authz

package
v1.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 26, 2024 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// ObjectTypeKeyID is the primary key for object type
	ObjectTypeKeyID = "ObjTypeKeyID"
	// EdgeTypeKeyID is the primary key for edge type
	EdgeTypeKeyID = "EdgeTypeKeyID"
	// ObjectKeyID is the primary key for object
	ObjectKeyID = "ObjectKeyID"
	// EdgeKeyID is the primary key for edge
	EdgeKeyID = "EdgeKeyID"
	// OrganizationKeyID is the primary key for organization
	OrganizationKeyID = "OrgKeyID"
	// EdgeFullKeyID is the secondary key for edge
	EdgeFullKeyID = "EdgeFullKeyNameID"
	// ObjectTypeNameKeyID is the secondary key for object type
	ObjectTypeNameKeyID = "ObjectTypeKeyNameID"
	// ObjEdgesKeyID is the key for collection of edges of an object
	ObjEdgesKeyID = "ObjectEdgesKeyID"
	// EdgeTypeNameKeyID is the secondary key for edge type
	EdgeTypeNameKeyID = "EdgeTypeKeyNameID"
	// ObjAliasNameKeyID is the secondary key for object
	ObjAliasNameKeyID = "ObjAliasKeyNameID"
	// OrganizationNameKeyID is the secondary key for organization
	OrganizationNameKeyID = "OrgCollectionKeyNameID"
	// EdgesObjToObjID is the key for collection of edges between two objects
	EdgesObjToObjID = "EdgesObjToObjID"
	// DependencyKeyID is the key for list of dependencies
	DependencyKeyID = "DependencyKeyID"
	// IsModifiedKeyID is the key value indicating change in last TTL
	IsModifiedKeyID = "IsModifiedKeyID"
	// IsModifiedCollectionKeyID is the key value indicating change for global colleciton in last TTL
	IsModifiedCollectionKeyID = "IsModifiedCollectionKeyID"
	// ObjectTypeCollectionKeyID is the key for global collection of object types
	ObjectTypeCollectionKeyID = "ObjTypeCollectionKeyID"
	// EdgeTypeCollectionKeyID is the key for global collection of edge types
	EdgeTypeCollectionKeyID = "EdgeTypeCollectionKeyID"
	// ObjectCollectionKeyID is the key for global collection of objects
	ObjectCollectionKeyID = "ObjCollectionKeyID"
	// EdgeCollectionKeyID is the key for global collection of edges
	EdgeCollectionKeyID = "EdgeCollectionKeyID"
	// EdgeCollectionPagesKeyID is the key for pages making up global collection of edges
	EdgeCollectionPagesKeyID = "EdgeCollectionPagesKeyID"
	// EdgeCollectionPageKeyID is the key for each individual page in the global collection of edges
	EdgeCollectionPageKeyID = "EdgeCollectionPageKeyID"
	// OrganizationCollectionKeyID is the key for global collection of organizations
	OrganizationCollectionKeyID = "OrgCollectionKeyID"
	// AttributePathObjToObjID is the primary key for attribute path
	AttributePathObjToObjID = "AttributePathObjToObjID"
)
View Source
const (
	// ObjectTypeTTL is the TTL for object types
	ObjectTypeTTL = "OBJ_TYPE_TTL"
	// EdgeTypeTTL is the TTL for edge types
	EdgeTypeTTL = "EDGE_TYPE_TTL"
	// ObjectTTL is the TTL for objects
	ObjectTTL = "OBJ_TTL"
	// EdgeTTL is the TTL for edges
	EdgeTTL = "EDGE_TTL"
	// OrganizationTTL is the TTL for organizations
	OrganizationTTL = "ORG_TTL"
)
View Source
const (
	// DefaultObjTypeTTL specifies how long ObjectTypes remain in the cache by default. If you frequently delete ObjectTypes - you should lower this number
	DefaultObjTypeTTL time.Duration = 10 * time.Minute
	// DefaultEdgeTypeTTL specifies how long EdgeTypes remain in the cache by default. If you frequently delete ObjectTypes - you should lower this number
	DefaultEdgeTypeTTL time.Duration = 10 * time.Minute
	// DefaultObjTTL specifies how long Objects remain in the cache by default. If you frequently delete Objects (such as users) - you should lower this number
	DefaultObjTTL time.Duration = 5 * time.Minute
	// DefaultEdgeTTL specifies how long Edges remain in the cache by default. It is assumed that edges churn frequently so this number is set lower
	DefaultEdgeTTL time.Duration = 30 * time.Second
)
View Source
const (
	ObjectTypeUser     = "_user"
	ObjectTypeGroup    = "_group"
	ObjectTypeLoginApp = "_login_app"
	EdgeTypeCanLogin   = "_can_login"
	CanLoginAttribute  = "_can_login"
)

AuthZ object types & edge types (roles) provisioned for every tenant. TODO: merge the string constant with the UUID into a const-ish struct to keep them associated, particularly if we add more of these. Keep in sync with TSX constants! TODO: we should have a better way to sync constants between TS and Go

View Source
const (
	// CachePrefix is the prefix for all keys in authz cache
	CachePrefix = "authz"
)

Variables

View Source
var CanLoginEdgeTypeID = uuid.Must(uuid.FromString("ea723951-fb93-4a29-b977-d27c01a61f58"))

CanLoginEdgeTypeID is the ID of a built-in edge type called "_can_login"

View Source
var DefaultAuthZEdgeTypes = []EdgeType{
	{BaseModel: ucdb.NewBaseWithID(CanLoginEdgeTypeID), TypeName: EdgeTypeCanLogin, SourceObjectTypeID: UserObjectTypeID, TargetObjectTypeID: LoginAppObjectTypeID,
		Attributes: []Attribute{
			{Name: CanLoginAttribute, Direct: true},
		},
	},
}

DefaultAuthZEdgeTypes is an array containing default AuthZ edge types

View Source
var DefaultAuthZObjectTypes = []ObjectType{
	{BaseModel: ucdb.NewBaseWithID(UserObjectTypeID), TypeName: ObjectTypeUser},
	{BaseModel: ucdb.NewBaseWithID(GroupObjectTypeID), TypeName: ObjectTypeGroup},
	{BaseModel: ucdb.NewBaseWithID(LoginAppObjectTypeID), TypeName: ObjectTypeLoginApp},
}

DefaultAuthZObjectTypes is an array containing default AuthZ object types

View Source
var ErrEdgeNotFound = ucerr.Friendlyf(nil, "edge not found")

ErrEdgeNotFound is returned if an edge is not found.

View Source
var ErrEdgeTypeNotFound = ucerr.Friendlyf(nil, "edge type not found")

ErrEdgeTypeNotFound is returned if an edge is not found.

View Source
var ErrObjectNotFound = ucerr.Friendlyf(nil, "object not found")

ErrObjectNotFound is returned if an object is not found.

View Source
var ErrObjectTypeNotFound = ucerr.Friendlyf(nil, "object type not found")

ErrObjectTypeNotFound is returned if an object is not found.

View Source
var ErrRelationshipTypeNotFound = ucerr.Friendlyf(nil, "relationship type not found")

ErrRelationshipTypeNotFound is returned if a relationship type name (e.g. "editor") is not found.

View Source
var GroupObjectTypeID = uuid.Must(uuid.FromString("f5bce640-f866-4464-af1a-9e7474c4a90c"))

GroupObjectTypeID is the ID of a built-in object type called "_group"

View Source
var LoginAppObjectTypeID = uuid.Must(uuid.FromString("9b90794f-0ed0-48d6-99a5-6fd578a9134d"))

LoginAppObjectTypeID is the ID of a built-in object type called "_login_app"

View Source
var UnionUserObjectTypeIDProd = uuid.Must(uuid.FromString("ee731c0c-3274-4ec0-b300-4f54c0f26d31"))

UnionUserObjectTypeIDProd is the ID of Union's "user" object in production

View Source
var UnionUserObjectTypeIDStaging = uuid.Must(uuid.FromString("13b60fbc-449a-474b-8581-f41b09d869b0"))

UnionUserObjectTypeIDStaging is the ID of Union's "user" object in staging

View Source
var UserObjectTypeID = uuid.Must(uuid.FromString("1bf2b775-e521-41d3-8b7e-78e89427e6fe"))

UserObjectTypeID is the ID of a built-in object type called "_user"

Functions

This section is empty.

Types

type Attribute

type Attribute struct {
	Name string `db:"name" json:"name" validate:"notempty" required:"true"`

	// Direct = true means that this attribute applies directly from the source to the target, or
	// alternately stated that "the source object 'has' the attribute on the target".
	// e.g. given an edge {Source: Alice, Target: Readme.txt, Type: Viewer} with attribute {Name:"read", Direct: true},
	// then Alice directly 'has' the "read" attribute on Readme.txt
	Direct bool `db:"direct" json:"direct"`

	// Inherit = true means that, if the target object 'has' (or inherits) the attribute on some other object X,
	// then the source object "inherits" that attribute on X as well. This applies transitively across
	// multiple consecutive Inherit edges.
	// e.g. given an edge {Source: Alice, Target: RootUsersGroup, Type: Member} with attribute {Name:"read", Inherit: true},
	// and another edge {Source: RootUsersGroup, Target: Readme.txt, Type: Viewer} with attribute {Name:"read", Direct: true},
	// then the Root Users group has direct read permissions on Readme.txt and Alice inherits the read permission
	// on Readme.txt through its connection to the RootUsersGroup.
	// This flag is typically used when some objects (e.g. users, files) should inherit attributes
	// that a "grouping" object has on some final target object without requiring direct edges between
	// every source and every target (e.g. between Alice and Readme.txt, in this example).
	// The Inherit flag would be used on attributes that associate the source objects with the grouping object.
	// This is like a "pull" model for permissions, while Propagate represents a "push" model.
	Inherit bool `db:"inherit" json:"inherit"`

	// Propagate = true means that some object X which has an attribute on the source object will also have the same
	// attribute on the target object. This is effectively the inverse of Inherit, and "propagates" attributes forward.
	// e.g. given an edge {Source: Alice, Target: HomeDirectory, Type: Viewer} with attribute {Name: "read", Direct: true},
	// and another edge {Source: HomeDirectory, Target: Readme.txt, Type: Contains} with attribute {Name: "read", Propagate: true},
	// then Alice's read permission on the HomeDirectory propagates to Readme.txt since that is (presumably) contained in the
	// Home directory.
	// This is like a "push" model for permissions, while Inherit represents a "pull" model.
	// This is different from Direct = true because it doesn't make sense for the Home directory to have
	// direct "read" attributes on files within it, but simply propagate the permissions down the tree.
	// Permissions don't propagate through Direct links; if Alice has a 'direct' "friend" relationship to Bob,
	// and Bob has a 'direct' "friend" relationship to Charlie,
	// that wouldn't imply Alice has a 'direct' "friend" relationship to Charlie (direct != propagate).
	Propagate bool `db:"propagate" json:"propagate"`
}

Attribute represents a named attribute on an Edge Type.

func (Attribute) Validate

func (o Attribute) Validate() error

Validate implements Validateable

type AttributePathNode

type AttributePathNode struct {
	ObjectID uuid.UUID `json:"object_id" validate:"notnil"`
	EdgeID   uuid.UUID `json:"edge_id"`
}

AttributePathNode is a node in a path list from source to target, if CheckAttribute succeeds.

func (AttributePathNode) GetDependenciesKey added in v0.6.6

func (e AttributePathNode) GetDependenciesKey(c cache.KeyNameProvider) cache.Key

GetDependenciesKey return dependencies cache key name for path node

func (AttributePathNode) GetDependencyKeys added in v0.6.6

func (e AttributePathNode) GetDependencyKeys(c cache.KeyNameProvider) []cache.Key

GetDependencyKeys returns the list of keys for path node dependencies

func (AttributePathNode) GetGlobalCollectionKey added in v0.6.6

func (e AttributePathNode) GetGlobalCollectionKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionKey returns the global collection cache key names for path node

func (AttributePathNode) GetGlobalCollectionPagesKey added in v1.3.0

func (e AttributePathNode) GetGlobalCollectionPagesKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionPagesKey returns the global collection key name for path node

func (AttributePathNode) GetID added in v1.1.0

func (a AttributePathNode) GetID() uuid.UUID

GetID returns nil ID since we never create/update attribute path directly

func (AttributePathNode) GetIsModifiedCollectionKey added in v1.3.0

func (e AttributePathNode) GetIsModifiedCollectionKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedCollectionKey returns the IsModifiedCollectionKeyID key name for attribute path

func (AttributePathNode) GetIsModifiedKey added in v1.0.0

func (e AttributePathNode) GetIsModifiedKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedKey returns the isModifiedKey key name for attribute path

func (AttributePathNode) GetPerItemCollectionKey added in v0.6.6

func (e AttributePathNode) GetPerItemCollectionKey(c cache.KeyNameProvider) cache.Key

GetPerItemCollectionKey returns the per item collection key name for path node

func (AttributePathNode) GetPrimaryKey added in v0.6.6

func (e AttributePathNode) GetPrimaryKey(c cache.KeyNameProvider) cache.Key

GetPrimaryKey returns the primary cache key name for path node

func (AttributePathNode) GetSecondaryKeys added in v0.6.6

func (e AttributePathNode) GetSecondaryKeys(c cache.KeyNameProvider) []cache.Key

GetSecondaryKeys returns the secondary cache key names for path node

func (AttributePathNode) TTL added in v0.6.6

TTL returns the TTL for path node

func (AttributePathNode) Validate added in v0.8.2

func (o AttributePathNode) Validate() error

Validate implements Validateable

type Attributes

type Attributes []Attribute

Attributes is a collection of Attribute, used as a column/field in EdgeType

func (Attributes) String added in v1.0.0

func (attrs Attributes) String() string

type CacheNameProvider added in v0.7.6

type CacheNameProvider struct {
	cache.NoRateLimitKeyNameProvider
	// contains filtered or unexported fields
}

CacheNameProvider is the base implementation of the CacheNameProvider interface

func NewCacheNameProvider added in v0.7.6

func NewCacheNameProvider(basePrefix string) *CacheNameProvider

NewCacheNameProvider creates a new BasesCacheNameProvider

func NewCacheNameProviderForTenant added in v1.0.0

func NewCacheNameProviderForTenant(tenantID uuid.UUID) *CacheNameProvider

NewCacheNameProviderForTenant creates a new authz CacheNameProvider for a tenant

func (*CacheNameProvider) GetAllKeyIDs added in v1.1.0

func (c *CacheNameProvider) GetAllKeyIDs() []string

GetAllKeyIDs returns all the key IDs

func (*CacheNameProvider) GetKeyName added in v0.7.6

func (c *CacheNameProvider) GetKeyName(id cache.KeyNameID, components []string) cache.Key

GetKeyName gets the key name for the given key name ID and components

func (*CacheNameProvider) GetKeyNameStatic added in v0.7.6

func (c *CacheNameProvider) GetKeyNameStatic(id cache.KeyNameID) cache.Key

GetKeyNameStatic is a shortcut for GetKeyName with without components

func (*CacheNameProvider) GetKeyNameWithID added in v0.7.6

func (c *CacheNameProvider) GetKeyNameWithID(id cache.KeyNameID, itemID uuid.UUID) cache.Key

GetKeyNameWithID is a shortcut for GetKeyName with a single uuid ID component

func (*CacheNameProvider) GetKeyNameWithString added in v0.7.6

func (c *CacheNameProvider) GetKeyNameWithString(id cache.KeyNameID, itemName string) cache.Key

GetKeyNameWithString is a shortcut for GetKeyName with a single string component

func (*CacheNameProvider) GetPrefix added in v1.0.0

func (c *CacheNameProvider) GetPrefix() string

GetPrefix returns the base prefix for all keys

type CacheTTLProvider added in v0.7.6

type CacheTTLProvider struct {
	// contains filtered or unexported fields
}

CacheTTLProvider implements the cache.CacheTTLProvider interface

func NewCacheTTLProvider added in v0.7.6

func NewCacheTTLProvider(objTypeTTL time.Duration, edgeTypeTTL time.Duration, objTTL time.Duration, edgeTTL time.Duration, exprWindow time.Duration) *CacheTTLProvider

NewCacheTTLProvider creates a new Configurablecache.CacheTTLProvider

func (*CacheTTLProvider) TTL added in v0.7.6

TTL returns the TTL for given type

type CheckAttributeResponse

type CheckAttributeResponse struct {
	HasAttribute bool                `json:"has_attribute"`
	Path         []AttributePathNode `json:"path"`
}

CheckAttributeResponse is returned by the checkattribute endpoint.

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a client for the authz service

func NewClient

func NewClient(url string, opts ...Option) (*Client, error)

NewClient creates a new authz client Web API base URL, e.g. "http://localhost:1234".

func NewCustomClient added in v0.4.0

func NewCustomClient(objTypeTTL time.Duration, edgeTypeTTL time.Duration, objTTL time.Duration, edgeTTL time.Duration,
	url string, opts ...Option) (*Client, error)

NewCustomClient creates a new authz client with different cache defaults Web API base URL, e.g. "http://localhost:1234".

func (*Client) AddOrganizationToEdgeType added in v0.6.3

func (c *Client) AddOrganizationToEdgeType(ctx context.Context, edgeTypeID uuid.UUID, organizationID uuid.UUID) (*EdgeType, error)

AddOrganizationToEdgeType adds the specified organization id to the edge type

func (*Client) AddOrganizationToObject added in v0.6.3

func (c *Client) AddOrganizationToObject(ctx context.Context, objectID uuid.UUID, organizationID uuid.UUID) (*Object, error)

AddOrganizationToObject adds the specified organization id to the user

func (*Client) CheckAttribute

func (c *Client) CheckAttribute(ctx context.Context, sourceObjectID, targetObjectID uuid.UUID, attributeName string, opts ...Option) (*CheckAttributeResponse, error)

CheckAttribute returns true if the source object has the given attribute on the target object.

func (*Client) CreateEdge

func (c *Client) CreateEdge(ctx context.Context, id, sourceObjectID, targetObjectID, edgeTypeID uuid.UUID, opts ...Option) (*Edge, error)

CreateEdge creates an edge (relationship) between two objects.

func (*Client) CreateEdgeType

func (c *Client) CreateEdgeType(ctx context.Context, id uuid.UUID, sourceObjectTypeID, targetObjectTypeID uuid.UUID, typeName string, attributes Attributes, opts ...Option) (*EdgeType, error)

CreateEdgeType creates a new type of edge for the authz system.

func (*Client) CreateObject

func (c *Client) CreateObject(ctx context.Context, id, typeID uuid.UUID, alias string, opts ...Option) (*Object, error)

CreateObject creates a new object with a given ID, name, and type.

func (*Client) CreateObjectType

func (c *Client) CreateObjectType(ctx context.Context, id uuid.UUID, typeName string, opts ...Option) (*ObjectType, error)

CreateObjectType creates a new type of object for the authz system.

func (*Client) CreateOrganization added in v0.6.0

func (c *Client) CreateOrganization(ctx context.Context, id uuid.UUID, name string, region region.DataRegion, opts ...Option) (*Organization, error)

CreateOrganization creates an organization Note that if the `IfNotExists` option is used, the organizations must match exactly (eg. name and region), otherwise a 409 Conflict error will still be returned.

func (*Client) DeleteEdge

func (c *Client) DeleteEdge(ctx context.Context, edgeID uuid.UUID) error

DeleteEdge deletes an edge by ID.

func (*Client) DeleteEdgeType

func (c *Client) DeleteEdgeType(ctx context.Context, edgeTypeID uuid.UUID) error

DeleteEdgeType deletes an edge type by ID.

func (*Client) DeleteEdgesByObject added in v0.4.0

func (c *Client) DeleteEdgesByObject(ctx context.Context, id uuid.UUID) error

DeleteEdgesByObject deletes all edges going in or out of an object by ID.

func (*Client) DeleteObject

func (c *Client) DeleteObject(ctx context.Context, id uuid.UUID) error

DeleteObject deletes an object by ID.

func (*Client) DeleteObjectType

func (c *Client) DeleteObjectType(ctx context.Context, objectTypeID uuid.UUID) error

DeleteObjectType deletes an object type by ID.

func (*Client) FindEdge

func (c *Client) FindEdge(ctx context.Context, sourceObjectID, targetObjectID, edgeTypeID uuid.UUID, opts ...Option) (*Edge, error)

FindEdge finds an existing edge (relationship) between two objects.

func (*Client) FindEdgeTypeID

func (c *Client) FindEdgeTypeID(ctx context.Context, typeName string, opts ...Option) (uuid.UUID, error)

FindEdgeTypeID resolves an edge type name to an ID.

func (*Client) FindObjectTypeID

func (c *Client) FindObjectTypeID(ctx context.Context, typeName string, opts ...Option) (uuid.UUID, error)

FindObjectTypeID resolves an object type name to an ID.

func (*Client) FlushCache added in v0.4.0

func (c *Client) FlushCache() error

FlushCache clears all contents of the cache

func (*Client) FlushCacheEdges added in v0.5.0

func (c *Client) FlushCacheEdges() error

FlushCacheEdges clears the edge cache only.

func (*Client) FlushCacheObjectsAndEdges added in v0.5.0

func (c *Client) FlushCacheObjectsAndEdges() error

FlushCacheObjectsAndEdges clears the objects/edges cache only.

func (*Client) GetEdge added in v0.4.0

func (c *Client) GetEdge(ctx context.Context, id uuid.UUID, opts ...Option) (*Edge, error)

GetEdge returns an edge by ID.

func (*Client) GetEdgeType

func (c *Client) GetEdgeType(ctx context.Context, edgeTypeID uuid.UUID, opts ...Option) (*EdgeType, error)

GetEdgeType gets an edge type (relationship) by its type ID.

func (*Client) GetObject

func (c *Client) GetObject(ctx context.Context, id uuid.UUID, opts ...Option) (*Object, error)

GetObject returns an object by ID.

func (*Client) GetObjectForName

func (c *Client) GetObjectForName(ctx context.Context, typeID uuid.UUID, name string, opts ...Option) (*Object, error)

GetObjectForName returns an object with a given name.

func (*Client) GetObjectType

func (c *Client) GetObjectType(ctx context.Context, id uuid.UUID, opts ...Option) (*ObjectType, error)

GetObjectType returns an object type by ID.

func (*Client) GetOrganization added in v0.6.3

func (c *Client) GetOrganization(ctx context.Context, id uuid.UUID, opts ...Option) (*Organization, error)

GetOrganization retrieves a single organization by its UUID

func (*Client) GetOrganizationForName added in v0.7.8

func (c *Client) GetOrganizationForName(ctx context.Context, name string, opts ...Option) (*Organization, error)

GetOrganizationForName retrieves a single organization by its name

func (*Client) ListAttributes added in v0.4.0

func (c *Client) ListAttributes(ctx context.Context, sourceObjectID, targetObjectID uuid.UUID) ([]string, error)

ListAttributes returns a list of attributes that the source object has on the target object.

func (*Client) ListEdgeTypes

func (c *Client) ListEdgeTypes(ctx context.Context, opts ...Option) ([]EdgeType, error)

ListEdgeTypes lists all available edge types

func (*Client) ListEdgeTypesPaginated added in v1.1.0

func (c *Client) ListEdgeTypesPaginated(ctx context.Context, opts ...Option) (*ListEdgeTypesResponse, error)

ListEdgeTypesPaginated lists edges for console in paginated form

func (*Client) ListEdges added in v0.4.0

func (c *Client) ListEdges(ctx context.Context, opts ...Option) (*ListEdgesResponse, error)

ListEdges lists `limit` edges.

func (*Client) ListEdgesBetweenObjects

func (c *Client) ListEdgesBetweenObjects(ctx context.Context, sourceObjectID, targetObjectID uuid.UUID, opts ...Option) ([]Edge, error)

ListEdgesBetweenObjects lists all edges (relationships) with a given source & target object.

func (*Client) ListEdgesOnObject

func (c *Client) ListEdgesOnObject(ctx context.Context, objectID uuid.UUID, opts ...Option) (*ListEdgesResponse, error)

ListEdgesOnObject lists `limit` edges (relationships) where the given object is a source or target.

func (*Client) ListObjectTypes

func (c *Client) ListObjectTypes(ctx context.Context, opts ...Option) ([]ObjectType, error)

ListObjectTypes lists all object types in the system

func (*Client) ListObjectTypesPaginated added in v1.1.0

func (c *Client) ListObjectTypesPaginated(ctx context.Context, opts ...Option) (*ListObjectTypesResponse, error)

ListObjectTypesPaginated lists objects for console in paginated form

func (*Client) ListObjects

func (c *Client) ListObjects(ctx context.Context, opts ...Option) (*ListObjectsResponse, error)

ListObjects lists `limit` objects in sorted order with pagination, starting after a given ID (or uuid.Nil to start from the beginning).

func (*Client) ListObjectsFromQuery added in v0.4.0

func (c *Client) ListObjectsFromQuery(ctx context.Context, query url.Values, opts ...Option) (*ListObjectsResponse, error)

ListObjectsFromQuery takes in a query that can handle filters passed from console as well as the default method.

func (*Client) ListObjectsReachableWithAttribute added in v0.4.0

func (c *Client) ListObjectsReachableWithAttribute(ctx context.Context, sourceObjectID uuid.UUID, targetObjectTypeID uuid.UUID, attributeName string) ([]uuid.UUID, error)

ListObjectsReachableWithAttribute returns a list of object IDs of a certain type that are reachable from the source object with the given attribute

func (*Client) ListOrganizations added in v0.4.0

func (c *Client) ListOrganizations(ctx context.Context, opts ...Option) ([]Organization, error)

ListOrganizations lists all organizations for a tenant

func (*Client) ListOrganizationsFromQuery added in v0.6.3

func (c *Client) ListOrganizationsFromQuery(ctx context.Context, query url.Values, opts ...Option) (*ListOrganizationsResponse, error)

ListOrganizationsFromQuery takes in a query that can handle filters passed from console as well as the default method.

func (*Client) ListOrganizationsPaginated added in v0.6.3

func (c *Client) ListOrganizationsPaginated(ctx context.Context, opts ...Option) (*ListOrganizationsResponse, error)

ListOrganizationsPaginated lists `limit` organizations in sorted order with pagination, starting after a given ID (or uuid.Nil to start from the beginning).

func (*Client) UpdateEdgeType

func (c *Client) UpdateEdgeType(ctx context.Context, id uuid.UUID, sourceObjectTypeID, targetObjectTypeID uuid.UUID, typeName string, attributes Attributes, opts ...Option) (*EdgeType, error)

UpdateEdgeType updates an existing edge type in the authz system.

func (*Client) UpdateObject added in v1.3.0

func (c *Client) UpdateObject(ctx context.Context, id uuid.UUID, alias *string, opts ...Option) (*Object, error)

UpdateObject updates the alias of an existing user object in the authz system

func (*Client) UpdateOrganization added in v0.6.3

func (c *Client) UpdateOrganization(ctx context.Context, id uuid.UUID, name string, region region.DataRegion, opts ...Option) (*Organization, error)

UpdateOrganization updates an organization

type CreateEdgeRequest added in v0.8.0

type CreateEdgeRequest struct {
	Edge Edge `json:"edge"`
}

CreateEdgeRequest is the request body for creating an edge

type CreateEdgeTypeRequest added in v0.8.0

type CreateEdgeTypeRequest struct {
	EdgeType EdgeType `json:"edge_type"`
}

CreateEdgeTypeRequest is the request body for creating an edge type

type CreateObjectRequest added in v0.8.0

type CreateObjectRequest struct {
	Object Object `json:"object"`
}

CreateObjectRequest is the request body for creating an object

type CreateObjectTypeRequest added in v0.8.0

type CreateObjectTypeRequest struct {
	ObjectType ObjectType `json:"object_type"`
}

CreateObjectTypeRequest is the request body for creating an object type

type CreateOrganizationRequest added in v0.6.0

type CreateOrganizationRequest struct {
	Organization Organization `json:"organization"`
}

CreateOrganizationRequest is the request struct to the CreateOrganization endpoint

type Edge

type Edge struct {
	ucdb.BaseModel

	// This must be a valid EdgeType.ID value
	EdgeTypeID uuid.UUID `db:"edge_type_id" json:"edge_type_id" validate:"notnil" required:"true"`
	// These must be valid ObjectType.ID values
	SourceObjectID uuid.UUID `db:"source_object_id" json:"source_object_id" validate:"notnil" required:"true"`
	TargetObjectID uuid.UUID `db:"target_object_id" json:"target_object_id" validate:"notnil" required:"true"`
}

Edge represents a directional relationship between a "source" object and a "target" object.

func (*Edge) EqualsIgnoringID added in v1.1.0

func (e *Edge) EqualsIgnoringID(other *Edge) bool

EqualsIgnoringID returns true if two edges are equal, ignoring the ID field

func (Edge) GetDependenciesKey added in v0.6.6

func (e Edge) GetDependenciesKey(c cache.KeyNameProvider) cache.Key

GetDependenciesKey return dependencies cache key name for edge

func (Edge) GetDependencyKeys added in v0.6.6

func (e Edge) GetDependencyKeys(c cache.KeyNameProvider) []cache.Key

GetDependencyKeys returns the list of keys for edge dependencies

func (Edge) GetGlobalCollectionKey added in v0.6.6

func (e Edge) GetGlobalCollectionKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionKey returns the global collection cache key names for edge

func (Edge) GetGlobalCollectionPagesKey added in v1.3.0

func (e Edge) GetGlobalCollectionPagesKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionPagesKey returns the global collection key name for edge

func (Edge) GetIsModifiedCollectionKey added in v1.3.0

func (e Edge) GetIsModifiedCollectionKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedCollectionKey returns the IsModifiedCollectionKeyID key name for edge

func (Edge) GetIsModifiedKey added in v1.0.0

func (e Edge) GetIsModifiedKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedKey returns the isModifiedKey key name for edge

func (Edge) GetPerItemCollectionKey added in v0.6.6

func (e Edge) GetPerItemCollectionKey(c cache.KeyNameProvider) cache.Key

GetPerItemCollectionKey returns the per item collection key name for edge

func (Edge) GetPrimaryKey added in v0.6.6

func (e Edge) GetPrimaryKey(c cache.KeyNameProvider) cache.Key

GetPrimaryKey returns the primary cache key name for edge

func (Edge) GetSecondaryKeys added in v0.6.6

func (e Edge) GetSecondaryKeys(c cache.KeyNameProvider) []cache.Key

GetSecondaryKeys returns the secondary cache key names for edge

func (Edge) TTL added in v0.6.6

func (e Edge) TTL(c cache.TTLProvider) time.Duration

TTL returns the TTL for edge

func (Edge) Validate

func (o Edge) Validate() error

Validate implements Validateable

type EdgeType

type EdgeType struct {
	ucdb.BaseModel

	TypeName           string     `db:"type_name" json:"type_name"  validate:"notempty" required:"true"`
	SourceObjectTypeID uuid.UUID  `db:"source_object_type_id,immutable" json:"source_object_type_id"  validate:"notnil" required:"true"`
	TargetObjectTypeID uuid.UUID  `db:"target_object_type_id,immutable" json:"target_object_type_id"  validate:"notnil" required:"true"`
	Attributes         Attributes `db:"attributes" json:"attributes"`

	OrganizationID uuid.UUID `db:"organization_id" json:"organization_id"`
}

EdgeType defines a single, strongly-typed relationship that a "source" object type can have to a "target" object type.

func (*EdgeType) EqualsIgnoringID added in v1.1.0

func (e *EdgeType) EqualsIgnoringID(other *EdgeType) bool

EqualsIgnoringID returns true if the two edges are equal, ignoring the ID field

func (EdgeType) GetDependenciesKey added in v0.6.6

func (et EdgeType) GetDependenciesKey(c cache.KeyNameProvider) cache.Key

GetDependenciesKey returns the dependencies key name for edge type

func (EdgeType) GetDependencyKeys added in v0.6.6

func (et EdgeType) GetDependencyKeys(c cache.KeyNameProvider) []cache.Key

GetDependencyKeys returns the list of keys for edge type dependencies

func (EdgeType) GetGlobalCollectionKey added in v0.6.6

func (et EdgeType) GetGlobalCollectionKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionKey returns the global collection key name for edge type

func (EdgeType) GetGlobalCollectionPagesKey added in v1.3.0

func (et EdgeType) GetGlobalCollectionPagesKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionPagesKey returns the global collection key name for edge type

func (EdgeType) GetIsModifiedCollectionKey added in v1.3.0

func (et EdgeType) GetIsModifiedCollectionKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedCollectionKey returns the IsModifiedCollectionKeyID key name for edge type

func (EdgeType) GetIsModifiedKey added in v1.0.0

func (et EdgeType) GetIsModifiedKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedKey returns the isModifiedKey key name for edge type

func (EdgeType) GetPerItemCollectionKey added in v0.6.6

func (et EdgeType) GetPerItemCollectionKey(c cache.KeyNameProvider) cache.Key

GetPerItemCollectionKey returns the per item collection key name for edge type

func (EdgeType) GetPrimaryKey added in v0.6.6

func (et EdgeType) GetPrimaryKey(c cache.KeyNameProvider) cache.Key

GetPrimaryKey returns the primary cache key name for edge type

func (EdgeType) GetSecondaryKeys added in v0.6.6

func (et EdgeType) GetSecondaryKeys(c cache.KeyNameProvider) []cache.Key

GetSecondaryKeys returns the secondary cache key names for edge type

func (EdgeType) TTL added in v0.6.6

TTL returns the TTL for edge type

func (EdgeType) Validate

func (o EdgeType) Validate() error

Validate implements Validateable

type ListEdgeTypesResponse

type ListEdgeTypesResponse struct {
	Data []EdgeType `json:"data"`
	pagination.ResponseFields
}

ListEdgeTypesResponse is the paginated response from listing edge types.

func (ListEdgeTypesResponse) Description added in v0.6.6

func (r ListEdgeTypesResponse) Description() string

Description implements the Described interface for OpenAPI

type ListEdgesResponse

type ListEdgesResponse struct {
	Data []Edge `json:"data"`
	pagination.ResponseFields
}

ListEdgesResponse is the paginated response from listing edges.

type ListObjectTypesResponse

type ListObjectTypesResponse struct {
	Data []ObjectType `json:"data"`
	pagination.ResponseFields
}

ListObjectTypesResponse is the paginated response from listing object types.

type ListObjectsReachableWithAttributeResponse added in v0.6.5

type ListObjectsReachableWithAttributeResponse struct {
	Data []uuid.UUID `json:"data"`
}

ListObjectsReachableWithAttributeResponse is the response from the ListObjectsReachableWithAttribute endpoint.

type ListObjectsResponse

type ListObjectsResponse struct {
	Data []Object `json:"data"`
	pagination.ResponseFields
}

ListObjectsResponse represents a paginated response from listing objects.

type ListOrganizationsResponse added in v0.4.0

type ListOrganizationsResponse struct {
	Data []Organization `json:"data"`
	pagination.ResponseFields
}

ListOrganizationsResponse is the response from the ListOrganizations endpoint.

type MigrationRequest added in v0.6.3

type MigrationRequest struct {
	OrganizationID uuid.UUID `json:"organization_id"`
}

MigrationRequest is the request body for the migration methods

type Object

type Object struct {
	ucdb.BaseModel

	Alias  *string   `db:"alias" json:"alias,omitempty" validate:"allownil"`
	TypeID uuid.UUID `db:"type_id,immutable" json:"type_id" validate:"notnil" required:"true"`

	OrganizationID uuid.UUID `db:"organization_id" json:"organization_id"`
}

Object represents an instance of an AuthZ object used for modeling permissions.

func (*Object) EqualsIgnoringID added in v1.1.0

func (o *Object) EqualsIgnoringID(other *Object) bool

EqualsIgnoringID returns true if the two objects are equal, ignoring the ID field

func (Object) GetDependenciesKey added in v0.6.6

func (o Object) GetDependenciesKey(c cache.KeyNameProvider) cache.Key

GetDependenciesKey return dependencies cache key name for object

func (Object) GetDependencyKeys added in v0.6.6

func (o Object) GetDependencyKeys(c cache.KeyNameProvider) []cache.Key

GetDependencyKeys returns the list of keys for object dependencies

func (Object) GetGlobalCollectionKey added in v0.6.6

func (o Object) GetGlobalCollectionKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionKey returns the global collection key name for object

func (Object) GetGlobalCollectionPagesKey added in v1.3.0

func (o Object) GetGlobalCollectionPagesKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionPagesKey returns the global collection key name for objects

func (Object) GetIsModifiedCollectionKey added in v1.3.0

func (o Object) GetIsModifiedCollectionKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedCollectionKey returns the IsModifiedCollectionKeyID key name for object

func (Object) GetIsModifiedKey added in v1.0.0

func (o Object) GetIsModifiedKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedKey returns the isModifiedKey key name for object

func (Object) GetPerItemCollectionKey added in v0.6.6

func (o Object) GetPerItemCollectionKey(c cache.KeyNameProvider) cache.Key

GetPerItemCollectionKey returns the per item collection key name for object

func (Object) GetPrimaryKey added in v0.6.6

func (o Object) GetPrimaryKey(c cache.KeyNameProvider) cache.Key

GetPrimaryKey returns the primary cache key name for object

func (Object) GetSecondaryKeys added in v0.6.6

func (o Object) GetSecondaryKeys(c cache.KeyNameProvider) []cache.Key

GetSecondaryKeys returns the secondary cache key names for object

func (Object) TTL added in v0.6.6

TTL returns the TTL for object

func (Object) Validate

func (o Object) Validate() error

Validate implements Validateable

type ObjectType

type ObjectType struct {
	ucdb.BaseModel

	TypeName string `db:"type_name" json:"type_name" validate:"notempty" required:"true"`
}

ObjectType represents the type definition of an AuthZ object.

func (*ObjectType) EqualsIgnoringID added in v1.1.0

func (ot *ObjectType) EqualsIgnoringID(other *ObjectType) bool

EqualsIgnoringID returns true if two object types are equal, ignoring the ID field

func (ObjectType) GetDependenciesKey added in v0.6.6

func (ot ObjectType) GetDependenciesKey(c cache.KeyNameProvider) cache.Key

GetDependenciesKey returns the dependencies key name for object type

func (ObjectType) GetDependencyKeys added in v0.6.6

func (ot ObjectType) GetDependencyKeys(c cache.KeyNameProvider) []cache.Key

GetDependencyKeys returns the list of keys for object type dependencies

func (ObjectType) GetGlobalCollectionKey added in v0.6.6

func (ot ObjectType) GetGlobalCollectionKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionKey returns the global collection key name for object type

func (ObjectType) GetGlobalCollectionPagesKey added in v1.3.0

func (ot ObjectType) GetGlobalCollectionPagesKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionPagesKey returns the global collection key name for object type

func (ObjectType) GetIsModifiedCollectionKey added in v1.3.0

func (ot ObjectType) GetIsModifiedCollectionKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedCollectionKey returns the IsModifiedCollectionKeyID key name for object type

func (ObjectType) GetIsModifiedKey added in v1.0.0

func (ot ObjectType) GetIsModifiedKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedKey returns the isModifiedKey key name for object type

func (ObjectType) GetPerItemCollectionKey added in v0.6.6

func (ot ObjectType) GetPerItemCollectionKey(c cache.KeyNameProvider) cache.Key

GetPerItemCollectionKey returns the per item collection key name for object type

func (ObjectType) GetPrimaryKey added in v0.6.6

func (ot ObjectType) GetPrimaryKey(c cache.KeyNameProvider) cache.Key

GetPrimaryKey returns the primary cache key name for object type

func (ObjectType) GetSecondaryKeys added in v0.6.6

func (ot ObjectType) GetSecondaryKeys(c cache.KeyNameProvider) []cache.Key

GetSecondaryKeys returns the secondary cache key names for object type

func (ObjectType) TTL added in v0.6.6

TTL returns the TTL for object type

func (ObjectType) Validate

func (o ObjectType) Validate() error

Validate implements Validateable

type Option added in v0.6.0

type Option interface {
	// contains filtered or unexported methods
}

Option makes authz.Client extensible

func BypassCache added in v0.6.6

func BypassCache() Option

BypassCache returns an Option that will cause the client to bypass the cache for the request (supported for read operations only)

func CacheProvider added in v0.6.6

func CacheProvider(cp cache.Provider) Option

CacheProvider returns an Option that will cause the client to use given cache provider (can only be used on call to NewClient)

func IfNotExists added in v0.6.0

func IfNotExists() Option

IfNotExists returns an Option that will cause the client not to return an error if an identical object to the one being created already exists

func JSONClient added in v0.6.0

func JSONClient(opt ...jsonclient.Option) Option

JSONClient is a wrapper around jsonclient.Option

func OrganizationID added in v0.6.0

func OrganizationID(organizationID uuid.UUID) Option

OrganizationID returns an Option that will cause the client to use the specified organization ID for the request

func Pagination added in v0.6.0

func Pagination(opt ...pagination.Option) Option

Pagination is a wrapper around pagination.Option

func PassthroughAuthorization added in v0.7.1

func PassthroughAuthorization() Option

PassthroughAuthorization returns an Option that will cause the client to use the auth header from the request context

func Source added in v1.3.0

func Source(source string) Option

Source returns an Option that will cause the client to include the specified source in the request

func TenantID added in v1.1.0

func TenantID(tenantID uuid.UUID) Option

TenantID returns an Option that can be used to specify the tenant ID for creation of the client

type Organization added in v0.4.0

type Organization struct {
	ucdb.BaseModel

	Name   string            `db:"name" json:"name" validate:"notempty" required:"true"`
	Region region.DataRegion `db:"region" json:"region"`
}

Organization defines a collection of objects inside of a single AuthZ namespace. Uniqueness (of eg. Object aliases) is enforced by organization, rather than globally in a tenant

func (Organization) GetDependenciesKey added in v0.6.6

func (o Organization) GetDependenciesKey(c cache.KeyNameProvider) cache.Key

GetDependenciesKey return dependencies cache key name for organization

func (Organization) GetDependencyKeys added in v0.6.6

func (o Organization) GetDependencyKeys(c cache.KeyNameProvider) []cache.Key

GetDependencyKeys returns the list of keys for organization dependencies

func (Organization) GetGlobalCollectionKey added in v0.6.6

func (o Organization) GetGlobalCollectionKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionKey returns the global collection cache key names for organization

func (Organization) GetGlobalCollectionPagesKey added in v1.3.0

func (o Organization) GetGlobalCollectionPagesKey(c cache.KeyNameProvider) cache.Key

GetGlobalCollectionPagesKey returns the global collection key name for organization

func (Organization) GetIsModifiedCollectionKey added in v1.3.0

func (o Organization) GetIsModifiedCollectionKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedCollectionKey returns the IsModifiedCollectionKeyID key name for organization

func (Organization) GetIsModifiedKey added in v1.0.0

func (o Organization) GetIsModifiedKey(c cache.KeyNameProvider) cache.Key

GetIsModifiedKey returns the isModifiedKey key name for organization

func (Organization) GetPerItemCollectionKey added in v0.6.6

func (o Organization) GetPerItemCollectionKey(c cache.KeyNameProvider) cache.Key

GetPerItemCollectionKey returns the per item collection key name for organization (none)

func (Organization) GetPrimaryKey added in v0.6.6

func (o Organization) GetPrimaryKey(c cache.KeyNameProvider) cache.Key

GetPrimaryKey returns the primary cache key name for organization

func (Organization) GetSecondaryKeys added in v0.6.6

func (o Organization) GetSecondaryKeys(c cache.KeyNameProvider) []cache.Key

GetSecondaryKeys returns the secondary cache key names for organization (none)

func (Organization) TTL added in v0.6.6

TTL returns the TTL for edge

type UpdateEdgeTypeRequest added in v0.6.2

type UpdateEdgeTypeRequest struct {
	TypeName   string     `json:"type_name" validate:"notempty"`
	Attributes Attributes `json:"attributes"`
}

UpdateEdgeTypeRequest is the request struct for updating an edge type

type UpdateObjectRequest added in v1.3.0

type UpdateObjectRequest struct {
	ID     uuid.UUID `json:"id" validate:"notnil"`
	Alias  *string   `json:"alias"`
	Source *string   `json:"source"` // internal use only
}

UpdateObjectRequest is the request struct for updating an object

type UpdateOrganizationRequest added in v0.6.3

type UpdateOrganizationRequest struct {
	Name   string            `json:"name" validate:"notempty"`
	Region region.DataRegion `json:"region"` // this is a UC Region (not an AWS region)
}

UpdateOrganizationRequest is the request struct to the UpdateOrganization endpoint

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL