check

package
v1.14.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2026 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Overview

Package check is a generated GoMock package.

Index

Constants

View Source 
const BaseIndex = 0
View Source 
const DefaultStrategyName = "default"
View Source 
const DifferenceIndex = 1
View Source 
const IteratorMinBatchThreshold = 100
View Source 
const RecursiveStrategyName = "recursive"
View Source 
const WeightTwoStrategyName = "weight2"

Variables

View Source 
var DefaultPlan = &planner.PlanConfig{
	Name:         DefaultStrategyName,
	InitialGuess: 50 * time.Millisecond,

	Lambda: 1,

	Alpha: 0.5,
	Beta:  0.5,
}
View Source 
var DefaultRecursivePlan = &planner.PlanConfig{
	Name:         DefaultStrategyName,
	InitialGuess: 500 * time.Millisecond,

	Lambda: 1,

	Alpha: 3.0,
	Beta:  2.0,
}
View Source 
var ErrInvalidUser = errors.New("the 'user' field is malformed")
View Source 
var ErrMissingAuthZModelID = errors.New("missing authorization_model_id")
View Source 
var ErrMissingStoreID = errors.New("missing store_id")
View Source 
var ErrPanicRequest = errors.New("invalid check request")
View Source 
var ErrUsersetInvalidRequest = errors.New("userset request cannot be resolved when exclusion operation is involved")
View Source 
var ErrValidation = errors.New("object relation does not exist")
View Source 
var ErrWildcardInvalidRequest = errors.New("wildcard request cannot be resolved when intersection or exclusion is involved")
View Source 
var RecursivePlan = &planner.PlanConfig{
	Name:         RecursiveStrategyName,
	InitialGuess: 150 * time.Millisecond,

	Lambda: 3.0,

	Alpha: 3.0,
	Beta:  2.0,
}

In general these values tell the query planner that the recursive strategy usually performs around 150 ms but occasionally spikes. However, even when it spikes we want to keep it using it or exploring it despite variance, rather than over-penalizing single slow runs.

Functions

func BuildConditionTupleKeyFilter 

func BuildConditionTupleKeyFilter(ctx context.Context, model *modelgraph.AuthorizationModelGraph, conditions []string, reqCtx *structpb.Struct) iterator.FilterFunc[*openfgav1.TupleKey]

func BuildUniqueTupleKeyFilter 

func BuildUniqueTupleKeyFilter(visited *sync.Map, keyFunc func(key *openfgav1.TupleKey) string) iterator.FilterFunc[*openfgav1.TupleKey]

Types

type CheckResolver 

type CheckResolver interface {
	ResolveCheck(context.Context, *Request) (*Response, error)
	ResolveUnion(context.Context, *Request, *authzGraph.WeightedAuthorizationModelNode, *sync.Map) (*Response, error)
}

type Config 

type Config struct {
	Model                     *modelgraph.AuthorizationModelGraph
	Datastore                 storage.RelationshipTupleReader
	Cache                     storage.InMemoryCache[any]
	CacheTTL                  time.Duration
	LastCacheInvalidationTime time.Time
	Planner                   planner.Manager
	ConcurrencyLimit          int
	UpstreamTimeout           time.Duration
	Logger                    logger.Logger
	Strategies                map[string]Strategy
}

type DefaultStrategy 

type DefaultStrategy struct {
	// contains filtered or unexported fields
}

func NewDefault 

func NewDefault(model *modelgraph.AuthorizationModelGraph, resolver CheckResolver, limit int) *DefaultStrategy

func (*DefaultStrategy) TTU 

func (s *DefaultStrategy) TTU(ctx context.Context, req *Request, edge *authzGraph.WeightedAuthorizationModelEdge, iter storage.TupleKeyIterator, visited *sync.Map) (*Response, error)

func (*DefaultStrategy) Userset 

func (s *DefaultStrategy) Userset(ctx context.Context, req *Request, edge *authzGraph.WeightedAuthorizationModelEdge, iter storage.TupleKeyIterator, visited *sync.Map) (*Response, error)

defaultUserset will check userset path. This is the slow path as it requires dispatch on all its children.

type MockCheckResolver 

type MockCheckResolver struct {
	// contains filtered or unexported fields
}

MockCheckResolver is a mock of CheckResolver interface.

func NewMockCheckResolver 

func NewMockCheckResolver(ctrl *gomock.Controller) *MockCheckResolver

NewMockCheckResolver creates a new mock instance.

func (*MockCheckResolver) EXPECT 

func (m *MockCheckResolver) EXPECT() *MockCheckResolverMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockCheckResolver) ResolveCheck 

func (m *MockCheckResolver) ResolveCheck(arg0 context.Context, arg1 *Request) (*Response, error)

ResolveCheck mocks base method.

func (*MockCheckResolver) ResolveUnion 

func (m *MockCheckResolver) ResolveUnion(arg0 context.Context, arg1 *Request, arg2 *graph.WeightedAuthorizationModelNode, arg3 *sync.Map) (*Response, error)

ResolveUnion mocks base method.

type MockCheckResolverMockRecorder 

type MockCheckResolverMockRecorder struct {
	// contains filtered or unexported fields
}

MockCheckResolverMockRecorder is the mock recorder for MockCheckResolver.

func (*MockCheckResolverMockRecorder) ResolveCheck 

func (mr *MockCheckResolverMockRecorder) ResolveCheck(arg0, arg1 any) *gomock.Call

ResolveCheck indicates an expected call of ResolveCheck.

func (*MockCheckResolverMockRecorder) ResolveUnion 

func (mr *MockCheckResolverMockRecorder) ResolveUnion(arg0, arg1, arg2, arg3 any) *gomock.Call

ResolveUnion indicates an expected call of ResolveUnion.

type Recursive 

type Recursive struct {
	// contains filtered or unexported fields
}

func NewRecursive 

func NewRecursive(model *modelgraph.AuthorizationModelGraph, ds storage.RelationshipTupleReader, limit int) *Recursive

func (*Recursive) TTU 

func (s *Recursive) TTU(ctx context.Context, req *Request, edge *authzGraph.WeightedAuthorizationModelEdge, rightIter storage.TupleKeyIterator, _ *sync.Map) (*Response, error)

recursiveTTU solves a union relation of the form "{operand1} OR ... {operandN} OR {recursive TTU}" rightIter gives the iterator for the recursive TTU.

func (*Recursive) Userset 

func (s *Recursive) Userset(ctx context.Context, req *Request, edge *authzGraph.WeightedAuthorizationModelEdge, rightIter storage.TupleKeyIterator, _ *sync.Map) (*Response, error)

type RecursiveType 

type RecursiveType int8
const (
	RecursiveTypeUserset RecursiveType = 0
	RecursiveTypeTTU     RecursiveType = 1
)

type Request 

type Request struct {
	StoreID              string
	AuthorizationModelID string
	TupleKey             *openfgav1.TupleKey
	ContextualTuples     []*openfgav1.TupleKey
	Context              *structpb.Struct
	Consistency          openfgav1.ConsistencyPreference
	// contains filtered or unexported fields
}

func NewRequest 

func NewRequest(p RequestParams) (*Request, error)

func (*Request) GetAuthorizationModelID 

func (r *Request) GetAuthorizationModelID() string

func (*Request) GetCacheKey 

func (r *Request) GetCacheKey() string

func (*Request) GetConsistency 

func (r *Request) GetConsistency() openfgav1.ConsistencyPreference

func (*Request) GetContext 

func (r *Request) GetContext() *structpb.Struct

func (*Request) GetContextualTuples 

func (r *Request) GetContextualTuples() []*openfgav1.TupleKey

func (*Request) GetContextualTuplesByObjectID 

func (r *Request) GetContextualTuplesByObjectID(objectID, relation, userType string) ([]*openfgav1.TupleKey, bool)

GetContextualTuplesByObjectID returns the map of contextual tuples indexed by objectId+relation+userType.

func (*Request) GetContextualTuplesByUserID 

func (r *Request) GetContextualTuplesByUserID(userID, relation, objectType string) ([]*openfgav1.TupleKey, bool)

GetContextualTuplesByUserID returns the map of contextual tuples indexed by userId+relation+objectType.

func (*Request) GetInvariantCacheKey 

func (r *Request) GetInvariantCacheKey() string

func (*Request) GetObjectType 

func (r *Request) GetObjectType() string

func (*Request) GetStoreID 

func (r *Request) GetStoreID() string

func (*Request) GetTupleKey 

func (r *Request) GetTupleKey() *openfgav1.TupleKey

func (*Request) GetTupleString 

func (r *Request) GetTupleString() string

func (*Request) GetUserType 

func (r *Request) GetUserType() string

func (*Request) IsTypedWildcard 

func (r *Request) IsTypedWildcard() bool

type RequestParams 

type RequestParams = struct {
	StoreID          string
	Model            *modelgraph.AuthorizationModelGraph
	TupleKey         *openfgav1.TupleKey
	ContextualTuples []*openfgav1.TupleKey
	Context          *structpb.Struct
	Consistency      openfgav1.ConsistencyPreference
}

type Resolver 

type Resolver struct {
	// contains filtered or unexported fields
}

func New 

func New(cfg Config) *Resolver

func (*Resolver) ResolveCheck 

func (r *Resolver) ResolveCheck(ctx context.Context, req *Request) (*Response, error)

func (*Resolver) ResolveEdge 

func (r *Resolver) ResolveEdge(ctx context.Context, req *Request, edge *authzGraph.WeightedAuthorizationModelEdge, visited *sync.Map) (*Response, error)

func (*Resolver) ResolveExclusion 

func (r *Resolver) ResolveExclusion(ctx context.Context, req *Request, node *authzGraph.WeightedAuthorizationModelNode) (*Response, error)

reduce as a logical exclusion operation if base is false, short circuit.

func (*Resolver) ResolveIntersection 

func (r *Resolver) ResolveIntersection(ctx context.Context, req *Request, node *authzGraph.WeightedAuthorizationModelNode) (*Response, error)

reduce as a logical intersection operation (exit the moment we have a single false) should panic if a single handler returns nil.

func (*Resolver) ResolveRecursive 

func (r *Resolver) ResolveRecursive(ctx context.Context, req *Request, edge *authzGraph.WeightedAuthorizationModelEdge, visited *sync.Map, canApplyOptimization bool) (*Response, error)

func (*Resolver) ResolveRewrite 

func (r *Resolver) ResolveRewrite(ctx context.Context, req *Request, node *authzGraph.WeightedAuthorizationModelNode, visited *sync.Map) (*Response, error)

func (*Resolver) ResolveUnion 

func (r *Resolver) ResolveUnion(ctx context.Context, req *Request, node *authzGraph.WeightedAuthorizationModelNode, visited *sync.Map) (*Response, error)

reduce as a logical union operation (exit the moment we have a single true).

func (*Resolver) ResolveUnionEdges 

func (r *Resolver) ResolveUnionEdges(ctx context.Context, req *Request, edges []*authzGraph.WeightedAuthorizationModelEdge, visited *sync.Map) (*Response, error)

type Response 

type Response struct {
	Allowed bool
}

func (*Response) GetAllowed 

func (r *Response) GetAllowed() bool

type ResponseCacheEntry 

type ResponseCacheEntry struct {
	LastModified time.Time
	Res          *Response
}

type ResponseMsg 

type ResponseMsg struct {
	ID  string
	Res *Response
	Err error
}

type Strategy 

type Strategy interface {
	Userset(context.Context, *Request, *authzGraph.WeightedAuthorizationModelEdge, storage.TupleKeyIterator, *sync.Map) (*Response, error)
	TTU(context.Context, *Request, *authzGraph.WeightedAuthorizationModelEdge, storage.TupleKeyIterator, *sync.Map) (*Response, error)
}

type Weight2 

type Weight2 struct {
	// contains filtered or unexported fields
}

func NewWeight2 

func NewWeight2(model *modelgraph.AuthorizationModelGraph, ds storage.RelationshipTupleReader) *Weight2

func (*Weight2) TTU 

func (s *Weight2) TTU(ctx context.Context, req *Request, edge *authzGraph.WeightedAuthorizationModelEdge, iter storage.TupleKeyIterator, _ *sync.Map) (*Response, error)

func (*Weight2) Userset 

func (s *Weight2) Userset(ctx context.Context, req *Request, edge *authzGraph.WeightedAuthorizationModelEdge, iter storage.TupleKeyIterator, _ *sync.Map) (*Response, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.