Documentation
¶
Overview ¶
schema/v2 provides a convenient Go representation of SpiceDB's schema definitions, built on top of the raw protocol buffer types from core.v1.
This package converts low-level protobuf structures (NamespaceDefinition, CaveatDefinition) into ergonomic Schema views that are easier to reason about and work with programatically. The basic types map very closely to the schema language itself.
The proto remains the source of truth; this makes traversing the schema to build queries or determine reachability much easier.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ArrowReference ¶
ArrowReference is an Operation that represents `permission foo = Left->Right`.
type BaseRelation ¶
type BaseRelation struct {
Parent *Relation
Type string
Subrelation string
Caveat string
Expiration bool
Wildcard bool
}
BaseRelation is a single type, and its potential caveats, and expiration options. These features are written directly to the database with the parent Relation and Definition as the resource type and relation, and contains the subject type and optional subrelation.
func (BaseRelation) DefinitionName ¶
func (b BaseRelation) DefinitionName() string
DefinitionName returns the name of the Definition in which this BaseRelation appears.
func (BaseRelation) RelationName ¶
func (b BaseRelation) RelationName() string
DefinitionName returns the name of the Relation in which this BaseRelation appears.
type Definition ¶
type Definition struct {
Parent *Schema
Name string
Relations map[string]*Relation
Permissions map[string]*Permission
}
Definition is a single schema object type, with relations and permissions.
type ExclusionOperation ¶
IntersectionOperation is an Operation that represents `permission foo = a - b`.
type IntersectionOperation ¶
type IntersectionOperation struct {
Children []Operation
}
IntersectionOperation is an Operation that represents `permission foo = a & b & c`.
type Operation ¶
type Operation interface {
// contains filtered or unexported methods
}
Operation is a closed enum of things that can exist on the right-hand-side of a permission. It forms a tree of unions, intersections and exclusions, until the leaves are things like references to other permissions or relations, or are arrows.
type Permission ¶
type Permission struct {
Parent *Definition
Name string
Operation Operation
}
Permission is a single `permission` line belonging to a definition. It has a name and a // and/or/not tree of operations representing it's right-hand-side.
type Relation ¶
type Relation struct {
Parent *Definition
Name string
BaseRelations []*BaseRelation
AliasingRelation string
}
Relation is a single `relation` line belonging to a definition. It has a name and list of types appearing on the right hand side.
type RelationReference ¶
type RelationReference struct {
RelationName string
}
RelationReference is an Operation that is a simple relation, such as `permission foo = bar`.
type Schema ¶
type Schema struct {
Definitions map[string]*Definition
Caveats map[string]*Caveat
}
Schema is a view of a complete schema, with all definitions and caveats.
func BuildSchemaFromCompiledSchema ¶
func BuildSchemaFromCompiledSchema(schema compiler.CompiledSchema) (*Schema, error)
BuildSchemaFromCompiledSchema generates a Schema view from a CompiledSchema.
func BuildSchemaFromDefinitions ¶
func BuildSchemaFromDefinitions(objectDefs []*corev1.NamespaceDefinition, caveatDefs []*corev1.CaveatDefinition) (*Schema, error)
BuildSchemaFromDefinitions generates a Schema view from the base core.v1 protos.
type UnionOperation ¶
type UnionOperation struct {
Children []Operation
}
UnionOperation is an Operation that represents `permission foo = a | b | c`.
Source Files