openfga

package

v1.50.0 Latest Latest Go to latest Published: Mar 6, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cloudoperators/heureka

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AccessibleResource
type Authorization
type Authz
type NoAuthz
type ObjectId
- func ObjectIdFromInt(id int64) ObjectId
type ObjectType
type RelationInput
type RelationType
type UserId
- func UserIdFromInt(id int64) UserId
type UserType

Constants ¶

View Source

const (
	IDUser              = "userID"
	IDRole              = "roleID"
	IDSupportGroup      = "supportGroupID"
	IDService           = "serviceID"
	IDComponent         = "componentID"
	IDComponentVersion  = "componentVersionID"
	IDComponentInstance = "componentInstanceID"
	IDIssueMatch        = "issueMatchID"
)

IDs (shared across userId/objectId tuple definitions)

View Source

const (
	TypeUser              = "user"
	TypeRole              = "role"
	TypeSupportGroup      = "support_group"
	TypeService           = "service"
	TypeComponent         = "component"
	TypeComponentVersion  = "component_version"
	TypeComponentInstance = "component_instance"
	TypeIssueMatch        = "issue_match"
)

Types (shared across userType/objectType tuple definitions)

View Source

const (
	RelCanView           = "can_view"
	RelRole              = "role"
	RelSupportGroup      = "support_group"
	RelRelatedService    = "related_service"
	RelOwner             = "owner"
	RelAdmin             = "admin"
	RelMember            = "member"
	RelComponentInstance = "component_instance"
	RelComponentVersion  = "component_version"
)

Relations (shared across relations tuple definitions)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AccessibleResource ¶

type AccessibleResource struct {
	ObjectType ObjectType
	ObjectId   ObjectId
}

type Authorization ¶

type Authorization interface {
	// Check if userId has permission on resourceId
	CheckPermission(r RelationInput) (bool, error)
	// Add relationship between userId and resourceId
	AddRelation(r RelationInput) error
	// Add multiple relationships between userId and resourceId
	AddRelationBulk(r []RelationInput) error
	// Remove a single relationship between userId and resourceId
	RemoveRelation(r RelationInput) error
	// Remove all relations that match any given RelationInput as filters
	RemoveRelationBulk(r []RelationInput) error
	// Remove all relations in the authorization store
	RemoveAllRelations() error
	// Update relations based on filters provided
	UpdateRelation(r RelationInput, u RelationInput) error
	// List Relations based on multiple filters
	ListRelations(filters RelationInput) ([]client.ClientTupleKeyWithoutCondition, error)
	// ListAccessibleResources returns a list of resource Ids that the user can access.
	ListAccessibleResources(r RelationInput) ([]AccessibleResource, error)
}

func NewAuthorizationHandler ¶

func NewAuthorizationHandler(cfg *util.Config, enablelog bool) Authorization

func NewAuthz ¶

func NewAuthz(l *logrus.Logger, cfg *util.Config) Authorization

Creates new Authorization implement using OpenFGA

func NewNoAuthz ¶

func NewNoAuthz(cfg *util.Config) Authorization

type Authz ¶

type Authz struct {
	// contains filtered or unexported fields
}

func (*Authz) AddRelation ¶

func (a *Authz) AddRelation(r RelationInput) error

AddRelation adds a specified relationship between userId and objectId.

func (*Authz) AddRelationBulk ¶ added in v1.47.0

func (a *Authz) AddRelationBulk(relations []RelationInput) error

AddRelationBulk adds multiple specified relationships between userId(s) and objectId(s).

func (*Authz) CheckPermission ¶

func (a *Authz) CheckPermission(r RelationInput) (bool, error)

CheckPermission checks if userId has permission on objectId.

func (*Authz) ListAccessibleResources ¶

func (a *Authz) ListAccessibleResources(r RelationInput) ([]AccessibleResource, error)

ListAccessibleResources returns a list of objectIds of a certain objectType that the user can access.

func (*Authz) ListRelations ¶ added in v1.47.0

func (a *Authz) ListRelations(filter RelationInput) ([]client.ClientTupleKeyWithoutCondition, error)

ListRelations lists all relations that match any given RelationInput as filter(s)

func (*Authz) RemoveAllRelations ¶ added in v1.47.0

func (a *Authz) RemoveAllRelations() error

RemoveAllRelations removes all tuples for the store backing the provided Authorization.

func (*Authz) RemoveRelation ¶

func (a *Authz) RemoveRelation(r RelationInput) error

RemoveRelation removes a relationship between userId and objectId.

func (*Authz) RemoveRelationBulk ¶ added in v1.47.0

func (a *Authz) RemoveRelationBulk(r []RelationInput) error

RemoveRelationBulk removes all relations that match the given RelationInput as filters.

func (*Authz) UpdateRelation ¶ added in v1.47.0

func (a *Authz) UpdateRelation(add RelationInput, rem RelationInput) error

UpdateRelation updates relations by removing relations that match the filter for the old relation and adding the new relation.

type NoAuthz ¶

type NoAuthz struct {
	// contains filtered or unexported fields
}

func (*NoAuthz) AddRelation ¶

func (a *NoAuthz) AddRelation(r RelationInput) error

AddRelation adds a relationship between userId and resourceId.

func (*NoAuthz) AddRelationBulk ¶ added in v1.47.0

func (a *NoAuthz) AddRelationBulk(r []RelationInput) error

AddRelationBulk adds multiple relationships between userId and resourceId.

func (*NoAuthz) CheckPermission ¶

func (a *NoAuthz) CheckPermission(r RelationInput) (bool, error)

CheckPermission checks if userId has permission on resourceId.

func (*NoAuthz) ListAccessibleResources ¶

func (a *NoAuthz) ListAccessibleResources(r RelationInput) ([]AccessibleResource, error)

ListAccessibleResources returns a list of resource Ids that the user can access.

func (*NoAuthz) ListRelations ¶ added in v1.47.0

func (a *NoAuthz) ListRelations(input RelationInput) ([]client.ClientTupleKeyWithoutCondition, error)

ListRelations lists all relations for a given input.

func (*NoAuthz) RemoveAllRelations ¶ added in v1.47.0

func (a *NoAuthz) RemoveAllRelations() error

RemoveAllRelations removes all relations in the authorization store, used mainly for tests

func (*NoAuthz) RemoveRelation ¶

func (a *NoAuthz) RemoveRelation(r RelationInput) error

RemoveRelation removes a relationship between userId and resourceId.

func (*NoAuthz) RemoveRelationBulk ¶ added in v1.47.0

func (a *NoAuthz) RemoveRelationBulk(input []RelationInput) error

DeleteObjectRelations deletes all relations for a given object.

func (*NoAuthz) UpdateRelation ¶ added in v1.47.0

func (a *NoAuthz) UpdateRelation(r RelationInput, u RelationInput) error

UpdateRelation updates a relationship between userId and resourceId.

type ObjectId ¶

type ObjectId string

func ObjectIdFromInt ¶ added in v1.47.0

func ObjectIdFromInt(id int64) ObjectId

ObjectIdFromInt converts a numeric ID to an OpenFGA ObjectId.

type ObjectType ¶

type ObjectType string

type RelationInput ¶

type RelationInput struct {
	UserType   UserType
	UserId     UserId
	Relation   RelationType
	ObjectType ObjectType
	ObjectId   ObjectId
}

type RelationType ¶

type RelationType string

type UserId ¶

type UserId string

func UserIdFromInt ¶ added in v1.47.0

func UserIdFromInt(id int64) UserId

UserIdFromInt converts an int ID to an OpenFGA UserId.

type UserType ¶

type UserType string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL