role

package
v0.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 26, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNotFound           = fmt.Errorf("role: %w", commonerrors.ErrNotFound)
	ErrAlreadyExists      = fmt.Errorf("role: %w", commonerrors.ErrAlreadyExists)
	ErrHasDependents      = fmt.Errorf("role: %w", commonerrors.ErrHasDependents)
	ErrInvalidGatewayID   = fmt.Errorf("role: invalid gateway_id: %w", commonerrors.ErrValidation)
	ErrInvalidName        = fmt.Errorf("role: invalid name: %w", commonerrors.ErrValidation)
	ErrInvalidRoleID      = fmt.Errorf("role: invalid role_id: %w", commonerrors.ErrValidation)
	ErrInvalidModelPolicy = fmt.Errorf("role: invalid model policy: %w", commonerrors.ErrValidation)
	ErrInvalidJSON        = fmt.Errorf("role: invalid json: %w", commonerrors.ErrValidation)
)

Functions

func ValidateOIDCMapping

func ValidateOIDCMapping(raw json.RawMessage) error

Types

type CreateParams

type CreateParams struct {
	GatewayID     ids.GatewayID
	Name          string
	ModelPolicies ModelPolicies
	MCPPolicies   *MCPPolicies
	OIDCMapping   json.RawMessage
	RegistryIDs   []ids.RegistryID
}

type ListFilter

type ListFilter struct {
	GatewayID    ids.GatewayID
	NameContains string
	Page         int
	Size         int
}

type MCPPolicies

type MCPPolicies = consumerdomain.MCPPolicy

MCPPolicies mirrors the inline consumer MCP policy ({toolkit, fail_mode}) so the wire format is identical whether the policy lives on the consumer (routing_mode=inline) or on a role (routing_mode=role_based).

type ModelPolicies

type ModelPolicies map[ids.RegistryID]ModelPolicy

func (*ModelPolicies) Scan

func (m *ModelPolicies) Scan(value interface{}) error

func (ModelPolicies) Validate

func (m ModelPolicies) Validate(validRegistryIDs map[ids.RegistryID]struct{}) error

func (ModelPolicies) Value

func (m ModelPolicies) Value() (driver.Value, error)

type ModelPolicy

type ModelPolicy struct {
	Allowed []string `json:"allowed,omitempty"`
	Default string   `json:"default,omitempty"`
}

type OIDCClaimOp

type OIDCClaimOp string
const (
	OIDCClaimEquals      OIDCClaimOp = "equals"
	OIDCClaimContainsAny OIDCClaimOp = "contains_any"
	OIDCClaimContainsAll OIDCClaimOp = "contains_all"
)

type OIDCClaimRule

type OIDCClaimRule struct {
	Path   string      `json:"path"`
	Op     OIDCClaimOp `json:"op"`
	Values []string    `json:"values"`
}

type OIDCMapping

type OIDCMapping struct {
	Match  OIDCMatchMode   `json:"match"`
	Claims []OIDCClaimRule `json:"claims"`
}

func ParseOIDCMapping

func ParseOIDCMapping(raw json.RawMessage) (*OIDCMapping, error)

func (*OIDCMapping) Matches

func (m *OIDCMapping) Matches(claims map[string]any) bool

func (OIDCMapping) Validate

func (m OIDCMapping) Validate() error

type OIDCMatchMode

type OIDCMatchMode string
const (
	OIDCMatchAny OIDCMatchMode = "any"
	OIDCMatchAll OIDCMatchMode = "all"
)

type Repository

type Repository interface {
	Save(ctx context.Context, r *Role) error
	Update(ctx context.Context, r *Role) error
	Delete(ctx context.Context, gatewayID ids.GatewayID, id ids.RoleID) error
	FindByID(ctx context.Context, id ids.RoleID) (*Role, error)
	FindByIDs(ctx context.Context, gatewayID ids.GatewayID, roleIDs []ids.RoleID) ([]*Role, error)
	List(ctx context.Context, filter ListFilter) (items []*Role, total int, err error)
	ListByGateway(ctx context.Context, gatewayID ids.GatewayID) ([]*Role, error)
	AttachRegistry(ctx context.Context, roleID ids.RoleID, registryID ids.RegistryID) error
	DetachRegistry(ctx context.Context, roleID ids.RoleID, registryID ids.RegistryID) error
	DetachRegistryIfUnreferenced(ctx context.Context, gatewayID ids.GatewayID, roleID ids.RoleID, registryID ids.RegistryID) (*Role, error)
}

type Role

type Role struct {
	ID            ids.RoleID       `json:"id"`
	GatewayID     ids.GatewayID    `json:"gateway_id"`
	Name          string           `json:"name"`
	ModelPolicies ModelPolicies    `json:"model_policies,omitempty"`
	MCPPolicies   *MCPPolicies     `json:"mcp_policies,omitempty"`
	OIDCMapping   json.RawMessage  `json:"oidc_mapping,omitempty"`
	RegistryIDs   []ids.RegistryID `json:"registry_ids,omitempty"`
	CreatedAt     time.Time        `json:"created_at"`
	UpdatedAt     time.Time        `json:"updated_at"`
}

func New

func New(params CreateParams) (*Role, error)

func Rehydrate

func Rehydrate(
	id ids.RoleID,
	gatewayID ids.GatewayID,
	name string,
	modelPolicies ModelPolicies,
	mcpPolicies *MCPPolicies,
	idpMapping json.RawMessage,
	registryIDs []ids.RegistryID,
	createdAt, updatedAt time.Time,
) *Role

func (*Role) BoundRegistrySet

func (r *Role) BoundRegistrySet() map[ids.RegistryID]struct{}

func (*Role) Validate

func (r *Role) Validate() error

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL