client

package
v0.15.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2025 License: MIT Imports: 39 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrGroupRoleAssignmentNotFound is returned when a group role assignment is not found.
	ErrGroupRoleAssignmentNotFound = errors.New("group role assignment not found")
)

Functions

This section is empty.

Types

type AlreadyExistsError added in v0.5.0 

type AlreadyExistsError struct {
	// contains filtered or unexported fields
}

func (*AlreadyExistsError) Error added in v0.5.0 

func (e *AlreadyExistsError) Error() string

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func New 

func New(ctx context.Context, db *db.DB, storageClient kclient.Client, encryptionConfig *encryptionconfig.EncryptionConfiguration, ownerEmails, adminEmails []string, auditLogPersistenceInterval time.Duration, auditLogBatchSize int) *Client

func (*Client) ActiveUsersByDate added in v0.7.1 

func (c *Client) ActiveUsersByDate(ctx context.Context, start, end time.Time) ([]types.User, error)

func (*Client) ActivitiesByUser added in v0.7.1 

func (c *Client) ActivitiesByUser(ctx context.Context, userID string, start, end time.Time) ([]types.APIActivity, error)

func (*Client) AddActivityForToday added in v0.7.1 

func (c *Client) AddActivityForToday(ctx context.Context, userID string) error

func (*Client) ClearTempUserCache added in v0.13.0 

func (c *Client) ClearTempUserCache(ctx context.Context) error

ClearTempUserCache removes all cached temporary users from the database.

func (*Client) Close 

func (c *Client) Close() error

func (*Client) CreateGroupRoleAssignment added in v0.15.0 

func (c *Client) CreateGroupRoleAssignment(ctx context.Context, groupName string, role types2.Role, description string) (*types.GroupRoleAssignment, error)

CreateGroupRoleAssignment creates a new group role assignment.

func (*Client) CreateImage added in v0.7.0 

func (c *Client) CreateImage(ctx context.Context, data []byte, mimeType string) (*types.Image, error)

CreateImage stores a new image in the database

func (*Client) CreateRunState added in v0.7.0 

func (c *Client) CreateRunState(ctx context.Context, runState *types.RunState) error

func (*Client) CreateTokenRequest added in v0.13.0 

func (c *Client) CreateTokenRequest(ctx context.Context, tr *types.TokenRequest) error

CreateTokenRequest creates a new token request in the database.

func (*Client) DeleteGroupRoleAssignment added in v0.15.0 

func (c *Client) DeleteGroupRoleAssignment(ctx context.Context, groupName string) error

DeleteGroupRoleAssignment deletes a group role assignment by group name.

func (*Client) DeleteImage added in v0.7.0 

func (c *Client) DeleteImage(ctx context.Context, id string) error

DeleteImage removes an image from the database

func (*Client) DeleteMCPOAuthTokenForAllUsers added in v0.8.0 

func (c *Client) DeleteMCPOAuthTokenForAllUsers(ctx context.Context, mcpID string) error

func (*Client) DeleteMCPOAuthTokenForURL added in v0.15.0 

func (c *Client) DeleteMCPOAuthTokenForURL(ctx context.Context, userID, mcpID, mcpURL string) error

func (*Client) DeleteMCPOAuthTokens added in v0.15.0 

func (c *Client) DeleteMCPOAuthTokens(ctx context.Context, userID, mcpID string) error

func (*Client) DeleteRunState added in v0.7.0 

func (c *Client) DeleteRunState(ctx context.Context, namespace, name string) error

func (*Client) DeleteSessionsForUser added in v0.8.0 

func (c *Client) DeleteSessionsForUser(ctx context.Context, storageClient kclient.Client, identities []types.Identity, sessionID string) error

func (*Client) DeleteUser added in v0.5.0 

func (c *Client) DeleteUser(ctx context.Context, userID string) (*types.User, error)

func (*Client) EncryptIdentities added in v0.8.0 

func (c *Client) EncryptIdentities(ctx context.Context, force bool) error

EncryptIdentities will pull all identities out of the database and ensure they are encrypted.

func (*Client) EncryptUsers added in v0.13.0 

func (c *Client) EncryptUsers(ctx context.Context, force bool) error

EncryptUsers will pull all users out of the database and ensure they are encrypted.

func (*Client) EnsureIdentity 

func (c *Client) EnsureIdentity(ctx context.Context, id *types.Identity, timezone string) (*types.User, error)

EnsureIdentity ensures that the given identity exists in the database, and returns the user associated with it.

func (*Client) EnsureIdentityWithRole added in v0.5.0 

func (c *Client) EnsureIdentityWithRole(ctx context.Context, id *types.Identity, timezone string, role types2.Role) (*types.User, error)

EnsureIdentityWithRole ensures the given identity exists in the database with the at least the given role, and returns the user associated with it. If the user already exists with a superset of the given role, it will not be updated.

func (*Client) FindIdentitiesForUser added in v0.8.0 

func (c *Client) FindIdentitiesForUser(ctx context.Context, userID uint) ([]types.Identity, error)

FindIdentitiesForUser finds all identities for the given user.

func (*Client) GetAuditLogFilterOptions added in v0.8.0 

func (c *Client) GetAuditLogFilterOptions(ctx context.Context, option string, opts MCPAuditLogOptions, exclude ...any) ([]string, error)

func (*Client) GetExplicitRoleEmails added in v0.13.0 

func (c *Client) GetExplicitRoleEmails() map[string]types2.Role

GetExplicitRoleEmails returns a copy of all emails with explicit roles. Used by setup endpoints to list Owner and Admin emails.

func (*Client) GetGroupRoleAssignment added in v0.15.0 

func (c *Client) GetGroupRoleAssignment(ctx context.Context, groupName string) (*types.GroupRoleAssignment, error)

GetGroupRoleAssignment returns a specific group role assignment by group name.

func (*Client) GetGroupRoleAssignmentsForGroups added in v0.15.0 

func (c *Client) GetGroupRoleAssignmentsForGroups(ctx context.Context, groupNames []string) ([]types.GroupRoleAssignment, error)

GetGroupRoleAssignmentsForGroups retrieves all role assignments for the given group names. This is used during role resolution to find all roles assigned to a user's groups.

func (*Client) GetImage added in v0.7.0 

func (c *Client) GetImage(ctx context.Context, id string) (*types.Image, error)

GetImage retrieves an image by its ID

func (*Client) GetMCPAuditLog added in v0.15.1 

func (c *Client) GetMCPAuditLog(ctx context.Context, id uint, withRequestAndResponse bool) (*types.MCPAuditLog, error)

GetMCPAuditLog retrieves a single MCP audit log by ID

func (*Client) GetMCPAuditLogs added in v0.8.0 

func (c *Client) GetMCPAuditLogs(ctx context.Context, opts MCPAuditLogOptions) ([]types.MCPAuditLog, int64, error)

GetMCPAuditLogs retrieves MCP audit logs with optional filters

func (*Client) GetMCPOAuthToken added in v0.8.0 

func (c *Client) GetMCPOAuthToken(ctx context.Context, userID, mcpID, url string) (*types.MCPOAuthToken, error)

func (*Client) GetMCPOAuthTokenByState added in v0.8.0 

func (c *Client) GetMCPOAuthTokenByState(ctx context.Context, state string) (*types.MCPOAuthToken, error)

func (*Client) GetMCPUsageStats added in v0.8.0 

func (c *Client) GetMCPUsageStats(ctx context.Context, opts MCPUsageStatsOptions) (types.MCPUsageStatsList, error)

GetMCPUsageStats retrieves usage statistics for MCP servers

func (*Client) GetProperty added in v0.13.0 

func (c *Client) GetProperty(ctx context.Context, key string) (types.Property, error)

func (*Client) GetTempUserCache added in v0.13.0 

func (c *Client) GetTempUserCache(ctx context.Context) *types.TempSetupUser

GetTempUserCache retrieves the cached temporary user, if one exists. Returns nil if no user is cached.

func (*Client) GetUserGroupMemberships added in v0.15.0 

func (c *Client) GetUserGroupMemberships(ctx context.Context, userIDs []uint) (map[uint][]string, error)

GetUserGroupMemberships fetches group memberships for multiple users in a single query. Returns a map of userID to slice of groupIDs.

func (*Client) GetUsersInGroup added in v0.15.0 

func (c *Client) GetUsersInGroup(ctx context.Context, groupName string) ([]types.User, error)

GetUsersInGroup returns all users who are members of the given group. This is used to find users affected by GroupRoleAssignment changes.

func (*Client) GetVirusScannerConfig added in v0.8.0 

func (c *Client) GetVirusScannerConfig(ctx context.Context) (*types.FileScannerConfig, error)

func (*Client) HasExplicitRole added in v0.12.0 

func (c *Client) HasExplicitRole(email string) types2.Role

func (*Client) InsertTokenUsage added in v0.8.0 

func (c *Client) InsertTokenUsage(ctx context.Context, activity *types.RunTokenActivity) error

func (*Client) ListAuthGroups added in v0.9.0 

func (c *Client) ListAuthGroups(ctx context.Context, authProviderURL, authProviderNamespace, authProviderName, nameFilter string) ([]types.Group, error)

ListAuthGroups lists the auth provider groups for the given auth provider.

It supports fuzzy finding group names using on the given nameFilter. It queries the auth provider for "live" group search from the auth provider, then combines the results with cached groups from the database. This allows admins to discover groups that authenticated users belong to for auth providers limited group search capabilities.

func (*Client) ListGroupIDsForUser added in v0.9.0 

func (c *Client) ListGroupIDsForUser(ctx context.Context, userID uint) ([]string, error)

ListGroupIDsForUser lists the group IDs that the given user is a member of. This can include groups from multiple auth providers.

func (*Client) ListGroupRoleAssignments added in v0.15.0 

func (c *Client) ListGroupRoleAssignments(ctx context.Context) ([]types.GroupRoleAssignment, error)

ListGroupRoleAssignments returns all group role assignments from the database.

func (*Client) LogMCPAuditEntry added in v0.10.0 

func (c *Client) LogMCPAuditEntry(entry types.MCPAuditLog)

func (*Client) NewAuthToken added in v0.8.0 

func (c *Client) NewAuthToken(
	ctx context.Context,
	authProviderNamespace,
	authProviderName string,
	authProviderUserID string,
	userID uint,
	tr *types.TokenRequest,
) (*types.AuthToken, error)

func (*Client) RemainingTokenUsageForUser added in v0.8.0 

func (c *Client) RemainingTokenUsageForUser(ctx context.Context, userID string, period time.Duration, promptTokenLimit, completionTokenLimit int) (*types.RemainingTokenUsage, error)

func (*Client) RemoveIdentity added in v0.5.0 

func (c *Client) RemoveIdentity(ctx context.Context, id *types.Identity) error

RemoveIdentity deletes an identity from the database. The identity is deleted using UserID if set, otherwise ProviderUsername. The method is idempotent and ignores not-found errors, returning only unexpected errors.

func (*Client) RemoveIdentityAndUser added in v0.9.0 

func (c *Client) RemoveIdentityAndUser(ctx context.Context, id *types.Identity) (uint, error)

RemoveIdentityAndUser deletes an identity and the associated user from the database. The identity and user are deleted using UserID if set, otherwise ProviderUsername. The method is idempotent and ignores not-found errors, returning only unexpected errors.

func (*Client) ReplaceMCPOAuthToken added in v0.8.0 

func (c *Client) ReplaceMCPOAuthToken(ctx context.Context, userID, mcpID, url, oauthAuthRequestID, state, verifier string, oauthConf *oauth2.Config, token *oauth2.Token) error

func (*Client) ResolveUserEffectiveRole added in v0.15.0 

func (c *Client) ResolveUserEffectiveRole(ctx context.Context, user *types.User, authGroupIDs []string) (types2.Role, error)

ResolveUserEffectiveRole computes the effective role for a user by combining: 1. Individual role from users table 2. Group-based roles from GroupRoleAssignments Returns the highest base role plus Auditor (if present).

func (*Client) ResolveUserEffectiveRolesBulk added in v0.15.0 

func (c *Client) ResolveUserEffectiveRolesBulk(ctx context.Context, users []types.User, userGroupMemberships map[uint][]string) (map[uint]types2.Role, error)

ResolveUserEffectiveRolesBulk computes effective roles for multiple users efficiently. It performs a single database query to fetch all group role assignments for all users' groups. Returns a map of userID to their effective role.

func (*Client) RunState added in v0.7.0 

func (c *Client) RunState(ctx context.Context, namespace, name string) (*types.RunState, error)

func (*Client) SetProperty added in v0.13.0 

func (c *Client) SetProperty(ctx context.Context, key, value string) (types.Property, error)

func (*Client) SetTempUserCache added in v0.13.0 

func (c *Client) SetTempUserCache(ctx context.Context, user *types.User, authProviderName, authProviderNamespace string) error

SetTempUserCache stores a temporary user in the database for the bootstrap setup flow. Returns an error if a user is already cached.

func (*Client) TokenUsageByUser added in v0.8.0 

func (c *Client) TokenUsageByUser(ctx context.Context, start, end time.Time, includePersonalTokenUsage bool) ([]types.RunTokenActivity, error)

func (*Client) TokenUsageForUser added in v0.8.0 

func (c *Client) TokenUsageForUser(ctx context.Context, userID string, start, end time.Time) ([]types.RunTokenActivity, error)

func (*Client) TotalTokenUsageForUser added in v0.8.0 

func (c *Client) TotalTokenUsageForUser(ctx context.Context, userID string, start, end time.Time, includePersonalTokenUsage bool) (types.RunTokenActivity, error)

func (*Client) UpdateGroupRoleAssignment added in v0.15.0 

func (c *Client) UpdateGroupRoleAssignment(ctx context.Context, groupName string, role types2.Role, description string) (*types.GroupRoleAssignment, error)

UpdateGroupRoleAssignment updates an existing group role assignment.

func (*Client) UpdateProfileIfNeeded added in v0.8.0 

func (c *Client) UpdateProfileIfNeeded(ctx context.Context, user *types.User, authProviderName, authProviderNamespace, authProviderURL string) error

func (*Client) UpdateRunState added in v0.7.0 

func (c *Client) UpdateRunState(ctx context.Context, runState *types.RunState) error

func (*Client) UpdateUser added in v0.5.0 

func (c *Client) UpdateUser(ctx context.Context, actingUserCanChangeRole bool, updatedUser *types.User, userID string) (*types.User, error)

func (*Client) UpdateUserInternalStatus added in v0.8.0 

func (c *Client) UpdateUserInternalStatus(ctx context.Context, userID string, internal bool) error

func (*Client) UpdateVirusScannerConfig added in v0.8.0 

func (c *Client) UpdateVirusScannerConfig(ctx context.Context, config *types.FileScannerConfig) error

func (*Client) User 

func (c *Client) User(ctx context.Context, username string) (*types.User, error)

func (*Client) UserByID 

func (c *Client) UserByID(ctx context.Context, id string) (*types.User, error)

func (*Client) UserByIDIncludeDeleted added in v0.9.0 

func (c *Client) UserByIDIncludeDeleted(ctx context.Context, id string) (*types.User, error)

UserByIDIncludeDeleted returns a user by ID including soft-deleted users (for audit purposes)

func (*Client) UserFromToken added in v0.8.0 

func (c *Client) UserFromToken(ctx context.Context, token string) (*types.User, string, string, string, []string, error)

func (*Client) Users added in v0.5.0 

func (c *Client) Users(ctx context.Context, query types.UserQuery) ([]types.User, error)

func (*Client) UsersIncludeDeleted added in v0.9.0 

func (c *Client) UsersIncludeDeleted(ctx context.Context, query types.UserQuery) ([]types.User, error)

UsersIncludeDeleted returns all users including soft-deleted ones (for audit purposes)

type ExplicitRoleError added in v0.12.0 

type ExplicitRoleError struct {
	// contains filtered or unexported fields
}

func (*ExplicitRoleError) Error added in v0.12.0 

func (e *ExplicitRoleError) Error() string

type FetchUserGroupsError added in v0.15.0 

type FetchUserGroupsError struct {
	ProviderUserID string
	Message        string
}

FetchUserGroupsError represents an error that occurs when fetching user groups from the auth provider. This error indicates a configuration issue with the auth provider that requires administrator intervention.

func (*FetchUserGroupsError) Error added in v0.15.0 

func (e *FetchUserGroupsError) Error() string

type LastAdminError added in v0.5.0 

type LastAdminError struct{}

func (*LastAdminError) Error added in v0.5.0 

func (e *LastAdminError) Error() string

type LastOwnerError added in v0.13.0 

type LastOwnerError struct{}

func (*LastOwnerError) Error added in v0.13.0 

func (e *LastOwnerError) Error() string

type LogoutAllErr added in v0.8.0 

type LogoutAllErr struct{}

func (LogoutAllErr) Error added in v0.8.0 

func (e LogoutAllErr) Error() string

type MCPAuditLogOptions added in v0.8.0 

type MCPAuditLogOptions struct {
	WithRequestAndResponse    bool
	PowerUserWorkspaceID      []string // Support filtering by workspace ID(s)
	UserID                    []string
	MCPID                     []string
	MCPServerDisplayName      []string
	MCPServerCatalogEntryName []string
	CallType                  []string
	CallIdentifier            []string
	SessionID                 []string
	ClientName                []string
	ClientVersion             []string
	ResponseStatus            []string
	ClientIP                  []string
	ProcessingTimeMin         int64
	ProcessingTimeMax         int64
	Query                     string // Search term for text search across multiple fields
	StartTime                 time.Time
	EndTime                   time.Time
	Limit                     int
	Offset                    int
	SortBy                    string // Field to sort by (e.g., "created_at", "user_id", "call_type")
	SortOrder                 string // Sort order: "asc" or "desc"
}

MCPAuditLogOptions represents options for querying MCP audit logs

type MCPUsageStatsOptions added in v0.8.0 

type MCPUsageStatsOptions struct {
	MCPID                      string
	PowerUserWorkspaceID       []string // Workspace filtering support (same as audit logs)
	UserIDs                    []string
	MCPServerDisplayNames      []string
	MCPServerCatalogEntryNames []string
	StartTime                  time.Time
	EndTime                    time.Time
}

MCPUsageStatsOptions represents options for querying MCP usage statistics

type UserDecorator 

type UserDecorator struct {
	// contains filtered or unexported fields
}

func NewUserDecorator 

func NewUserDecorator(next authenticator.Request, client *Client) *UserDecorator

func (UserDecorator) AuthenticateRequest 

func (u UserDecorator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.