Documentation
¶
Overview ¶
Package graph contains groups graph definitions and operations.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoSuchGroup is returned when a group is not found in the groups graph. ErrNoSuchGroup = errors.New("no such group") // ErrInvalidPrincipalKind is returned when a principal has an invalid kind. ErrInvalidPrincipalKind = errors.New("invalid principal kind") // ErrInvalidPrincipalValue is returned when a principal has an invalid value. ErrInvalidPrincipalValue = errors.New("invalid principal value") )
Functions ¶
This section is empty.
Types ¶
type ExpandedGroup ¶
type ExpandedGroup struct {
Name string
Members stringset.Set
Redacted stringset.Set
Globs stringset.Set
Nested stringset.Set
}
ExpandedGroup can represent a fully expanded AuthGroup, with all memberships listed from both direct and indirect inclusions.
func (*ExpandedGroup) Absorb ¶
func (e *ExpandedGroup) Absorb(other *ExpandedGroup)
Absorb updates this ExpandedGroup's memberships to include the memberships in the other ExpandedGroup.
func (*ExpandedGroup) ToProto ¶
func (e *ExpandedGroup) ToProto() *rpcpb.AuthGroup
ToProto converts an ExpandedGroup to a rpcpb.AuthGroup.
type ExpansionCache ¶
type ExpansionCache struct {
Groups map[string]*ExpandedGroup
}
ExpansionCache is a map of groups which have already been expanded.
type Graph ¶
type Graph struct {
// contains filtered or unexported fields
}
Graph represents a traversable group graph.
func NewGraph ¶
func NewGraph(groups []model.GraphableGroup) *Graph
NewGraph creates all groupNode(s) that are available in the graph.
func (*Graph) GetExpandedGroup ¶
func (g *Graph) GetExpandedGroup( ctx context.Context, name string, skipFilter bool, cache *ExpansionCache) (*ExpandedGroup, error)
GetExpandedGroup returns the explicit membership rules for the group.
Note: a privacy filter for members was added in Auth Service v2. To support legacy endpoints and maintain the existing behavior of Auth Service v1, the privacy filter can be disabled with `skipFilter` set to `true`.
If the group exists in the Graph, the returned ExpandedGroup shall have the following fields:
- Name, the name of the group;
- Members, containing all unique members from both direct and indirect inclusions;
- Globs, containing all unique globs from both direct and indirect inclusions; and
- Nested, containing all unique nested groups from both direct and indirect inclusions.
- Redacted, containing all unique members which were redacted from both direct and indirect inclusions.
type GroupNode ¶
type GroupNode struct {
// contains filtered or unexported fields
}
GroupNode contains information related to an individual group.
type NodeKey ¶
type NodeKey struct {
// Type of Node, (identity, group, glob).
Kind NodeKind
// Name of node, group-name usually.
Value string
}
NodeKey represents a key to identify Nodes.
func ConvertPrincipal ¶
ConvertPrincipal handles the conversion of rpcpb.Principal -> graph.NodeKey.
func (*NodeKey) ToPermissionKey ¶
ToPermissionKey returns the key that would be associated with this node in a realms config.
type Subgraph ¶
type Subgraph struct {
// All nodes in Subgraph.
Nodes []*SubgraphNode
// contains filtered or unexported fields
}
Subgraph is directed multigraph with labeled edges and a designated root node. Nodes are assigned integer IDs and edges are stored as a map {node_from_id => label => node_to_id}.
type SubgraphNode ¶
type SubgraphNode struct {
NodeKey
// IncludedBy represents nodes that include this node.
IncludedBy []int32
}
SubgraphNode represents individual Nodes inside the Subgraph
func (*SubgraphNode) ToProto ¶
func (sn *SubgraphNode) ToProto() *rpcpb.Node
ToProto converts the SubgraphNode to the protobuffer equivalent Node for rpc.
Source Files