Documentation ¶
Index ¶
- Variables
- type AssignKeyAccessServerToAttributeParams
- type AssignKeyAccessServerToAttributeValueParams
- type AssignKeyAccessServerToNamespaceParams
- type AttributeDefinition
- type AttributeDefinitionKeyAccessGrant
- type AttributeDefinitionRule
- type AttributeFqn
- type AttributeNamespace
- type AttributeNamespaceKeyAccessGrant
- type AttributeValue
- type AttributeValueKeyAccessGrant
- type CreateAttributeParams
- type CreateAttributeValueParams
- type CreateKeyAccessServerParams
- type CreateNamespaceParams
- type CreateResourceMappingGroupParams
- type CreateResourceMappingParams
- type CreateSubjectConditionSetParams
- type CreateSubjectMappingParams
- type DBTX
- type GetAttributeRow
- type GetAttributeValueRow
- type GetKeyAccessServerRow
- type GetNamespaceRow
- type GetResourceMappingGroupRow
- type GetResourceMappingRow
- type GetSubjectConditionSetRow
- type GetSubjectMappingRow
- type KeyAccessServer
- type ListAttributeValuesParams
- type ListAttributeValuesRow
- type ListAttributesByDefOrValueFqnsRow
- type ListAttributesDetailParams
- type ListAttributesDetailRow
- type ListAttributesSummaryParams
- type ListAttributesSummaryRow
- type ListConfig
- type ListKeyAccessServerGrantsParams
- type ListKeyAccessServerGrantsRow
- type ListKeyAccessServersParams
- type ListKeyAccessServersRow
- type ListNamespacesParams
- type ListNamespacesRow
- type ListResourceMappingGroupsParams
- type ListResourceMappingGroupsRow
- type ListResourceMappingsByFullyQualifiedGroupParams
- type ListResourceMappingsByFullyQualifiedGroupRow
- type ListResourceMappingsParams
- type ListResourceMappingsRow
- type ListSubjectConditionSetsParams
- type ListSubjectConditionSetsRow
- type ListSubjectMappingsParams
- type ListSubjectMappingsRow
- type MatchSubjectMappingsRow
- type NullAttributeDefinitionRule
- type PolicyDBClient
- func (c PolicyDBClient) AssignKeyAccessServerToAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
- func (c PolicyDBClient) AssignKeyAccessServerToNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)
- func (c PolicyDBClient) AssignKeyAccessServerToValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
- func (c *PolicyDBClient) AttrFqnReindex(ctx context.Context) (res struct{ ... })
- func (c PolicyDBClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)
- func (c PolicyDBClient) CreateAttributeValue(ctx context.Context, attributeID string, ...) (*policy.Value, error)
- func (c PolicyDBClient) CreateKeyAccessServer(ctx context.Context, r *kasregistry.CreateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)
- func (c PolicyDBClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) CreateResourceMappingGroup(ctx context.Context, r *resourcemapping.CreateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)
- func (c PolicyDBClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)
- func (c PolicyDBClient) DeactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDBClient) DeactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDBClient) DeactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDBClient) DeleteAllUnmappedSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) DeleteKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) DeleteResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)
- func (c PolicyDBClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
- func (c PolicyDBClient) GetAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDBClient) GetAttributeByFqn(ctx context.Context, fqn string) (*policy.Attribute, error)
- func (c PolicyDBClient) GetAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDBClient) GetAttributesByNamespace(ctx context.Context, namespaceID string) ([]*policy.Attribute, error)
- func (c *PolicyDBClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, ...)
- func (c PolicyDBClient) GetKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)
- func (c PolicyDBClient) GetNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDBClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) GetResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)
- func (c PolicyDBClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
- func (c PolicyDBClient) ListAllAttributeValues(ctx context.Context) ([]*policy.Value, error)
- func (c PolicyDBClient) ListAllAttributes(ctx context.Context) ([]*policy.Attribute, error)
- func (c PolicyDBClient) ListAllNamespaces(ctx context.Context) ([]*policy.Namespace, error)
- func (c PolicyDBClient) ListAttributeValues(ctx context.Context, r *attributes.ListAttributeValuesRequest) (*attributes.ListAttributeValuesResponse, error)
- func (c PolicyDBClient) ListAttributes(ctx context.Context, r *attributes.ListAttributesRequest) (*attributes.ListAttributesResponse, error)
- func (c PolicyDBClient) ListAttributesByFqns(ctx context.Context, fqns []string) ([]*policy.Attribute, error)
- func (c PolicyDBClient) ListKeyAccessServerGrants(ctx context.Context, r *kasregistry.ListKeyAccessServerGrantsRequest) (*kasregistry.ListKeyAccessServerGrantsResponse, error)
- func (c PolicyDBClient) ListKeyAccessServers(ctx context.Context, r *kasregistry.ListKeyAccessServersRequest) (*kasregistry.ListKeyAccessServersResponse, error)
- func (c PolicyDBClient) ListNamespaces(ctx context.Context, r *namespaces.ListNamespacesRequest) (*namespaces.ListNamespacesResponse, error)
- func (c PolicyDBClient) ListResourceMappingGroups(ctx context.Context, r *resourcemapping.ListResourceMappingGroupsRequest) (*resourcemapping.ListResourceMappingGroupsResponse, error)
- func (c PolicyDBClient) ListResourceMappings(ctx context.Context, r *resourcemapping.ListResourceMappingsRequest) (*resourcemapping.ListResourceMappingsResponse, error)
- func (c PolicyDBClient) ListResourceMappingsByGroupFqns(ctx context.Context, fqns []string) (map[string]*resourcemapping.ResourceMappingsByGroup, error)
- func (c PolicyDBClient) ListSubjectConditionSets(ctx context.Context, r *subjectmapping.ListSubjectConditionSetsRequest) (*subjectmapping.ListSubjectConditionSetsResponse, error)
- func (c PolicyDBClient) ListSubjectMappings(ctx context.Context, r *subjectmapping.ListSubjectMappingsRequest) (*subjectmapping.ListSubjectMappingsResponse, error)
- func (c PolicyDBClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
- func (c PolicyDBClient) RemoveKeyAccessServerFromNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)
- func (c PolicyDBClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
- func (c PolicyDBClient) UnsafeDeleteAttribute(ctx context.Context, existing *policy.Attribute, fqn string) (*policy.Attribute, error)
- func (c PolicyDBClient) UnsafeDeleteAttributeValue(ctx context.Context, toDelete *policy.Value, ...) (*policy.Value, error)
- func (c PolicyDBClient) UnsafeDeleteNamespace(ctx context.Context, existing *policy.Namespace, fqn string) (*policy.Namespace, error)
- func (c PolicyDBClient) UnsafeReactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)
- func (c PolicyDBClient) UnsafeReactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)
- func (c PolicyDBClient) UnsafeReactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)
- func (c PolicyDBClient) UnsafeUpdateAttribute(ctx context.Context, r *unsafe.UnsafeUpdateAttributeRequest) (*policy.Attribute, error)
- func (c PolicyDBClient) UnsafeUpdateAttributeValue(ctx context.Context, r *unsafe.UnsafeUpdateAttributeValueRequest) (*policy.Value, error)
- func (c PolicyDBClient) UnsafeUpdateNamespace(ctx context.Context, id string, name string) (*policy.Namespace, error)
- func (c PolicyDBClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)
- func (c PolicyDBClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)
- func (c PolicyDBClient) UpdateKeyAccessServer(ctx context.Context, id string, r *kasregistry.UpdateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
- func (c PolicyDBClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)
- func (c PolicyDBClient) UpdateResourceMapping(ctx context.Context, id string, ...) (*policy.ResourceMapping, error)
- func (c PolicyDBClient) UpdateResourceMappingGroup(ctx context.Context, id string, ...) (*policy.ResourceMappingGroup, error)
- func (c PolicyDBClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)
- func (c PolicyDBClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)
- type Queries
- func (q *Queries) AssignKeyAccessServerToAttribute(ctx context.Context, arg AssignKeyAccessServerToAttributeParams) (int64, error)
- func (q *Queries) AssignKeyAccessServerToAttributeValue(ctx context.Context, arg AssignKeyAccessServerToAttributeValueParams) (int64, error)
- func (q *Queries) AssignKeyAccessServerToNamespace(ctx context.Context, arg AssignKeyAccessServerToNamespaceParams) (int64, error)
- func (q *Queries) CreateAttribute(ctx context.Context, arg CreateAttributeParams) (string, error)
- func (q *Queries) CreateAttributeValue(ctx context.Context, arg CreateAttributeValueParams) (string, error)
- func (q *Queries) CreateKeyAccessServer(ctx context.Context, arg CreateKeyAccessServerParams) (string, error)
- func (q *Queries) CreateNamespace(ctx context.Context, arg CreateNamespaceParams) (string, error)
- func (q *Queries) CreateResourceMapping(ctx context.Context, arg CreateResourceMappingParams) (string, error)
- func (q *Queries) CreateResourceMappingGroup(ctx context.Context, arg CreateResourceMappingGroupParams) (string, error)
- func (q *Queries) CreateSubjectConditionSet(ctx context.Context, arg CreateSubjectConditionSetParams) (string, error)
- func (q *Queries) CreateSubjectMapping(ctx context.Context, arg CreateSubjectMappingParams) (string, error)
- func (q *Queries) DeleteAllUnmappedSubjectConditionSets(ctx context.Context) ([]string, error)
- func (q *Queries) DeleteAttribute(ctx context.Context, id string) (int64, error)
- func (q *Queries) DeleteAttributeValue(ctx context.Context, id string) (int64, error)
- func (q *Queries) DeleteKeyAccessServer(ctx context.Context, id string) (int64, error)
- func (q *Queries) DeleteNamespace(ctx context.Context, id string) (int64, error)
- func (q *Queries) DeleteResourceMapping(ctx context.Context, id string) (int64, error)
- func (q *Queries) DeleteResourceMappingGroup(ctx context.Context, id string) (int64, error)
- func (q *Queries) DeleteSubjectConditionSet(ctx context.Context, id string) (int64, error)
- func (q *Queries) DeleteSubjectMapping(ctx context.Context, id string) (int64, error)
- func (q *Queries) GetAttribute(ctx context.Context, id string) (GetAttributeRow, error)
- func (q *Queries) GetAttributeValue(ctx context.Context, id string) (GetAttributeValueRow, error)
- func (q *Queries) GetKeyAccessServer(ctx context.Context, id string) (GetKeyAccessServerRow, error)
- func (q *Queries) GetNamespace(ctx context.Context, id string) (GetNamespaceRow, error)
- func (q *Queries) GetResourceMapping(ctx context.Context, id string) (GetResourceMappingRow, error)
- func (q *Queries) GetResourceMappingGroup(ctx context.Context, id string) (GetResourceMappingGroupRow, error)
- func (q *Queries) GetSubjectConditionSet(ctx context.Context, id string) (GetSubjectConditionSetRow, error)
- func (q *Queries) GetSubjectMapping(ctx context.Context, id string) (GetSubjectMappingRow, error)
- func (q *Queries) ListAttributeValues(ctx context.Context, arg ListAttributeValuesParams) ([]ListAttributeValuesRow, error)
- func (q *Queries) ListAttributesByDefOrValueFqns(ctx context.Context, fqns []string) ([]ListAttributesByDefOrValueFqnsRow, error)
- func (q *Queries) ListAttributesDetail(ctx context.Context, arg ListAttributesDetailParams) ([]ListAttributesDetailRow, error)
- func (q *Queries) ListAttributesSummary(ctx context.Context, arg ListAttributesSummaryParams) ([]ListAttributesSummaryRow, error)
- func (q *Queries) ListKeyAccessServerGrants(ctx context.Context, arg ListKeyAccessServerGrantsParams) ([]ListKeyAccessServerGrantsRow, error)
- func (q *Queries) ListKeyAccessServers(ctx context.Context, arg ListKeyAccessServersParams) ([]ListKeyAccessServersRow, error)
- func (q *Queries) ListNamespaces(ctx context.Context, arg ListNamespacesParams) ([]ListNamespacesRow, error)
- func (q *Queries) ListResourceMappingGroups(ctx context.Context, arg ListResourceMappingGroupsParams) ([]ListResourceMappingGroupsRow, error)
- func (q *Queries) ListResourceMappings(ctx context.Context, arg ListResourceMappingsParams) ([]ListResourceMappingsRow, error)
- func (q *Queries) ListResourceMappingsByFullyQualifiedGroup(ctx context.Context, arg ListResourceMappingsByFullyQualifiedGroupParams) ([]ListResourceMappingsByFullyQualifiedGroupRow, error)
- func (q *Queries) ListSubjectConditionSets(ctx context.Context, arg ListSubjectConditionSetsParams) ([]ListSubjectConditionSetsRow, error)
- func (q *Queries) ListSubjectMappings(ctx context.Context, arg ListSubjectMappingsParams) ([]ListSubjectMappingsRow, error)
- func (q *Queries) MatchSubjectMappings(ctx context.Context, selectors []string) ([]MatchSubjectMappingsRow, error)
- func (q *Queries) RemoveKeyAccessServerFromAttribute(ctx context.Context, arg RemoveKeyAccessServerFromAttributeParams) (int64, error)
- func (q *Queries) RemoveKeyAccessServerFromAttributeValue(ctx context.Context, arg RemoveKeyAccessServerFromAttributeValueParams) (int64, error)
- func (q *Queries) RemoveKeyAccessServerFromNamespace(ctx context.Context, arg RemoveKeyAccessServerFromNamespaceParams) (int64, error)
- func (q *Queries) UpdateAttribute(ctx context.Context, arg UpdateAttributeParams) (int64, error)
- func (q *Queries) UpdateAttributeValue(ctx context.Context, arg UpdateAttributeValueParams) (int64, error)
- func (q *Queries) UpdateKeyAccessServer(ctx context.Context, arg UpdateKeyAccessServerParams) (int64, error)
- func (q *Queries) UpdateNamespace(ctx context.Context, arg UpdateNamespaceParams) (int64, error)
- func (q *Queries) UpdateResourceMapping(ctx context.Context, arg UpdateResourceMappingParams) (int64, error)
- func (q *Queries) UpdateResourceMappingGroup(ctx context.Context, arg UpdateResourceMappingGroupParams) (int64, error)
- func (q *Queries) UpdateSubjectConditionSet(ctx context.Context, arg UpdateSubjectConditionSetParams) (int64, error)
- func (q *Queries) UpdateSubjectMapping(ctx context.Context, arg UpdateSubjectMappingParams) (int64, error)
- func (q *Queries) UpsertAttributeDefinitionFqn(ctx context.Context, attributeID string) ([]UpsertAttributeDefinitionFqnRow, error)
- func (q *Queries) UpsertAttributeNamespaceFqn(ctx context.Context, namespaceID string) ([]UpsertAttributeNamespaceFqnRow, error)
- func (q *Queries) UpsertAttributeValueFqn(ctx context.Context, valueID string) ([]UpsertAttributeValueFqnRow, error)
- func (q *Queries) WithTx(tx pgx.Tx) *Queries
- type RemoveKeyAccessServerFromAttributeParams
- type RemoveKeyAccessServerFromAttributeValueParams
- type RemoveKeyAccessServerFromNamespaceParams
- type ResourceMapping
- type ResourceMappingGroup
- type SubjectConditionSet
- type SubjectMapping
- type UpdateAttributeParams
- type UpdateAttributeValueParams
- type UpdateKeyAccessServerParams
- type UpdateNamespaceParams
- type UpdateResourceMappingGroupParams
- type UpdateResourceMappingParams
- type UpdateSubjectConditionSetParams
- type UpdateSubjectMappingParams
- type UpsertAttributeDefinitionFqnRow
- type UpsertAttributeNamespaceFqnRow
- type UpsertAttributeValueFqnRow
Constants ¶
This section is empty.
Variables ¶
var AttributeRuleTypeEnumPrefix = "ATTRIBUTE_RULE_TYPE_ENUM_"
Functions ¶
This section is empty.
Types ¶
type AssignKeyAccessServerToAttributeParams ¶ added in v0.4.25
type AssignKeyAccessServerToAttributeValueParams ¶ added in v0.4.25
type AssignKeyAccessServerToNamespaceParams ¶ added in v0.4.19
type AttributeDefinition ¶ added in v0.4.17
type AttributeDefinition struct { // Primary key for the table ID string `json:"id"` // Foreign key to the parent namespace of the attribute definition NamespaceID string `json:"namespace_id"` // Name of the attribute (i.e. organization or classification), unique within the namespace Name string `json:"name"` // Rule for the attribute (see protos for options) Rule AttributeDefinitionRule `json:"rule"` // Metadata for the attribute definition (see protos for structure) Metadata []byte `json:"metadata"` // Active/Inactive state Active bool `json:"active"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` // Order of value ids for the attribute (important for hierarchy rule) ValuesOrder []string `json:"values_order"` }
Table to store the definitions of attributes
type AttributeDefinitionKeyAccessGrant ¶ added in v0.4.17
type AttributeDefinitionKeyAccessGrant struct { // Foreign key to the attribute definition AttributeDefinitionID string `json:"attribute_definition_id"` // Foreign key to the KAS registration KeyAccessServerID string `json:"key_access_server_id"` }
Table to store the grants of key access servers (KASs) to attribute definitions
type AttributeDefinitionRule ¶ added in v0.4.17
type AttributeDefinitionRule string
const ( AttributeDefinitionRuleUNSPECIFIED AttributeDefinitionRule = "UNSPECIFIED" AttributeDefinitionRuleALLOF AttributeDefinitionRule = "ALL_OF" AttributeDefinitionRuleANYOF AttributeDefinitionRule = "ANY_OF" AttributeDefinitionRuleHIERARCHY AttributeDefinitionRule = "HIERARCHY" )
func (*AttributeDefinitionRule) Scan ¶ added in v0.4.17
func (e *AttributeDefinitionRule) Scan(src interface{}) error
type AttributeFqn ¶ added in v0.4.17
type AttributeFqn struct { // Primary key for the table ID string `json:"id"` // Foreign key to the namespace of the attribute NamespaceID pgtype.UUID `json:"namespace_id"` // Foreign key to the attribute definition AttributeID pgtype.UUID `json:"attribute_id"` // Foreign key to the attribute value ValueID pgtype.UUID `json:"value_id"` // Fully qualified name of the attribute (i.e. https://<namespace>/attr/<attribute name>/value/<value>) Fqn string `json:"fqn"` }
Table to store the fully qualified names of attributes for reverse lookup at their object IDs
type AttributeNamespace ¶ added in v0.4.17
type AttributeNamespace struct { // Primary key for the table ID string `json:"id"` // Name of the namespace (i.e. example.com) Name string `json:"name"` // Active/Inactive state Active bool `json:"active"` // Metadata for the namespace (see protos for structure) Metadata []byte `json:"metadata"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` }
Table to store the parent namespaces of platform policy attributes and related policy objects
type AttributeNamespaceKeyAccessGrant ¶ added in v0.4.19
type AttributeNamespaceKeyAccessGrant struct { // Foreign key to the namespace of the KAS grant NamespaceID string `json:"namespace_id"` // Foreign key to the KAS registration KeyAccessServerID string `json:"key_access_server_id"` }
Table to store the grants of key access servers (KASs) to attribute namespaces
type AttributeValue ¶ added in v0.4.17
type AttributeValue struct { // Primary key for the table ID string `json:"id"` // Foreign key to the parent attribute definition AttributeDefinitionID string `json:"attribute_definition_id"` // Value of the attribute (i.e. "manager" or "admin" on an attribute for titles), unique within the definition Value string `json:"value"` // Metadata for the attribute value (see protos for structure) Metadata []byte `json:"metadata"` // Active/Inactive state Active bool `json:"active"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` }
Table to store the values of attributes
type AttributeValueKeyAccessGrant ¶ added in v0.4.17
type AttributeValueKeyAccessGrant struct { // Foreign key to the attribute value AttributeValueID string `json:"attribute_value_id"` // Foreign key to the KAS registration KeyAccessServerID string `json:"key_access_server_id"` }
Table to store the grants of key access servers (KASs) to attribute values
type CreateAttributeParams ¶ added in v0.4.25
type CreateAttributeParams struct { NamespaceID string `json:"namespace_id"` Name string `json:"name"` Rule AttributeDefinitionRule `json:"rule"` Metadata []byte `json:"metadata"` }
type CreateAttributeValueParams ¶ added in v0.4.25
type CreateKeyAccessServerParams ¶ added in v0.4.17
type CreateNamespaceParams ¶ added in v0.4.24
type CreateResourceMappingGroupParams ¶ added in v0.4.18
type CreateResourceMappingParams ¶ added in v0.4.25
type CreateSubjectConditionSetParams ¶ added in v0.4.25
type CreateSubjectMappingParams ¶ added in v0.4.25
type GetAttributeRow ¶ added in v0.4.25
type GetAttributeRow struct { ID string `json:"id"` AttributeName string `json:"attribute_name"` Rule AttributeDefinitionRule `json:"rule"` Metadata []byte `json:"metadata"` NamespaceID string `json:"namespace_id"` Active bool `json:"active"` NamespaceName pgtype.Text `json:"namespace_name"` Values []byte `json:"values"` Grants []byte `json:"grants"` Fqn pgtype.Text `json:"fqn"` }
type GetAttributeValueRow ¶ added in v0.4.25
type GetKeyAccessServerRow ¶ added in v0.4.17
type GetNamespaceRow ¶ added in v0.4.19
type GetResourceMappingGroupRow ¶ added in v0.4.19
type GetResourceMappingRow ¶ added in v0.4.25
type GetSubjectConditionSetRow ¶ added in v0.4.25
type GetSubjectMappingRow ¶ added in v0.4.25
type KeyAccessServer ¶ added in v0.4.17
type KeyAccessServer struct { // Primary key for the table ID string `json:"id"` // URI of the KAS Uri string `json:"uri"` // Public key of the KAS (see protos for structure/options) PublicKey []byte `json:"public_key"` // Metadata for the KAS (see protos for structure) Metadata []byte `json:"metadata"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` // Optional common name of the KAS Name pgtype.Text `json:"name"` }
Table to store the known registrations of key access servers (KASs)
type ListAttributeValuesParams ¶ added in v0.4.25
type ListAttributeValuesRow ¶ added in v0.4.25
type ListAttributesByDefOrValueFqnsRow ¶ added in v0.4.25
type ListAttributesDetailParams ¶ added in v0.4.25
type ListAttributesDetailRow ¶ added in v0.4.25
type ListAttributesDetailRow struct { ID string `json:"id"` AttributeName string `json:"attribute_name"` Rule AttributeDefinitionRule `json:"rule"` Metadata []byte `json:"metadata"` NamespaceID string `json:"namespace_id"` Active bool `json:"active"` NamespaceName pgtype.Text `json:"namespace_name"` Values []byte `json:"values"` Fqn pgtype.Text `json:"fqn"` Total int64 `json:"total"` }
type ListAttributesSummaryParams ¶ added in v0.4.30
type ListAttributesSummaryRow ¶ added in v0.4.25
type ListAttributesSummaryRow struct { ID string `json:"id"` AttributeName string `json:"attribute_name"` Rule AttributeDefinitionRule `json:"rule"` Metadata []byte `json:"metadata"` NamespaceID string `json:"namespace_id"` Active bool `json:"active"` NamespaceName pgtype.Text `json:"namespace_name"` Total int64 `json:"total"` }
type ListConfig ¶ added in v0.4.30
type ListConfig struct {
// contains filtered or unexported fields
}
type ListKeyAccessServerGrantsParams ¶ added in v0.4.19
type ListKeyAccessServerGrantsRow ¶ added in v0.4.19
type ListKeyAccessServerGrantsRow struct { KasID string `json:"kas_id"` KasUri string `json:"kas_uri"` KasName pgtype.Text `json:"kas_name"` KasPublicKey []byte `json:"kas_public_key"` KasMetadata []byte `json:"kas_metadata"` AttributesGrants []byte `json:"attributes_grants"` ValuesGrants []byte `json:"values_grants"` NamespaceGrants []byte `json:"namespace_grants"` Total int64 `json:"total"` }
type ListKeyAccessServersParams ¶ added in v0.4.30
type ListKeyAccessServersRow ¶ added in v0.4.17
type ListNamespacesParams ¶ added in v0.4.30
type ListNamespacesRow ¶ added in v0.4.24
type ListResourceMappingGroupsParams ¶ added in v0.4.30
type ListResourceMappingGroupsRow ¶ added in v0.4.19
type ListResourceMappingsByFullyQualifiedGroupParams ¶ added in v0.4.19
type ListResourceMappingsByFullyQualifiedGroupRow ¶ added in v0.4.19
type ListResourceMappingsParams ¶ added in v0.4.30
type ListResourceMappingsRow ¶ added in v0.4.25
type ListSubjectConditionSetsParams ¶ added in v0.4.30
type ListSubjectConditionSetsRow ¶ added in v0.4.25
type ListSubjectMappingsParams ¶ added in v0.4.30
type ListSubjectMappingsRow ¶ added in v0.4.25
type MatchSubjectMappingsRow ¶ added in v0.4.27
type NullAttributeDefinitionRule ¶ added in v0.4.17
type NullAttributeDefinitionRule struct { AttributeDefinitionRule AttributeDefinitionRule `json:"attribute_definition_rule"` Valid bool `json:"valid"` // Valid is true if AttributeDefinitionRule is not NULL }
func (*NullAttributeDefinitionRule) Scan ¶ added in v0.4.17
func (ns *NullAttributeDefinitionRule) Scan(value interface{}) error
Scan implements the Scanner interface.
type PolicyDBClient ¶
func (PolicyDBClient) AssignKeyAccessServerToAttribute ¶
func (c PolicyDBClient) AssignKeyAccessServerToAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
func (PolicyDBClient) AssignKeyAccessServerToNamespace ¶ added in v0.4.19
func (c PolicyDBClient) AssignKeyAccessServerToNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)
func (PolicyDBClient) AssignKeyAccessServerToValue ¶
func (c PolicyDBClient) AssignKeyAccessServerToValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
func (*PolicyDBClient) AttrFqnReindex ¶
func (c *PolicyDBClient) AttrFqnReindex(ctx context.Context) (res struct { Namespaces []struct { ID string Fqn string } Attributes []struct { ID string Fqn string } Values []struct { ID string Fqn string } }, )
AttrFqnReindex will reindex all namespace, attribute, and attribute_value FQNs
func (PolicyDBClient) CreateAttribute ¶
func (c PolicyDBClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)
func (PolicyDBClient) CreateAttributeValue ¶
func (c PolicyDBClient) CreateAttributeValue(ctx context.Context, attributeID string, r *attributes.CreateAttributeValueRequest) (*policy.Value, error)
func (PolicyDBClient) CreateKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) CreateKeyAccessServer(ctx context.Context, r *kasregistry.CreateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
func (PolicyDBClient) CreateNamespace ¶
func (c PolicyDBClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)
func (PolicyDBClient) CreateResourceMapping ¶
func (c PolicyDBClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)
func (PolicyDBClient) CreateResourceMappingGroup ¶ added in v0.4.19
func (c PolicyDBClient) CreateResourceMappingGroup(ctx context.Context, r *resourcemapping.CreateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)
func (PolicyDBClient) CreateSubjectConditionSet ¶
func (c PolicyDBClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)
Creates a new subject condition set and returns it
func (PolicyDBClient) CreateSubjectMapping ¶
func (c PolicyDBClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)
Creates a new subject mapping and returns it. If an existing subject condition set id is provided, it will be used. If a new subject condition set is provided, it will be created. The existing subject condition set id takes precedence.
func (PolicyDBClient) DeactivateAttribute ¶
func (PolicyDBClient) DeactivateAttributeValue ¶
func (PolicyDBClient) DeactivateNamespace ¶
func (PolicyDBClient) DeleteAllUnmappedSubjectConditionSets ¶ added in v0.4.27
func (c PolicyDBClient) DeleteAllUnmappedSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)
Deletes/prunes all subject condition sets not referenced within a subject mapping
func (PolicyDBClient) DeleteKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) DeleteKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
func (PolicyDBClient) DeleteResourceMapping ¶
func (c PolicyDBClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
func (PolicyDBClient) DeleteResourceMappingGroup ¶ added in v0.4.19
func (c PolicyDBClient) DeleteResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)
func (PolicyDBClient) DeleteSubjectConditionSet ¶
func (c PolicyDBClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
Deletes specified subject condition set and returns the id of the deleted
func (PolicyDBClient) DeleteSubjectMapping ¶
func (c PolicyDBClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
Deletes specified subject mapping and returns the id of the deleted
func (PolicyDBClient) GetAttribute ¶
func (PolicyDBClient) GetAttributeByFqn ¶
func (PolicyDBClient) GetAttributeValue ¶
func (PolicyDBClient) GetAttributesByNamespace ¶
func (*PolicyDBClient) GetAttributesByValueFqns ¶
func (c *PolicyDBClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, error)
func (PolicyDBClient) GetKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) GetKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)
func (PolicyDBClient) GetMatchedSubjectMappings ¶
func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)
GetMatchedSubjectMappings liberally returns a list of SubjectMappings based on the provided SubjectProperties. The SubjectMappings are returned if an external selector field matches.
NOTE: Any matched SubjectMappings cannot entitle without resolution of the Condition Sets returned. Each contains logic that must be applied to a subject Entity Representation to assure entitlement.
func (PolicyDBClient) GetNamespace ¶
func (PolicyDBClient) GetResourceMapping ¶
func (c PolicyDBClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)
func (PolicyDBClient) GetResourceMappingGroup ¶ added in v0.4.19
func (c PolicyDBClient) GetResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)
func (PolicyDBClient) GetSubjectConditionSet ¶
func (c PolicyDBClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)
func (PolicyDBClient) GetSubjectMapping ¶
func (c PolicyDBClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)
func (PolicyDBClient) ListAllAttributeValues ¶
Loads all attribute values into memory by making iterative db roundtrip requests of defaultObjectListAllLimit size
func (PolicyDBClient) ListAllAttributes ¶
Loads all attributes into memory by making iterative db roundtrip requests of defaultObjectListAllLimit size
func (PolicyDBClient) ListAllNamespaces ¶ added in v0.4.30
Loads all namespaces into memory by making iterative db roundtrip requests of defaultObjectListAllLimit size
func (PolicyDBClient) ListAttributeValues ¶
func (c PolicyDBClient) ListAttributeValues(ctx context.Context, r *attributes.ListAttributeValuesRequest) (*attributes.ListAttributeValuesResponse, error)
func (PolicyDBClient) ListAttributes ¶ added in v0.4.25
func (c PolicyDBClient) ListAttributes(ctx context.Context, r *attributes.ListAttributesRequest) (*attributes.ListAttributesResponse, error)
func (PolicyDBClient) ListAttributesByFqns ¶ added in v0.4.25
func (PolicyDBClient) ListKeyAccessServerGrants ¶ added in v0.4.19
func (c PolicyDBClient) ListKeyAccessServerGrants(ctx context.Context, r *kasregistry.ListKeyAccessServerGrantsRequest) (*kasregistry.ListKeyAccessServerGrantsResponse, error)
func (PolicyDBClient) ListKeyAccessServers ¶ added in v0.2.0
func (c PolicyDBClient) ListKeyAccessServers(ctx context.Context, r *kasregistry.ListKeyAccessServersRequest) (*kasregistry.ListKeyAccessServersResponse, error)
func (PolicyDBClient) ListNamespaces ¶
func (c PolicyDBClient) ListNamespaces(ctx context.Context, r *namespaces.ListNamespacesRequest) (*namespaces.ListNamespacesResponse, error)
func (PolicyDBClient) ListResourceMappingGroups ¶ added in v0.4.19
func (c PolicyDBClient) ListResourceMappingGroups(ctx context.Context, r *resourcemapping.ListResourceMappingGroupsRequest) (*resourcemapping.ListResourceMappingGroupsResponse, error)
func (PolicyDBClient) ListResourceMappings ¶
func (c PolicyDBClient) ListResourceMappings(ctx context.Context, r *resourcemapping.ListResourceMappingsRequest) (*resourcemapping.ListResourceMappingsResponse, error)
func (PolicyDBClient) ListResourceMappingsByGroupFqns ¶ added in v0.4.19
func (c PolicyDBClient) ListResourceMappingsByGroupFqns(ctx context.Context, fqns []string) (map[string]*resourcemapping.ResourceMappingsByGroup, error)
func (PolicyDBClient) ListSubjectConditionSets ¶
func (c PolicyDBClient) ListSubjectConditionSets(ctx context.Context, r *subjectmapping.ListSubjectConditionSetsRequest) (*subjectmapping.ListSubjectConditionSetsResponse, error)
func (PolicyDBClient) ListSubjectMappings ¶
func (c PolicyDBClient) ListSubjectMappings(ctx context.Context, r *subjectmapping.ListSubjectMappingsRequest) (*subjectmapping.ListSubjectMappingsResponse, error)
func (PolicyDBClient) RemoveKeyAccessServerFromAttribute ¶
func (c PolicyDBClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)
func (PolicyDBClient) RemoveKeyAccessServerFromNamespace ¶ added in v0.4.19
func (c PolicyDBClient) RemoveKeyAccessServerFromNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)
func (PolicyDBClient) RemoveKeyAccessServerFromValue ¶
func (c PolicyDBClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)
func (PolicyDBClient) UnsafeDeleteAttribute ¶ added in v0.4.8
func (PolicyDBClient) UnsafeDeleteAttributeValue ¶ added in v0.4.8
func (c PolicyDBClient) UnsafeDeleteAttributeValue(ctx context.Context, toDelete *policy.Value, r *unsafe.UnsafeDeleteAttributeValueRequest) (*policy.Value, error)
func (PolicyDBClient) UnsafeDeleteNamespace ¶ added in v0.4.7
func (PolicyDBClient) UnsafeReactivateAttribute ¶ added in v0.4.8
func (PolicyDBClient) UnsafeReactivateAttributeValue ¶ added in v0.4.8
func (PolicyDBClient) UnsafeReactivateNamespace ¶ added in v0.4.7
func (PolicyDBClient) UnsafeUpdateAttribute ¶ added in v0.4.8
func (c PolicyDBClient) UnsafeUpdateAttribute(ctx context.Context, r *unsafe.UnsafeUpdateAttributeRequest) (*policy.Attribute, error)
func (PolicyDBClient) UnsafeUpdateAttributeValue ¶ added in v0.4.8
func (c PolicyDBClient) UnsafeUpdateAttributeValue(ctx context.Context, r *unsafe.UnsafeUpdateAttributeValueRequest) (*policy.Value, error)
func (PolicyDBClient) UnsafeUpdateNamespace ¶ added in v0.4.7
func (c PolicyDBClient) UnsafeUpdateNamespace(ctx context.Context, id string, name string) (*policy.Namespace, error)
UNSAFE OPERATIONS
func (PolicyDBClient) UpdateAttribute ¶
func (c PolicyDBClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)
func (PolicyDBClient) UpdateAttributeValue ¶
func (c PolicyDBClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)
func (PolicyDBClient) UpdateKeyAccessServer ¶ added in v0.2.0
func (c PolicyDBClient) UpdateKeyAccessServer(ctx context.Context, id string, r *kasregistry.UpdateKeyAccessServerRequest) (*policy.KeyAccessServer, error)
func (PolicyDBClient) UpdateNamespace ¶
func (c PolicyDBClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)
func (PolicyDBClient) UpdateResourceMapping ¶
func (c PolicyDBClient) UpdateResourceMapping(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingRequest) (*policy.ResourceMapping, error)
func (PolicyDBClient) UpdateResourceMappingGroup ¶ added in v0.4.19
func (c PolicyDBClient) UpdateResourceMappingGroup(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)
func (PolicyDBClient) UpdateSubjectConditionSet ¶
func (c PolicyDBClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)
Mutates provided fields and returns the updated subject condition set
func (PolicyDBClient) UpdateSubjectMapping ¶
func (c PolicyDBClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)
Mutates provided fields and returns the updated subject mapping
type Queries ¶ added in v0.4.17
type Queries struct {
// contains filtered or unexported fields
}
func (*Queries) AssignKeyAccessServerToAttribute ¶ added in v0.4.25
func (q *Queries) AssignKeyAccessServerToAttribute(ctx context.Context, arg AssignKeyAccessServerToAttributeParams) (int64, error)
AssignKeyAccessServerToAttribute
INSERT INTO attribute_definition_key_access_grants (attribute_definition_id, key_access_server_id) VALUES ($1, $2)
func (*Queries) AssignKeyAccessServerToAttributeValue ¶ added in v0.4.25
func (q *Queries) AssignKeyAccessServerToAttributeValue(ctx context.Context, arg AssignKeyAccessServerToAttributeValueParams) (int64, error)
AssignKeyAccessServerToAttributeValue
INSERT INTO attribute_value_key_access_grants (attribute_value_id, key_access_server_id) VALUES ($1, $2)
func (*Queries) AssignKeyAccessServerToNamespace ¶ added in v0.4.19
func (q *Queries) AssignKeyAccessServerToNamespace(ctx context.Context, arg AssignKeyAccessServerToNamespaceParams) (int64, error)
AssignKeyAccessServerToNamespace
INSERT INTO attribute_namespace_key_access_grants (namespace_id, key_access_server_id) VALUES ($1, $2)
func (*Queries) CreateAttribute ¶ added in v0.4.25
CreateAttribute
INSERT INTO attribute_definitions (namespace_id, name, rule, metadata) VALUES ($1, $2, $3, $4) RETURNING id
func (*Queries) CreateAttributeValue ¶ added in v0.4.25
func (q *Queries) CreateAttributeValue(ctx context.Context, arg CreateAttributeValueParams) (string, error)
CreateAttributeValue
INSERT INTO attribute_values (attribute_definition_id, value, metadata) VALUES ($1, $2, $3) RETURNING id
func (*Queries) CreateKeyAccessServer ¶ added in v0.4.17
func (q *Queries) CreateKeyAccessServer(ctx context.Context, arg CreateKeyAccessServerParams) (string, error)
CreateKeyAccessServer
INSERT INTO key_access_servers (uri, public_key, name, metadata) VALUES ($1, $2, $3, $4) RETURNING id
func (*Queries) CreateNamespace ¶ added in v0.4.24
CreateNamespace
INSERT INTO attribute_namespaces (name, metadata) VALUES ($1, $2) RETURNING id
func (*Queries) CreateResourceMapping ¶ added in v0.4.25
func (q *Queries) CreateResourceMapping(ctx context.Context, arg CreateResourceMappingParams) (string, error)
CreateResourceMapping
INSERT INTO resource_mappings (attribute_value_id, terms, metadata, group_id) VALUES ($1, $2, $3, $4) RETURNING id
func (*Queries) CreateResourceMappingGroup ¶ added in v0.4.18
func (q *Queries) CreateResourceMappingGroup(ctx context.Context, arg CreateResourceMappingGroupParams) (string, error)
CreateResourceMappingGroup
INSERT INTO resource_mapping_groups (namespace_id, name, metadata) VALUES ($1, $2, $3) RETURNING id
func (*Queries) CreateSubjectConditionSet ¶ added in v0.4.25
func (q *Queries) CreateSubjectConditionSet(ctx context.Context, arg CreateSubjectConditionSetParams) (string, error)
CreateSubjectConditionSet
INSERT INTO subject_condition_set (condition, metadata) VALUES ($1, $2) RETURNING id
func (*Queries) CreateSubjectMapping ¶ added in v0.4.25
func (q *Queries) CreateSubjectMapping(ctx context.Context, arg CreateSubjectMappingParams) (string, error)
CreateSubjectMapping
INSERT INTO subject_mappings (attribute_value_id, actions, metadata, subject_condition_set_id) VALUES ($1, $2, $3, $4) RETURNING id
func (*Queries) DeleteAllUnmappedSubjectConditionSets ¶ added in v0.4.27
DeleteAllUnmappedSubjectConditionSets
DELETE FROM subject_condition_set WHERE id NOT IN (SELECT DISTINCT sm.subject_condition_set_id FROM subject_mappings sm) RETURNING id
func (*Queries) DeleteAttribute ¶ added in v0.4.25
DeleteAttribute
DELETE FROM attribute_definitions WHERE id = $1
func (*Queries) DeleteAttributeValue ¶ added in v0.4.25
DeleteAttributeValue
DELETE FROM attribute_values WHERE id = $1
func (*Queries) DeleteKeyAccessServer ¶ added in v0.4.17
DeleteKeyAccessServer
DELETE FROM key_access_servers WHERE id = $1
func (*Queries) DeleteNamespace ¶ added in v0.4.24
DeleteNamespace
DELETE FROM attribute_namespaces WHERE id = $1
func (*Queries) DeleteResourceMapping ¶ added in v0.4.25
DeleteResourceMapping
DELETE FROM resource_mappings WHERE id = $1
func (*Queries) DeleteResourceMappingGroup ¶ added in v0.4.18
DeleteResourceMappingGroup
DELETE FROM resource_mapping_groups WHERE id = $1
func (*Queries) DeleteSubjectConditionSet ¶ added in v0.4.25
DeleteSubjectConditionSet
DELETE FROM subject_condition_set WHERE id = $1
func (*Queries) DeleteSubjectMapping ¶ added in v0.4.25
DeleteSubjectMapping
DELETE FROM subject_mappings WHERE id = $1
func (*Queries) GetAttribute ¶ added in v0.4.25
GetAttribute
SELECT ad.id, ad.name as attribute_name, ad.rule, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ad.metadata -> 'labels', 'created_at', ad.created_at, 'updated_at', ad.updated_at)) AS metadata, ad.namespace_id, ad.active, n.name as namespace_name, JSON_AGG( JSON_BUILD_OBJECT( 'id', avt.id, 'value', avt.value, 'active', avt.active, 'fqn', CONCAT(fqns.fqn, '/value/', avt.value) ) ORDER BY ARRAY_POSITION(ad.values_order, avt.id) ) AS values, JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'id', kas.id, 'uri', kas.uri, 'name', kas.name, 'public_key', kas.public_key ) ) FILTER (WHERE adkag.attribute_definition_id IS NOT NULL) AS grants, fqns.fqn FROM attribute_definitions ad LEFT JOIN attribute_namespaces n ON n.id = ad.namespace_id LEFT JOIN ( SELECT av.id, av.value, av.active, JSON_AGG(DISTINCT JSONB_BUILD_OBJECT('id', vkas.id,'uri', vkas.uri,'name', vkas.name,'public_key', vkas.public_key )) FILTER (WHERE vkas.id IS NOT NULL AND vkas.uri IS NOT NULL AND vkas.public_key IS NOT NULL) AS val_grants_arr, av.attribute_definition_id FROM attribute_values av LEFT JOIN attribute_value_key_access_grants avg ON av.id = avg.attribute_value_id LEFT JOIN key_access_servers vkas ON avg.key_access_server_id = vkas.id GROUP BY av.id ) avt ON avt.attribute_definition_id = ad.id LEFT JOIN attribute_definition_key_access_grants adkag ON adkag.attribute_definition_id = ad.id LEFT JOIN key_access_servers kas ON kas.id = adkag.key_access_server_id LEFT JOIN attribute_fqns fqns ON fqns.attribute_id = ad.id AND fqns.value_id IS NULL WHERE ad.id = $1 GROUP BY ad.id, n.name, fqns.fqn
func (*Queries) GetAttributeValue ¶ added in v0.4.25
GetAttributeValue
SELECT av.id, av.value, av.active, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', av.metadata -> 'labels', 'created_at', av.created_at, 'updated_at', av.updated_at)) as metadata, av.attribute_definition_id, fqns.fqn, JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'id', kas.id, 'uri', kas.uri, 'name', kas.name, 'public_key', kas.public_key ) ) FILTER (WHERE avkag.attribute_value_id IS NOT NULL) AS grants FROM attribute_values av LEFT JOIN attribute_fqns fqns ON av.id = fqns.value_id LEFT JOIN attribute_value_key_access_grants avkag ON av.id = avkag.attribute_value_id LEFT JOIN key_access_servers kas ON avkag.key_access_server_id = kas.id WHERE av.id = $1 GROUP BY av.id, fqns.fqn
func (*Queries) GetKeyAccessServer ¶ added in v0.4.17
GetKeyAccessServer
SELECT id, uri, public_key, name, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata FROM key_access_servers WHERE id = $1
func (*Queries) GetNamespace ¶ added in v0.4.19
GetNamespace
SELECT ns.id, ns.name, ns.active, fqns.fqn, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ns.metadata -> 'labels', 'created_at', ns.created_at, 'updated_at', ns.updated_at)) as metadata, JSONB_AGG(DISTINCT JSONB_BUILD_OBJECT( 'id', kas.id, 'uri', kas.uri, 'name', kas.name, 'public_key', kas.public_key )) FILTER (WHERE kas_ns_grants.namespace_id IS NOT NULL) as grants FROM attribute_namespaces ns LEFT JOIN attribute_namespace_key_access_grants kas_ns_grants ON kas_ns_grants.namespace_id = ns.id LEFT JOIN key_access_servers kas ON kas.id = kas_ns_grants.key_access_server_id LEFT JOIN attribute_fqns fqns ON fqns.namespace_id = ns.id WHERE ns.id = $1 AND fqns.attribute_id IS NULL AND fqns.value_id IS NULL GROUP BY ns.id, fqns.fqn
func (*Queries) GetResourceMapping ¶ added in v0.4.25
GetResourceMapping
SELECT m.id, JSON_BUILD_OBJECT('id', av.id, 'value', av.value, 'fqn', fqns.fqn) as attribute_value, m.terms, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', m.metadata -> 'labels', 'created_at', m.created_at, 'updated_at', m.updated_at)) as metadata, COALESCE(m.group_id::TEXT, '')::TEXT as group_id FROM resource_mappings m LEFT JOIN attribute_values av on m.attribute_value_id = av.id LEFT JOIN attribute_fqns fqns on av.id = fqns.value_id WHERE m.id = $1 GROUP BY av.id, m.id, fqns.fqn
func (*Queries) GetResourceMappingGroup ¶ added in v0.4.18
func (q *Queries) GetResourceMappingGroup(ctx context.Context, id string) (GetResourceMappingGroupRow, error)
GetResourceMappingGroup
SELECT id, namespace_id, name, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata FROM resource_mapping_groups WHERE id = $1
func (*Queries) GetSubjectConditionSet ¶ added in v0.4.25
func (q *Queries) GetSubjectConditionSet(ctx context.Context, id string) (GetSubjectConditionSetRow, error)
GetSubjectConditionSet
SELECT id, condition, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata FROM subject_condition_set WHERE id = $1
func (*Queries) GetSubjectMapping ¶ added in v0.4.25
GetSubjectMapping
SELECT sm.id, sm.actions, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', sm.metadata -> 'labels', 'created_at', sm.created_at, 'updated_at', sm.updated_at)) AS metadata, JSON_BUILD_OBJECT( 'id', scs.id, 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', scs.metadata -> 'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at)), 'subject_sets', scs.condition ) AS subject_condition_set, JSON_BUILD_OBJECT('id', av.id,'value', av.value,'active', av.active) AS attribute_value FROM subject_mappings sm LEFT JOIN attribute_values av ON sm.attribute_value_id = av.id LEFT JOIN subject_condition_set scs ON scs.id = sm.subject_condition_set_id WHERE sm.id = $1 GROUP BY av.id, sm.id, scs.id
func (*Queries) ListAttributeValues ¶ added in v0.4.25
func (q *Queries) ListAttributeValues(ctx context.Context, arg ListAttributeValuesParams) ([]ListAttributeValuesRow, error)
-------------------------------------------------------------- ATTRIBUTE VALUES --------------------------------------------------------------
WITH counted AS ( SELECT COUNT(av.id) AS total FROM attribute_values av ) SELECT av.id, av.value, av.active, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', av.metadata -> 'labels', 'created_at', av.created_at, 'updated_at', av.updated_at)) as metadata, av.attribute_definition_id, fqns.fqn, counted.total FROM attribute_values av CROSS JOIN counted LEFT JOIN attribute_fqns fqns ON av.id = fqns.value_id WHERE ( ($1::BOOLEAN IS NULL OR av.active = $1) AND (NULLIF($2, '') IS NULL OR av.attribute_definition_id = $2::UUID) ) LIMIT $4 OFFSET $3
func (*Queries) ListAttributesByDefOrValueFqns ¶ added in v0.4.25
func (q *Queries) ListAttributesByDefOrValueFqns(ctx context.Context, fqns []string) ([]ListAttributesByDefOrValueFqnsRow, error)
get the attribute definition for the provided value or definition fqn
WITH target_definition AS ( SELECT DISTINCT ad.id, ad.namespace_id, ad.name, ad.rule, ad.active, ad.values_order, JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'id', kas.id, 'uri', kas.uri, 'name', kas.name, 'public_key', kas.public_key ) ) FILTER (WHERE kas.id IS NOT NULL) AS grants FROM attribute_fqns fqns INNER JOIN attribute_definitions ad ON fqns.attribute_id = ad.id LEFT JOIN attribute_definition_key_access_grants adkag ON ad.id = adkag.attribute_definition_id LEFT JOIN key_access_servers kas ON adkag.key_access_server_id = kas.id WHERE fqns.fqn = ANY($1::TEXT[]) AND ad.active = TRUE GROUP BY ad.id ), namespaces AS ( SELECT n.id, JSON_BUILD_OBJECT( 'id', n.id, 'name', n.name, 'active', n.active, 'fqn', fqns.fqn, 'grants', JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'id', kas.id, 'uri', kas.uri, 'name', kas.name, 'public_key', kas.public_key ) ) FILTER (WHERE kas.id IS NOT NULL) ) AS namespace FROM target_definition td INNER JOIN attribute_namespaces n ON td.namespace_id = n.id INNER JOIN attribute_fqns fqns ON n.id = fqns.namespace_id LEFT JOIN attribute_namespace_key_access_grants ankag ON n.id = ankag.namespace_id LEFT JOIN key_access_servers kas ON ankag.key_access_server_id = kas.id WHERE n.active = TRUE AND (fqns.attribute_id IS NULL AND fqns.value_id IS NULL) GROUP BY n.id, fqns.fqn ), value_grants AS ( SELECT av.id, JSON_AGG( DISTINCT JSONB_BUILD_OBJECT( 'id', kas.id, 'uri', kas.uri, 'name', kas.name, 'public_key', kas.public_key ) ) FILTER (WHERE kas.id IS NOT NULL) AS grants FROM target_definition td LEFT JOIN attribute_values av on td.id = av.attribute_definition_id LEFT JOIN attribute_value_key_access_grants avkag ON av.id = avkag.attribute_value_id LEFT JOIN key_access_servers kas ON avkag.key_access_server_id = kas.id GROUP BY av.id ), value_subject_mappings AS ( SELECT av.id, JSON_AGG( JSON_BUILD_OBJECT( 'id', sm.id, 'actions', sm.actions, 'subject_condition_set', JSON_BUILD_OBJECT( 'id', scs.id, 'subject_sets', scs.condition ) ) ) FILTER (WHERE sm.id IS NOT NULL) AS sub_maps FROM target_definition td LEFT JOIN attribute_values av ON td.id = av.attribute_definition_id LEFT JOIN subject_mappings sm ON av.id = sm.attribute_value_id LEFT JOIN subject_condition_set scs ON sm.subject_condition_set_id = scs.id GROUP BY av.id ), values AS ( SELECT av.attribute_definition_id, JSON_AGG( JSON_BUILD_OBJECT( 'id', av.id, 'value', av.value, 'active', av.active, 'fqn', fqns.fqn, 'grants', avg.grants, 'subject_mappings', avsm.sub_maps -- enforce order of values in response ) ORDER BY ARRAY_POSITION(td.values_order, av.id) ) AS values FROM target_definition td LEFT JOIN attribute_values av ON td.id = av.attribute_definition_id LEFT JOIN attribute_fqns fqns ON av.id = fqns.value_id LEFT JOIN value_grants avg ON av.id = avg.id LEFT JOIN value_subject_mappings avsm ON av.id = avsm.id WHERE av.active = TRUE GROUP BY av.attribute_definition_id ) SELECT td.id, td.name, td.rule, td.active, n.namespace, fqns.fqn, values.values, td.grants FROM target_definition td INNER JOIN attribute_fqns fqns ON td.id = fqns.attribute_id INNER JOIN namespaces n ON td.namespace_id = n.id LEFT JOIN values ON td.id = values.attribute_definition_id WHERE fqns.value_id IS NULL
func (*Queries) ListAttributesDetail ¶ added in v0.4.25
func (q *Queries) ListAttributesDetail(ctx context.Context, arg ListAttributesDetailParams) ([]ListAttributesDetailRow, error)
-------------------------------------------------------------- ATTRIBUTES --------------------------------------------------------------
WITH counted AS ( SELECT COUNT(ad.id) AS total FROM attribute_definitions ad ) SELECT ad.id, ad.name as attribute_name, ad.rule, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ad.metadata -> 'labels', 'created_at', ad.created_at, 'updated_at', ad.updated_at)) AS metadata, ad.namespace_id, ad.active, n.name as namespace_name, JSON_AGG( JSON_BUILD_OBJECT( 'id', avt.id, 'value', avt.value, 'active', avt.active, 'fqn', CONCAT(fqns.fqn, '/value/', avt.value) ) ORDER BY ARRAY_POSITION(ad.values_order, avt.id) ) AS values, fqns.fqn, counted.total FROM attribute_definitions ad CROSS JOIN counted LEFT JOIN attribute_namespaces n ON n.id = ad.namespace_id LEFT JOIN ( SELECT av.id, av.value, av.active, JSON_AGG( DISTINCT JSONB_BUILD_OBJECT( 'id', vkas.id, 'uri', vkas.uri, 'name', vkas.name, 'public_key', vkas.public_key ) ) FILTER (WHERE vkas.id IS NOT NULL AND vkas.uri IS NOT NULL AND vkas.public_key IS NOT NULL) AS val_grants_arr, av.attribute_definition_id FROM attribute_values av LEFT JOIN attribute_value_key_access_grants avg ON av.id = avg.attribute_value_id LEFT JOIN key_access_servers vkas ON avg.key_access_server_id = vkas.id GROUP BY av.id ) avt ON avt.attribute_definition_id = ad.id LEFT JOIN attribute_fqns fqns ON fqns.attribute_id = ad.id AND fqns.value_id IS NULL WHERE ($1::BOOLEAN IS NULL OR ad.active = $1) AND (NULLIF($2, '') IS NULL OR ad.namespace_id = $2::uuid) AND (NULLIF($3, '') IS NULL OR n.name = $3) GROUP BY ad.id, n.name, fqns.fqn, counted.total LIMIT $5 OFFSET $4
func (*Queries) ListAttributesSummary ¶ added in v0.4.25
func (q *Queries) ListAttributesSummary(ctx context.Context, arg ListAttributesSummaryParams) ([]ListAttributesSummaryRow, error)
ListAttributesSummary
WITH counted AS ( SELECT COUNT(ad.id) AS total FROM attribute_definitions ad ) SELECT ad.id, ad.name as attribute_name, ad.rule, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ad.metadata -> 'labels', 'created_at', ad.created_at, 'updated_at', ad.updated_at)) AS metadata, ad.namespace_id, ad.active, n.name as namespace_name, counted.total FROM attribute_definitions ad CROSS JOIN counted LEFT JOIN attribute_namespaces n ON n.id = ad.namespace_id WHERE ad.namespace_id = $1 GROUP BY ad.id, n.name, counted.total LIMIT $3 OFFSET $2
func (*Queries) ListKeyAccessServerGrants ¶ added in v0.4.19
func (q *Queries) ListKeyAccessServerGrants(ctx context.Context, arg ListKeyAccessServerGrantsParams) ([]ListKeyAccessServerGrantsRow, error)
-------------------------------------------------------------- KEY ACCESS SERVERS --------------------------------------------------------------
WITH listed AS ( SELECT COUNT(*) OVER() AS total, kas.id AS kas_id, kas.uri AS kas_uri, kas.name AS kas_name, kas.public_key AS kas_public_key, JSON_STRIP_NULLS(JSON_BUILD_OBJECT( 'labels', kas.metadata -> 'labels', 'created_at', kas.created_at, 'updated_at', kas.updated_at )) AS kas_metadata, JSON_AGG(DISTINCT JSONB_BUILD_OBJECT( 'id', attrkag.attribute_definition_id, 'fqn', fqns_on_attr.fqn )) FILTER (WHERE attrkag.attribute_definition_id IS NOT NULL) AS attributes_grants, JSON_AGG(DISTINCT JSONB_BUILD_OBJECT( 'id', valkag.attribute_value_id, 'fqn', fqns_on_vals.fqn )) FILTER (WHERE valkag.attribute_value_id IS NOT NULL) AS values_grants, JSON_AGG(DISTINCT JSONB_BUILD_OBJECT( 'id', nskag.namespace_id, 'fqn', fqns_on_ns.fqn )) FILTER (WHERE nskag.namespace_id IS NOT NULL) AS namespace_grants FROM key_access_servers kas LEFT JOIN attribute_definition_key_access_grants attrkag ON kas.id = attrkag.key_access_server_id LEFT JOIN attribute_fqns fqns_on_attr ON attrkag.attribute_definition_id = fqns_on_attr.attribute_id AND fqns_on_attr.value_id IS NULL LEFT JOIN attribute_value_key_access_grants valkag ON kas.id = valkag.key_access_server_id LEFT JOIN attribute_fqns fqns_on_vals ON valkag.attribute_value_id = fqns_on_vals.value_id LEFT JOIN attribute_namespace_key_access_grants nskag ON kas.id = nskag.key_access_server_id LEFT JOIN attribute_fqns fqns_on_ns ON nskag.namespace_id = fqns_on_ns.namespace_id AND fqns_on_ns.attribute_id IS NULL AND fqns_on_ns.value_id IS NULL WHERE (NULLIF($3, '') IS NULL OR kas.id = $3::uuid) AND (NULLIF($4, '') IS NULL OR kas.uri = $4::varchar) AND (NULLIF($5, '') IS NULL OR kas.name = $5::varchar) GROUP BY kas.id ) SELECT listed.kas_id, listed.kas_uri, listed.kas_name, listed.kas_public_key, listed.kas_metadata, listed.attributes_grants, listed.values_grants, listed.namespace_grants, listed.total FROM listed LIMIT $2 OFFSET $1
func (*Queries) ListKeyAccessServers ¶ added in v0.4.17
func (q *Queries) ListKeyAccessServers(ctx context.Context, arg ListKeyAccessServersParams) ([]ListKeyAccessServersRow, error)
ListKeyAccessServers
WITH counted AS ( SELECT COUNT(kas.id) AS total FROM key_access_servers kas ) SELECT kas.id, kas.uri, kas.public_key, kas.name AS kas_name, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', kas.metadata -> 'labels', 'created_at', kas.created_at, 'updated_at', kas.updated_at)) as metadata, counted.total FROM key_access_servers kas CROSS JOIN counted LIMIT $2 OFFSET $1
func (*Queries) ListNamespaces ¶ added in v0.4.24
func (q *Queries) ListNamespaces(ctx context.Context, arg ListNamespacesParams) ([]ListNamespacesRow, error)
-------------------------------------------------------------- NAMESPACES --------------------------------------------------------------
WITH counted AS ( SELECT COUNT(id) AS total FROM attribute_namespaces ) SELECT ns.id, ns.name, ns.active, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ns.metadata -> 'labels', 'created_at', ns.created_at, 'updated_at', ns.updated_at)) as metadata, fqns.fqn, counted.total FROM attribute_namespaces ns CROSS JOIN counted LEFT JOIN attribute_fqns fqns ON ns.id = fqns.namespace_id AND fqns.attribute_id IS NULL WHERE ($1::BOOLEAN IS NULL OR ns.active = $1::BOOLEAN) LIMIT $3 OFFSET $2
func (*Queries) ListResourceMappingGroups ¶ added in v0.4.18
func (q *Queries) ListResourceMappingGroups(ctx context.Context, arg ListResourceMappingGroupsParams) ([]ListResourceMappingGroupsRow, error)
-------------------------------------------------------------- RESOURCE MAPPING GROUPS --------------------------------------------------------------
WITH counted AS ( SELECT COUNT(rmg.id) AS total FROM resource_mapping_groups rmg ) SELECT rmg.id, rmg.namespace_id, rmg.name, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', rmg.metadata -> 'labels', 'created_at', rmg.created_at, 'updated_at', rmg.updated_at)) as metadata, counted.total FROM resource_mapping_groups rmg CROSS JOIN counted WHERE (NULLIF($1, '') IS NULL OR rmg.namespace_id = $1::uuid) LIMIT $3 OFFSET $2
func (*Queries) ListResourceMappings ¶ added in v0.4.25
func (q *Queries) ListResourceMappings(ctx context.Context, arg ListResourceMappingsParams) ([]ListResourceMappingsRow, error)
-------------------------------------------------------------- RESOURCE MAPPING --------------------------------------------------------------
WITH counted AS ( SELECT COUNT(rm.id) AS total FROM resource_mappings rm ) SELECT m.id, JSON_BUILD_OBJECT('id', av.id, 'value', av.value, 'fqn', fqns.fqn) as attribute_value, m.terms, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', m.metadata -> 'labels', 'created_at', m.created_at, 'updated_at', m.updated_at)) as metadata, COALESCE(m.group_id::TEXT, '')::TEXT as group_id, counted.total FROM resource_mappings m CROSS JOIN counted LEFT JOIN attribute_values av on m.attribute_value_id = av.id LEFT JOIN attribute_fqns fqns on av.id = fqns.value_id WHERE (NULLIF($1, '') IS NULL OR m.group_id = $1::UUID) GROUP BY av.id, m.id, fqns.fqn, counted.total LIMIT $3 OFFSET $2
func (*Queries) ListResourceMappingsByFullyQualifiedGroup ¶ added in v0.4.19
func (q *Queries) ListResourceMappingsByFullyQualifiedGroup(ctx context.Context, arg ListResourceMappingsByFullyQualifiedGroupParams) ([]ListResourceMappingsByFullyQualifiedGroupRow, error)
CTE to cache the group JSON build since it will be the same for all mappings of the group
WITH groups_cte AS ( SELECT g.id, JSON_BUILD_OBJECT( 'id', g.id, 'namespace_id', g.namespace_id, 'name', g.name, 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT( 'labels', g.metadata -> 'labels', 'created_at', g.created_at, 'updated_at', g.updated_at )) ) as group FROM resource_mapping_groups g JOIN attribute_namespaces ns on g.namespace_id = ns.id WHERE ns.name = $1 AND g.name = $2 ) SELECT m.id, JSON_BUILD_OBJECT('id', av.id, 'value', av.value, 'fqn', fqns.fqn) as attribute_value, m.terms, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', m.metadata -> 'labels', 'created_at', m.created_at, 'updated_at', m.updated_at)) as metadata, g.group FROM resource_mappings m JOIN groups_cte g ON m.group_id = g.id JOIN attribute_values av on m.attribute_value_id = av.id JOIN attribute_fqns fqns on av.id = fqns.value_id
func (*Queries) ListSubjectConditionSets ¶ added in v0.4.25
func (q *Queries) ListSubjectConditionSets(ctx context.Context, arg ListSubjectConditionSetsParams) ([]ListSubjectConditionSetsRow, error)
-------------------------------------------------------------- SUBJECT CONDITION SETS --------------------------------------------------------------
WITH counted AS ( SELECT COUNT(scs.id) AS total FROM subject_condition_set scs ) SELECT scs.id, scs.condition, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', scs.metadata -> 'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at)) as metadata, counted.total FROM subject_condition_set scs CROSS JOIN counted LIMIT $2 OFFSET $1
func (*Queries) ListSubjectMappings ¶ added in v0.4.25
func (q *Queries) ListSubjectMappings(ctx context.Context, arg ListSubjectMappingsParams) ([]ListSubjectMappingsRow, error)
-------------------------------------------------------------- SUBJECT MAPPINGS --------------------------------------------------------------
WITH counted AS ( SELECT COUNT(sm.id) AS total FROM subject_mappings sm ) SELECT sm.id, sm.actions, JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', sm.metadata -> 'labels', 'created_at', sm.created_at, 'updated_at', sm.updated_at)) AS metadata, JSON_BUILD_OBJECT( 'id', scs.id, 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', scs.metadata->'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at)), 'subject_sets', scs.condition ) AS subject_condition_set, JSON_BUILD_OBJECT('id', av.id,'value', av.value,'active', av.active) AS attribute_value, counted.total FROM subject_mappings sm CROSS JOIN counted LEFT JOIN attribute_values av ON sm.attribute_value_id = av.id LEFT JOIN subject_condition_set scs ON scs.id = sm.subject_condition_set_id GROUP BY av.id, sm.id, scs.id, counted.total LIMIT $2 OFFSET $1
func (*Queries) MatchSubjectMappings ¶ added in v0.4.27
func (q *Queries) MatchSubjectMappings(ctx context.Context, selectors []string) ([]MatchSubjectMappingsRow, error)
MatchSubjectMappings
SELECT sm.id, sm.actions, JSON_BUILD_OBJECT( 'id', scs.id, 'subject_sets', scs.condition ) AS subject_condition_set, JSON_BUILD_OBJECT('id', av.id,'value', av.value,'active', av.active) AS attribute_value FROM subject_mappings sm LEFT JOIN attribute_values av ON sm.attribute_value_id = av.id LEFT JOIN attribute_definitions ad ON av.attribute_definition_id = ad.id LEFT JOIN attribute_namespaces ns ON ad.namespace_id = ns.id LEFT JOIN subject_condition_set scs ON scs.id = sm.subject_condition_set_id WHERE ns.active = true AND ad.active = true and av.active = true AND EXISTS ( SELECT 1 FROM JSONB_ARRAY_ELEMENTS(scs.condition) AS ss, JSONB_ARRAY_ELEMENTS(ss->'conditionGroups') AS cg, JSONB_ARRAY_ELEMENTS(cg->'conditions') AS each_condition WHERE (each_condition->>'subjectExternalSelectorValue' = ANY($1::TEXT[])) ) GROUP BY av.id, sm.id, scs.id
func (*Queries) RemoveKeyAccessServerFromAttribute ¶ added in v0.4.25
func (q *Queries) RemoveKeyAccessServerFromAttribute(ctx context.Context, arg RemoveKeyAccessServerFromAttributeParams) (int64, error)
RemoveKeyAccessServerFromAttribute
DELETE FROM attribute_definition_key_access_grants WHERE attribute_definition_id = $1 AND key_access_server_id = $2
func (*Queries) RemoveKeyAccessServerFromAttributeValue ¶ added in v0.4.25
func (q *Queries) RemoveKeyAccessServerFromAttributeValue(ctx context.Context, arg RemoveKeyAccessServerFromAttributeValueParams) (int64, error)
RemoveKeyAccessServerFromAttributeValue
DELETE FROM attribute_value_key_access_grants WHERE attribute_value_id = $1 AND key_access_server_id = $2
func (*Queries) RemoveKeyAccessServerFromNamespace ¶ added in v0.4.19
func (q *Queries) RemoveKeyAccessServerFromNamespace(ctx context.Context, arg RemoveKeyAccessServerFromNamespaceParams) (int64, error)
RemoveKeyAccessServerFromNamespace
DELETE FROM attribute_namespace_key_access_grants WHERE namespace_id = $1 AND key_access_server_id = $2
func (*Queries) UpdateAttribute ¶ added in v0.4.25
UpdateAttribute: Unsafe and Safe Updates both
UPDATE attribute_definitions SET name = COALESCE($2, name), rule = COALESCE($3, rule), values_order = COALESCE($4, values_order), metadata = COALESCE($5, metadata), active = COALESCE($6, active) WHERE id = $1
func (*Queries) UpdateAttributeValue ¶ added in v0.4.25
func (q *Queries) UpdateAttributeValue(ctx context.Context, arg UpdateAttributeValueParams) (int64, error)
UpdateAttributeValue: Safe and Unsafe Updates both
UPDATE attribute_values SET value = COALESCE($2, value), active = COALESCE($3, active), metadata = COALESCE($4, metadata) WHERE id = $1
func (*Queries) UpdateKeyAccessServer ¶ added in v0.4.17
func (q *Queries) UpdateKeyAccessServer(ctx context.Context, arg UpdateKeyAccessServerParams) (int64, error)
UpdateKeyAccessServer
UPDATE key_access_servers SET uri = COALESCE($2, uri), public_key = COALESCE($3, public_key), name = COALESCE($4, name), metadata = COALESCE($5, metadata) WHERE id = $1
func (*Queries) UpdateNamespace ¶ added in v0.4.24
UpdateNamespace: both Safe and Unsafe Updates
UPDATE attribute_namespaces SET name = COALESCE($2, name), active = COALESCE($3, active), metadata = COALESCE($4, metadata) WHERE id = $1
func (*Queries) UpdateResourceMapping ¶ added in v0.4.25
func (q *Queries) UpdateResourceMapping(ctx context.Context, arg UpdateResourceMappingParams) (int64, error)
UpdateResourceMapping
UPDATE resource_mappings SET attribute_value_id = COALESCE($2, attribute_value_id), terms = COALESCE($3, terms), metadata = COALESCE($4, metadata), group_id = COALESCE($5, group_id) WHERE id = $1
func (*Queries) UpdateResourceMappingGroup ¶ added in v0.4.18
func (q *Queries) UpdateResourceMappingGroup(ctx context.Context, arg UpdateResourceMappingGroupParams) (int64, error)
UpdateResourceMappingGroup
UPDATE resource_mapping_groups SET namespace_id = COALESCE($2, namespace_id), name = COALESCE($3, name), metadata = COALESCE($4, metadata) WHERE id = $1
func (*Queries) UpdateSubjectConditionSet ¶ added in v0.4.25
func (q *Queries) UpdateSubjectConditionSet(ctx context.Context, arg UpdateSubjectConditionSetParams) (int64, error)
UpdateSubjectConditionSet
UPDATE subject_condition_set SET condition = COALESCE($2, condition), metadata = COALESCE($3, metadata) WHERE id = $1
func (*Queries) UpdateSubjectMapping ¶ added in v0.4.25
func (q *Queries) UpdateSubjectMapping(ctx context.Context, arg UpdateSubjectMappingParams) (int64, error)
UpdateSubjectMapping
UPDATE subject_mappings SET actions = COALESCE($2, actions), metadata = COALESCE($3, metadata), subject_condition_set_id = COALESCE($4, subject_condition_set_id) WHERE id = $1
func (*Queries) UpsertAttributeDefinitionFqn ¶ added in v0.4.25
func (q *Queries) UpsertAttributeDefinitionFqn(ctx context.Context, attributeID string) ([]UpsertAttributeDefinitionFqnRow, error)
UpsertAttributeDefinitionFqn
WITH new_fqns_cte AS ( -- get attribute definition fqns SELECT ns.id as namespace_id, ad.id as attribute_id, NULL::UUID as value_id, CONCAT('https://', ns.name, '/attr/', ad.name) AS fqn FROM attribute_definitions ad JOIN attribute_namespaces ns on ad.namespace_id = ns.id WHERE ad.id = $1 UNION -- get attribute value fqns SELECT ns.id as namespace_id, ad.id as attribute_id, av.id as value_id, CONCAT('https://', ns.name, '/attr/', ad.name, '/value/', av.value) AS fqn FROM attribute_values av JOIN attribute_definitions ad on av.attribute_definition_id = ad.id JOIN attribute_namespaces ns on ad.namespace_id = ns.id WHERE ad.id = $1 ) INSERT INTO attribute_fqns (namespace_id, attribute_id, value_id, fqn) SELECT namespace_id, attribute_id, value_id, fqn FROM new_fqns_cte ON CONFLICT (namespace_id, attribute_id, value_id) DO UPDATE SET fqn = EXCLUDED.fqn RETURNING COALESCE(namespace_id::TEXT, '')::TEXT as namespace_id, COALESCE(attribute_id::TEXT, '')::TEXT as attribute_id, COALESCE(value_id::TEXT, '')::TEXT as value_id, fqn
func (*Queries) UpsertAttributeNamespaceFqn ¶ added in v0.4.25
func (q *Queries) UpsertAttributeNamespaceFqn(ctx context.Context, namespaceID string) ([]UpsertAttributeNamespaceFqnRow, error)
UpsertAttributeNamespaceFqn
WITH new_fqns_cte AS ( -- get namespace fqns SELECT ns.id as namespace_id, NULL::UUID as attribute_id, NULL::UUID as value_id, CONCAT('https://', ns.name) AS fqn FROM attribute_namespaces ns WHERE ns.id = $1 UNION -- get attribute definition fqns SELECT ns.id as namespace_id, ad.id as attribute_id, NULL::UUID as value_id, CONCAT('https://', ns.name, '/attr/', ad.name) AS fqn FROM attribute_definitions ad JOIN attribute_namespaces ns on ad.namespace_id = ns.id WHERE ns.id = $1 UNION -- get attribute value fqns SELECT ns.id as namespace_id, ad.id as attribute_id, av.id as value_id, CONCAT('https://', ns.name, '/attr/', ad.name, '/value/', av.value) AS fqn FROM attribute_values av JOIN attribute_definitions ad on av.attribute_definition_id = ad.id JOIN attribute_namespaces ns on ad.namespace_id = ns.id WHERE ns.id = $1 ) INSERT INTO attribute_fqns (namespace_id, attribute_id, value_id, fqn) SELECT namespace_id, attribute_id, value_id, fqn FROM new_fqns_cte ON CONFLICT (namespace_id, attribute_id, value_id) DO UPDATE SET fqn = EXCLUDED.fqn RETURNING COALESCE(namespace_id::TEXT, '')::TEXT as namespace_id, COALESCE(attribute_id::TEXT, '')::TEXT as attribute_id, COALESCE(value_id::TEXT, '')::TEXT as value_id, fqn
func (*Queries) UpsertAttributeValueFqn ¶ added in v0.4.25
func (q *Queries) UpsertAttributeValueFqn(ctx context.Context, valueID string) ([]UpsertAttributeValueFqnRow, error)
-------------------------------------------------------------- ATTRIBUTE FQN --------------------------------------------------------------
WITH new_fqns_cte AS ( -- get attribute value fqns SELECT ns.id as namespace_id, ad.id as attribute_id, av.id as value_id, CONCAT('https://', ns.name, '/attr/', ad.name, '/value/', av.value) AS fqn FROM attribute_values av JOIN attribute_definitions ad on av.attribute_definition_id = ad.id JOIN attribute_namespaces ns on ad.namespace_id = ns.id WHERE av.id = $1 ) INSERT INTO attribute_fqns (namespace_id, attribute_id, value_id, fqn) SELECT namespace_id, attribute_id, value_id, fqn FROM new_fqns_cte ON CONFLICT (namespace_id, attribute_id, value_id) DO UPDATE SET fqn = EXCLUDED.fqn RETURNING COALESCE(namespace_id::TEXT, '')::TEXT as namespace_id, COALESCE(attribute_id::TEXT, '')::TEXT as attribute_id, COALESCE(value_id::TEXT, '')::TEXT as value_id, fqn
type RemoveKeyAccessServerFromAttributeParams ¶ added in v0.4.25
type RemoveKeyAccessServerFromAttributeValueParams ¶ added in v0.4.25
type RemoveKeyAccessServerFromNamespaceParams ¶ added in v0.4.19
type ResourceMapping ¶ added in v0.4.17
type ResourceMapping struct { // Primary key for the table ID string `json:"id"` // Foreign key to the attribute value AttributeValueID string `json:"attribute_value_id"` // Terms to match against resource data (i.e. translations "roi", "rey", or "kung" in a terms list could map to the value "/attr/card/value/king") Terms []string `json:"terms"` // Metadata for the resource mapping (see protos for structure) Metadata []byte `json:"metadata"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` // Foreign key to the parent group of the resource mapping (optional, a resource mapping may not be in a group) GroupID pgtype.UUID `json:"group_id"` }
Table to store associated terms that should map resource data to attribute values
type ResourceMappingGroup ¶ added in v0.4.18
type ResourceMappingGroup struct { // Primary key for the table ID string `json:"id"` // Foreign key to the namespace of the attribute NamespaceID string `json:"namespace_id"` // Name for the group of resource mappings Name string `json:"name"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` Metadata []byte `json:"metadata"` }
Table to store the groups of resource mappings by unique namespace and group name combinations
type SubjectConditionSet ¶ added in v0.4.17
type SubjectConditionSet struct { // Primary key for the table ID string `json:"id"` // Conditions that must be met for the subject entity to be entitled to the attribute value (see protos for JSON structure) Condition []byte `json:"condition"` // Metadata for the condition set (see protos for structure) Metadata []byte `json:"metadata"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` }
Table to store sets of conditions that logically entitle subject entity representations to attribute values via a subject mapping
type SubjectMapping ¶ added in v0.4.17
type SubjectMapping struct { // Primary key for the table ID string `json:"id"` // Foreign key to the attribute value AttributeValueID string `json:"attribute_value_id"` // Metadata for the subject mapping (see protos for structure) Metadata []byte `json:"metadata"` CreatedAt pgtype.Timestamptz `json:"created_at"` UpdatedAt pgtype.Timestamptz `json:"updated_at"` // Foreign key to the condition set that entitles the subject entity to the attribute value SubjectConditionSetID pgtype.UUID `json:"subject_condition_set_id"` // Actions that the subject entity can perform on the attribute value (see protos for details) Actions []byte `json:"actions"` }
Table to store conditions that logically entitle subject entity representations to attribute values