type ConfigYAML ¶ added in v0.6.34
type ConfigYAML []map[string]ResourceConfig
type FileService ¶
type FileService interface {
GetSchema(ctx context.Context) (NamespaceConfigMapType, error)
}
type InheritedNamespace ¶
type NamespaceConfig ¶
type NamespaceConfig struct {
InheritedNamespaces []InheritedNamespace
Type NamespaceType
Roles map[string][]string
Permissions map[string][]string
}
type NamespaceConfigMapType ¶
type NamespaceConfigMapType map[string]NamespaceConfig
func GetNamespaceFromConfig ¶ added in v0.6.34
func GetNamespaceFromConfig(name string, rolesConfigs []RoleConfig, permissionConfigs []PermissionsConfig, resourceType ...string) NamespaceConfigMapType
func GetNamespacesForResourceGroup ¶ added in v0.6.34
func GetNamespacesForResourceGroup(name string, c ResourceConfig) NamespaceConfigMapType
func MergeNamespaceConfigMap ¶
func MergeNamespaceConfigMap(smallMap, largeMap NamespaceConfigMapType) NamespaceConfigMapType
type NamespaceService ¶
type NamespaceType ¶
type NamespaceType string
type PGRepository ¶ added in v0.6.34
type PGRepository interface {
Transactor
UpsertConfig(ctx context.Context, name string, config NamespaceConfigMapType) (Config, error)
}
type PermissionsConfig ¶ added in v0.6.34
type PolicyService ¶
type ResourceConfig ¶ added in v0.6.34
type ResourceConfig struct {
Type string `yaml:"type" json:"type"`
ResourceTypes []ResourceTypeConfig `yaml:"resource_types" json:"resource_types,omitempty"`
Roles []RoleConfig `yaml:"roles" json:"roles,omitempty"`
Permissions []PermissionsConfig `yaml:"permissions" json:"permissions,omitempty"`
}
type ResourceTypeConfig ¶ added in v0.6.34
type ResourceTypeConfig struct {
Name string `yaml:"name" json:"name"`
Roles []RoleConfig `yaml:"roles" json:"roles"`
Permissions []PermissionsConfig `yaml:"permissions" json:"permissions"`
}
type RoleConfig ¶ added in v0.6.34
type RoleService ¶
type SchemaMigrationConfig ¶ added in v0.6.15
func NewSchemaMigrationConfig ¶ added in v0.6.15
func NewSchemaMigrationConfig(defaultSystemEmail string, bootstrapServiceDataKey bool) SchemaMigrationConfig
type SchemaService ¶
type SchemaService struct {
// contains filtered or unexported fields
}
func NewSchemaMigrationService ¶
func NewSchemaMigrationService( logger log.Logger, appConfig AppConfig, schemaConfig FileService, pgRepository PGRepository, namespaceService NamespaceService, roleService RoleService, actionService ActionService, policyService PolicyService, authzEngine AuthzEngine, userRepository UserRepository, schemaMigrationConfig SchemaMigrationConfig, ) *SchemaService
func (SchemaService) RunMigrations ¶
func (s SchemaService) RunMigrations(ctx context.Context) error
func (SchemaService) UpsertConfig ¶ added in v0.6.34
type Transactor ¶ added in v0.6.34
Source Files
Click to show internal directories.
Click to hide internal directories.