database

package

v0.6.0 Latest Latest Go to latest Published: Apr 13, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation ¶

Overview ¶

Package database provides a public API for OPA Control Plane database operations.

This package wraps the internal database layer, exposing Bundle, Source, and Source Data CRUD operations using typed config structs. External consumers work directly with config.Bundle and config.Source types.

Example usage:

db := database.New()
db.WithAuthorizer(myAuthorizer)
rawConfig := []byte(`{"database": {"sql": {"driver": "sqlite3", "dsn": "file::memory:?cache=shared"}}}`)
if err := db.InitDB(ctx, rawConfig); err != nil {
    log.Fatal(err)
}
defer db.CloseDB()

// Upsert a bundle
bundle := &config.Bundle{Name: "my-bundle", Requirements: config.Requirements{{Source: ptr("my-source")}}}
if err := db.UpsertBundle(ctx, "admin", "default", bundle); err != nil {
    log.Fatal(err)
}

// Get a bundle
b, err := db.GetBundle(ctx, "admin", "default", "my-bundle")

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNotFound      = internaldatabase.ErrNotFound
	ErrNotAuthorized = internaldatabase.ErrNotAuthorized
)

Re-export sentinel errors.

View Source

var ErrInvalidJSON = errors.New("invalid JSON")

ErrInvalidJSON indicates the provided JSON could not be deserialized into the expected type.

Functions ¶

This section is empty.

Types ¶

type Database ¶

type Database struct {
	// contains filtered or unexported fields
}

Database wraps the internal database layer, providing a typed API for external consumers.

func New ¶

func New() *Database

New creates a new Database instance with default configuration.

func (*Database) CloseDB ¶

func (d *Database) CloseDB()

CloseDB closes the underlying database connection.

func (*Database) DB ¶

func (d *Database) DB() *sql.DB

DB returns the underlying *sql.DB for use with migration tooling.

func (*Database) DeleteBundle ¶

func (d *Database) DeleteBundle(ctx context.Context, principal, tenant, name string) error

DeleteBundle deletes a bundle by name.

func (*Database) DeleteSource ¶

func (d *Database) DeleteSource(ctx context.Context, principal, tenant, name string) error

DeleteSource deletes a source by name.

func (*Database) Dialect ¶

func (d *Database) Dialect() (string, error)

Dialect returns the SQL dialect name ("sqlite", "postgresql", "mysql", "cockroachdb").

func (*Database) GetBundle ¶

func (d *Database) GetBundle(ctx context.Context, principal, tenant, name string) (*config.Bundle, error)

GetBundle retrieves a bundle by name.

func (*Database) GetSource ¶

func (d *Database) GetSource(ctx context.Context, principal, tenant, name string) (*config.Source, error)

GetSource retrieves a source by name.

func (*Database) InitDB ¶

func (d *Database) InitDB(ctx context.Context, rawConfig []byte) error

InitDB initializes the database connection from a raw root configuration.

The rawConfig must be a JSON (or YAML) document containing a "database" key. Example:

{"database": {"sql": {"driver": "sqlite3", "dsn": "file::memory:?cache=shared"}}}

func (*Database) ListBundles ¶

func (d *Database) ListBundles(ctx context.Context, principal, tenant string, limit int, cursor string) ([]*config.Bundle, string, error)

ListBundles lists bundles for a tenant, returning the bundles and the next cursor.

func (*Database) ListSources ¶

func (d *Database) ListSources(ctx context.Context, principal, tenant string, limit int, cursor string) ([]*config.Source, string, error)

ListSources lists sources for a tenant, returning the sources and the next cursor.

func (*Database) SourcesDataDelete ¶

func (d *Database) SourcesDataDelete(ctx context.Context, sourceName, path, principal, tenant string) error

SourcesDataDelete deletes source data at the given path.

func (*Database) SourcesDataGet ¶

func (d *Database) SourcesDataGet(ctx context.Context, sourceName, path, principal, tenant string) (any, bool, error)

SourcesDataGet retrieves source data at the given path. Returns the data, whether it was found, and any error.

func (*Database) SourcesDataPatch ¶

func (d *Database) SourcesDataPatch(ctx context.Context, sourceName, path, principal, tenant string, patchJSON []byte) error

SourcesDataPatch applies a JSON Patch (RFC 6902) to source data at the given path. The patchJSON must be a valid JSON Patch array.

func (*Database) SourcesDataPut ¶

func (d *Database) SourcesDataPut(ctx context.Context, sourceName, path string, data any, principal, tenant string) error

SourcesDataPut stores source data at the given path.

func (*Database) Tenants ¶

func (d *Database) Tenants(ctx context.Context) iter.Seq2[string, error]

Tenants iterates over all tenant names in the database.

func (*Database) UpsertBundle ¶

func (d *Database) UpsertBundle(ctx context.Context, principal, tenant string, bundle *config.Bundle) error

UpsertBundle creates or updates a bundle.

func (*Database) UpsertPrincipal ¶

func (d *Database) UpsertPrincipal(ctx context.Context, id, role, tenant string) error

UpsertPrincipal creates or updates a principal (user/service account).

func (*Database) UpsertSource ¶

func (d *Database) UpsertSource(ctx context.Context, principal, tenant string, source *config.Source) error

UpsertSource creates or updates a source.

func (*Database) WithAccessFactory ¶

func (d *Database) WithAccessFactory(af ext_authz.AccessFactory) *Database

WithAccessFactory sets the factory for creating access descriptors.

func (*Database) WithAuthorizer ¶

func (d *Database) WithAuthorizer(a ext_authz.Authorizer) *Database

WithAuthorizer sets the authorizer for permission checks.

Source Files ¶

View all Source files

database.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL