db

package
v0.4.24 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 1, 2024 License: BSD-3-Clause-Clear Imports: 26 Imported by: 0

README

Policy Database

Migrations

Migrations are configurable (see service configuration readme) and in Policy are powered by Goose.

Goose runs the migrations sequentially, and each migration should have an associated ERD in markdown as well if there have been changes to the table relations in the policy schema.

Queries

Historically, queries have been written in Go with squirrel.

However, the path going forward is to migrate existing queries and write all new queries directly in SQL (see ./query.sql), and generate the Go type-safe functions to execute each query with the helpful tool sqlc.

To generate the Go code when you've added or updated a SQL query in query.sql, install sqlc, then run the generate command.

From repo root:

make policy-sql-gen

From this directory in /service/policy/db:

brew install sqlc

sqlc generate

Other useful subcommands also exist on sqlc, like vet, compile, verify, and diff.

Schema ERD

The schema in the policy database is managed through Goose migrations (see above), which are also read into the sqlc generated code to execute db queries within Go.

However, we use a separate tool (see ADR) to generate an up-to-date schema ERD containing the entirety of the policy database.

Generating

From the repo root:

  1. Ensure your Policy postgres container is running
    • docker compose up
  2. Ensure you have run the latest Goose migrations
    • To run all migrations: go run ./service start
    • To run only some migrations: go run ./service migrate with various subcommands as needed
  3. Generate the schema
    • make policy-erd-gen

Documentation

Index

Constants

View Source 
const (
	StateInactive    = "INACTIVE"
	StateActive      = "ACTIVE"
	StateAny         = "ANY"
	StateUnspecified = "UNSPECIFIED"
)

Variables

View Source 
var (
	TableAttributes                    = "attribute_definitions"
	TableAttributeValues               = "attribute_values"
	TableNamespaces                    = "attribute_namespaces"
	TableAttrFqn                       = "attribute_fqns"
	TableAttributeKeyAccessGrants      = "attribute_definition_key_access_grants"
	TableAttributeValueKeyAccessGrants = "attribute_value_key_access_grants"
	TableResourceMappings              = "resource_mappings"
	TableSubjectMappings               = "subject_mappings"
	TableSubjectConditionSet           = "subject_condition_set"
	TableKeyAccessServerRegistry       = "key_access_servers"
)
View Source 
var AttributeRuleTypeEnumPrefix = "ATTRIBUTE_RULE_TYPE_ENUM_"
View Source 
var Tables struct {
	Attributes                    db.Table
	AttributeValues               db.Table
	Namespaces                    db.Table
	AttrFqn                       db.Table
	AttributeKeyAccessGrants      db.Table
	AttributeValueKeyAccessGrants db.Table
	ResourceMappings              db.Table
	SubjectMappings               db.Table
	SubjectConditionSet           db.Table
	KeyAccessServerRegistry       db.Table
}

Functions

func GetDBStateTypeTransformedEnum 

func GetDBStateTypeTransformedEnum(state common.ActiveStateEnum) string

Types

type AssignKeyAccessServerToNamespaceParams added in v0.4.19 

type AssignKeyAccessServerToNamespaceParams struct {
	NamespaceID       string `json:"namespace_id"`
	KeyAccessServerID string `json:"key_access_server_id"`
}

type AttributeDefinition added in v0.4.17 

type AttributeDefinition struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the parent namespace of the attribute definition
	NamespaceID string `json:"namespace_id"`
	// Name of the attribute (i.e. organization or classification), unique within the namespace
	Name string `json:"name"`
	// Rule for the attribute (see protos for options)
	Rule AttributeDefinitionRule `json:"rule"`
	// Metadata for the attribute definition (see protos for structure)
	Metadata []byte `json:"metadata"`
	// Active/Inactive state
	Active    bool               `json:"active"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Order of value ids for the attribute (important for hierarchy rule)
	ValuesOrder []string `json:"values_order"`
}

Table to store the definitions of attributes

type AttributeDefinitionKeyAccessGrant added in v0.4.17 

type AttributeDefinitionKeyAccessGrant struct {
	// Foreign key to the attribute definition
	AttributeDefinitionID string `json:"attribute_definition_id"`
	// Foreign key to the KAS registration
	KeyAccessServerID string `json:"key_access_server_id"`
}

Table to store the grants of key access servers (KASs) to attribute definitions

type AttributeDefinitionRule added in v0.4.17 

type AttributeDefinitionRule string
const (
	AttributeDefinitionRuleUNSPECIFIED AttributeDefinitionRule = "UNSPECIFIED"
	AttributeDefinitionRuleALLOF       AttributeDefinitionRule = "ALL_OF"
	AttributeDefinitionRuleANYOF       AttributeDefinitionRule = "ANY_OF"
	AttributeDefinitionRuleHIERARCHY   AttributeDefinitionRule = "HIERARCHY"
)

func (*AttributeDefinitionRule) Scan added in v0.4.17 

func (e *AttributeDefinitionRule) Scan(src interface{}) error

type AttributeFqn added in v0.4.17 

type AttributeFqn struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the namespace of the attribute
	NamespaceID pgtype.UUID `json:"namespace_id"`
	// Foreign key to the attribute definition
	AttributeID pgtype.UUID `json:"attribute_id"`
	// Foreign key to the attribute value
	ValueID pgtype.UUID `json:"value_id"`
	// Fully qualified name of the attribute (i.e. https://<namespace>/attr/<attribute name>/value/<value>)
	Fqn string `json:"fqn"`
}

Table to store the fully qualified names of attributes for reverse lookup at their object IDs

type AttributeNamespace added in v0.4.17 

type AttributeNamespace struct {
	// Primary key for the table
	ID string `json:"id"`
	// Name of the namespace (i.e. example.com)
	Name string `json:"name"`
	// Active/Inactive state
	Active bool `json:"active"`
	// Metadata for the namespace (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store the parent namespaces of platform policy attributes and related policy objects

type AttributeNamespaceKeyAccessGrant added in v0.4.19 

type AttributeNamespaceKeyAccessGrant struct {
	// Foreign key to the namespace of the KAS grant
	NamespaceID string `json:"namespace_id"`
	// Foreign key to the KAS registration
	KeyAccessServerID string `json:"key_access_server_id"`
}

Table to store the grants of key access servers (KASs) to attribute namespaces

type AttributeValue added in v0.4.17 

type AttributeValue struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the parent attribute definition
	AttributeDefinitionID string `json:"attribute_definition_id"`
	// Value of the attribute (i.e. "manager" or "admin" on an attribute for titles), unique within the definition
	Value string `json:"value"`
	// Metadata for the attribute value (see protos for structure)
	Metadata []byte `json:"metadata"`
	// Active/Inactive state
	Active    bool               `json:"active"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store the values of attributes

type AttributeValueKeyAccessGrant added in v0.4.17 

type AttributeValueKeyAccessGrant struct {
	// Foreign key to the attribute value
	AttributeValueID string `json:"attribute_value_id"`
	// Foreign key to the KAS registration
	KeyAccessServerID string `json:"key_access_server_id"`
}

Table to store the grants of key access servers (KASs) to attribute values

type CreateKeyAccessServerParams added in v0.4.17 

type CreateKeyAccessServerParams struct {
	Uri       string `json:"uri"`
	PublicKey []byte `json:"public_key"`
	Metadata  []byte `json:"metadata"`
}

type CreateNamespaceParams added in v0.4.24 

type CreateNamespaceParams struct {
	Name     string `json:"name"`
	Metadata []byte `json:"metadata"`
}

type CreateResourceMappingGroupParams added in v0.4.18 

type CreateResourceMappingGroupParams struct {
	NamespaceID string `json:"namespace_id"`
	Name        string `json:"name"`
	Metadata    []byte `json:"metadata"`
}

type DBTX added in v0.4.17 

type DBTX interface {
	Exec(context.Context, string, ...interface{}) (pgconn.CommandTag, error)
	Query(context.Context, string, ...interface{}) (pgx.Rows, error)
	QueryRow(context.Context, string, ...interface{}) pgx.Row
}

type GetAttributeByDefOrValueFqnRow added in v0.4.19 

type GetAttributeByDefOrValueFqnRow struct {
	ID               string                  `json:"id"`
	Name             string                  `json:"name"`
	Rule             AttributeDefinitionRule `json:"rule"`
	Metadata         []byte                  `json:"metadata"`
	Active           bool                    `json:"active"`
	Namespace        []byte                  `json:"namespace"`
	DefinitionFqn    string                  `json:"definition_fqn"`
	Values           []byte                  `json:"values"`
	DefinitionGrants []byte                  `json:"definition_grants"`
}

type GetKeyAccessServerRow added in v0.4.17 

type GetKeyAccessServerRow struct {
	ID        string `json:"id"`
	Uri       string `json:"uri"`
	PublicKey []byte `json:"public_key"`
	Metadata  []byte `json:"metadata"`
}

type GetNamespaceRow added in v0.4.19 

type GetNamespaceRow struct {
	ID       string      `json:"id"`
	Name     string      `json:"name"`
	Active   bool        `json:"active"`
	Fqn      pgtype.Text `json:"fqn"`
	Metadata []byte      `json:"metadata"`
	Grants   []byte      `json:"grants"`
}

type GetResourceMappingGroupRow added in v0.4.19 

type GetResourceMappingGroupRow struct {
	ID          string `json:"id"`
	NamespaceID string `json:"namespace_id"`
	Name        string `json:"name"`
	Metadata    []byte `json:"metadata"`
}

type KeyAccessServer added in v0.4.17 

type KeyAccessServer struct {
	// Primary key for the table
	ID string `json:"id"`
	// URI of the KAS
	Uri string `json:"uri"`
	// Public key of the KAS (see protos for structure/options)
	PublicKey []byte `json:"public_key"`
	// Metadata for the KAS (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store the known registrations of key access servers (KASs)

type ListKeyAccessServerGrantsParams added in v0.4.19 

type ListKeyAccessServerGrantsParams struct {
	KasID  interface{} `json:"kas_id"`
	KasUri interface{} `json:"kas_uri"`
}

type ListKeyAccessServerGrantsRow added in v0.4.19 

type ListKeyAccessServerGrantsRow struct {
	KasID            string `json:"kas_id"`
	KasUri           string `json:"kas_uri"`
	KasPublicKey     []byte `json:"kas_public_key"`
	KasMetadata      []byte `json:"kas_metadata"`
	AttributesGrants []byte `json:"attributes_grants"`
	ValuesGrants     []byte `json:"values_grants"`
	NamespaceGrants  []byte `json:"namespace_grants"`
}

type ListKeyAccessServersRow added in v0.4.17 

type ListKeyAccessServersRow struct {
	ID        string `json:"id"`
	Uri       string `json:"uri"`
	PublicKey []byte `json:"public_key"`
	Metadata  []byte `json:"metadata"`
}

type ListNamespacesRow added in v0.4.24 

type ListNamespacesRow struct {
	ID       string      `json:"id"`
	Name     string      `json:"name"`
	Active   bool        `json:"active"`
	Metadata []byte      `json:"metadata"`
	Fqn      pgtype.Text `json:"fqn"`
}

type ListResourceMappingGroupsRow added in v0.4.19 

type ListResourceMappingGroupsRow struct {
	ID          string `json:"id"`
	NamespaceID string `json:"namespace_id"`
	Name        string `json:"name"`
	Metadata    []byte `json:"metadata"`
}

type ListResourceMappingsByFullyQualifiedGroupParams added in v0.4.19 

type ListResourceMappingsByFullyQualifiedGroupParams struct {
	NamespaceName string `json:"namespace_name"`
	GroupName     string `json:"group_name"`
}

type ListResourceMappingsByFullyQualifiedGroupRow added in v0.4.19 

type ListResourceMappingsByFullyQualifiedGroupRow struct {
	ID               string   `json:"id"`
	AttributeValueID string   `json:"attribute_value_id"`
	Terms            []string `json:"terms"`
	Metadata         []byte   `json:"metadata"`
	GroupID          string   `json:"group_id"`
	GroupNamespaceID string   `json:"group_namespace_id"`
	GroupName        string   `json:"group_name"`
	GroupMetadata    []byte   `json:"group_metadata"`
}

type NullAttributeDefinitionRule added in v0.4.17 

type NullAttributeDefinitionRule struct {
	AttributeDefinitionRule AttributeDefinitionRule `json:"attribute_definition_rule"`
	Valid                   bool                    `json:"valid"` // Valid is true if AttributeDefinitionRule is not NULL
}

func (*NullAttributeDefinitionRule) Scan added in v0.4.17 

func (ns *NullAttributeDefinitionRule) Scan(value interface{}) error

Scan implements the Scanner interface.

func (NullAttributeDefinitionRule) Value added in v0.4.17 

func (ns NullAttributeDefinitionRule) Value() (driver.Value, error)

Value implements the driver Valuer interface.

type PolicyDBClient 

type PolicyDBClient struct {
	*db.Client

	*Queries
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(c *db.Client, logger *logger.Logger) PolicyDBClient

func (PolicyDBClient) AssignKeyAccessServerToAttribute 

func (c PolicyDBClient) AssignKeyAccessServerToAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)

func (PolicyDBClient) AssignKeyAccessServerToNamespace added in v0.4.19 

func (c PolicyDBClient) AssignKeyAccessServerToNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)

func (PolicyDBClient) AssignKeyAccessServerToValue 

func (c PolicyDBClient) AssignKeyAccessServerToValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)

func (*PolicyDBClient) AttrFqnReindex 

func (c *PolicyDBClient) AttrFqnReindex() (res struct {
	Namespaces []struct {
		ID  string
		Fqn string
	}
	Attributes []struct {
		ID  string
		Fqn string
	}
	Values []struct {
		ID  string
		Fqn string
	}
},
)

AttrFqnReindex will reindex all namespace, attribute, and attribute_value FQNs

func (PolicyDBClient) CreateAttribute 

func (c PolicyDBClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)

func (PolicyDBClient) CreateAttributeValue 

func (c PolicyDBClient) CreateAttributeValue(ctx context.Context, attributeID string, v *attributes.CreateAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) CreateKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) CreateKeyAccessServer(ctx context.Context, r *kasregistry.CreateKeyAccessServerRequest) (*policy.KeyAccessServer, error)

func (PolicyDBClient) CreateNamespace 

func (c PolicyDBClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)

func (PolicyDBClient) CreateResourceMapping 

func (c PolicyDBClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)

func (PolicyDBClient) CreateResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) CreateResourceMappingGroup(ctx context.Context, r *resourcemapping.CreateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) CreateSubjectConditionSet 

func (c PolicyDBClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)

Creates a new subject condition set and returns the id of the created

func (PolicyDBClient) CreateSubjectMapping 

func (c PolicyDBClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)

Creates a new subject mapping and returns the id of the created. If an existing subject condition set id is provided, it will be used. If a new subject condition set is provided, it will be created. The existing subject condition set id takes precedence.

func (PolicyDBClient) DeactivateAttribute 

func (c PolicyDBClient) DeactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)

func (PolicyDBClient) DeactivateAttributeValue 

func (c PolicyDBClient) DeactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)

func (PolicyDBClient) DeactivateNamespace 

func (c PolicyDBClient) DeactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)

func (PolicyDBClient) DeleteKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) DeleteKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)

func (PolicyDBClient) DeleteResourceMapping 

func (c PolicyDBClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)

func (PolicyDBClient) DeleteResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) DeleteResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) DeleteSubjectConditionSet 

func (c PolicyDBClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)

Deletes specified subject condition set and returns the id of the deleted

func (PolicyDBClient) DeleteSubjectMapping 

func (c PolicyDBClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)

Deletes specified subject mapping and returns the id of the deleted

func (PolicyDBClient) GetAttribute 

func (c PolicyDBClient) GetAttribute(ctx context.Context, id string) (*policy.Attribute, error)

func (PolicyDBClient) GetAttributeByFqn 

func (c PolicyDBClient) GetAttributeByFqn(ctx context.Context, fqn string) (*policy.Attribute, error)

func (PolicyDBClient) GetAttributeValue 

func (c PolicyDBClient) GetAttributeValue(ctx context.Context, id string) (*policy.Value, error)

func (PolicyDBClient) GetAttributesByNamespace 

func (c PolicyDBClient) GetAttributesByNamespace(ctx context.Context, namespaceID string) ([]*policy.Attribute, error)

func (*PolicyDBClient) GetAttributesByValueFqns 

func (c *PolicyDBClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, error)

func (PolicyDBClient) GetKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) GetKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)

func (PolicyDBClient) GetMatchedSubjectMappings 

func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)

GetMatchedSubjectMappings liberally returns a list of SubjectMappings based on the provided SubjectProperties. The SubjectMappings are returned if there is any single condition found among the structures that matches: 1. The external field, external value, and an IN operator 2. The external field, _no_ external value, and a NOT_IN operator

Without this filtering, if a field was something like '.emailAddress' or '.username', every Subject is probably going to relate to that mapping in some way or another, potentially matching every single attribute in the DB if a policy admin has relied heavily on that field. There is no logic applied beyond a single condition within the query to avoid business logic interpreting the supplied conditions beyond the bare minimum initial filter.

NOTE: This relationship is sometimes called Entitlements or Subject Entitlements. NOTE: if you have any issues, set the log level to 'debug' for more comprehensive context.

func (PolicyDBClient) GetNamespace 

func (c PolicyDBClient) GetNamespace(ctx context.Context, id string) (*policy.Namespace, error)

func (PolicyDBClient) GetResourceMapping 

func (c PolicyDBClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)

func (PolicyDBClient) GetResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) GetResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) GetSubjectConditionSet 

func (c PolicyDBClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)

func (PolicyDBClient) GetSubjectMapping 

func (c PolicyDBClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)

func (PolicyDBClient) ListAllAttributeValues 

func (c PolicyDBClient) ListAllAttributeValues(ctx context.Context, state string) ([]*policy.Value, error)

func (PolicyDBClient) ListAllAttributes 

func (c PolicyDBClient) ListAllAttributes(ctx context.Context, state string, namespace string) ([]*policy.Attribute, error)

func (PolicyDBClient) ListAllAttributesWithout 

func (c PolicyDBClient) ListAllAttributesWithout(ctx context.Context, state string) ([]*policy.Attribute, error)

func (PolicyDBClient) ListAttributeValues 

func (c PolicyDBClient) ListAttributeValues(ctx context.Context, attributeID string, state string) ([]*policy.Value, error)

func (PolicyDBClient) ListKeyAccessServerGrants added in v0.4.19 

func (c PolicyDBClient) ListKeyAccessServerGrants(ctx context.Context, kasID string, kasURI string) ([]*kasregistry.KeyAccessServerGrants, error)

func (PolicyDBClient) ListKeyAccessServers added in v0.2.0 

func (c PolicyDBClient) ListKeyAccessServers(ctx context.Context) ([]*policy.KeyAccessServer, error)

func (PolicyDBClient) ListNamespaces 

func (c PolicyDBClient) ListNamespaces(ctx context.Context, state string) ([]*policy.Namespace, error)

func (PolicyDBClient) ListResourceMappingGroups added in v0.4.19 

func (c PolicyDBClient) ListResourceMappingGroups(ctx context.Context, r *resourcemapping.ListResourceMappingGroupsRequest) ([]*policy.ResourceMappingGroup, error)

func (PolicyDBClient) ListResourceMappings 

func (c PolicyDBClient) ListResourceMappings(ctx context.Context, r *resourcemapping.ListResourceMappingsRequest) ([]*policy.ResourceMapping, error)

func (PolicyDBClient) ListResourceMappingsByGroupFqns added in v0.4.19 

func (c PolicyDBClient) ListResourceMappingsByGroupFqns(ctx context.Context, fqns []string) (map[string]*resourcemapping.ResourceMappingsByGroup, error)

NOTE: uses sqlc instead of squirrel

func (PolicyDBClient) ListSubjectConditionSets 

func (c PolicyDBClient) ListSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)

func (PolicyDBClient) ListSubjectMappings 

func (c PolicyDBClient) ListSubjectMappings(ctx context.Context) ([]*policy.SubjectMapping, error)

func (PolicyDBClient) RemoveKeyAccessServerFromAttribute 

func (c PolicyDBClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)

func (PolicyDBClient) RemoveKeyAccessServerFromNamespace added in v0.4.19 

func (c PolicyDBClient) RemoveKeyAccessServerFromNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)

func (PolicyDBClient) RemoveKeyAccessServerFromValue 

func (c PolicyDBClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)

func (PolicyDBClient) UnsafeDeleteAttribute added in v0.4.8 

func (c PolicyDBClient) UnsafeDeleteAttribute(ctx context.Context, existing *policy.Attribute, fqn string) (*policy.Attribute, error)

func (PolicyDBClient) UnsafeDeleteAttributeValue added in v0.4.8 

func (c PolicyDBClient) UnsafeDeleteAttributeValue(ctx context.Context, toDelete *policy.Value, r *unsafe.UnsafeDeleteAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) UnsafeDeleteNamespace added in v0.4.7 

func (c PolicyDBClient) UnsafeDeleteNamespace(ctx context.Context, existing *policy.Namespace, fqn string) (*policy.Namespace, error)

func (PolicyDBClient) UnsafeReactivateAttribute added in v0.4.8 

func (c PolicyDBClient) UnsafeReactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)

func (PolicyDBClient) UnsafeReactivateAttributeValue added in v0.4.8 

func (c PolicyDBClient) UnsafeReactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)

func (PolicyDBClient) UnsafeReactivateNamespace added in v0.4.7 

func (c PolicyDBClient) UnsafeReactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)

func (PolicyDBClient) UnsafeUpdateAttribute added in v0.4.8 

func (c PolicyDBClient) UnsafeUpdateAttribute(ctx context.Context, r *unsafe.UnsafeUpdateAttributeRequest) (*policy.Attribute, error)

func (PolicyDBClient) UnsafeUpdateAttributeValue added in v0.4.8 

func (c PolicyDBClient) UnsafeUpdateAttributeValue(ctx context.Context, r *unsafe.UnsafeUpdateAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) UnsafeUpdateNamespace added in v0.4.7 

func (c PolicyDBClient) UnsafeUpdateNamespace(ctx context.Context, id string, name string) (*policy.Namespace, error)

UNSAFE OPERATIONS

func (PolicyDBClient) UpdateAttribute 

func (c PolicyDBClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)

func (PolicyDBClient) UpdateAttributeValue 

func (c PolicyDBClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) UpdateKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) UpdateKeyAccessServer(ctx context.Context, id string, r *kasregistry.UpdateKeyAccessServerRequest) (*policy.KeyAccessServer, error)

func (PolicyDBClient) UpdateNamespace 

func (c PolicyDBClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)

func (PolicyDBClient) UpdateResourceMapping 

func (c PolicyDBClient) UpdateResourceMapping(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingRequest) (*policy.ResourceMapping, error)

func (PolicyDBClient) UpdateResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) UpdateResourceMappingGroup(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) UpdateSubjectConditionSet 

func (c PolicyDBClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)

Mutates provided fields and returns id of the updated subject condition set

func (PolicyDBClient) UpdateSubjectMapping 

func (c PolicyDBClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)

Mutates provided fields and returns id of the updated subject mapping

type Queries added in v0.4.17 

type Queries struct {
	// contains filtered or unexported fields
}

func New added in v0.4.17 

func New(db DBTX) *Queries

func (*Queries) AssignKeyAccessServerToNamespace added in v0.4.19 

func (q *Queries) AssignKeyAccessServerToNamespace(ctx context.Context, arg AssignKeyAccessServerToNamespaceParams) (int64, error)

AssignKeyAccessServerToNamespace 

INSERT INTO attribute_namespace_key_access_grants (namespace_id, key_access_server_id)
VALUES ($1, $2)

func (*Queries) CreateKeyAccessServer added in v0.4.17 

func (q *Queries) CreateKeyAccessServer(ctx context.Context, arg CreateKeyAccessServerParams) (string, error)

CreateKeyAccessServer 

INSERT INTO key_access_servers (uri, public_key, metadata)
VALUES ($1, $2, $3)
RETURNING id

func (*Queries) CreateNamespace added in v0.4.24 

func (q *Queries) CreateNamespace(ctx context.Context, arg CreateNamespaceParams) (string, error)

CreateNamespace 

INSERT INTO attribute_namespaces (name, metadata)
VALUES ($1, $2)
RETURNING id

func (*Queries) CreateResourceMappingGroup added in v0.4.18 

func (q *Queries) CreateResourceMappingGroup(ctx context.Context, arg CreateResourceMappingGroupParams) (string, error)

CreateResourceMappingGroup 

INSERT INTO resource_mapping_groups (namespace_id, name, metadata)
VALUES ($1, $2, $3)
RETURNING id

func (*Queries) DeleteKeyAccessServer added in v0.4.17 

func (q *Queries) DeleteKeyAccessServer(ctx context.Context, id string) (int64, error)

DeleteKeyAccessServer 

DELETE FROM key_access_servers WHERE id = $1

func (*Queries) DeleteNamespace added in v0.4.24 

func (q *Queries) DeleteNamespace(ctx context.Context, id string) (int64, error)

DeleteNamespace 

DELETE FROM attribute_namespaces WHERE id = $1

func (*Queries) DeleteResourceMappingGroup added in v0.4.18 

func (q *Queries) DeleteResourceMappingGroup(ctx context.Context, id string) (int64, error)

DeleteResourceMappingGroup 

DELETE FROM resource_mapping_groups WHERE id = $1

func (*Queries) GetAttributeByDefOrValueFqn added in v0.4.19 

func (q *Queries) GetAttributeByDefOrValueFqn(ctx context.Context, lower string) (GetAttributeByDefOrValueFqnRow, error)

get the attribute definition for the provided value or definition fqn get the active values with KAS grants under the attribute definition get the namespace fqn for the attribute definition get the grants for the attribute's namespace get the definition fqn for the attribute definition (could have been provided a value fqn initially) get the subject mappings for the active values under the attribute definition get the attribute definition and give structure to the result 

WITH target_definition AS (
    SELECT ad.id
    FROM attribute_definitions ad
    INNER JOIN attribute_fqns af ON af.attribute_id = ad.id
    WHERE af.fqn = LOWER($1)
    LIMIT 1
),
active_attribute_values AS (
    SELECT
        av.id,
        av.value,
        av.active,
        av.attribute_definition_id,
        JSON_AGG(
            DISTINCT JSONB_BUILD_OBJECT(
                'id', vkas.id,
                'uri', vkas.uri,
                'public_key', vkas.public_key
            )
        ) FILTER (WHERE vkas.id IS NOT NULL AND vkas.uri IS NOT NULL AND vkas.public_key IS NOT NULL) AS val_grants_arr
    FROM
        attribute_values av
    LEFT JOIN attribute_value_key_access_grants avg ON av.id = avg.attribute_value_id
    LEFT JOIN key_access_servers vkas ON avg.key_access_server_id = vkas.id
    WHERE av.active = TRUE
    AND av.attribute_definition_id = (SELECT id FROM target_definition)
    GROUP BY av.id
),
namespace_fqn_cte AS (
    SELECT anfqn.namespace_id, anfqn.fqn
    FROM attribute_fqns anfqn
    WHERE anfqn.attribute_id IS NULL AND anfqn.value_id IS NULL
),
namespace_grants_cte AS (
    SELECT
        ankag.namespace_id,
        JSONB_AGG(
            DISTINCT JSONB_BUILD_OBJECT(
                'id', kas.id,
                'uri', kas.uri,
                'public_key', kas.public_key
            )
        ) AS grants
    FROM
        attribute_namespace_key_access_grants ankag
    LEFT JOIN key_access_servers kas ON kas.id = ankag.key_access_server_id
    GROUP BY ankag.namespace_id
),
target_definition_fqn_cte AS (
    SELECT af.fqn
    FROM attribute_fqns af
    WHERE af.namespace_id = (SELECT namespace_id FROM attribute_definitions WHERE id = (SELECT id FROM target_definition))
    AND af.attribute_id = (SELECT id FROM target_definition)
    AND af.value_id IS NULL
),
subject_mappings_cte AS (
    SELECT
        av.id AS av_id,
        JSON_AGG(
            JSON_BUILD_OBJECT(
                'id', sm.id,
                'actions', sm.actions,
                'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT(
                    'labels', sm.metadata -> 'labels',
                    'created_at', sm.created_at,
                    'updated_at', sm.updated_at
                )),
                'subject_condition_set', JSON_BUILD_OBJECT(
                    'id', scs.id,
                    'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT(
                        'labels', scs.metadata -> 'labels',
                        'created_at', scs.created_at,
                        'updated_at', scs.updated_at
                    )),
                    'subject_sets', scs.condition
                )
            )
        ) AS sub_maps_arr
    FROM
        subject_mappings sm
    LEFT JOIN attribute_values av ON sm.attribute_value_id = av.id
    LEFT JOIN subject_condition_set scs ON sm.subject_condition_set_id = scs.id
    WHERE av.active = TRUE
    AND av.attribute_definition_id = (SELECT id FROM target_definition)
    GROUP BY av.id
)
SELECT
    ad.id,
    ad.name,
    ad.rule,
    JSON_STRIP_NULLS(
        JSON_BUILD_OBJECT(
            'labels', ad.metadata -> 'labels',
            'created_at', ad.created_at,
            'updated_at', ad.updated_at
        )
    ) AS metadata,
    ad.active,
    JSON_BUILD_OBJECT(
        'name', an.name,
        'id', an.id,
        'fqn', nfq.fqn,
        'grants', n_grants.grants,
        'active', an.active
    ) AS namespace,
    (SELECT fqn FROM target_definition_fqn_cte) AS definition_fqn,
    JSON_AGG(
        JSON_BUILD_OBJECT(
            'id', avt.id,
            'value', avt.value,
            'active', avt.active,
            'fqn', af.fqn,
            'subject_mappings', sm.sub_maps_arr,
            'grants', avt.val_grants_arr
        -- enforce order of values in response
        ) ORDER BY array_position(ad.values_order, avt.id)
    ) AS values,
    JSONB_AGG(
        DISTINCT JSONB_BUILD_OBJECT(
            'id', kas.id,
            'uri', kas.uri,
            'public_key', kas.public_key
        )
    ) FILTER (WHERE kas.id IS NOT NULL AND kas.uri IS NOT NULL AND kas.public_key IS NOT NULL) AS definition_grants
FROM
    attribute_definitions ad
LEFT JOIN attribute_namespaces an ON an.id = ad.namespace_id
LEFT JOIN active_attribute_values avt ON avt.attribute_definition_id = ad.id
LEFT JOIN attribute_definition_key_access_grants adkag ON adkag.attribute_definition_id = ad.id
LEFT JOIN key_access_servers kas ON kas.id = adkag.key_access_server_id
LEFT JOIN attribute_fqns af ON af.value_id = avt.id
LEFT JOIN namespace_fqn_cte nfq ON nfq.namespace_id = an.id
LEFT JOIN namespace_grants_cte n_grants ON n_grants.namespace_id = an.id
LEFT JOIN subject_mappings_cte sm ON avt.id = sm.av_id
WHERE
    ad.active = TRUE
    AND ad.id = (SELECT id FROM target_definition)
    AND an.active = TRUE
GROUP BY
    ad.id, an.id, nfq.fqn, n_grants.grants

func (*Queries) GetKeyAccessServer added in v0.4.17 

func (q *Queries) GetKeyAccessServer(ctx context.Context, id string) (GetKeyAccessServerRow, error)

GetKeyAccessServer 

SELECT id, uri, public_key,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata
FROM key_access_servers WHERE id = $1

func (*Queries) GetNamespace added in v0.4.19 

func (q *Queries) GetNamespace(ctx context.Context, id string) (GetNamespaceRow, error)

GetNamespace 

SELECT
    ns.id,
    ns.name,
    ns.active,
    fqns.fqn,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ns.metadata -> 'labels', 'created_at', ns.created_at, 'updated_at', ns.updated_at)) as metadata,
    JSONB_AGG(DISTINCT JSONB_BUILD_OBJECT(
        'id', kas.id,
        'uri', kas.uri,
        'public_key', kas.public_key
    )) FILTER (WHERE kas_ns_grants.namespace_id IS NOT NULL) as grants
FROM attribute_namespaces ns
LEFT JOIN attribute_namespace_key_access_grants kas_ns_grants ON kas_ns_grants.namespace_id = ns.id
LEFT JOIN key_access_servers kas ON kas.id = kas_ns_grants.key_access_server_id
LEFT JOIN attribute_fqns fqns ON fqns.namespace_id = ns.id
WHERE ns.id = $1 AND fqns.attribute_id IS NULL AND fqns.value_id IS NULL
GROUP BY ns.id, fqns.fqn

func (*Queries) GetResourceMappingGroup added in v0.4.18 

func (q *Queries) GetResourceMappingGroup(ctx context.Context, id string) (GetResourceMappingGroupRow, error)

GetResourceMappingGroup 

SELECT id, namespace_id, name,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata
FROM resource_mapping_groups
WHERE id = $1

func (*Queries) ListKeyAccessServerGrants added in v0.4.19 

func (q *Queries) ListKeyAccessServerGrants(ctx context.Context, arg ListKeyAccessServerGrantsParams) ([]ListKeyAccessServerGrantsRow, error)

-------------------------------------------------------------- ATTRIBUTES -------------------------------------------------------------- 

SELECT
    kas.id AS kas_id,
    kas.uri AS kas_uri,
    kas.public_key AS kas_public_key,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT(
        'labels', kas.metadata -> 'labels',
        'created_at', kas.created_at,
        'updated_at', kas.updated_at
    )) AS kas_metadata,
    json_agg(DISTINCT jsonb_build_object(
        'id', attrkag.attribute_definition_id,
        'fqn', fqns_on_attr.fqn
    )) FILTER (WHERE attrkag.attribute_definition_id IS NOT NULL) AS attributes_grants,
    json_agg(DISTINCT jsonb_build_object(
        'id', valkag.attribute_value_id,
        'fqn', fqns_on_vals.fqn
    )) FILTER (WHERE valkag.attribute_value_id IS NOT NULL) AS values_grants,
    json_agg(DISTINCT jsonb_build_object(
        'id', nskag.namespace_id,
        'fqn', fqns_on_ns.fqn
    )) FILTER (WHERE nskag.namespace_id IS NOT NULL) AS namespace_grants
FROM
    key_access_servers kas
LEFT JOIN
    attribute_definition_key_access_grants attrkag
    ON kas.id = attrkag.key_access_server_id
LEFT JOIN
    attribute_fqns fqns_on_attr
    ON attrkag.attribute_definition_id = fqns_on_attr.attribute_id
    AND fqns_on_attr.value_id IS NULL
LEFT JOIN
    attribute_value_key_access_grants valkag
    ON kas.id = valkag.key_access_server_id
LEFT JOIN
    attribute_fqns fqns_on_vals
    ON valkag.attribute_value_id = fqns_on_vals.value_id
LEFT JOIN
    attribute_namespace_key_access_grants nskag
    ON kas.id = nskag.key_access_server_id
LEFT JOIN
    attribute_fqns fqns_on_ns
    ON nskag.namespace_id = fqns_on_ns.namespace_id
    AND fqns_on_ns.attribute_id IS NULL AND fqns_on_ns.value_id IS NULL
WHERE (NULLIF($1, '') IS NULL OR kas.id = $1::uuid)
    AND (NULLIF($2, '') IS NULL OR kas.uri = $2::varchar)
GROUP BY
    kas.id

func (*Queries) ListKeyAccessServers added in v0.4.17 

func (q *Queries) ListKeyAccessServers(ctx context.Context) ([]ListKeyAccessServersRow, error)

-------------------------------------------------------------- KEY ACCESS SERVERS -------------------------------------------------------------- 

SELECT id, uri, public_key,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata
FROM key_access_servers

func (*Queries) ListNamespaces added in v0.4.24 

func (q *Queries) ListNamespaces(ctx context.Context, active pgtype.Bool) ([]ListNamespacesRow, error)

-------------------------------------------------------------- NAMESPACES -------------------------------------------------------------- 

SELECT
    ns.id,
    ns.name,
    ns.active,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ns.metadata -> 'labels', 'created_at', ns.created_at, 'updated_at', ns.updated_at)) as metadata,
    fqns.fqn
FROM attribute_namespaces ns
LEFT JOIN attribute_fqns fqns ON ns.id = fqns.namespace_id AND fqns.attribute_id IS NULL
WHERE ($1::BOOLEAN IS NULL OR ns.active = $1::BOOLEAN)

func (*Queries) ListResourceMappingGroups added in v0.4.18 

func (q *Queries) ListResourceMappingGroups(ctx context.Context, namespaceID interface{}) ([]ListResourceMappingGroupsRow, error)

-------------------------------------------------------------- RESOURCE MAPPING GROUPS -------------------------------------------------------------- 

SELECT id, namespace_id, name,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata
FROM resource_mapping_groups
WHERE (NULLIF($1, '') IS NULL OR namespace_id = $1::uuid)

func (*Queries) ListResourceMappingsByFullyQualifiedGroup added in v0.4.19 

func (q *Queries) ListResourceMappingsByFullyQualifiedGroup(ctx context.Context, arg ListResourceMappingsByFullyQualifiedGroupParams) ([]ListResourceMappingsByFullyQualifiedGroupRow, error)

-------------------------------------------------------------- RESOURCE MAPPING -------------------------------------------------------------- 

SELECT
    m.id,
    m.attribute_value_id,
    m.terms,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', m.metadata -> 'labels', 'created_at', m.created_at, 'updated_at', m.updated_at)) as metadata,
    -- sqlc needs TEXT cast here to be able to generate string properties in Go struct
    -- has issues when using aliases for some reason, even on a varchar field like g.name
    g.id::TEXT as group_id,
    g.namespace_id::TEXT as group_namespace_id,
    g.name::TEXT as group_name,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', g.metadata -> 'labels', 'created_at', g.created_at, 'updated_at', g.updated_at)) as group_metadata
FROM resource_mappings m
LEFT JOIN resource_mapping_groups g ON m.group_id = g.id
LEFT JOIN attribute_namespaces ns ON g.namespace_id = ns.id
WHERE ns.name = LOWER($1) AND g.name = LOWER($2)

func (*Queries) RemoveKeyAccessServerFromNamespace added in v0.4.19 

func (q *Queries) RemoveKeyAccessServerFromNamespace(ctx context.Context, arg RemoveKeyAccessServerFromNamespaceParams) (int64, error)

RemoveKeyAccessServerFromNamespace 

DELETE FROM attribute_namespace_key_access_grants
WHERE namespace_id = $1 AND key_access_server_id = $2

func (*Queries) UpdateKeyAccessServer added in v0.4.17 

func (q *Queries) UpdateKeyAccessServer(ctx context.Context, arg UpdateKeyAccessServerParams) (string, error)

UpdateKeyAccessServer 

UPDATE key_access_servers
SET
    uri = coalesce($2, uri),
    public_key = coalesce($3, public_key),
    metadata = coalesce($4, metadata)
WHERE id = $1
RETURNING id

func (*Queries) UpdateNamespace added in v0.4.24 

func (q *Queries) UpdateNamespace(ctx context.Context, arg UpdateNamespaceParams) (int64, error)

UpdateNamespace: both Safe and Unsafe Updates 

UPDATE attribute_namespaces
SET
    name = COALESCE($2, name),
    active = COALESCE($3, active),
    metadata = COALESCE($4, metadata)
WHERE id = $1

func (*Queries) UpdateResourceMappingGroup added in v0.4.18 

func (q *Queries) UpdateResourceMappingGroup(ctx context.Context, arg UpdateResourceMappingGroupParams) (string, error)

UpdateResourceMappingGroup 

UPDATE resource_mapping_groups
SET
    namespace_id = COALESCE($2, namespace_id),
    name = COALESCE($3, name),
    metadata = COALESCE($4, metadata)
WHERE id = $1
RETURNING id

func (*Queries) WithTx added in v0.4.17 

func (q *Queries) WithTx(tx pgx.Tx) *Queries

type RemoveKeyAccessServerFromNamespaceParams added in v0.4.19 

type RemoveKeyAccessServerFromNamespaceParams struct {
	NamespaceID       string `json:"namespace_id"`
	KeyAccessServerID string `json:"key_access_server_id"`
}

type ResourceMapping added in v0.4.17 

type ResourceMapping struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the attribute value
	AttributeValueID string `json:"attribute_value_id"`
	// Terms to match against resource data (i.e. translations "roi", "rey", or "kung" in a terms list could map to the value "/attr/card/value/king")
	Terms []string `json:"terms"`
	// Metadata for the resource mapping (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Foreign key to the parent group of the resource mapping (optional, a resource mapping may not be in a group)
	GroupID pgtype.UUID `json:"group_id"`
}

Table to store associated terms that should map resource data to attribute values

type ResourceMappingGroup added in v0.4.18 

type ResourceMappingGroup struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the namespace of the attribute
	NamespaceID string `json:"namespace_id"`
	// Name for the group of resource mappings
	Name      string             `json:"name"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	Metadata  []byte             `json:"metadata"`
}

Table to store the groups of resource mappings by unique namespace and group name combinations

type SubjectConditionSet added in v0.4.17 

type SubjectConditionSet struct {
	// Primary key for the table
	ID string `json:"id"`
	// Conditions that must be met for the subject entity to be entitled to the attribute value (see protos for JSON structure)
	Condition []byte `json:"condition"`
	// Metadata for the condition set (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store sets of conditions that logically entitle subject entity representations to attribute values via a subject mapping

type SubjectMapping added in v0.4.17 

type SubjectMapping struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the attribute value
	AttributeValueID string `json:"attribute_value_id"`
	// Metadata for the subject mapping (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Foreign key to the condition set that entitles the subject entity to the attribute value
	SubjectConditionSetID pgtype.UUID `json:"subject_condition_set_id"`
	// Actions that the subject entity can perform on the attribute value (see protos for details)
	Actions []byte `json:"actions"`
}

Table to store conditions that logically entitle subject entity representations to attribute values

type UpdateKeyAccessServerParams added in v0.4.17 

type UpdateKeyAccessServerParams struct {
	ID        string      `json:"id"`
	Uri       pgtype.Text `json:"uri"`
	PublicKey []byte      `json:"public_key"`
	Metadata  []byte      `json:"metadata"`
}

type UpdateNamespaceParams added in v0.4.24 

type UpdateNamespaceParams struct {
	ID       string      `json:"id"`
	Name     pgtype.Text `json:"name"`
	Active   pgtype.Bool `json:"active"`
	Metadata []byte      `json:"metadata"`
}

type UpdateResourceMappingGroupParams added in v0.4.18 

type UpdateResourceMappingGroupParams struct {
	ID          string      `json:"id"`
	NamespaceID pgtype.UUID `json:"namespace_id"`
	Name        pgtype.Text `json:"name"`
	Metadata    []byte      `json:"metadata"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.