Documentation
¶
Overview ¶
Package spicedb contains SpiceDB adapter contracts and configuration for authz.
The first production implementation should live here and implement:
- authz.Authorizer via CheckPermission
- authz.RelationshipWriter via WriteRelationships/DeleteRelationships
- authz.ResourceLookup via LookupResources
- authz.SubjectLookup via LookupSubjects
- authz.SchemaManager via ReadSchema/WriteSchema
Index ¶
- Constants
- type Client
- func (c *Client) BatchCheck(ctx context.Context, req authz.BatchCheckRequest) (authz.BatchCheckResult, error)
- func (c *Client) Check(ctx context.Context, req authz.CheckRequest) (authz.Decision, error)
- func (c *Client) Close() error
- func (c *Client) DeleteRelationships(ctx context.Context, filter authz.RelationshipFilter) (authz.WriteResult, error)
- func (c *Client) InstallDefaultSchema(ctx context.Context) error
- func (c *Client) LookupResources(ctx context.Context, req authz.LookupResourcesRequest) (authz.LookupResourcesResult, error)
- func (c *Client) LookupSubjects(ctx context.Context, req authz.LookupSubjectsRequest) (authz.LookupSubjectsResult, error)
- func (c *Client) ReadRelationships(ctx context.Context, filter authz.RelationshipFilter) ([]authz.Relationship, error)
- func (c *Client) ReadSchema(ctx context.Context) (authz.Schema, error)
- func (c *Client) ValidateSchema(ctx context.Context, schema authz.Schema) error
- func (c *Client) WriteRelationships(ctx context.Context, relationships ...authz.Relationship) (authz.WriteResult, error)
- func (c *Client) WriteSchema(ctx context.Context, schema authz.Schema) error
- type Config
- type Transport
Constants ¶
View Source
const DefaultSchema = `` /* 1607-byte string literal not displayed */
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client adapts AuthZed's official authzed-go gRPC SDK to Kernel authz.
func (*Client) BatchCheck ¶
func (c *Client) BatchCheck(ctx context.Context, req authz.BatchCheckRequest) (authz.BatchCheckResult, error)
func (*Client) DeleteRelationships ¶
func (c *Client) DeleteRelationships(ctx context.Context, filter authz.RelationshipFilter) (authz.WriteResult, error)
func (*Client) InstallDefaultSchema ¶
func (*Client) LookupResources ¶
func (c *Client) LookupResources(ctx context.Context, req authz.LookupResourcesRequest) (authz.LookupResourcesResult, error)
func (*Client) LookupSubjects ¶
func (c *Client) LookupSubjects(ctx context.Context, req authz.LookupSubjectsRequest) (authz.LookupSubjectsResult, error)
func (*Client) ReadRelationships ¶
func (c *Client) ReadRelationships(ctx context.Context, filter authz.RelationshipFilter) ([]authz.Relationship, error)
func (*Client) ValidateSchema ¶
func (*Client) WriteRelationships ¶
func (c *Client) WriteRelationships(ctx context.Context, relationships ...authz.Relationship) (authz.WriteResult, error)
type Config ¶
type Config struct {
Endpoint string `json:"endpoint" yaml:"endpoint"`
Token string `json:"token" yaml:"token"`
Transport Transport `json:"transport" yaml:"transport"`
Insecure bool `json:"insecure" yaml:"insecure"`
Timeout time.Duration `json:"timeout" yaml:"timeout"`
// FullyConsistent is useful during early development. Production hot paths
// should prefer at-least-as-fresh with a stored consistency token when needed.
FullyConsistent bool `json:"fully_consistent" yaml:"fully_consistent"`
// Logger is the component logger. If nil, spicedb uses logx.DefaultLogger().
Logger logx.Logger `json:"-" yaml:"-"`
// Metrics is the optional metrics manager for SpiceDB backend calls.
Metrics metricsx.Manager `json:"-" yaml:"-"`
// MetricsEnabled controls whether SpiceDB backend calls record metrics.
MetricsEnabled bool `json:"metrics_enabled" yaml:"metrics_enabled"`
}
func (Config) Normalized ¶
Click to show internal directories.
Click to hide internal directories.