client

package
v0.0.0-...-319cc75 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 6, 2025 License: MIT Imports: 21 Imported by: 0

Documentation

Overview

Package client implements an ergonomic SpiceDB client that wraps the official AuthZed gRPC client.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewPlaintext 

func NewPlaintext(endpoint, presharedKey string) (*Client, error)

NewPlaintext creates a client that does not enforce TLS.

This should be used only for testing (usually against localhost).

func NewSystemTLS 

func NewSystemTLS(endpoint, presharedKey string) (*Client, error)

NewSystemTLS creates a client using TLS verified by the operating system's certificate chain.

This should be sufficient for production usage in the typical environments.

func NewWithOpts 

func NewWithOpts(endpoint string, opts ...Option) (*Client, error)

NewWithOpts creates a new client with the defaults overwritten with any provided options.

func (*Client) Check 

func (c *Client) Check(ctx context.Context, cs *consistency.Strategy, rs ...rel.Interface) ([]bool, error)

Check performs a batched permissions check for the provided relationships.

func (*Client) CheckAll 

func (c *Client) CheckAll(ctx context.Context, cs *consistency.Strategy, rs ...rel.Interface) (bool, error)

CheckAll returns true if all of the provided relationships have access.

func (*Client) CheckAny 

func (c *Client) CheckAny(ctx context.Context, cs *consistency.Strategy, rs ...rel.Interface) (bool, error)

CheckAny returns true if any of the provided relationships have access.

func (*Client) CheckIter 

func (c *Client) CheckIter(ctx context.Context, cs *consistency.Strategy, rs iter.Seq[rel.Interface]) iter.Seq2[bool, error]

CheckIter iterates over the provided relationships, batching them into requests, and returns an iterator of their results.

func (*Client) CheckOne 

func (c *Client) CheckOne(ctx context.Context, cs *consistency.Strategy, r rel.Interface) (bool, error)

CheckOne performs a permissions check for a single relationship.

func (*Client) Delete 

func (c *Client) Delete(ctx context.Context, f *rel.PreconditionedFilter) error

Delete removes all of the relationships matching the provided filter in batches.

func (*Client) DeleteAtomic 

func (c *Client) DeleteAtomic(ctx context.Context, f *rel.PreconditionedFilter) (deletedAtRevision string, err error)

DeleteAtomic removes all of the relationships matching the provided filter in a single transaction.

func (*Client) ExportRelationships 

func (c *Client) ExportRelationships(ctx context.Context, revision string) iter.Seq2[*rel.Relationship, error]

ExportRelationships is similar to ReadRelationships, but cannot be filtered and is optimized for performing full backups of SpiceDB.

A proper backup should include relationships and schema, so this function should be called with the same revision as said schema.

func (*Client) ImportRelationships 

func (c *Client) ImportRelationships(ctx context.Context, rs iter.Seq[rel.Interface]) error

ImportRelationships is similar to Write, but is optimized for performing full restorations of SpiceDB.

func (*Client) LookupResources 

func (c *Client) LookupResources(ctx context.Context, cs *consistency.Strategy, permission, subject string) iter.Seq2[string, error]

LookupResources streams a sequence of resource IDs for which the provided subject has permission.

The permission and subject are provided as strings in the following format: `LookupResources(ctx, consistency.MinLatency(), "document#reader" "user:jimmy")` or `LookupResources(ctx, consistency.MinLatency(), "document#reader" "team:admin#member")`

func (*Client) LookupSubjects 

func (c *Client) LookupSubjects(ctx context.Context, cs *consistency.Strategy, resource, permission, subject string) iter.Seq2[string, error]

LookupSubjects streams a sequence of subject IDs of the subjects that have permissionship with the provided resource and permission.

The string arguments are provided in the following format: `LookupSubjects(ctx, consistency.MinLatency(), "document:README", "editor", "user")` or `LookupSubjects(ctx, consistency.MinLatency(), "document:README", "editor", "team#member"

func (*Client) ReadRelationships 

func (c *Client) ReadRelationships(ctx context.Context, cs *consistency.Strategy, f *rel.Filter) iter.Seq2[*rel.Relationship, error]

ReadRelationships returns an iterator for all of the relationships matching the provided filter.

Example 
package main

import (
	"context"
	"fmt"

	"github.com/authzed/gochugaru/client"
	"github.com/authzed/gochugaru/consistency"
	"github.com/authzed/gochugaru/rel"
	"github.com/google/uuid"
)

const exampleSchema = `
definition user {}
definition document {
    relation writer: user
    relation reader: user

    permission edit = writer
    permission view = reader + edit
}
`

func randomPresharedKey() string {
	return uuid.New().String()
}

func main() {
	ctx := context.TODO()

	c, err := client.NewPlaintext("127.0.0.1:50051", randomPresharedKey())
	if err != nil {
		panic(err)
	}

	if _, err := c.WriteSchema(ctx, exampleSchema); err != nil {
		panic(err)
	}

	var txn rel.Txn
	txn.Create(rel.MustFromTriple("document:README", "reader", "user:jimmy"))
	if _, err := c.Write(ctx, txn); err != nil {
		panic(err)
	}

	iter := c.ReadRelationships(
		ctx,
		consistency.MinLatency(),
		rel.NewFilter("document", "", ""),
	)

	for r, err := range iter {
		if err != nil {
			panic(err)
		}
		fmt.Println(r)
	}
}

Output:

document:README#reader@user:jimmy

func (*Client) ReadSchema 

func (c *Client) ReadSchema(ctx context.Context) (schema, revision string, err error)

ReadSchema reads the current schema with full consistency.

func (*Client) Updates 

func (c *Client) Updates(ctx context.Context, f rel.UpdateFilter) iter.Seq2[rel.Update, error]

Updates returns an iterator that's subscribed to optionally-filtered updates from the SpiceDB Watch API.

This function can and should be cancelled via context.

func (*Client) UpdatesSinceRevision 

func (c *Client) UpdatesSinceRevision(ctx context.Context, f rel.UpdateFilter, revision string) iter.Seq2[rel.Update, error]

UpdatesSinceRevision is a variation of the Updates method that supports starting the iterator at a specific revision.

func (*Client) Write 

func (c *Client) Write(ctx context.Context, txn rel.Txn) (writtenAtRevision string, err error)

Write atomically performs a transaction on relationships.

func (*Client) WriteSchema 

func (c *Client) WriteSchema(ctx context.Context, schema string) (revision string, err error)

WriteSchema applies the provided schema to SpiceDB.

Any schema causing relationships to be unreferenced will throw an error. These relationships must be deleted before the schema can be valid.

type Option 

type Option func(client *Client)

func WithDialOpts 

func WithDialOpts(opts ...grpc.DialOption) Option

WithDialOpts allows for configuring the underlying gRPC connection.

This should only be used if the other methods don't suffice.

We'd also love to hear about which DialOptions you're using in the SpiceDB Discord (https://discord.gg/spicedb) or the issue tracker for this library.

func WithOverlapRequired 

func WithOverlapRequired() Option

WithOverlapRequired will cause a panic if a request is made that does not provide an overlap key.

This should be used to prevent any issues when SpiceDB is configured for overlap keys provided from requests.

type RequestOption 

type RequestOption func(context.Context)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.