schema

package
v0.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 24, 2023 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultNamespace is the default namespace for predefined entities
	DefaultNamespace = "app"

	// Global IDs
	PlatformID = "platform"

	// namespace
	PlatformNamespace     = "app/platform"
	OrganizationNamespace = "app/organization"
	ProjectNamespace      = "app/project"
	GroupNamespace        = "app/group"
	RoleBindingNamespace  = "app/rolebinding"
	RoleNamespace         = "app/role"
	InvitationNamespace   = "app/invitation"

	// relations
	PlatformRelationName     = "platform"
	AdminRelationName        = "admin"
	OrganizationRelationName = "org"
	UserRelationName         = "user"
	ProjectRelationName      = "project"
	GroupRelationName        = "group"
	MemberRelationName       = "member"
	OwnerRelationName        = "owner"
	RoleRelationName         = "role"
	RoleGrantRelationName    = "granted"
	RoleBearerRelationName   = "bearer"

	// permissions
	ListPermission              = "list"
	GetPermission               = "get"
	CreatePermission            = "create"
	UpdatePermission            = "update"
	DeletePermission            = "delete"
	SudoPermission              = "superuser"
	RoleManagePermission        = "rolemanage"
	PolicyManagePermission      = "policymanage"
	ProjectListPermission       = "projectlist"
	GroupListPermission         = "grouplist"
	ProjectCreatePermission     = "projectcreate"
	GroupCreatePermission       = "groupcreate"
	ResourceListPermission      = "resourcelist"
	InvitationListPermission    = "invitationlist"
	InvitationCreatePermission  = "invitationcreate"
	AcceptPermission            = "accept"
	ServiceUserManagePermission = "serviceusermanage"
	ManagePermission            = "manage"

	// synthetic permission
	MembershipPermission = "membership"

	// principals
	UserPrincipal        = "app/user"
	ServiceUserPrincipal = "app/serviceuser"
	GroupPrincipal       = "app/group"
	SuperUserPrincipal   = "app/superuser"
)

SpiceDB readable format is stored in predefined_schema.txt

Variables

View Source 
var (
	ErrMigration    = errors.New("error in migrating authz schema")
	ErrBadNamespace = errors.New("bad namespace, format should namespace:uuid")
)
View Source 
var BaseSchemaZed string
View Source 
var (
	PlatformOrgID = uuid.Nil
)
View Source 
var PredefinedRoles = []RoleDefinition{

	{
		Name: "app_organization_owner",
		Permissions: []string{
			"app_organization_administer",
		},
	},
	{
		Name: "app_organization_manager",
		Permissions: []string{
			"app_organization_update",
			"app_organization_get",
		},
	},
	{
		Name: "app_organization_viewer",
		Permissions: []string{
			"app_organization_get",
		},
	},

	{
		Name: "app_project_owner",
		Permissions: []string{
			"app_project_administer",
		},
	},
	{
		Name: "app_project_manager",
		Permissions: []string{
			"app_project_update",
			"app_project_get",
			"app_organization_projectcreate",
			"app_organization_projectlist",
		},
	},
	{
		Name: "app_project_viewer",
		Permissions: []string{
			"app_project_get",
		},
	},

	{
		Name: "app_group_owner",
		Permissions: []string{
			"app_group_administer",
		},
	},
}

Functions

func BuildNamespaceName 

func BuildNamespaceName(service, resource string) string

func FQPermissionNameFromNamespace 

func FQPermissionNameFromNamespace(namespace, verb string) string

func IsSystemNamespace 

func IsSystemNamespace(namespace string) bool

func IsValidPermissionName added in v0.7.2 

func IsValidPermissionName(name string) bool

IsValidPermissionName checks if the provided name is a valid permission name

func JoinNamespaceAndResourceID 

func JoinNamespaceAndResourceID(namespace, id string) string

func ParseNamespaceAliasIfRequired 

func ParseNamespaceAliasIfRequired(n string) string

func PermissionKeyFromNamespaceAndName 

func PermissionKeyFromNamespaceAndName(namespace, name string) string

func PermissionNamespaceAndNameFromKey 

func PermissionNamespaceAndNameFromKey(key string) (string, string)

func SplitNamespaceAndResourceID 

func SplitNamespaceAndResourceID(namespace string) (string, string, error)

func SplitNamespaceResource 

func SplitNamespaceResource(ns string) (string, string)

Types

type ResourcePermission 

type ResourcePermission struct {
	// simple name
	Name string

	// Namespace is an object over which authz rules will be applied
	Namespace   string
	Description string

	// Key is a unique identifier composed of namespace and name
	// for example: "app.platform.list" which is composed as service.resource.verb
	// here app.platform is namespace and list is name of the permission
	Key string
}

ResourcePermission with which roles will be created. Whenever an action is performed subject access permissions are checked with subject required permissions

func (ResourcePermission) GetName 

func (r ResourcePermission) GetName() string

func (ResourcePermission) GetNamespace 

func (r ResourcePermission) GetNamespace() string

func (ResourcePermission) Slug 

func (r ResourcePermission) Slug() string

type RoleDefinition 

type RoleDefinition struct {
	Name        string   `yaml:"name"`
	Description string   `yaml:"description"`
	Permissions []string `yaml:"permissions"`
}

RoleDefinition are a set of permissions which can be assigned to a user or group

type ServiceDefinition 

type ServiceDefinition struct {
	Roles       []RoleDefinition     `yaml:"roles"`
	Permissions []ResourcePermission `yaml:"permissions"`
}

ServiceDefinition is provided by user for a service

func MergeServiceDefinitions 

func MergeServiceDefinitions(definitions ...ServiceDefinition) *ServiceDefinition

MergeServiceDefinitions merges multiple service definitions into one and deduplicate roles and permissions

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.