graph

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 25, 2023 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Overview

Package graph is a generated GoMock package.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrResolutionDepthExceeded = errors.New("resolution depth exceeded")
	ErrTargetError             = errors.New("graph: target incorrectly specified")
	ErrNotImplemented          = errors.New("graph: intersection and exclusion are not yet implemented")
)

Functions

func ContextWithResolutionDepth added in v0.2.5 

func ContextWithResolutionDepth(parent context.Context, depth uint32) context.Context

ContextWithResolutionDepth attaches the provided graph resolution depth to the parent context.

func ResolutionDepthFromContext added in v0.2.5 

func ResolutionDepthFromContext(ctx context.Context) (uint32, bool)

ResolutionDepthFromContext returns the current graph resolution depth from the provided context (if any).

Types

type CachedCheckResolver added in v1.3.1 

type CachedCheckResolver struct {
	// contains filtered or unexported fields
}

CachedCheckResolver attempts to resolve check sub-problems via prior computations before delegating the request to some underlying CheckResolver.

func NewCachedCheckResolver added in v1.3.1 

func NewCachedCheckResolver(delegate CheckResolver, opts ...CachedCheckResolverOpt) *CachedCheckResolver

NewCachedCheckResolver constructs a CheckResolver that delegates Check resolution to the provided delegate, but before delegating the query to the delegate a cache-key lookup is made to see if the Check sub-problem has already recently been computed. If the Check sub-problem is in the cache, then the response is returned immediately and no re-computation is necessary. NOTE: the ResolveCheck's resolution data will be set as the default values as we actually did no database lookup

func (*CachedCheckResolver) Close added in v1.3.1 

func (c *CachedCheckResolver) Close()

Close will deallocate resource allocated by the CachedCheckResolver It will not deallocate cache if it has been passed in from WithExistingCache

func (*CachedCheckResolver) ResolveCheck added in v1.3.1 

func (c *CachedCheckResolver) ResolveCheck(
	ctx context.Context,
	req *ResolveCheckRequest,
) (*ResolveCheckResponse, error)

type CachedCheckResolverOpt added in v1.3.1 

type CachedCheckResolverOpt func(*CachedCheckResolver)

CachedCheckResolverOpt defines an option that can be used to change the behavior of cachedCheckResolver instance.

func WithCacheTTL added in v1.3.1 

func WithCacheTTL(ttl time.Duration) CachedCheckResolverOpt

WithCacheTTL sets the TTL (as a duration) for any single Check cache key value.

func WithExistingCache added in v1.3.1 

func WithExistingCache(cache *ccache.Cache[*CachedResolveCheckResponse]) CachedCheckResolverOpt

WithExistingCache sets the cache to the specified cache. Note that the original cache will not be stopped as it may still be used by others. It is up to the caller to check whether the original cache should be stopped.

func WithLogger added in v1.3.1 

func WithLogger(logger logger.Logger) CachedCheckResolverOpt

WithLogger sets the logger for the cached check resolver

func WithMaxCacheSize added in v1.3.1 

func WithMaxCacheSize(size int64) CachedCheckResolverOpt

WithMaxCacheSize sets the maximum size of the Check resolution cache. After this maximum size is met, then cache keys will start being evicted with an LRU policy.

type CachedResolveCheckResponse added in v1.3.1 

type CachedResolveCheckResponse struct {
	Allowed bool
}

CachedResolveCheckResponse is very similar to ResolveCheckResponse except we do not store the ResolutionData. This is due to the fact that the resolution metadata will be incorrect as data is served from cache instead of actual database read.

type CheckFuncReducer added in v0.3.5 

type CheckFuncReducer func(ctx context.Context, concurrencyLimit uint32, handlers ...CheckHandlerFunc) (*ResolveCheckResponse, error)

CheckFuncReducer defines a function that combines or reduces one or more CheckHandlerFunc into a single CheckResponse with a maximum limit on the number of concurrent evaluations that can be in flight at any given time.

type CheckHandlerFunc added in v0.3.5 

type CheckHandlerFunc func(ctx context.Context) (*ResolveCheckResponse, error)

CheckHandlerFunc defines a function that evaluates a CheckResponse or returns an error otherwise.

type CheckResolver added in v0.3.5 

type CheckResolver interface {
	ResolveCheck(ctx context.Context, req *ResolveCheckRequest) (*ResolveCheckResponse, error)
	Close()
}

CheckResolver represents an interface that can be implemented to provide recursive resolution of a Check.

func NewLocalChecker added in v0.3.5 

func NewLocalChecker(ds storage.RelationshipTupleReader, opts ...LocalCheckerOption) CheckResolver

NewLocalChecker constructs a LocalChecker that can be used to evaluate a Check request locally.

type ConnectedObjectGraph 

type ConnectedObjectGraph struct {
	// contains filtered or unexported fields
}

ConnectedObjectGraph represents a graph of relationships and the connectivity between object and relation references within the graph through direct or indirect relationships. The ConnectedObjectGraph should be used to introspect what kind of relationships between object types can exist.

func BuildConnectedObjectGraph 

func BuildConnectedObjectGraph(typesystem *typesystem.TypeSystem) *ConnectedObjectGraph

BuildConnectedObjectGraph builds an object graph representing the graph of relationships between connected object types either through direct or indirect relationships.

func (*ConnectedObjectGraph) PrunedRelationshipIngresses added in v1.2.0 

func (g *ConnectedObjectGraph) PrunedRelationshipIngresses(target *openfgav1.RelationReference, source *openfgav1.RelationReference) ([]*RelationshipIngress, error)

PrunedRelationshipIngresses compute the minimum incoming endges (ingresses) that are possible between the target and the source.

PrunedRelationshipIngresses is primarily used as the driver behind ingresses that work for models including intersection and exclusion. If the ingresses from the source to the target pass through a relationship involving intersection or exclusion (directly or indirectly), then the PrunedRelationshipIngresses will just return the first-most ingress involved in the rewrite.

Consider the following model:

type user type document 

relations
  define allowed: [user]
  define viewer: [user] and allowed

The pruned relationship ingresses from the 'user' type to 'document#viewer' returns only the `document#viewer` ingress but with a 'RequiresFurtherEvalCondition' ingress condition. This is because when evaluating relationships involving intersection or exclusion we choose to only evaluate one operand of the rewrite rule, and for each result found we call Check on the result to evaluate the sub-condition on the 'and allowed' bit.

func (*ConnectedObjectGraph) RelationshipIngresses 

func (g *ConnectedObjectGraph) RelationshipIngresses(target *openfgav1.RelationReference, source *openfgav1.RelationReference) ([]*RelationshipIngress, error)

RelationshipIngresses computes the incoming edges (ingresses) that are possible between the target relation reference and the source relational reference.

To look up Ingresses(`document#viewer`, `source`), where `source` is a type with no relation, look up the definition of relation `document#viewer` and: 1. If `source` is a directly related type then add `source, direct` to the result. 2. If `objectType#relation` is a type and `objectType#relation` can be a `source` then add `objectType#relation, direct` to the result. 3. If computed userset, say `define viewer as writer`, then recurse on `document#writer, source`. 4. If tuple-to-userset, say, `define viewer as viewer from parent`. Go to parent and find its types. In this case, `folder`. Go to `folder` and see if it has a `viewer` relation. If so, recurse on `folder#viewer, source`.

To look up Ingresses(`document#viewer`, `folder#viewer`), look up the definition of relation `document#viewer` and: 1. If `folder#viewer` is a directly related type then add `folder#viewer, direct` to the result. 2. If computed userset, say `define viewer as writer`, then recurse on `document#writer, folder#viewer`. 3. If tuple-to-userset, say, `define viewer as viewer from parent`. Go to parent and find its related types.

  1. If parent's types includes `folder` type, and `folder` contains `viewer` relation then this is exactly a ttu rewrite and....?
  2. Otherwise, suppose the types contains `objectType` which has a relation `viewer`, then recurse on `objectType#viewer, folder#viewer`

type IngressCondition added in v1.2.0 

type IngressCondition int
const (

	// RequiresFurtherEvalCondition indicates an ingress condition whereby results expanded
	// under such an ingress require further Check evaluation before a determination of the
	// outcome can be made.
	//
	// Relationships involving intersection ('and') and/or exclusion ('but not') fall under
	// ingresses with this condition.
	RequiresFurtherEvalCondition IngressCondition = iota

	// NoFurtherEvalCondition indicates an ingress condition whereby results are factual and
	// known to be true and require no further evaluation before a determination of the outcome
	// can be made.
	NoFurtherEvalCondition
)

type LocalChecker added in v0.3.5 

type LocalChecker struct {
	// contains filtered or unexported fields
}

func (*LocalChecker) Close added in v1.3.1 

func (c *LocalChecker) Close()

Close is a noop

func (*LocalChecker) ResolveCheck added in v0.3.5 

func (c *LocalChecker) ResolveCheck(
	ctx context.Context,
	req *ResolveCheckRequest,
) (*ResolveCheckResponse, error)

ResolveCheck resolves a node out of a tree of evaluations. If the depth of the tree has gotten too large, evaluation is aborted and an error is returned. The depth is NOT increased on computed usersets.

func (*LocalChecker) SetDelegate added in v1.3.1 

func (c *LocalChecker) SetDelegate(delegate CheckResolver)

type LocalCheckerOption added in v1.3.0 

type LocalCheckerOption func(d *LocalChecker)

func WithCachedResolver added in v1.3.1 

func WithCachedResolver(opts ...CachedCheckResolverOpt) LocalCheckerOption

func WithDelegate added in v1.3.1 

func WithDelegate(delegate CheckResolver) LocalCheckerOption

func WithMaxConcurrentReads added in v1.3.0 

func WithMaxConcurrentReads(limit uint32) LocalCheckerOption

WithMaxConcurrentReads see server.WithMaxConcurrentReadsForCheck

func WithResolveNodeBreadthLimit added in v1.3.0 

func WithResolveNodeBreadthLimit(limit uint32) LocalCheckerOption

WithResolveNodeBreadthLimit see server.WithResolveNodeBreadthLimit

type MockCheckResolver added in v1.3.1 

type MockCheckResolver struct {
	// contains filtered or unexported fields
}

MockCheckResolver is a mock of CheckResolver interface.

func NewMockCheckResolver added in v1.3.1 

func NewMockCheckResolver(ctrl *gomock.Controller) *MockCheckResolver

NewMockCheckResolver creates a new mock instance.

func (*MockCheckResolver) Close added in v1.3.1 

func (m *MockCheckResolver) Close()

Close mocks base method.

func (*MockCheckResolver) EXPECT added in v1.3.1 

func (m *MockCheckResolver) EXPECT() *MockCheckResolverMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockCheckResolver) ResolveCheck added in v1.3.1 

func (m *MockCheckResolver) ResolveCheck(ctx context.Context, req *ResolveCheckRequest) (*ResolveCheckResponse, error)

ResolveCheck mocks base method.

type MockCheckResolverMockRecorder added in v1.3.1 

type MockCheckResolverMockRecorder struct {
	// contains filtered or unexported fields
}

MockCheckResolverMockRecorder is the mock recorder for MockCheckResolver.

func (*MockCheckResolverMockRecorder) Close added in v1.3.1 

func (mr *MockCheckResolverMockRecorder) Close() *gomock.Call

Close indicates an expected call of Close.

func (*MockCheckResolverMockRecorder) ResolveCheck added in v1.3.1 

func (mr *MockCheckResolverMockRecorder) ResolveCheck(ctx, req interface{}) *gomock.Call

ResolveCheck indicates an expected call of ResolveCheck.

type RelationshipIngress 

type RelationshipIngress struct {

	// The type of the relationship ingress
	Type RelationshipIngressType

	// The relationship reference that defines the ingress to some target relation
	Ingress *openfgav1.RelationReference

	// TuplesetRelation defines the tupleset relation reference that relates a source
	// object reference with a target if the type of the relationship ingress is that
	// of a TupleToUserset
	// TODO this can be just a string for the relation (since the type will be the same as Ingress.Type)
	TuplesetRelation *openfgav1.RelationReference

	Condition IngressCondition
}

RelationshipIngress represents a possible ingress point between some source object reference and a target user reference.

func (RelationshipIngress) String added in v0.4.3 

func (r RelationshipIngress) String() string

type RelationshipIngressType 

type RelationshipIngressType int

RelationshipIngressType is used to define an enum of the type of ingresses between source object references and target user references that exist in the graph of relationships. 

const (
	// DirectIngress defines a direct ingress connection between a source object reference
	// and some target user reference.
	DirectIngress RelationshipIngressType = iota
	TupleToUsersetIngress
	ComputedUsersetIngress
)

func (RelationshipIngressType) String added in v0.3.5 

func (r RelationshipIngressType) String() string

type ResolutionMetadata added in v0.3.5 

type ResolutionMetadata struct {
	Depth uint32

	// Number of calls to ReadUserTuple + ReadUsersetTuples + Read.
	// Thinking of a Check as a tree of evaluations:
	// If the solution is "allowed=true", one path was found. This is the value in the leaf node of that path, plus the sum of the paths that were
	// evaluated and potentially discarded
	// If the solution is "allowed=false", no paths were found. This is the sum of all the reads in all the paths that had to be evaluated
	DatastoreQueryCount uint32
}

type ResolveCheckRequest added in v0.3.5 

type ResolveCheckRequest struct {
	StoreID              string
	AuthorizationModelID string
	TupleKey             *openfgav1.TupleKey
	ContextualTuples     []*openfgav1.TupleKey
	ResolutionMetadata   *ResolutionMetadata
}

func (*ResolveCheckRequest) GetAuthorizationModelID added in v0.3.5 

func (r *ResolveCheckRequest) GetAuthorizationModelID() string

func (*ResolveCheckRequest) GetContextualTuples added in v0.3.5 

func (r *ResolveCheckRequest) GetContextualTuples() []*openfgav1.TupleKey

func (*ResolveCheckRequest) GetResolutionMetadata added in v0.3.5 

func (r *ResolveCheckRequest) GetResolutionMetadata() *ResolutionMetadata

func (*ResolveCheckRequest) GetStoreID added in v0.3.5 

func (r *ResolveCheckRequest) GetStoreID() string

func (*ResolveCheckRequest) GetTupleKey added in v0.3.5 

func (r *ResolveCheckRequest) GetTupleKey() *openfgav1.TupleKey

type ResolveCheckResponse added in v0.3.5 

type ResolveCheckResponse struct {
	Allowed            bool
	ResolutionMetadata *ResolutionMetadata
}

func (*ResolveCheckResponse) GetAllowed added in v1.3.1 

func (r *ResolveCheckResponse) GetAllowed() bool

func (*ResolveCheckResponse) GetResolutionMetadata added in v1.3.1 

func (r *ResolveCheckResponse) GetResolutionMetadata() *ResolutionMetadata

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.