Documentation ¶
Index ¶
- Constants
- Variables
- func GetDBStateTypeTransformedEnum(state common.ActiveStateEnum) string
- type AssignKeyAccessServerToNamespaceParams
- type AttributeDefinition
- type AttributeDefinitionKeyAccessGrant
- type AttributeDefinitionRule
- type AttributeFqn
- type AttributeNamespace
- type AttributeNamespaceKeyAccessGrant
- type AttributeValue
- type AttributeValueKeyAccessGrant
- type CreateKeyAccessServerParams
- type CreateResourceMappingGroupParams
- type DBTX
- type GetAttributeByDefOrValueFqnRow
- type GetKeyAccessServerRow
- type GetNamespaceRow
- type GetResourceMappingGroupRow
- type KeyAccessServer
- type ListKeyAccessServerGrantsParams
- type ListKeyAccessServerGrantsRow
- type ListKeyAccessServersRow
- type ListResourceMappingGroupsRow
- type ListResourceMappingsByFullyQualifiedGroupParams
- type ListResourceMappingsByFullyQualifiedGroupRow
- type NullAttributeDefinitionRule
- type PolicyDBClient
- func (c PolicyDBClient) AssignKeyAccessServerToAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
- func (c PolicyDBClient) AssignKeyAccessServerToNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)
- func (c PolicyDBClient) AssignKeyAccessServerToValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
- func (c *PolicyDBClient) AttrFqnReindex() (res struct{ ... })
- func (c PolicyDBClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)
- func (c PolicyDBClient) CreateAttributeValue(ctx context.Context, attributeID string, ...) (*policy.Value, error)
- func (c PolicyDBClient) CreateKeyAccessServer(ctx context.Context, r *kasregistry.CreateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)
- func (c PolicyDBClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) CreateResourceMappingGroup(ctx context.Context, r *resourcemapping.CreateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)
- func (c PolicyDBClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)
- func (c PolicyDBClient) DeactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDBClient) DeactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDBClient) DeactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDBClient) DeleteKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) DeleteResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)
- func (c PolicyDBClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
- func (c PolicyDBClient) GetAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDBClient) GetAttributeByFqn(ctx context.Context, fqn string) (*policy.Attribute, error)
- func (c PolicyDBClient) GetAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDBClient) GetAttributesByNamespace(ctx context.Context, namespaceID string) ([]*policy.Attribute, error)
- func (c *PolicyDBClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, ...)
- func (c PolicyDBClient) GetKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)
- func (c PolicyDBClient) GetNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDBClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) GetResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)
- func (c PolicyDBClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
- func (c PolicyDBClient) ListAllAttributeValues(ctx context.Context, state string) ([]*policy.Value, error)
- func (c PolicyDBClient) ListAllAttributes(ctx context.Context, state string, namespace string) ([]*policy.Attribute, error)
- func (c PolicyDBClient) ListAllAttributesWithout(ctx context.Context, state string) ([]*policy.Attribute, error)
- func (c PolicyDBClient) ListAttributeValues(ctx context.Context, attributeID string, state string) ([]*policy.Value, error)
- func (c PolicyDBClient) ListKeyAccessServerGrants(ctx context.Context, kasID string, kasURI string) ([]*kasregistry.KeyAccessServerGrants, error)
- func (c PolicyDBClient) ListKeyAccessServers(ctx context.Context) ([]*policy.KeyAccessServer, error)
- func (c PolicyDBClient) ListNamespaces(ctx context.Context, state string) ([]*policy.Namespace, error)
- func (c PolicyDBClient) ListResourceMappingGroups(ctx context.Context, r *resourcemapping.ListResourceMappingGroupsRequest) ([]*policy.ResourceMappingGroup, error)
- func (c PolicyDBClient) ListResourceMappings(ctx context.Context, r *resourcemapping.ListResourceMappingsRequest) ([]*policy.ResourceMapping, error)
- func (c PolicyDBClient) ListResourceMappingsByGroupFqns(ctx context.Context, fqns []string) (map[string]*resourcemapping.ResourceMappingsByGroup, error)
- func (c PolicyDBClient) ListSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) ListSubjectMappings(ctx context.Context) ([]*policy.SubjectMapping, error)
- func (c PolicyDBClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
- func (c PolicyDBClient) RemoveKeyAccessServerFromNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)
- func (c PolicyDBClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
- func (c PolicyDBClient) UnsafeDeleteAttribute(ctx context.Context, existing *policy.Attribute, fqn string) (*policy.Attribute, error)
- func (c PolicyDBClient) UnsafeDeleteAttributeValue(ctx context.Context, toDelete *policy.Value, ...) (*policy.Value, error)
- func (c PolicyDBClient) UnsafeDeleteNamespace(ctx context.Context, existing *policy.Namespace, fqn string) (*policy.Namespace, error)
- func (c PolicyDBClient) UnsafeReactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDBClient) UnsafeReactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDBClient) UnsafeReactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDBClient) UnsafeUpdateAttribute(ctx context.Context, r *unsafe.UnsafeUpdateAttributeRequest) (*policy.Attribute, error)
- func (c PolicyDBClient) UnsafeUpdateAttributeValue(ctx context.Context, r *unsafe.UnsafeUpdateAttributeValueRequest) (*policy.Value, error)
- func (c PolicyDBClient) UnsafeUpdateNamespace(ctx context.Context, id string, name string) (*policy.Namespace, error)
- func (c PolicyDBClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)
- func (c PolicyDBClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)
- func (c PolicyDBClient) UpdateKeyAccessServer(ctx context.Context, id string, r *kasregistry.UpdateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)
- func (c PolicyDBClient) UpdateResourceMapping(ctx context.Context, id string, ...) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) UpdateResourceMappingGroup(ctx context.Context, id string, ...) (*policy.ResourceMappingGroup, error)
- func (c PolicyDBClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)
- type Queries
- func (q *Queries) AssignKeyAccessServerToNamespace(ctx context.Context, arg AssignKeyAccessServerToNamespaceParams) (int64, error)
- func (q *Queries) CreateKeyAccessServer(ctx context.Context, arg CreateKeyAccessServerParams) (string, error)
- func (q *Queries) CreateResourceMappingGroup(ctx context.Context, arg CreateResourceMappingGroupParams) (string, error)
- func (q *Queries) DeleteKeyAccessServer(ctx context.Context, id string) (int64, error)
- func (q *Queries) DeleteResourceMappingGroup(ctx context.Context, id string) (int64, error)
- func (q *Queries) GetAttributeByDefOrValueFqn(ctx context.Context, lower string) (GetAttributeByDefOrValueFqnRow, error)
- func (q *Queries) GetKeyAccessServer(ctx context.Context, id string) (GetKeyAccessServerRow, error)
- func (q *Queries) GetNamespace(ctx context.Context, id string) (GetNamespaceRow, error)
- func (q *Queries) GetResourceMappingGroup(ctx context.Context, id string) (GetResourceMappingGroupRow, error)
- func (q *Queries) ListKeyAccessServerGrants(ctx context.Context, arg ListKeyAccessServerGrantsParams) ([]ListKeyAccessServerGrantsRow, error)
- func (q *Queries) ListKeyAccessServers(ctx context.Context) ([]ListKeyAccessServersRow, error)
- func (q *Queries) ListResourceMappingGroups(ctx context.Context, namespaceID interface{}) ([]ListResourceMappingGroupsRow, error)
- func (q *Queries) ListResourceMappingsByFullyQualifiedGroup(ctx context.Context, arg ListResourceMappingsByFullyQualifiedGroupParams) ([]ListResourceMappingsByFullyQualifiedGroupRow, error)
- func (q *Queries) RemoveKeyAccessServerFromNamespace(ctx context.Context, arg RemoveKeyAccessServerFromNamespaceParams) (int64, error)
- func (q *Queries) UpdateKeyAccessServer(ctx context.Context, arg UpdateKeyAccessServerParams) (string, error)
- func (q *Queries) UpdateResourceMappingGroup(ctx context.Context, arg UpdateResourceMappingGroupParams) (string, error)
- func (q *Queries) WithTx(tx pgx.Tx) *Queries
- type RemoveKeyAccessServerFromNamespaceParams
- type ResourceMapping
- type ResourceMappingGroup
- type SubjectConditionSet
- type SubjectMapping
- type UpdateKeyAccessServerParams
- type UpdateResourceMappingGroupParams
Constants ¶
const ( StateInactive = "INACTIVE" StateActive = "ACTIVE" StateAny = "ANY" StateUnspecified = "UNSPECIFIED" )
Variables ¶
var ( TableAttributes = "attribute_definitions" TableAttributeValues = "attribute_values" TableNamespaces = "attribute_namespaces" TableAttrFqn = "attribute_fqns" TableAttributeKeyAccessGrants = "attribute_definition_key_access_grants" TableAttributeValueKeyAccessGrants = "attribute_value_key_access_grants" TableResourceMappings = "resource_mappings" TableSubjectMappings = "subject_mappings" TableSubjectConditionSet = "subject_condition_set" TableKeyAccessServerRegistry = "key_access_servers" )
var AttributeRuleTypeEnumPrefix = "ATTRIBUTE_RULE_TYPE_ENUM_"
var Tables struct { Attributes db.Table AttributeValues db.Table Namespaces db.Table AttrFqn db.Table AttributeKeyAccessGrants db.Table AttributeValueKeyAccessGrants db.Table ResourceMappings db.Table SubjectMappings db.Table SubjectConditionSet db.Table KeyAccessServerRegistry db.Table }
Functions ¶
func GetDBStateTypeTransformedEnum ¶
func GetDBStateTypeTransformedEnum(state common.ActiveStateEnum) string
Types ¶
type AssignKeyAccessServerToNamespaceParams ¶ added in v0.4.19
type AttributeDefinition ¶ added in v0.4.17
type AttributeDefinition struct { // Primary key for the table ID string `json:"id"` // Foreign key to the parent namespace of the attribute definition NamespaceID string `json:"namespace_id"` // Name of the attribute (i.e. organization or classification), unique within the namespace Name string `json:"name"` // Rule for the attribute (see protos for options) Rule AttributeDefinitionRule `json:"rule"` // Metadata for the attribute definition (see protos for structure) Metadata []byte `json:"metadata"` // Active/Inactive state Active bool `json:"active"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` // Order of value ids for the attribute (important for hierarchy rule) ValuesOrder []string `json:"values_order"` }
Table to store the definitions of attributes
type AttributeDefinitionKeyAccessGrant ¶ added in v0.4.17
type AttributeDefinitionKeyAccessGrant struct { // Foreign key to the attribute definition AttributeDefinitionID string `json:"attribute_definition_id"` // Foreign key to the KAS registration KeyAccessServerID string `json:"key_access_server_id"` }
Table to store the grants of key access servers (KASs) to attribute definitions
type AttributeDefinitionRule ¶ added in v0.4.17
type AttributeDefinitionRule string
const ( AttributeDefinitionRuleUNSPECIFIED AttributeDefinitionRule = "UNSPECIFIED" AttributeDefinitionRuleALLOF AttributeDefinitionRule = "ALL_OF" AttributeDefinitionRuleANYOF AttributeDefinitionRule = "ANY_OF" AttributeDefinitionRuleHIERARCHY AttributeDefinitionRule = "HIERARCHY" )
func (*AttributeDefinitionRule) Scan ¶ added in v0.4.17
func (e *AttributeDefinitionRule) Scan(src interface{}) error
type AttributeFqn ¶ added in v0.4.17
type AttributeFqn struct { // Primary key for the table ID string `json:"id"` // Foreign key to the namespace of the attribute NamespaceID pgtype.UUID `json:"namespace_id"` // Foreign key to the attribute definition AttributeID pgtype.UUID `json:"attribute_id"` // Foreign key to the attribute value ValueID pgtype.UUID `json:"value_id"` // Fully qualified name of the attribute (i.e. https://<namespace>/attr/<attribute name>/value/<value>) Fqn string `json:"fqn"` }
Table to store the fully qualified names of attributes for reverse lookup at their object IDs
type AttributeNamespace ¶ added in v0.4.17
type AttributeNamespace struct { // Primary key for the table ID string `json:"id"` // Name of the namespace (i.e. example.com) Name string `json:"name"` // Active/Inactive state Active bool `json:"active"` // Metadata for the namespace (see protos for structure) Metadata []byte `json:"metadata"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` }
Table to store the parent namespaces of platform policy attributes and related policy objects
type AttributeNamespaceKeyAccessGrant ¶ added in v0.4.19
type AttributeNamespaceKeyAccessGrant struct { // Foreign key to the namespace of the KAS grant NamespaceID string `json:"namespace_id"` // Foreign key to the KAS registration KeyAccessServerID string `json:"key_access_server_id"` }
Table to store the grants of key access servers (KASs) to attribute namespaces
type AttributeValue ¶ added in v0.4.17
type AttributeValue struct { // Primary key for the table ID string `json:"id"` // Foreign key to the parent attribute definition AttributeDefinitionID string `json:"attribute_definition_id"` // Value of the attribute (i.e. "manager" or "admin" on an attribute for titles), unique within the definition Value string `json:"value"` // Metadata for the attribute value (see protos for structure) Metadata []byte `json:"metadata"` // Active/Inactive state Active bool `json:"active"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` }
Table to store the values of attributes
type AttributeValueKeyAccessGrant ¶ added in v0.4.17
type AttributeValueKeyAccessGrant struct { // Foreign key to the attribute value AttributeValueID string `json:"attribute_value_id"` // Foreign key to the KAS registration KeyAccessServerID string `json:"key_access_server_id"` }
Table to store the grants of key access servers (KASs) to attribute values
type CreateKeyAccessServerParams ¶ added in v0.4.17
type CreateResourceMappingGroupParams ¶ added in v0.4.18
type GetAttributeByDefOrValueFqnRow ¶ added in v0.4.19
type GetAttributeByDefOrValueFqnRow struct { ID string `json:"id"` Name string `json:"name"` Rule AttributeDefinitionRule `json:"rule"` Metadata []byte `json:"metadata"` Active bool `json:"active"` Namespace []byte `json:"namespace"` DefinitionFqn string `json:"definition_fqn"` Values []byte `json:"values"` DefinitionGrants []byte `json:"definition_grants"` }
type GetKeyAccessServerRow ¶ added in v0.4.17
type GetNamespaceRow ¶ added in v0.4.19
type GetResourceMappingGroupRow ¶ added in v0.4.19
type KeyAccessServer ¶ added in v0.4.17
type KeyAccessServer struct { // Primary key for the table ID string `json:"id"` // URI of the KAS Uri string `json:"uri"` // Public key of the KAS (see protos for structure/options) PublicKey []byte `json:"public_key"` // Metadata for the KAS (see protos for structure) Metadata []byte `json:"metadata"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` }
Table to store the known registrations of key access servers (KASs)
type ListKeyAccessServerGrantsParams ¶ added in v0.4.19
type ListKeyAccessServerGrantsParams struct { KasID interface{} `json:"kas_id"` KasUri interface{} `json:"kas_uri"` }
type ListKeyAccessServerGrantsRow ¶ added in v0.4.19
type ListKeyAccessServerGrantsRow struct { KasID string `json:"kas_id"` KasUri string `json:"kas_uri"` KasPublicKey []byte `json:"kas_public_key"` KasMetadata []byte `json:"kas_metadata"` AttributesGrants []byte `json:"attributes_grants"` ValuesGrants []byte `json:"values_grants"` NamespaceGrants []byte `json:"namespace_grants"` }
type ListKeyAccessServersRow ¶ added in v0.4.17
type ListResourceMappingGroupsRow ¶ added in v0.4.19
type ListResourceMappingsByFullyQualifiedGroupParams ¶ added in v0.4.19
type ListResourceMappingsByFullyQualifiedGroupRow ¶ added in v0.4.19
type ListResourceMappingsByFullyQualifiedGroupRow struct { ID string `json:"id"` AttributeValueID string `json:"attribute_value_id"` Terms []string `json:"terms"` Metadata []byte `json:"metadata"` GroupID string `json:"group_id"` GroupNamespaceID string `json:"group_namespace_id"` GroupName string `json:"group_name"` }
type NullAttributeDefinitionRule ¶ added in v0.4.17
type NullAttributeDefinitionRule struct { AttributeDefinitionRule AttributeDefinitionRule `json:"attribute_definition_rule"` Valid bool `json:"valid"` // Valid is true if AttributeDefinitionRule is not NULL }
func (*NullAttributeDefinitionRule) Scan ¶ added in v0.4.17
func (ns *NullAttributeDefinitionRule) Scan(value interface{}) error
Scan implements the Scanner interface.
type PolicyDBClient ¶
func (PolicyDBClient) AssignKeyAccessServerToAttribute ¶
func (c PolicyDBClient) AssignKeyAccessServerToAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
func (PolicyDBClient) AssignKeyAccessServerToNamespace ¶ added in v0.4.19
func (c PolicyDBClient) AssignKeyAccessServerToNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)
func (PolicyDBClient) AssignKeyAccessServerToValue ¶
func (c PolicyDBClient) AssignKeyAccessServerToValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
func (*PolicyDBClient) AttrFqnReindex ¶
func (c *PolicyDBClient) AttrFqnReindex() (res struct { Namespaces []struct { ID string Fqn string } Attributes []struct { ID string Fqn string } Values []struct { ID string Fqn string } }, )
AttrFqnReindex will reindex all namespace, attribute, and attribute_value FQNs
func (PolicyDBClient) CreateAttribute ¶
func (c PolicyDBClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)
func (PolicyDBClient) CreateAttributeValue ¶
func (c PolicyDBClient) CreateAttributeValue(ctx context.Context, attributeID string, v *attributes.CreateAttributeValueRequest) (*policy.Value, error)
func (PolicyDBClient) CreateKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) CreateKeyAccessServer(ctx context.Context, r *kasregistry.CreateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
func (PolicyDBClient) CreateNamespace ¶
func (c PolicyDBClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)
func (PolicyDBClient) CreateResourceMapping ¶
func (c PolicyDBClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)
func (PolicyDBClient) CreateResourceMappingGroup ¶ added in v0.4.19
func (c PolicyDBClient) CreateResourceMappingGroup(ctx context.Context, r *resourcemapping.CreateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)
func (PolicyDBClient) CreateSubjectConditionSet ¶
func (c PolicyDBClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)
Creates a new subject condition set and returns the id of the created
func (PolicyDBClient) CreateSubjectMapping ¶
func (c PolicyDBClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)
Creates a new subject mapping and returns the id of the created. If an existing subject condition set id is provided, it will be used. If a new subject condition set is provided, it will be created. The existing subject condition set id takes precedence.
func (PolicyDBClient) DeactivateAttribute ¶
func (PolicyDBClient) DeactivateAttributeValue ¶
func (PolicyDBClient) DeactivateNamespace ¶
func (PolicyDBClient) DeleteKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) DeleteKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
func (PolicyDBClient) DeleteResourceMapping ¶
func (c PolicyDBClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
func (PolicyDBClient) DeleteResourceMappingGroup ¶ added in v0.4.19
func (c PolicyDBClient) DeleteResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)
func (PolicyDBClient) DeleteSubjectConditionSet ¶
func (c PolicyDBClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
Deletes specified subject condition set and returns the id of the deleted
func (PolicyDBClient) DeleteSubjectMapping ¶
func (c PolicyDBClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
Deletes specified subject mapping and returns the id of the deleted
func (PolicyDBClient) GetAttribute ¶
func (PolicyDBClient) GetAttributeByFqn ¶
func (PolicyDBClient) GetAttributeValue ¶
func (PolicyDBClient) GetAttributesByNamespace ¶
func (*PolicyDBClient) GetAttributesByValueFqns ¶
func (c *PolicyDBClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, error)
func (PolicyDBClient) GetKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) GetKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
func (PolicyDBClient) GetMatchedSubjectMappings ¶
func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)
GetMatchedSubjectMappings liberally returns a list of SubjectMappings based on the provided SubjectProperties. The SubjectMappings are returned if there is any single condition found among the structures that matches: 1. The external field, external value, and an IN operator 2. The external field, _no_ external value, and a NOT_IN operator
Without this filtering, if a field was something like '.emailAddress' or '.username', every Subject is probably going to relate to that mapping in some way or another, potentially matching every single attribute in the DB if a policy admin has relied heavily on that field. There is no logic applied beyond a single condition within the query to avoid business logic interpreting the supplied conditions beyond the bare minimum initial filter.
NOTE: This relationship is sometimes called Entitlements or Subject Entitlements. NOTE: if you have any issues, set the log level to 'debug' for more comprehensive context.
func (PolicyDBClient) GetNamespace ¶
func (PolicyDBClient) GetResourceMapping ¶
func (c PolicyDBClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
func (PolicyDBClient) GetResourceMappingGroup ¶ added in v0.4.19
func (c PolicyDBClient) GetResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)
func (PolicyDBClient) GetSubjectConditionSet ¶
func (c PolicyDBClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
func (PolicyDBClient) GetSubjectMapping ¶
func (c PolicyDBClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
func (PolicyDBClient) ListAllAttributeValues ¶
func (PolicyDBClient) ListAllAttributes ¶
func (PolicyDBClient) ListAllAttributesWithout ¶
func (PolicyDBClient) ListAttributeValues ¶
func (PolicyDBClient) ListKeyAccessServerGrants ¶ added in v0.4.19
func (c PolicyDBClient) ListKeyAccessServerGrants(ctx context.Context, kasID string, kasURI string) ([]*kasregistry.KeyAccessServerGrants, error)
func (PolicyDBClient) ListKeyAccessServers ¶ added in v0.2.0
func (c PolicyDBClient) ListKeyAccessServers(ctx context.Context) ([]*policy.KeyAccessServer, error)
func (PolicyDBClient) ListNamespaces ¶
func (PolicyDBClient) ListResourceMappingGroups ¶ added in v0.4.19
func (c PolicyDBClient) ListResourceMappingGroups(ctx context.Context, r *resourcemapping.ListResourceMappingGroupsRequest) ([]*policy.ResourceMappingGroup, error)
func (PolicyDBClient) ListResourceMappings ¶
func (c PolicyDBClient) ListResourceMappings(ctx context.Context, r *resourcemapping.ListResourceMappingsRequest) ([]*policy.ResourceMapping, error)
func (PolicyDBClient) ListResourceMappingsByGroupFqns ¶ added in v0.4.19
func (c PolicyDBClient) ListResourceMappingsByGroupFqns(ctx context.Context, fqns []string) (map[string]*resourcemapping.ResourceMappingsByGroup, error)
NOTE: uses sqlc instead of squirrel
func (PolicyDBClient) ListSubjectConditionSets ¶
func (c PolicyDBClient) ListSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)
func (PolicyDBClient) ListSubjectMappings ¶
func (c PolicyDBClient) ListSubjectMappings(ctx context.Context) ([]*policy.SubjectMapping, error)
func (PolicyDBClient) RemoveKeyAccessServerFromAttribute ¶
func (c PolicyDBClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
func (PolicyDBClient) RemoveKeyAccessServerFromNamespace ¶ added in v0.4.19
func (c PolicyDBClient) RemoveKeyAccessServerFromNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)
func (PolicyDBClient) RemoveKeyAccessServerFromValue ¶
func (c PolicyDBClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
func (PolicyDBClient) UnsafeDeleteAttribute ¶ added in v0.4.8
func (PolicyDBClient) UnsafeDeleteAttributeValue ¶ added in v0.4.8
func (c PolicyDBClient) UnsafeDeleteAttributeValue(ctx context.Context, toDelete *policy.Value, r *unsafe.UnsafeDeleteAttributeValueRequest) (*policy.Value, error)
func (PolicyDBClient) UnsafeDeleteNamespace ¶ added in v0.4.7
func (PolicyDBClient) UnsafeReactivateAttribute ¶ added in v0.4.8
func (PolicyDBClient) UnsafeReactivateAttributeValue ¶ added in v0.4.8
func (PolicyDBClient) UnsafeReactivateNamespace ¶ added in v0.4.7
func (PolicyDBClient) UnsafeUpdateAttribute ¶ added in v0.4.8
func (c PolicyDBClient) UnsafeUpdateAttribute(ctx context.Context, r *unsafe.UnsafeUpdateAttributeRequest) (*policy.Attribute, error)
func (PolicyDBClient) UnsafeUpdateAttributeValue ¶ added in v0.4.8
func (c PolicyDBClient) UnsafeUpdateAttributeValue(ctx context.Context, r *unsafe.UnsafeUpdateAttributeValueRequest) (*policy.Value, error)
func (PolicyDBClient) UnsafeUpdateNamespace ¶ added in v0.4.7
func (PolicyDBClient) UpdateAttribute ¶
func (c PolicyDBClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)
func (PolicyDBClient) UpdateAttributeValue ¶
func (c PolicyDBClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)
func (PolicyDBClient) UpdateKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) UpdateKeyAccessServer(ctx context.Context, id string, r *kasregistry.UpdateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
func (PolicyDBClient) UpdateNamespace ¶
func (c PolicyDBClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)
func (PolicyDBClient) UpdateResourceMapping ¶
func (c PolicyDBClient) UpdateResourceMapping(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingRequest) (*policy.ResourceMapping, error)
func (PolicyDBClient) UpdateResourceMappingGroup ¶ added in v0.4.19
func (c PolicyDBClient) UpdateResourceMappingGroup(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)
func (PolicyDBClient) UpdateSubjectConditionSet ¶
func (c PolicyDBClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)
Mutates provided fields and returns id of the updated subject condition set
func (PolicyDBClient) UpdateSubjectMapping ¶
func (c PolicyDBClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)
Mutates provided fields and returns id of the updated subject mapping
type Queries ¶ added in v0.4.17
type Queries struct {
// contains filtered or unexported fields
}
func (*Queries) AssignKeyAccessServerToNamespace ¶ added in v0.4.19
func (q *Queries) AssignKeyAccessServerToNamespace(ctx context.Context, arg AssignKeyAccessServerToNamespaceParams) (int64, error)
AssignKeyAccessServerToNamespace
INSERT INTO attribute_namespace_key_access_grants (namespace_id, key_access_server_id) VALUES ($1, $2)
func (*Queries) CreateKeyAccessServer ¶ added in v0.4.17
func (q *Queries) CreateKeyAccessServer(ctx context.Context, arg CreateKeyAccessServerParams) (string, error)
CreateKeyAccessServer
INSERT INTO key_access_servers (uri, public_key, metadata) VALUES ($1, $2, $3) RETURNING id
func (*Queries) CreateResourceMappingGroup ¶ added in v0.4.18
func (q *Queries) CreateResourceMappingGroup(ctx context.Context, arg CreateResourceMappingGroupParams) (string, error)
CreateResourceMappingGroup
INSERT INTO resource_mapping_groups (namespace_id, name) VALUES ($1, $2) RETURNING id
func (*Queries) DeleteKeyAccessServer ¶ added in v0.4.17
DeleteKeyAccessServer
DELETE FROM key_access_servers WHERE id = $1
func (*Queries) DeleteResourceMappingGroup ¶ added in v0.4.18
DeleteResourceMappingGroup
DELETE FROM resource_mapping_groups WHERE id = $1
func (*Queries) GetAttributeByDefOrValueFqn ¶ added in v0.4.19
func (q *Queries) GetAttributeByDefOrValueFqn(ctx context.Context, lower string) (GetAttributeByDefOrValueFqnRow, error)
get the attribute definition for the provided value or definition fqn get the active values with KAS grants under the attribute definition get the namespace fqn for the attribute definition get the grants for the attribute's namespace get the definition fqn for the attribute definition (could have been provided a value fqn initially) get the subject mappings for the active values under the attribute definition get the attribute definition and give structure to the result
WITH target_definition AS ( SELECT ad.id FROM attribute_definitions ad INNER JOIN attribute_fqns af ON af.attribute_id = ad.id WHERE af.fqn = LOWER($1) LIMIT 1 ), active_attribute_values AS ( SELECT av.id, av.value, av.active, av.attribute_definition_id, JSON_AGG( DISTINCT JSONB_BUILD_OBJECT( 'id', vkas.id, 'uri', vkas.uri, 'public_key', vkas.public_key ) ) FILTER (WHERE vkas.id IS NOT NULL AND vkas.uri IS NOT NULL AND vkas.public_key IS NOT NULL) AS val_grants_arr FROM attribute_values av LEFT JOIN attribute_value_key_access_grants avg ON av.id = avg.attribute_value_id LEFT JOIN key_access_servers vkas ON avg.key_access_server_id = vkas.id WHERE av.active = TRUE AND av.attribute_definition_id = (SELECT id FROM target_definition) GROUP BY av.id ), namespace_fqn_cte AS ( SELECT anfqn.namespace_id, anfqn.fqn FROM attribute_fqns anfqn WHERE anfqn.attribute_id IS NULL AND anfqn.value_id IS NULL ), namespace_grants_cte AS ( SELECT ankag.namespace_id, JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'id', kas.id, 'uri', kas.uri, 'public_key', kas.public_key ) ) AS grants FROM attribute_namespace_key_access_grants ankag LEFT JOIN key_access_servers kas ON kas.id = ankag.key_access_server_id GROUP BY ankag.namespace_id ), target_definition_fqn_cte AS ( SELECT af.fqn FROM attribute_fqns af WHERE af.namespace_id = (SELECT namespace_id FROM attribute_definitions WHERE id = (SELECT id FROM target_definition)) AND af.attribute_id = (SELECT id FROM target_definition) AND af.value_id IS NULL ), subject_mappings_cte AS ( SELECT av.id AS av_id, JSON_AGG( JSON_BUILD_OBJECT( 'id', sm.id, 'actions', sm.actions, 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT( 'labels', sm.metadata -> 'labels', 'created_at', sm.created_at, 'updated_at', sm.updated_at )), 'subject_condition_set', JSON_BUILD_OBJECT( 'id', scs.id, 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT( 'labels', scs.metadata -> 'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at )), 'subject_sets', scs.condition ) ) ) AS sub_maps_arr FROM subject_mappings sm LEFT JOIN attribute_values av ON sm.attribute_value_id = av.id LEFT JOIN subject_condition_set scs ON sm.subject_condition_set_id = scs.id WHERE av.active = TRUE AND av.attribute_definition_id = (SELECT id FROM target_definition) GROUP BY av.id ) SELECT ad.id, ad.name, ad.rule, JSON_STRIP_NULLS( JSON_BUILD_OBJECT( 'labels', ad.metadata -> 'labels', 'created_at', ad.created_at, 'updated_at', ad.updated_at ) ) AS metadata, ad.active, JSON_BUILD_OBJECT( 'name', an.name, 'id', an.id, 'fqn', nfq.fqn, 'grants', n_grants.grants, 'active', an.active ) AS namespace, (SELECT fqn FROM target_definition_fqn_cte) AS definition_fqn, JSON_AGG( JSON_BUILD_OBJECT( 'id', avt.id, 'value', avt.value, 'active', avt.active, 'fqn', af.fqn, 'subject_mappings', sm.sub_maps_arr, 'grants', avt.val_grants_arr -- enforce order of values in response ) ORDER BY array_position(ad.values_order, avt.id) ) AS values, JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'id', kas.id, 'uri', kas.uri, 'public_key', kas.public_key ) ) FILTER (WHERE kas.id IS NOT NULL AND kas.uri IS NOT NULL AND kas.public_key IS NOT NULL) AS definition_grants FROM attribute_definitions ad LEFT JOIN attribute_namespaces an ON an.id = ad.namespace_id LEFT JOIN active_attribute_values avt ON avt.attribute_definition_id = ad.id LEFT JOIN attribute_definition_key_access_grants adkag ON adkag.attribute_definition_id = ad.id LEFT JOIN key_access_servers kas ON kas.id = adkag.key_access_server_id LEFT JOIN attribute_fqns af ON af.value_id = avt.id LEFT JOIN namespace_fqn_cte nfq ON nfq.namespace_id = an.id LEFT JOIN namespace_grants_cte n_grants ON n_grants.namespace_id = an.id LEFT JOIN subject_mappings_cte sm ON avt.id = sm.av_id WHERE ad.active = TRUE AND ad.id = (SELECT id FROM target_definition) AND an.active = TRUE GROUP BY ad.id, an.id, nfq.fqn, n_grants.grants
func (*Queries) GetKeyAccessServer ¶ added in v0.4.17
GetKeyAccessServer
SELECT id, uri, public_key, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata FROM key_access_servers WHERE id = $1
func (*Queries) GetNamespace ¶ added in v0.4.19
-------------------------------------------------------------- NAMESPACES --------------------------------------------------------------
SELECT ns.id, ns.name, ns.active, attribute_fqns.fqn as fqn, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ns.metadata -> 'labels', 'created_at', ns.created_at, 'updated_at', ns.updated_at)) as metadata, JSONB_AGG(DISTINCT JSONB_BUILD_OBJECT( 'id', kas.id, 'uri', kas.uri, 'public_key', kas.public_key )) FILTER (WHERE kas_ns_grants.namespace_id IS NOT NULL) as grants FROM attribute_namespaces ns LEFT JOIN attribute_namespace_key_access_grants kas_ns_grants ON kas_ns_grants.namespace_id = ns.id LEFT JOIN key_access_servers kas ON kas.id = kas_ns_grants.key_access_server_id LEFT JOIN attribute_fqns ON attribute_fqns.namespace_id = ns.id WHERE ns.id = $1 AND attribute_fqns.attribute_id IS NULL AND attribute_fqns.value_id IS NULL GROUP BY ns.id, attribute_fqns.fqn
func (*Queries) GetResourceMappingGroup ¶ added in v0.4.18
func (q *Queries) GetResourceMappingGroup(ctx context.Context, id string) (GetResourceMappingGroupRow, error)
GetResourceMappingGroup
SELECT id, namespace_id, name FROM resource_mapping_groups WHERE id = $1
func (*Queries) ListKeyAccessServerGrants ¶ added in v0.4.19
func (q *Queries) ListKeyAccessServerGrants(ctx context.Context, arg ListKeyAccessServerGrantsParams) ([]ListKeyAccessServerGrantsRow, error)
-------------------------------------------------------------- ATTRIBUTES --------------------------------------------------------------
SELECT kas.id AS kas_id, kas.uri AS kas_uri, kas.public_key AS kas_public_key, JSON_STRIP_NULLS(JSON_BUILD_OBJECT( 'labels', kas.metadata -> 'labels', 'created_at', kas.created_at, 'updated_at', kas.updated_at )) AS kas_metadata, json_agg(DISTINCT jsonb_build_object( 'id', attrkag.attribute_definition_id, 'fqn', fqns_on_attr.fqn )) FILTER (WHERE attrkag.attribute_definition_id IS NOT NULL) AS attributes_grants, json_agg(DISTINCT jsonb_build_object( 'id', valkag.attribute_value_id, 'fqn', fqns_on_vals.fqn )) FILTER (WHERE valkag.attribute_value_id IS NOT NULL) AS values_grants, json_agg(DISTINCT jsonb_build_object( 'id', nskag.namespace_id, 'fqn', fqns_on_ns.fqn )) FILTER (WHERE nskag.namespace_id IS NOT NULL) AS namespace_grants FROM key_access_servers kas LEFT JOIN attribute_definition_key_access_grants attrkag ON kas.id = attrkag.key_access_server_id LEFT JOIN attribute_fqns fqns_on_attr ON attrkag.attribute_definition_id = fqns_on_attr.attribute_id AND fqns_on_attr.value_id IS NULL LEFT JOIN attribute_value_key_access_grants valkag ON kas.id = valkag.key_access_server_id LEFT JOIN attribute_fqns fqns_on_vals ON valkag.attribute_value_id = fqns_on_vals.value_id LEFT JOIN attribute_namespace_key_access_grants nskag ON kas.id = nskag.key_access_server_id LEFT JOIN attribute_fqns fqns_on_ns ON nskag.namespace_id = fqns_on_ns.namespace_id WHERE (NULLIF($1, '') IS NULL OR kas.id = $1::uuid) AND (NULLIF($2, '') IS NULL OR kas.uri = $2::varchar) GROUP BY kas.id
func (*Queries) ListKeyAccessServers ¶ added in v0.4.17
func (q *Queries) ListKeyAccessServers(ctx context.Context) ([]ListKeyAccessServersRow, error)
-------------------------------------------------------------- KEY ACCESS SERVERS --------------------------------------------------------------
SELECT id, uri, public_key, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata FROM key_access_servers
func (*Queries) ListResourceMappingGroups ¶ added in v0.4.18
func (q *Queries) ListResourceMappingGroups(ctx context.Context, namespaceID interface{}) ([]ListResourceMappingGroupsRow, error)
-------------------------------------------------------------- RESOURCE MAPPING GROUPS --------------------------------------------------------------
SELECT id, namespace_id, name FROM resource_mapping_groups WHERE (NULLIF($1, '') IS NULL OR namespace_id = $1::uuid)
func (*Queries) ListResourceMappingsByFullyQualifiedGroup ¶ added in v0.4.19
func (q *Queries) ListResourceMappingsByFullyQualifiedGroup(ctx context.Context, arg ListResourceMappingsByFullyQualifiedGroupParams) ([]ListResourceMappingsByFullyQualifiedGroupRow, error)
-------------------------------------------------------------- RESOURCE MAPPING --------------------------------------------------------------
SELECT m.id, m.attribute_value_id, m.terms, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', m.metadata -> 'labels', 'created_at', m.created_at, 'updated_at', m.updated_at)) as metadata, -- sqlc needs TEXT cast here to be able to generate string properties in Go struct -- has issues when using aliases for some reason, even on a varchar field like g.name g.id::TEXT as group_id, g.namespace_id::TEXT as group_namespace_id, g.name::TEXT as group_name FROM resource_mappings m LEFT JOIN resource_mapping_groups g ON m.group_id = g.id LEFT JOIN attribute_namespaces ns ON g.namespace_id = ns.id WHERE ns.name = LOWER($1) AND g.name = LOWER($2)
func (*Queries) RemoveKeyAccessServerFromNamespace ¶ added in v0.4.19
func (q *Queries) RemoveKeyAccessServerFromNamespace(ctx context.Context, arg RemoveKeyAccessServerFromNamespaceParams) (int64, error)
RemoveKeyAccessServerFromNamespace
DELETE FROM attribute_namespace_key_access_grants WHERE namespace_id = $1 AND key_access_server_id = $2
func (*Queries) UpdateKeyAccessServer ¶ added in v0.4.17
func (q *Queries) UpdateKeyAccessServer(ctx context.Context, arg UpdateKeyAccessServerParams) (string, error)
UpdateKeyAccessServer
UPDATE key_access_servers SET uri = coalesce($2, uri), public_key = coalesce($3, public_key), metadata = coalesce($4, metadata) WHERE id = $1 RETURNING id
func (*Queries) UpdateResourceMappingGroup ¶ added in v0.4.18
func (q *Queries) UpdateResourceMappingGroup(ctx context.Context, arg UpdateResourceMappingGroupParams) (string, error)
UpdateResourceMappingGroup
UPDATE resource_mapping_groups SET namespace_id = COALESCE($2, namespace_id), name = COALESCE($3, name) WHERE id = $1 RETURNING id
type RemoveKeyAccessServerFromNamespaceParams ¶ added in v0.4.19
type ResourceMapping ¶ added in v0.4.17
type ResourceMapping struct { // Primary key for the table ID string `json:"id"` // Foreign key to the attribute value AttributeValueID string `json:"attribute_value_id"` // Terms to match against resource data (i.e. translations "roi", "rey", or "kung" in a terms list could map to the value "/attr/card/value/king") Terms []string `json:"terms"` // Metadata for the resource mapping (see protos for structure) Metadata []byte `json:"metadata"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` // Foreign key to the parent group of the resource mapping (optional, a resource mapping may not be in a group) GroupID pgtype.UUID `json:"group_id"` }
Table to store associated terms that should map resource data to attribute values
type ResourceMappingGroup ¶ added in v0.4.18
type ResourceMappingGroup struct { // Primary key for the table ID string `json:"id"` // Foreign key to the namespace of the attribute NamespaceID string `json:"namespace_id"` // Name for the group of resource mappings Name string `json:"name"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` }
Table to store the groups of resource mappings by unique namespace and group name combinations
type SubjectConditionSet ¶ added in v0.4.17
type SubjectConditionSet struct { // Primary key for the table ID string `json:"id"` // Conditions that must be met for the subject entity to be entitled to the attribute value (see protos for JSON structure) Condition []byte `json:"condition"` // Metadata for the condition set (see protos for structure) Metadata []byte `json:"metadata"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` }
Table to store sets of conditions that logically entitle subject entity representations to attribute values via a subject mapping
type SubjectMapping ¶ added in v0.4.17
type SubjectMapping struct { // Primary key for the table ID string `json:"id"` // Foreign key to the attribute value AttributeValueID string `json:"attribute_value_id"` // Metadata for the subject mapping (see protos for structure) Metadata []byte `json:"metadata"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` // Foreign key to the condition set that entitles the subject entity to the attribute value SubjectConditionSetID pgtype.UUID `json:"subject_condition_set_id"` // Actions that the subject entity can perform on the attribute value (see protos for details) Actions []byte `json:"actions"` }
Table to store conditions that logically entitle subject entity representations to attribute values