schema

package
v1.45.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2025 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package schema contains code that manipulates a schema and knows how to traverse it.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCaveatNotFoundErr 

func NewCaveatNotFoundErr(caveatName string) error

NewCaveatNotFoundErr constructs a new caveat not found error.

func NewDefinitionNotFoundErr 

func NewDefinitionNotFoundErr(nsName string) error

NewDefinitionNotFoundErr constructs a new definition not found error.

func NewDuplicateAllowedRelationErr 

func NewDuplicateAllowedRelationErr(nsName string, relationName string, allowedRelationSource string) error

NewDuplicateAllowedRelationErr constructs an error indicating that an allowed relation was defined more than once for a relation.

func NewDuplicateRelationError 

func NewDuplicateRelationError(nsName string, relationName string) error

NewDuplicateRelationError constructs an error indicating that a relation was defined more than once in a definition.

func NewMissingAllowedRelationsErr 

func NewMissingAllowedRelationsErr(nsName string, relationName string) error

NewMissingAllowedRelationsErr constructs an error indicating that type information is missing for a relation.

func NewPermissionUsedOnLeftOfArrowErr 

func NewPermissionUsedOnLeftOfArrowErr(nsName string, parentPermissionName string, foundPermissionName string) error

NewPermissionUsedOnLeftOfArrowErr constructs an error indicating that a permission was used on the left side of an arrow.

func NewPermissionsCycleErr 

func NewPermissionsCycleErr(nsName string, permissionNames []string) error

NewPermissionsCycleErr constructs an error indicating that a cycle exists amongst permissions.

func NewRelationNotFoundErr 

func NewRelationNotFoundErr(nsName string, relationName string) error

NewRelationNotFoundErr constructs a new relation not found error.

func NewTransitiveWildcardErr 

func NewTransitiveWildcardErr(nsName string, relationName string, foundRelationNamespace string, foundRelationName string, wildcardTypeName string, wildcardRelationReference string) error

NewTransitiveWildcardErr constructs an error indicating that a transitive wildcard exists.

func NewTypeWithSourceError 

func NewTypeWithSourceError(wrapped error, withSource nspkg.WithSourcePosition, sourceCodeString string) error

NewTypeWithSourceError creates a new type error at the specific position and with source code, wrapping the underlying error.

func NewUnusedCaveatParameterErr 

func NewUnusedCaveatParameterErr(caveatName string, paramName string) error

NewUnusedCaveatParameterErr constructs indicating that a parameter was unused in a caveat expression.

func NewWildcardUsedInArrowErr 

func NewWildcardUsedInArrowErr(nsName string, parentPermissionName string, foundRelationName string, wildcardTypeName string, wildcardRelationName string) error

NewWildcardUsedInArrowErr constructs an error indicating that an arrow operated over a relation with a wildcard type.

func SourceForAllowedRelation 

func SourceForAllowedRelation(allowedRelation *core.AllowedRelation) string

SourceForAllowedRelation returns the source code representation of an allowed relation.

Types

type AllowedDefinitionOption 

type AllowedDefinitionOption int

AllowedDefinitionOption indicates whether an allowed definition of a particular kind is allowed on the right side of another relation. 

const (
	// UnknownIfAllowedDefinition indicates that no type information is defined for
	// this relation.
	UnknownIfAllowedDefinition AllowedDefinitionOption = iota

	// AllowedDefinitionValid indicates that the specified subject definition is valid.
	AllowedDefinitionValid

	// AllowedDefinitionNotValid indicates that the specified subject definition is not valid.
	AllowedDefinitionNotValid
)

type AllowedDirectRelation 

type AllowedDirectRelation int

AllowedDirectRelation indicates whether a relation is allowed on the right side of another relation. 

const (
	// UnknownIfRelationAllowed indicates that no type information is defined for
	// this relation.
	UnknownIfRelationAllowed AllowedDirectRelation = iota

	// DirectRelationValid indicates that the specified subject relation is valid as
	// part of a *direct* tuple on the relation.
	DirectRelationValid

	// DirectRelationNotValid indicates that the specified subject relation is not
	// valid as part of a *direct* tuple on the relation.
	DirectRelationNotValid
)

type AllowedPublicSubject 

type AllowedPublicSubject int

AllowedPublicSubject indicates whether a public subject of a particular kind is allowed on the right side of another relation. 

const (
	// UnknownIfPublicAllowed indicates that no type information is defined for
	// this relation.
	UnknownIfPublicAllowed AllowedPublicSubject = iota

	// PublicSubjectAllowed indicates that the specified subject wildcard is valid as
	// part of a *direct* tuple on the relation.
	PublicSubjectAllowed

	// PublicSubjectNotAllowed indicates that the specified subject wildcard is not
	// valid as part of a *direct* tuple on the relation.
	PublicSubjectNotAllowed
)

type AllowedRelationOption 

type AllowedRelationOption int

AllowedRelationOption indicates whether an allowed relation of a particular kind is allowed on the right side of another relation. 

const (
	// UnknownIfAllowed indicates that no type information is defined for
	// this relation.
	UnknownIfAllowed AllowedRelationOption = iota

	// AllowedRelationValid indicates that the specified subject relation is valid.
	AllowedRelationValid

	// AllowedRelationNotValid indicates that the specified subject relation is not valid.
	AllowedRelationNotValid
)

type ArrowInformation 

type ArrowInformation struct {
	Arrow              *core.TupleToUserset
	Path               string
	ParentRelationName string
}

ArrowInformation holds information about an arrow (TupleToUserset) in the schema.

type ArrowSet 

type ArrowSet struct {
	// contains filtered or unexported fields
}

ArrowSet represents a set of all the arrows (TupleToUserset's) found in the schema.

func (*ArrowSet) AllReachableRelations 

func (as *ArrowSet) AllReachableRelations() *mapz.Set[string]

AllReachableRelations returns all relations reachable through arrows, including tupleset relations and computed userset relations.

func (*ArrowSet) HasPossibleArrowWithComputedUserset 

func (as *ArrowSet) HasPossibleArrowWithComputedUserset(namespaceName string, relationName string) bool

HasPossibleArrowWithComputedUserset returns true if there is a *possible* arrow with the given relation name as the arrow's computed userset/for a subject type that has the given namespace.

func (*ArrowSet) LookupTuplesetArrows 

func (as *ArrowSet) LookupTuplesetArrows(namespaceName string, relationName string) []ArrowInformation

LookupTuplesetArrows finds all arrows with the given namespace and relation name as the arrows' tupleset.

type Caveat 

type Caveat = core.CaveatDefinition

Caveat is an alias for a core.CaveatDefinition proto

type CaveatNotFoundError 

type CaveatNotFoundError struct {
	// contains filtered or unexported fields
}

CaveatNotFoundError occurs when a caveat was not found.

func (CaveatNotFoundError) CaveatName 

func (err CaveatNotFoundError) CaveatName() string

CaveatName returns the name of the caveat not found.

func (CaveatNotFoundError) DetailsMetadata 

func (err CaveatNotFoundError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (CaveatNotFoundError) MarshalZerologObject 

func (err CaveatNotFoundError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type CompiledSchemaResolver 

type CompiledSchemaResolver struct {
	// contains filtered or unexported fields
}

CompiledSchemaResolver is a resolver for a fully compiled schema. It implements FullSchemaResolver, as it has the full context of the schema.

func ResolverForCompiledSchema 

func ResolverForCompiledSchema(schema compiler.CompiledSchema) *CompiledSchemaResolver

ResolverForCompiledSchema builds a resolver from a compiled schema.

func (CompiledSchemaResolver) AllDefinitionNames 

func (c CompiledSchemaResolver) AllDefinitionNames() []string

AllDefinitionNames returns a list of all the names of defined namespaces for this resolved schema. Every definition is a valid parameter for LookupDefinition

func (CompiledSchemaResolver) LookupCaveat 

func (c CompiledSchemaResolver) LookupCaveat(ctx context.Context, name string) (*Caveat, error)

LookupCaveat lookups up a caveat.

func (CompiledSchemaResolver) LookupDefinition 

func (c CompiledSchemaResolver) LookupDefinition(ctx context.Context, name string) (*core.NamespaceDefinition, bool, error)

LookupDefinition lookups up a namespace, also returning whether it was pre-validated.

type DatastoreResolver 

type DatastoreResolver struct {
	// contains filtered or unexported fields
}

DatastoreResolver is a resolver implementation for a datastore, to look up schema stored in the underlying storage.

func ResolverForDatastoreReader 

func ResolverForDatastoreReader(ds datastore.Reader) *DatastoreResolver

ResolverForDatastoreReader returns a Resolver for a datastore reader.

func (*DatastoreResolver) LookupCaveat 

func (r *DatastoreResolver) LookupCaveat(ctx context.Context, name string) (*Caveat, error)

LookupCaveat lookups up a caveat.

func (*DatastoreResolver) LookupDefinition 

func (r *DatastoreResolver) LookupDefinition(ctx context.Context, name string) (*core.NamespaceDefinition, bool, error)

LookupDefinition lookups up a namespace definition, also returning whether it was pre-validated.

func (*DatastoreResolver) WithPredefinedElements 

func (r *DatastoreResolver) WithPredefinedElements(predefined PredefinedElements) Resolver

WithPredefinedElements adds elements (definitions and caveats) that will be used as a local overlay for the datastore, often for validation.

type Definition 

type Definition struct {
	// contains filtered or unexported fields
}

Definition represents typing information found in a definition. It also provides better ergonomic accessors to the defintion's type information.

func NewDefinition 

func NewDefinition(ts *TypeSystem, nsDef *core.NamespaceDefinition) (*Definition, error)

NewDefinition returns a new type definition for the given definition proto.

func (*Definition) AllowedDirectRelationsAndWildcards 

func (def *Definition) AllowedDirectRelationsAndWildcards(sourceRelationName string) ([]*core.AllowedRelation, error)

AllowedDirectRelationsAndWildcards returns the allowed subject relations for a source relation. Note that this function will return wildcards.

func (*Definition) AllowedSubjectRelations 

func (def *Definition) AllowedSubjectRelations(sourceRelationName string) ([]*core.RelationReference, error)

AllowedSubjectRelations returns the allowed subject relations for a source relation. Note that this function will *not* return wildcards, and returns without the marked caveats and expiration.

func (*Definition) GetAllowedDirectNamespaceSubjectRelations 

func (def *Definition) GetAllowedDirectNamespaceSubjectRelations(sourceRelationName string, targetNamespaceName string) (*mapz.Set[string], error)

GetAllowedDirectNamespaceSubjectRelations returns the subject relations for the target definition, if it is defined as appearing somewhere on the right side of a relation (except wildcards). Returns nil if there is no type information or it is not allowed.

func (*Definition) GetRelation 

func (def *Definition) GetRelation(relationName string) (*core.Relation, bool)

GetRelation returns the relation that's defined with the give name in the type system or returns false.

func (*Definition) HasAllowedRelation 

func (def *Definition) HasAllowedRelation(sourceRelationName string, toCheck *core.AllowedRelation) (AllowedRelationOption, error)

HasAllowedRelation returns whether the source relation has the given allowed relation.

func (*Definition) HasRelation 

func (def *Definition) HasRelation(relationName string) bool

HasRelation returns true if the definition has the given relation defined.

func (*Definition) HasTypeInformation 

func (def *Definition) HasTypeInformation(relationName string) bool

HasTypeInformation returns true if the relation with the given name exists and has type information defined.

func (*Definition) IsAllowedDirectNamespace 

func (def *Definition) IsAllowedDirectNamespace(sourceRelationName string, targetNamespaceName string) (AllowedDefinitionOption, error)

IsAllowedDirectNamespace returns whether the target definition is defined as appearing somewhere on the right side of a relation (except public).

func (*Definition) IsAllowedDirectRelation 

func (def *Definition) IsAllowedDirectRelation(sourceRelationName string, targetNamespaceName string, targetRelationName string) (AllowedDirectRelation, error)

IsAllowedDirectRelation returns whether the subject relation is allowed to appear on the right hand side of a tuple placed in the source relation with the given name.

func (*Definition) IsAllowedPublicNamespace 

func (def *Definition) IsAllowedPublicNamespace(sourceRelationName string, targetNamespaceName string) (AllowedPublicSubject, error)

IsAllowedPublicNamespace returns whether the target definition is defined as public on the source relation.

func (*Definition) IsPermission 

func (def *Definition) IsPermission(relationName string) bool

IsPermission returns true if the definition has the given relation defined and it is a permission.

func (*Definition) Namespace 

func (def *Definition) Namespace() *core.NamespaceDefinition

Namespace is the NamespaceDefinition for which the type system was constructed.

func (*Definition) PossibleTraitsForSubject added in v1.44.4 

func (def *Definition) PossibleTraitsForSubject(relationName string, subjectTypeName string) (Traits, error)

PossibleTraitsForSubject returns the traits that are possible for the given subject type on the specified relation.

func (*Definition) Reachability 

func (def *Definition) Reachability() *DefinitionReachability

Reachability returns a reachability graph for the given namespace.

func (*Definition) RelationDoesNotAllowCaveatsOrTraitsForSubject 

func (def *Definition) RelationDoesNotAllowCaveatsOrTraitsForSubject(relationName string, subjectTypeName string) (bool, error)

RelationDoesNotAllowCaveatsOrTraitsForSubject returns true if and only if it can be conclusively determined that the given subject type does not accept any caveats or traits on the given relation. If the relation does not have type information, returns an error.

func (*Definition) TypeSystem 

func (def *Definition) TypeSystem() *TypeSystem

TypeSystem returns the typesystem for this definition

func (*Definition) Validate 

func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, error)

type DefinitionNotFoundError 

type DefinitionNotFoundError struct {
	// contains filtered or unexported fields
}

DefinitionNotFoundError occurs when a definition was not found.

func (DefinitionNotFoundError) DetailsMetadata 

func (err DefinitionNotFoundError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (DefinitionNotFoundError) MarshalZerologObject 

func (err DefinitionNotFoundError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

func (DefinitionNotFoundError) NotFoundNamespaceName 

func (err DefinitionNotFoundError) NotFoundNamespaceName() string

NotFoundNamespaceName is the name of the definition not found.

type DefinitionReachability 

type DefinitionReachability struct {
	// contains filtered or unexported fields
}

DefinitionReachability is a helper struct that provides an easy way to determine all entrypoints for a subject of a particular type into a schema, for the purpose of walking from the subject to a specific resource relation.

func (*DefinitionReachability) AllEntrypointsForSubjectToResource 

func (rg *DefinitionReachability) AllEntrypointsForSubjectToResource(
	ctx context.Context,
	subjectType *core.RelationReference,
	resourceType *core.RelationReference,
) ([]ReachabilityEntrypoint, error)

AllEntrypointsForSubjectToResource returns the entrypoints into the reachability graph, starting at the given subject type and walking to the given resource type.

func (*DefinitionReachability) FirstEntrypointsForSubjectToResource 

func (rg *DefinitionReachability) FirstEntrypointsForSubjectToResource(
	ctx context.Context,
	subjectType *core.RelationReference,
	resourceType *core.RelationReference,
) ([]ReachabilityEntrypoint, error)

FirstEntrypointsForSubjectToResource returns the *optimized* set of entrypoints into the reachability graph, starting at the given subject type and walking to the given resource type.

It does this by limiting the number of entrypoints (and checking the alternatives) and so simply returns the first entrypoint in an intersection or exclusion branch.

func (*DefinitionReachability) HasOptimizedEntrypointsForSubjectToResource 

func (rg *DefinitionReachability) HasOptimizedEntrypointsForSubjectToResource(
	ctx context.Context,
	subjectType *core.RelationReference,
	resourceType *core.RelationReference,
) (bool, error)

HasOptimizedEntrypointsForSubjectToResource returns whether there exists any *optimized* entrypoints into the reachability graph, starting at the given subject type and walking to the given resource type.

The optimized set will skip branches on intersections and exclusions in an attempt to minimize the number of entrypoints.

func (*DefinitionReachability) RelationsEncounteredForResource 

func (rg *DefinitionReachability) RelationsEncounteredForResource(
	ctx context.Context,
	resourceType *core.RelationReference,
) ([]*core.RelationReference, error)

RelationsEncounteredForResource returns all relations that are encountered when walking outward from a resource+relation.

func (*DefinitionReachability) RelationsEncounteredForSubject 

func (rg *DefinitionReachability) RelationsEncounteredForSubject(
	ctx context.Context,
	allDefinitions []*core.NamespaceDefinition,
	startingSubjectType *core.RelationReference,
) ([]*core.RelationReference, error)

RelationsEncounteredForSubject returns all relations that are encountered when walking outward from a subject+relation.

type DuplicateAllowedRelationError 

type DuplicateAllowedRelationError struct {
	// contains filtered or unexported fields
}

DuplicateAllowedRelationError indicates that an allowed relation was redefined on a relation.

func (DuplicateAllowedRelationError) DetailsMetadata 

func (err DuplicateAllowedRelationError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (DuplicateAllowedRelationError) MarshalZerologObject 

func (err DuplicateAllowedRelationError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type DuplicateRelationError 

type DuplicateRelationError struct {
	// contains filtered or unexported fields
}

DuplicateRelationError occurs when a duplicate relation was found inside a definition.

func (DuplicateRelationError) DetailsMetadata 

func (err DuplicateRelationError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (DuplicateRelationError) MarshalZerologObject 

func (err DuplicateRelationError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type FullSchemaResolver 

type FullSchemaResolver interface {
	Resolver
	AllDefinitionNames() []string
}

FullSchemaResolver is a superset of a resolver that knows how to retrieve all definitions from its source by name (by having a complete list of names).

type Graph 

type Graph struct {
	// contains filtered or unexported fields
}

Graph is a struct holding reachability information.

func BuildGraph 

func BuildGraph(ctx context.Context, r *CompiledSchemaResolver) (*Graph, error)

BuildGraph builds the graph of all reachable information in the schema.

func (*Graph) Arrows 

func (g *Graph) Arrows() *ArrowSet

Arrows returns the set of arrows found in the reachability graph.

func (*Graph) RelationsReferencing 

func (g *Graph) RelationsReferencing(namespaceName string, relationName string) []RelationReferenceInfo

RelationsReferencing returns all relations/permissions in the schema that reference the specified relation in some manner.

type MissingAllowedRelationsError 

type MissingAllowedRelationsError struct {
	// contains filtered or unexported fields
}

MissingAllowedRelationsError occurs when a relation is defined without any type information.

func (MissingAllowedRelationsError) DetailsMetadata 

func (err MissingAllowedRelationsError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (MissingAllowedRelationsError) MarshalZerologObject 

func (err MissingAllowedRelationsError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type PermissionUsedOnLeftOfArrowError 

type PermissionUsedOnLeftOfArrowError struct {
	// contains filtered or unexported fields
}

PermissionUsedOnLeftOfArrowError occurs when a permission is used on the left side of an arrow expression.

func (PermissionUsedOnLeftOfArrowError) DetailsMetadata 

func (err PermissionUsedOnLeftOfArrowError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (PermissionUsedOnLeftOfArrowError) MarshalZerologObject 

func (err PermissionUsedOnLeftOfArrowError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type PermissionsCycleError 

type PermissionsCycleError struct {
	// contains filtered or unexported fields
}

PermissionsCycleError occurs when a cycle exists within permissions.

func (PermissionsCycleError) DetailsMetadata 

func (err PermissionsCycleError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (PermissionsCycleError) MarshalZerologObject 

func (err PermissionsCycleError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type PredefinedElements 

type PredefinedElements struct {
	Definitions []*core.NamespaceDefinition
	Caveats     []*Caveat
}

PredefinedElements are predefined namespaces and/or caveats to give to a resolver.

type ReachabilityEntrypoint 

type ReachabilityEntrypoint struct {
	// contains filtered or unexported fields
}

ReachabilityEntrypoint is an entrypoint into the reachability graph for a subject of particular type.

func (ReachabilityEntrypoint) ComputedUsersetRelation 

func (re ReachabilityEntrypoint) ComputedUsersetRelation() (string, error)

ComputedUsersetRelation returns the tupleset relation of the computed userset, if any.

func (ReachabilityEntrypoint) ContainingRelationOrPermission 

func (re ReachabilityEntrypoint) ContainingRelationOrPermission() *core.RelationReference

ContainingRelationOrPermission is the relation or permission containing this entrypoint.

func (ReachabilityEntrypoint) DebugString 

func (re ReachabilityEntrypoint) DebugString() (string, error)

func (ReachabilityEntrypoint) DirectRelation 

func (re ReachabilityEntrypoint) DirectRelation() (*core.RelationReference, error)

DirectRelation is the relation that this entrypoint represents, if a RELATION_ENTRYPOINT.

func (ReachabilityEntrypoint) EntrypointKind 

func (re ReachabilityEntrypoint) EntrypointKind() core.ReachabilityEntrypoint_ReachabilityEntrypointKind

EntrypointKind is the kind of the entrypoint.

func (ReachabilityEntrypoint) Hash 

func (re ReachabilityEntrypoint) Hash() (uint64, error)

Hash returns a hash representing the data in the entrypoint, for comparison to other entrypoints. This is ONLY stable within a single version of SpiceDB and should NEVER be stored for later comparison outside of the process.

func (ReachabilityEntrypoint) IsDirectResult 

func (re ReachabilityEntrypoint) IsDirectResult() bool

IsDirectResult returns whether the entrypoint, when evaluated, becomes a direct result of the parent relation/permission. A direct result only exists if the entrypoint is not contained under an intersection or exclusion, which makes the entrypoint's object merely conditionally reachable.

func (ReachabilityEntrypoint) MustDebugString 

func (re ReachabilityEntrypoint) MustDebugString() string

func (ReachabilityEntrypoint) String 

func (re ReachabilityEntrypoint) String() string

func (ReachabilityEntrypoint) TargetNamespace 

func (re ReachabilityEntrypoint) TargetNamespace() string

TargetNamespace returns the namespace for the entrypoint's target relation.

func (ReachabilityEntrypoint) TuplesetRelation 

func (re ReachabilityEntrypoint) TuplesetRelation() (string, error)

TuplesetRelation returns the tupleset relation of the TTU, if a TUPLESET_TO_USERSET_ENTRYPOINT.

type ReferenceType 

type ReferenceType int

ReferenceType is an enum describing what kind of relation reference we hold in a RelationReferenceInfo. 

const (
	RelationInExpression ReferenceType = iota
	RelationIsSubjectType
	RelationIsTuplesetForArrow
	RelationIsComputedUsersetForArrow
)

type Relation 

type Relation = core.Relation

Relation is an alias for a core.Relation proto

type RelationNotFoundError 

type RelationNotFoundError struct {
	// contains filtered or unexported fields
}

RelationNotFoundError occurs when a relation was not found under a definition.

func (RelationNotFoundError) DetailsMetadata 

func (err RelationNotFoundError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (RelationNotFoundError) MarshalZerologObject 

func (err RelationNotFoundError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

func (RelationNotFoundError) NamespaceName 

func (err RelationNotFoundError) NamespaceName() string

NamespaceName returns the name of the definition in which the relation was not found.

func (RelationNotFoundError) NotFoundRelationName 

func (err RelationNotFoundError) NotFoundRelationName() string

NotFoundRelationName returns the name of the relation not found.

type RelationReferenceInfo 

type RelationReferenceInfo struct {
	Relation *core.RelationReference
	Type     ReferenceType
	Arrow    *ArrowInformation
}

RelationReferenceInfo holds the relation and metadata for a relation found in the full reachability graph.

type Resolver 

type Resolver interface {
	// LookupDefinition lookups up a namespace definition, also returning whether it was pre-validated.
	LookupDefinition(ctx context.Context, name string) (*core.NamespaceDefinition, bool, error)

	// LookupCaveat lookups up a caveat.
	LookupCaveat(ctx context.Context, name string) (*Caveat, error)
}

Resolver is an interface defined for resolving referenced namespaces and caveats when constructing and validating a type system.

func ResolverForPredefinedDefinitions 

func ResolverForPredefinedDefinitions(predefined PredefinedElements) Resolver

ResolverForPredefinedDefinitions returns a resolver for predefined namespaces and caveats.

func ResolverForSchema 

func ResolverForSchema(schema compiler.CompiledSchema) Resolver

ResolverForSchema returns a resolver for a schema.

type Traits added in v1.44.4 

type Traits struct {
	// AllowsCaveats indicates whether the relation allows caveats on the subject type.
	AllowsCaveats bool

	// AllowsExpiration indicates whether the relation allows expiration on the subject type.
	AllowsExpiration bool
}

Traits represents the traits that a relation allows for a subject type.

type TransitiveWildcardError 

type TransitiveWildcardError struct {
	// contains filtered or unexported fields
}

TransitiveWildcardError occurs when a wildcard relation in turn references another wildcard relation.

func (TransitiveWildcardError) DetailsMetadata 

func (err TransitiveWildcardError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (TransitiveWildcardError) MarshalZerologObject 

func (err TransitiveWildcardError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type TypeError 

type TypeError struct {
	// contains filtered or unexported fields
}

TypeError wraps another error as a type error.

func (TypeError) Unwrap 

func (err TypeError) Unwrap() error

type TypeSystem 

type TypeSystem struct {
	sync.Mutex
	// contains filtered or unexported fields
}

TypeSystem is a cache and view into an entire combined schema of type definitions and caveats. It also provides accessors to build reachability graphs for the underlying types.

func NewTypeSystem 

func NewTypeSystem(resolver Resolver) *TypeSystem

NewTypeSystem builds a TypeSystem object from a resolver, which can look up the definitions.

func (*TypeSystem) GetDefinition 

func (ts *TypeSystem) GetDefinition(ctx context.Context, definition string) (*Definition, error)

GetDefinition looks up and returns a definition struct.

func (*TypeSystem) GetFullRecursiveSubjectTypesForRelation added in v1.44.3 

func (ts *TypeSystem) GetFullRecursiveSubjectTypesForRelation(ctx context.Context, defName string, relationName string) ([]string, error)

GetFullRecursiveSubjectTypesForRelation returns, for a given definition and relation, all the potential terminal subject type definition names of that relation, as well as any relation subtypes (eg, `group#member`) that may occur.

func (*TypeSystem) GetRecursiveTerminalTypesForRelation added in v1.44.3 

func (ts *TypeSystem) GetRecursiveTerminalTypesForRelation(ctx context.Context, defName string, relationName string) ([]string, error)

GetRecursiveTerminalTypesForRelation returns, for a given definition and relation, all the potential terminal subject type definition names of that relation.

func (*TypeSystem) GetValidatedDefinition 

func (ts *TypeSystem) GetValidatedDefinition(ctx context.Context, definition string) (*ValidatedDefinition, error)

GetValidatedDefinition runs validation on the type system for the definition to ensure it is consistent.

type UnusedCaveatParameterError 

type UnusedCaveatParameterError struct {
	// contains filtered or unexported fields
}

UnusedCaveatParameterError indicates that a caveat parameter is unused in the caveat expression.

func (UnusedCaveatParameterError) DetailsMetadata 

func (err UnusedCaveatParameterError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (UnusedCaveatParameterError) MarshalZerologObject 

func (err UnusedCaveatParameterError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type ValidatedDefinition 

type ValidatedDefinition struct {
	*Definition
}

ValidatedDefinition is a typesafe reference to a definition that has been validated.

type WildcardTypeReference 

type WildcardTypeReference struct {
	// ReferencingRelation is the relation referencing the wildcard type.
	ReferencingRelation *core.RelationReference

	// WildcardType is the wildcard type referenced.
	WildcardType *core.AllowedRelation
}

WildcardTypeReference represents a relation that references a wildcard type.

type WildcardUsedInArrowError 

type WildcardUsedInArrowError struct {
	// contains filtered or unexported fields
}

WildcardUsedInArrowError occurs when an arrow operates over a relation that contains a wildcard.

func (WildcardUsedInArrowError) DetailsMetadata 

func (err WildcardUsedInArrowError) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (WildcardUsedInArrowError) MarshalZerologObject 

func (err WildcardUsedInArrowError) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.