openfga

package
v0.0.0-...-5b87a2c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildAuthorizationModel 

func BuildAuthorizationModel(as zanzibar.AuthorizationSchema) *openfgav1.AuthorizationModel

func GetOutgoingRelationTypesFor 

func GetOutgoingRelationTypesFor(model *openfgav1.AuthorizationModel, targetTypeName string) typeRelations

GetOutgoingRelationTypesFor gets all types for which typeName has a direct relation

Types

type AuthnConfig 

type AuthnConfig struct {

	// Method is the authentication method that should be enforced (e.g. 'none', 'preshared', 'oidc')
	Method                   string
	*AuthnOIDCConfig         `mapstructure:"oidc"`
	*AuthnPresharedKeyConfig `mapstructure:"preshared"`
}

AuthnConfig defines OpenFGA server configurations for authentication specific settings.

type AuthnOIDCConfig 

type AuthnOIDCConfig struct {
	Issuer   string
	Audience string
}

AuthnOIDCConfig defines configurations for the 'oidc' method of authentication.

type AuthnPresharedKeyConfig 

type AuthnPresharedKeyConfig struct {
	// Keys define the preshared keys to verify authn tokens against.
	Keys []string
}

AuthnPresharedKeyConfig defines configurations for the 'preshared' method of authentication.

type AuthorizationModeller 

type AuthorizationModeller struct {
	// contains filtered or unexported fields
}

func (*AuthorizationModeller) WithAuthorizationSchema 

func (am *AuthorizationModeller) WithAuthorizationSchema(ctx context.Context, as zanzibar.AuthorizationSchema) (*TupleStoreAndChecker, error)

type CheckQueryCache 

type CheckQueryCache struct {
	Enabled bool
	Limit   uint32 // (in items)
	TTL     time.Duration
}

CheckQueryCache defines configuration for caching when resolving check

type Config 

type Config struct {

	// ListObjectsDeadline defines the maximum amount of time to accumulate ListObjects results
	// before the server will respond. This is to protect the server from misuse of the
	// ListObjects endpoints. It cannot be larger than HTTPConfig.UpstreamTimeout.
	ListObjectsDeadline time.Duration

	// ListObjectsMaxResults defines the maximum number of results to accumulate
	// before the non-streaming ListObjects API will respond to the client.
	// This is to protect the server from misuse of the ListObjects endpoints.
	ListObjectsMaxResults uint32

	// MaxTuplesPerWrite defines the maximum number of tuples per Write endpoint.
	MaxTuplesPerWrite int

	// MaxTypesPerAuthorizationModel defines the maximum number of type definitions per authorization model for the WriteAuthorizationModel endpoint.
	MaxTypesPerAuthorizationModel int

	// MaxConcurrentReadsForListObjects defines the maximum number of concurrent database reads allowed in ListObjects queries
	MaxConcurrentReadsForListObjects uint32

	// MaxConcurrentReadsForCheck defines the maximum number of concurrent database reads allowed in Check queries
	MaxConcurrentReadsForCheck uint32

	// ChangelogHorizonOffset is an offset in minutes from the current time. Changes that occur after this offset will not be included in the response of ReadChanges.
	ChangelogHorizonOffset int

	// Experimentals is a list of the experimental features to enable in the OpenFGA server.
	Experimentals []string

	// ResolveNodeLimit indicates how deeply nested an authorization model can be before a query errors out.
	ResolveNodeLimit uint32

	// ResolveNodeBreadthLimit indicates how many nodes on a given level can be evaluated concurrently in a query
	ResolveNodeBreadthLimit uint32

	Datastore       DatastoreConfig
	GRPC            GRPCConfig
	HTTP            HTTPConfig
	Authn           AuthnConfig
	Log             LogConfig
	Trace           TraceConfig
	Playground      PlaygroundConfig
	Profiler        ProfilerConfig
	Metrics         MetricConfig
	CheckQueryCache CheckQueryCache

	RequestDurationDatastoreQueryCountBuckets []string
}

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig returns the OpenFGA server default configurations.

type DatastoreConfig 

type DatastoreConfig struct {

	// Engine is the datastore engine to use (e.g. 'memory', 'postgres', 'mysql')
	Engine   string
	URI      string
	Username string
	Password string

	// MaxCacheSize is the maximum number of cache keys that the storage cache can store before evicting
	// old keys. The storage cache is used to cache query results for various static resources
	// such as type definitions.
	MaxCacheSize int

	// MaxOpenConns is the maximum number of open connections to the database.
	MaxOpenConns int

	// MaxIdleConns is the maximum number of connections to the datastore in the idle connection pool.
	MaxIdleConns int

	// ConnMaxIdleTime is the maximum amount of time a connection to the datastore may be idle.
	ConnMaxIdleTime time.Duration

	// ConnMaxLifetime is the maximum amount of time a connection to the datastore may be reused.
	ConnMaxLifetime time.Duration
}

DatastoreConfig defines OpenFGA server configurations for datastore specific settings.

type GRPCConfig 

type GRPCConfig struct {
	Addr string
	TLS  *TLSConfig
}

GRPCConfig defines OpenFGA server configurations for grpc server specific settings.

type HTTPConfig 

type HTTPConfig struct {
	Enabled bool
	Addr    string
	TLS     *TLSConfig

	// UpstreamTimeout is the timeout duration for proxying HTTP requests upstream
	// to the grpc endpoint. It cannot be smaller than Config.ListObjectsDeadline.
	UpstreamTimeout time.Duration

	CORSAllowedOrigins []string
	CORSAllowedHeaders []string
}

HTTPConfig defines OpenFGA server configurations for HTTP server specific settings.

type LogConfig 

type LogConfig struct {
	// Format is the log format to use in the log output (e.g. 'text' or 'json')
	Format string

	// Level is the log level to use in the log output (e.g. 'none', 'debug', or 'info')
	Level string
}

LogConfig defines OpenFGA server configurations for log specific settings. For production we recommend using the 'json' log format.

type MetricConfig 

type MetricConfig struct {
	Enabled             bool
	Addr                string
	EnableRPCHistograms bool
}

MetricConfig defines configurations for serving custom metrics from OpenFGA.

type OTLPTraceConfig 

type OTLPTraceConfig struct {
	Endpoint string
	TLS      OTLPTraceTLSConfig
}

type OTLPTraceTLSConfig 

type OTLPTraceTLSConfig struct {
	Enabled bool
}

type PlaygroundConfig 

type PlaygroundConfig struct {
	Enabled bool
	Port    int
}

PlaygroundConfig defines OpenFGA server configurations for the Playground specific settings.

type ProfilerConfig 

type ProfilerConfig struct {
	Enabled bool
	Addr    string
}

ProfilerConfig defines server configurations specific to pprof profiling.

type StoreAgnosticClient 

type StoreAgnosticClient struct {
	// contains filtered or unexported fields
}

func NewStoreAgnosticClient 

func NewStoreAgnosticClient(cc grpc.ClientConnInterface) *StoreAgnosticClient

TODO: make multi-store-aware?

func (*StoreAgnosticClient) WithStore 

func (c *StoreAgnosticClient) WithStore(ctx context.Context, storeName string) (*AuthorizationModeller, error)

type TLSConfig 

type TLSConfig struct {
	Enabled  bool
	CertPath string `mapstructure:"cert"`
	KeyPath  string `mapstructure:"key"`
}

TLSConfig defines configuration specific to Transport Layer Security (TLS) settings.

type TraceConfig 

type TraceConfig struct {
	Enabled     bool
	OTLP        OTLPTraceConfig `mapstructure:"otlp"`
	SampleRatio float64
	ServiceName string
}

type Tuple 

type Tuple = zanzibar.Tuple

type TupleStoreAndChecker 

type TupleStoreAndChecker struct {
	// contains filtered or unexported fields
}

func (*TupleStoreAndChecker) CheckOne 

func (o *TupleStoreAndChecker) CheckOne(ctx context.Context, tuple Tuple, contextualTuples []Tuple) (bool, error)

func (*TupleStoreAndChecker) GetAuthorizationSchema 

func (o *TupleStoreAndChecker) GetAuthorizationSchema(_ context.Context) (*zanzibar.AuthorizationSchema, error)

func (*TupleStoreAndChecker) ReadTuples 

func (o *TupleStoreAndChecker) ReadTuples(ctx context.Context, filter zanzibar.TupleFilter) ([]Tuple, error)

func (*TupleStoreAndChecker) StoreID 

func (o *TupleStoreAndChecker) StoreID() string

func (*TupleStoreAndChecker) WriteTuples 

func (o *TupleStoreAndChecker) WriteTuples(ctx context.Context, writes, deletes []Tuple) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.