Documentation
¶
Index ¶
- Constants
- Variables
- func AppendIfUnique[T comparable](slice1 []T, slice2 []T) []T
- func Contains[T comparable](s []T, e T) bool
- func GetNamespace(namespaceID string) string
- func GetRoleID(n, r string) string
- func GetRoleName(r string) string
- func PermissionInheritanceFormatter(permissionName, namespaceName string) string
- func SpiceDBPermissionInheritanceFormatter(roleName string) string
- type ActionService
- type AuthzEngine
- type FileService
- type InheritedNamespace
- type NamespaceConfig
- type NamespaceConfigMapType
- type NamespaceService
- type NamespaceType
- type PolicyService
- type RoleService
- type SchemaMigrationConfig
- type SchemaService
- type UserRepository
Constants ¶
View Source
const ( // namespace OrganizationNamespace = "shield/organization" ProjectNamespace = "shield/project" GroupNamespace = "shield/group" ServiceDataKeyNamespace = "shield/servicedata_key" // relation OrganizationRelationName = "organization" ProjectRelationName = "project" GroupRelationName = "group" // roles OwnerRole = "owner" EditorRole = "editor" ViewerRole = "viewer" ManagerRole = "manager" MemberRole = "member" // permissions ViewPermission = "view" EditPermission = "edit" DeletePermission = "delete" // synthetic permission MembershipPermission = "membership" // principals UserPrincipal = "shield/user" GroupPrincipal = "shield/group" UserPrincipalWildcard = "shield/user:*" )
SpiceDB readable format is stored in predefined_schema.txt
Variables ¶
View Source
var GroupNamespaceConfig = NamespaceConfig{ InheritedNamespaces: []InheritedNamespace{ { Name: OrganizationRelationName, NamespaceId: OrganizationNamespace, }, }, Roles: map[string][]string{ MemberRole: {UserPrincipal}, ManagerRole: {UserPrincipal}, }, Permissions: map[string][]string{ EditPermission: { ManagerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), }, ViewPermission: { ManagerRole, MemberRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(OrganizationRelationName, ViewerRole), }, DeletePermission: { ManagerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), }, MembershipPermission: { MemberRole, ManagerRole, }, }, }
View Source
var InheritedRelations = map[string]bool{ OrganizationRelationName: true, ProjectRelationName: true, }
View Source
var OrganizationNamespaceConfig = NamespaceConfig{ Roles: map[string][]string{ OwnerRole: {UserPrincipal, GroupPrincipal}, EditorRole: {UserPrincipal, GroupPrincipal}, ViewerRole: {UserPrincipal, GroupPrincipal}, }, Permissions: map[string][]string{ EditPermission: { OwnerRole, EditorRole, }, ViewPermission: { OwnerRole, EditorRole, ViewerRole, }, }, }
View Source
var PreDefinedResourceGroupNamespaceConfig = NamespaceConfig{ Type: ResourceGroupNamespace, InheritedNamespaces: []InheritedNamespace{ { Name: OrganizationRelationName, NamespaceId: OrganizationNamespace, }, { Name: ProjectRelationName, NamespaceId: ProjectNamespace, }, }, Roles: map[string][]string{ OwnerRole: {UserPrincipal, GroupPrincipal}, EditorRole: {UserPrincipal, GroupPrincipal}, ViewerRole: {UserPrincipal, GroupPrincipal}, }, Permissions: map[string][]string{ EditPermission: { OwnerRole, EditorRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, EditorRole), }, ViewPermission: { OwnerRole, EditorRole, ViewerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(OrganizationRelationName, ViewerRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, EditorRole), PermissionInheritanceFormatter(ProjectRelationName, ViewerRole), }, DeletePermission: { OwnerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), }, }, }
View Source
var PreDefinedSystemNamespaceConfig = NamespaceConfigMapType{ UserPrincipal: NamespaceConfig{}, OrganizationNamespace: OrganizationNamespaceConfig, ProjectNamespace: ProjectNamespaceConfig, GroupNamespace: GroupNamespaceConfig, }
View Source
var ProjectNamespaceConfig = NamespaceConfig{ InheritedNamespaces: []InheritedNamespace{ { Name: OrganizationRelationName, NamespaceId: OrganizationNamespace, }, }, Roles: map[string][]string{ OwnerRole: {UserPrincipal, GroupPrincipal}, EditorRole: {UserPrincipal, GroupPrincipal}, ViewerRole: {UserPrincipal, GroupPrincipal}, }, Permissions: map[string][]string{ EditPermission: { OwnerRole, EditorRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), }, ViewPermission: { OwnerRole, EditorRole, ViewerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(OrganizationRelationName, ViewerRole), }, DeletePermission: { OwnerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), }, }, }
View Source
var ServiceDataKeyConfig = NamespaceConfig{ InheritedNamespaces: []InheritedNamespace{ { Name: OrganizationRelationName, NamespaceId: OrganizationNamespace, }, { Name: ProjectRelationName, NamespaceId: ProjectNamespace, }, }, Roles: map[string][]string{ EditorRole: {UserPrincipal, GroupPrincipal, UserPrincipalWildcard}, ViewerRole: {UserPrincipal, GroupPrincipal, UserPrincipalWildcard}, OwnerRole: {UserPrincipal, GroupPrincipal}, }, Permissions: map[string][]string{ EditPermission: { OwnerRole, EditorRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, EditorRole), }, ViewPermission: { OwnerRole, EditorRole, ViewerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(OrganizationRelationName, EditorRole), PermissionInheritanceFormatter(OrganizationRelationName, ViewerRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, EditorRole), PermissionInheritanceFormatter(ProjectRelationName, ViewerRole), }, DeletePermission: { OwnerRole, PermissionInheritanceFormatter(OrganizationRelationName, OwnerRole), PermissionInheritanceFormatter(ProjectRelationName, OwnerRole), }, }, }
Functions ¶
func AppendIfUnique ¶
func AppendIfUnique[T comparable](slice1 []T, slice2 []T) []T
func Contains ¶
func Contains[T comparable](s []T, e T) bool
func GetNamespace ¶
func GetRoleName ¶
Types ¶
type ActionService ¶
type AuthzEngine ¶
type AuthzEngine interface {
WriteSchema(ctx context.Context, schema NamespaceConfigMapType) error
}
type FileService ¶
type FileService interface {
GetSchema(ctx context.Context) (NamespaceConfigMapType, error)
}
type InheritedNamespace ¶
type NamespaceConfig ¶
type NamespaceConfig struct {
InheritedNamespaces []InheritedNamespace
Type NamespaceType
Roles map[string][]string
Permissions map[string][]string
}
type NamespaceConfigMapType ¶
type NamespaceConfigMapType map[string]NamespaceConfig
func MergeNamespaceConfigMap ¶
func MergeNamespaceConfigMap(smallMap, largeMap NamespaceConfigMapType) NamespaceConfigMapType
type NamespaceService ¶
type NamespaceType ¶
type NamespaceType string
var ( SystemNamespace NamespaceType = "system_namespace" ResourceGroupNamespace NamespaceType = "resource_group_namespace" ErrMigration = errors.New("error in migrating authz schema") )
type PolicyService ¶
type RoleService ¶
type SchemaMigrationConfig ¶ added in v0.6.15
func NewSchemaMigrationConfig ¶ added in v0.6.15
func NewSchemaMigrationConfig(defaultSystemEmail string, bootstrapServiceDataKey bool) SchemaMigrationConfig
type SchemaService ¶
type SchemaService struct {
// contains filtered or unexported fields
}
func NewSchemaMigrationService ¶
func NewSchemaMigrationService( schemaConfig FileService, namespaceService NamespaceService, roleService RoleService, actionService ActionService, policyService PolicyService, authzEngine AuthzEngine, userRepository UserRepository, schemaMigrationConfig SchemaMigrationConfig, ) *SchemaService
func (SchemaService) RunMigrations ¶
func (s SchemaService) RunMigrations(ctx context.Context) error
Source Files
Click to show internal directories.
Click to hide internal directories.