db

package
v0.11.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 14, 2025 License: BSD-3-Clause-Clear Imports: 35 Imported by: 0

README

Policy Database

Migrations

Migrations are configurable (see service configuration readme) and in Policy are powered by Goose.

Goose runs the migrations sequentially, and each migration should have an associated ERD in markdown as well if there have been changes to the table relations in the policy schema.

Each migration is named YYYYMMDD<number>_effect.sql (i.e. 20240101000001_add_new_object.sql) so that goose can order them appropriately.

Each migration should also get a .md of the same name beside it with a description of the change to the schema and motivation behind it.

As of the time of writing this documentation, there is a CLI command on the overall platform binary to migrate up and down for testing.

Migration checklist:

  • tested migrating up and down thoroughly with CRUD before/after
  • migration file .sql named appropriately
  • migration file contains a .md associated with it
  • overall schema updated with make policy-erd-gen
Queries

Historically, queries have been written in Go with squirrel.

However, the path going forward is to migrate existing queries and write all new queries directly in SQL (see ./query.sql), and generate the Go type-safe functions to execute each query with the helpful tool sqlc.

To generate the Go code when you've added or updated a SQL query in query.sql, install sqlc, then run the generate command.

From repo root:

make policy-sql-gen

From this directory in /service/policy/db:

brew install sqlc

sqlc generate

Other useful subcommands also exist on sqlc, like vet, compile, verify, and diff.

Schema ERD

Current schema

The schema in the policy database is managed through Goose migrations (see above), which are also read into the sqlc generated code to execute db queries within Go.

However, we use a separate tool (see ADR) to generate an up-to-date schema ERD containing the entirety of the policy database.

Generating

From the repo root:

  1. Ensure your Policy postgres container is running
    • docker compose up
  2. Ensure you have run the latest Goose migrations
    • To run all migrations: go run ./service start
    • To run only some migrations: go run ./service migrate with various subcommands as needed
  3. Generate the schema
    • make policy-erd-gen

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AttributeRuleTypeEnumPrefix = "ATTRIBUTE_RULE_TYPE_ENUM_"

Functions

func UUIDToString added in v0.5.3 

func UUIDToString(uuid pgtype.UUID) string

Types

type Action added in v0.5.3 

type Action struct {
	// Unique identifier for the action
	ID string `json:"id"`
	// Unique name of the action, e.g. read, write, etc.
	Name string `json:"name"`
	// Whether the action is standard (proto-enum) or custom (user-defined).
	IsStandard bool `json:"is_standard"`
	// Metadata for the action (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store actions for use in ABAC decisioning

type ActionStandard added in v0.5.3 

type ActionStandard string
const (
	ActionCreate ActionStandard = "create"
	ActionRead   ActionStandard = "read"
	ActionUpdate ActionStandard = "update"
	ActionDelete ActionStandard = "delete"
)

func (ActionStandard) IsValid added in v0.5.3 

func (a ActionStandard) IsValid() bool

Add a validation method

func (ActionStandard) String added in v0.5.3 

func (a ActionStandard) String() string

If needed, implement the Stringer interface explicitly

type ActiveDefinitionPublicKeysView added in v0.4.39 

type ActiveDefinitionPublicKeysView struct {
	DefinitionID string `json:"definition_id"`
	Keys         []byte `json:"keys"`
}

View to retrieve active public keys mapped to attribute definitions

type ActiveNamespacePublicKeysView added in v0.4.39 

type ActiveNamespacePublicKeysView struct {
	NamespaceID string `json:"namespace_id"`
	Keys        []byte `json:"keys"`
}

View to retrieve active public keys mapped to attribute namespaces

type ActiveValuePublicKeysView added in v0.4.39 

type ActiveValuePublicKeysView struct {
	ValueID string `json:"value_id"`
	Keys    []byte `json:"keys"`
}

View to retrieve active public keys mapped to attribute values

type AsymKey added in v0.5.3 

type AsymKey struct {
	// Unique identifier for the key
	ID string `json:"id"`
	// Unique identifier for the key
	KeyID string `json:"key_id"`
	// Algorithm used to generate the key
	KeyAlgorithm int32 `json:"key_algorithm"`
	// Indicates the status of the key Active, Inactive, Compromised, or Expired
	KeyStatus int32 `json:"key_status"`
	// Indicates whether the key is stored LOCAL or REMOTE
	KeyMode int32 `json:"key_mode"`
	// Public Key Context is a json defined structure of the public key
	PublicKeyCtx []byte `json:"public_key_ctx"`
	// Private Key Context is a json defined structure of the private key. Could include information like PEM encoded key, or external key id information
	PrivateKeyCtx []byte             `json:"private_key_ctx"`
	Expiration    pgtype.Timestamptz `json:"expiration"`
	// Reference the provider configuration for this key
	ProviderConfigID pgtype.UUID `json:"provider_config_id"`
	// Additional metadata for the key
	Metadata []byte `json:"metadata"`
	// Timestamp when the key was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the key was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store asymmetric keys

type AttributeDefinition added in v0.4.17 

type AttributeDefinition struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the parent namespace of the attribute definition
	NamespaceID string `json:"namespace_id"`
	// Name of the attribute (i.e. organization or classification), unique within the namespace
	Name string `json:"name"`
	// Rule for the attribute (see protos for options)
	Rule AttributeDefinitionRule `json:"rule"`
	// Metadata for the attribute definition (see protos for structure)
	Metadata []byte `json:"metadata"`
	// Active/Inactive state
	Active    bool               `json:"active"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Order of value ids for the attribute (important for hierarchy rule)
	ValuesOrder []string `json:"values_order"`
}

Table to store the definitions of attributes

type AttributeDefinitionKeyAccessGrant added in v0.4.17 

type AttributeDefinitionKeyAccessGrant struct {
	// Foreign key to the attribute definition
	AttributeDefinitionID string `json:"attribute_definition_id"`
	// Foreign key to the KAS registration
	KeyAccessServerID string `json:"key_access_server_id"`
}

Table to store the grants of key access servers (KASs) to attribute definitions

type AttributeDefinitionPublicKeyMap added in v0.4.39 

type AttributeDefinitionPublicKeyMap struct {
	// Foreign key to the attribute definition
	DefinitionID string `json:"definition_id"`
	// Foreign key to the key access server public key for wrapping symmetric keys
	KeyAccessServerKeyID string `json:"key_access_server_key_id"`
}

Table to map public keys to attribute definitions

type AttributeDefinitionRule added in v0.4.17 

type AttributeDefinitionRule string
const (
	AttributeDefinitionRuleUNSPECIFIED AttributeDefinitionRule = "UNSPECIFIED"
	AttributeDefinitionRuleALLOF       AttributeDefinitionRule = "ALL_OF"
	AttributeDefinitionRuleANYOF       AttributeDefinitionRule = "ANY_OF"
	AttributeDefinitionRuleHIERARCHY   AttributeDefinitionRule = "HIERARCHY"
)

func (*AttributeDefinitionRule) Scan added in v0.4.17 

func (e *AttributeDefinitionRule) Scan(src interface{}) error

type AttributeFqn added in v0.4.17 

type AttributeFqn struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the namespace of the attribute
	NamespaceID pgtype.UUID `json:"namespace_id"`
	// Foreign key to the attribute definition
	AttributeID pgtype.UUID `json:"attribute_id"`
	// Foreign key to the attribute value
	ValueID pgtype.UUID `json:"value_id"`
	// Fully qualified name of the attribute (i.e. https://<namespace>/attr/<attribute name>/value/<value>)
	Fqn string `json:"fqn"`
}

Table to store the fully qualified names of attributes for reverse lookup at their object IDs

type AttributeNamespace added in v0.4.17 

type AttributeNamespace struct {
	// Primary key for the table
	ID string `json:"id"`
	// Name of the namespace (i.e. example.com)
	Name string `json:"name"`
	// Active/Inactive state
	Active bool `json:"active"`
	// Metadata for the namespace (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store the parent namespaces of platform policy attributes and related policy objects

type AttributeNamespaceCertificate added in v0.11.0 

type AttributeNamespaceCertificate struct {
	// Foreign key to the namespace
	NamespaceID string `json:"namespace_id"`
	// Foreign key to the certificate
	CertificateID string `json:"certificate_id"`
}

Junction table to map root certificates to attribute namespaces

type AttributeNamespaceKeyAccessGrant added in v0.4.19 

type AttributeNamespaceKeyAccessGrant struct {
	// Foreign key to the namespace of the KAS grant
	NamespaceID string `json:"namespace_id"`
	// Foreign key to the KAS registration
	KeyAccessServerID string `json:"key_access_server_id"`
}

Table to store the grants of key access servers (KASs) to attribute namespaces

type AttributeNamespacePublicKeyMap added in v0.4.39 

type AttributeNamespacePublicKeyMap struct {
	// Foreign key to the attribute namespace
	NamespaceID string `json:"namespace_id"`
	// Foreign key to the key access server public key for wrapping symmetric keys
	KeyAccessServerKeyID string `json:"key_access_server_key_id"`
}

Table to map public keys to attribute namespaces

type AttributeValue added in v0.4.17 

type AttributeValue struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the parent attribute definition
	AttributeDefinitionID string `json:"attribute_definition_id"`
	// Value of the attribute (i.e. "manager" or "admin" on an attribute for titles), unique within the definition
	Value string `json:"value"`
	// Metadata for the attribute value (see protos for structure)
	Metadata []byte `json:"metadata"`
	// Active/Inactive state
	Active    bool               `json:"active"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store the values of attributes

type AttributeValueKeyAccessGrant added in v0.4.17 

type AttributeValueKeyAccessGrant struct {
	// Foreign key to the attribute value
	AttributeValueID string `json:"attribute_value_id"`
	// Foreign key to the KAS registration
	KeyAccessServerID string `json:"key_access_server_id"`
}

Table to store the grants of key access servers (KASs) to attribute values

type AttributeValuePublicKeyMap added in v0.4.39 

type AttributeValuePublicKeyMap struct {
	// Foreign key to the attribute value
	ValueID string `json:"value_id"`
	// Foreign key to the key access server public key for wrapping symmetric keys
	KeyAccessServerKeyID string `json:"key_access_server_key_id"`
}

Table to map public keys to attribute values

type BaseKey added in v0.5.4 

type BaseKey struct {
	ID                   string      `json:"id"`
	KeyAccessServerKeyID pgtype.UUID `json:"key_access_server_key_id"`
}

type Certificate added in v0.11.0 

type Certificate struct {
	// Unique identifier for the certificate
	ID string `json:"id"`
	// PEM format - Base64-encoded DER certificate (not PEM; no headers/footers)
	Pem string `json:"pem"`
	// Optional metadata for the certificate
	Metadata []byte `json:"metadata"`
	// Timestamp when the certificate was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the certificate was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store X.509 certificates for chain of trust (root only)

type DBTX added in v0.4.17 

type DBTX interface {
	Exec(context.Context, string, ...interface{}) (pgconn.CommandTag, error)
	Query(context.Context, string, ...interface{}) (pgx.Rows, error)
	QueryRow(context.Context, string, ...interface{}) pgx.Row
	CopyFrom(ctx context.Context, tableName pgx.Identifier, columnNames []string, rowSrc pgx.CopyFromSource) (int64, error)
}

type KeyAccessServer added in v0.4.17 

type KeyAccessServer struct {
	// Primary key for the table
	ID string `json:"id"`
	// URI of the KAS
	Uri string `json:"uri"`
	// Public key of the KAS (see protos for structure/options)
	PublicKey []byte `json:"public_key"`
	// Metadata for the KAS (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Optional common name of the KAS
	Name       pgtype.Text `json:"name"`
	SourceType pgtype.Text `json:"source_type"`
}

Table to store the known registrations of key access servers (KASs)

type KeyAccessServerKey added in v0.5.3 

type KeyAccessServerKey struct {
	// Unique identifier for the key
	ID string `json:"id"`
	// Unique identifier for the key
	KeyID string `json:"key_id"`
	// Algorithm used to generate the key
	KeyAlgorithm int32 `json:"key_algorithm"`
	// Indicates the status of the key Active, Inactive, Compromised, or Expired
	KeyStatus int32 `json:"key_status"`
	// Indicates whether the key is stored LOCAL or REMOTE
	KeyMode int32 `json:"key_mode"`
	// Public Key Context is a json defined structure of the public key
	PublicKeyCtx []byte `json:"public_key_ctx"`
	// Private Key Context is a json defined structure of the private key. Could include information like PEM encoded key, or external key id information
	PrivateKeyCtx []byte             `json:"private_key_ctx"`
	Expiration    pgtype.Timestamptz `json:"expiration"`
	// Reference the provider configuration for this key
	ProviderConfigID pgtype.UUID `json:"provider_config_id"`
	// Additional metadata for the key
	Metadata []byte `json:"metadata"`
	// Timestamp when the key was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the key was last updated
	UpdatedAt         pgtype.Timestamptz `json:"updated_at"`
	KeyAccessServerID string             `json:"key_access_server_id"`
	Legacy            bool               `json:"legacy"`
}

type ListConfig added in v0.4.30 

type ListConfig struct {
	// contains filtered or unexported fields
}

type NullAttributeDefinitionRule added in v0.4.17 

type NullAttributeDefinitionRule struct {
	AttributeDefinitionRule AttributeDefinitionRule `json:"attribute_definition_rule"`
	Valid                   bool                    `json:"valid"` // Valid is true if AttributeDefinitionRule is not NULL
}

func (*NullAttributeDefinitionRule) Scan added in v0.4.17 

func (ns *NullAttributeDefinitionRule) Scan(value interface{}) error

Scan implements the Scanner interface.

func (NullAttributeDefinitionRule) Value added in v0.4.17 

func (ns NullAttributeDefinitionRule) Value() (driver.Value, error)

Value implements the driver Valuer interface.

type ObligationDefinition added in v0.9.0 

type ObligationDefinition struct {
	ID          string             `json:"id"`
	NamespaceID string             `json:"namespace_id"`
	Name        string             `json:"name"`
	Metadata    []byte             `json:"metadata"`
	CreatedAt   pgtype.Timestamptz `json:"created_at"`
	UpdatedAt   pgtype.Timestamptz `json:"updated_at"`
}

type ObligationFulfiller added in v0.9.0 

type ObligationFulfiller struct {
	ID                string             `json:"id"`
	ObligationValueID string             `json:"obligation_value_id"`
	Conditionals      []byte             `json:"conditionals"`
	Metadata          []byte             `json:"metadata"`
	CreatedAt         pgtype.Timestamptz `json:"created_at"`
	UpdatedAt         pgtype.Timestamptz `json:"updated_at"`
}

type ObligationTrigger added in v0.9.0 

type ObligationTrigger struct {
	ID                string             `json:"id"`
	ObligationValueID string             `json:"obligation_value_id"`
	ActionID          string             `json:"action_id"`
	AttributeValueID  string             `json:"attribute_value_id"`
	Metadata          []byte             `json:"metadata"`
	CreatedAt         pgtype.Timestamptz `json:"created_at"`
	UpdatedAt         pgtype.Timestamptz `json:"updated_at"`
	// Holds the client_id associated with this trigger.
	ClientID pgtype.Text `json:"client_id"`
}

type ObligationValuesStandard added in v0.9.0 

type ObligationValuesStandard struct {
	ID                     string             `json:"id"`
	ObligationDefinitionID string             `json:"obligation_definition_id"`
	Value                  string             `json:"value"`
	Metadata               []byte             `json:"metadata"`
	CreatedAt              pgtype.Timestamptz `json:"created_at"`
	UpdatedAt              pgtype.Timestamptz `json:"updated_at"`
}

type PolicyDBClient 

type PolicyDBClient struct {
	*db.Client
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(c *db.Client, logger *logger.Logger, configuredListLimitMax, configuredListLimitDefault int32) PolicyDBClient

func (PolicyDBClient) AssignCertificateToNamespace added in v0.11.0 

func (c PolicyDBClient) AssignCertificateToNamespace(ctx context.Context, namespaceIdentifier *common.IdFqnIdentifier, certificateID string) error

AssignCertificateToNamespace assigns a trusted root certificate to a namespace for trust validation

func (PolicyDBClient) AssignPublicKeyToAttribute added in v0.4.39 

func (c PolicyDBClient) AssignPublicKeyToAttribute(ctx context.Context, k *attributes.AttributeKey) (*attributes.AttributeKey, error)

func (PolicyDBClient) AssignPublicKeyToNamespace added in v0.4.39 

func (c PolicyDBClient) AssignPublicKeyToNamespace(ctx context.Context, k *namespaces.NamespaceKey) (*namespaces.NamespaceKey, error)

func (PolicyDBClient) AssignPublicKeyToValue added in v0.4.39 

func (c PolicyDBClient) AssignPublicKeyToValue(ctx context.Context, k *attributes.ValueKey) (*attributes.ValueKey, error)

func (*PolicyDBClient) AttrFqnReindex 

func (c *PolicyDBClient) AttrFqnReindex(ctx context.Context) (res struct {
	Namespaces []struct {
		ID  string
		Fqn string
	}
	Attributes []struct {
		ID  string
		Fqn string
	}
	Values []struct {
		ID  string
		Fqn string
	}
},
)

AttrFqnReindex will reindex all namespace, attribute, and attribute_value FQNs

func (PolicyDBClient) CreateAction added in v0.5.3 

func (c PolicyDBClient) CreateAction(ctx context.Context, req *actions.CreateActionRequest) (*policy.Action, error)

func (PolicyDBClient) CreateAndAssignCertificateToNamespace added in v0.11.0 

func (c PolicyDBClient) CreateAndAssignCertificateToNamespace(ctx context.Context, namespaceID *common.IdFqnIdentifier, pem string, metadata []byte) (string, error)

CreateAndAssignCertificateToNamespace creates a certificate and assigns it to a namespace in a transaction

func (PolicyDBClient) CreateAttribute 

func (c PolicyDBClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)

func (PolicyDBClient) CreateAttributeValue 

func (c PolicyDBClient) CreateAttributeValue(ctx context.Context, attributeID string, r *attributes.CreateAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) CreateCertificate added in v0.11.0 

func (c PolicyDBClient) CreateCertificate(ctx context.Context, pem string, metadata []byte) (*policy.Certificate, error)

CreateCertificate imports the root certificate into the `certificates` table and returns policy.Certificate

func (PolicyDBClient) CreateKey added in v0.5.3 

func (c PolicyDBClient) CreateKey(ctx context.Context, r *kasregistry.CreateKeyRequest) (*kasregistry.CreateKeyResponse, error)

* Key Access Server Keys

func (PolicyDBClient) CreateKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) CreateKeyAccessServer(ctx context.Context, r *kasregistry.CreateKeyAccessServerRequest) (*policy.KeyAccessServer, error)

func (PolicyDBClient) CreateNamespace 

func (c PolicyDBClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)

func (PolicyDBClient) CreateObligation added in v0.10.0 

func (c PolicyDBClient) CreateObligation(ctx context.Context, r *obligations.CreateObligationRequest) (*policy.Obligation, error)

func (PolicyDBClient) CreateObligationTrigger added in v0.10.0 

func (c PolicyDBClient) CreateObligationTrigger(ctx context.Context, r *obligations.AddObligationTriggerRequest) (*policy.ObligationTrigger, error)

func (PolicyDBClient) CreateObligationValue added in v0.10.0 

func (c PolicyDBClient) CreateObligationValue(ctx context.Context, r *obligations.CreateObligationValueRequest) (*policy.ObligationValue, error)

func (PolicyDBClient) CreateProviderConfig added in v0.5.3 

func (c PolicyDBClient) CreateProviderConfig(ctx context.Context, r *keymanagement.CreateProviderConfigRequest) (*policy.KeyProviderConfig, error)

func (PolicyDBClient) CreateRegisteredResource added in v0.5.3 

func (c PolicyDBClient) CreateRegisteredResource(ctx context.Context, r *registeredresources.CreateRegisteredResourceRequest) (*policy.RegisteredResource, error)

func (PolicyDBClient) CreateRegisteredResourceValue added in v0.5.3 

func (c PolicyDBClient) CreateRegisteredResourceValue(ctx context.Context, r *registeredresources.CreateRegisteredResourceValueRequest) (*policy.RegisteredResourceValue, error)

func (PolicyDBClient) CreateResourceMapping 

func (c PolicyDBClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)

func (PolicyDBClient) CreateResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) CreateResourceMappingGroup(ctx context.Context, r *resourcemapping.CreateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) CreateSubjectConditionSet 

func (c PolicyDBClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)

Creates a new subject condition set and returns it

func (PolicyDBClient) CreateSubjectMapping 

func (c PolicyDBClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)

Creates a new subject mapping and returns it. If an existing subject condition set id is provided, it will be used. If a new subject condition set is provided, it will be created. The existing subject condition set id takes precedence.

func (PolicyDBClient) DeactivateAttribute 

func (c PolicyDBClient) DeactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)

func (PolicyDBClient) DeactivateAttributeValue 

func (c PolicyDBClient) DeactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)

func (PolicyDBClient) DeactivateNamespace 

func (c PolicyDBClient) DeactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)

func (PolicyDBClient) DeleteAction added in v0.5.3 

func (c PolicyDBClient) DeleteAction(ctx context.Context, req *actions.DeleteActionRequest) (*policy.Action, error)

func (PolicyDBClient) DeleteAllUnmappedSubjectConditionSets added in v0.4.27 

func (c PolicyDBClient) DeleteAllUnmappedSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)

Deletes/prunes all subject condition sets not referenced within a subject mapping

func (PolicyDBClient) DeleteCertificate added in v0.11.0 

func (c PolicyDBClient) DeleteCertificate(ctx context.Context, id string) error

DeleteCertificate removes a certificate from the database

func (PolicyDBClient) DeleteKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) DeleteKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)

func (PolicyDBClient) DeleteObligation added in v0.10.0 

func (c PolicyDBClient) DeleteObligation(ctx context.Context, r *obligations.DeleteObligationRequest) (*policy.Obligation, error)

func (PolicyDBClient) DeleteObligationTrigger added in v0.10.0 

func (c PolicyDBClient) DeleteObligationTrigger(ctx context.Context, r *obligations.RemoveObligationTriggerRequest) (*policy.ObligationTrigger, error)

func (PolicyDBClient) DeleteObligationValue added in v0.10.0 

func (c PolicyDBClient) DeleteObligationValue(ctx context.Context, r *obligations.DeleteObligationValueRequest) (*policy.ObligationValue, error)

func (PolicyDBClient) DeleteProviderConfig added in v0.5.3 

func (c PolicyDBClient) DeleteProviderConfig(ctx context.Context, id string) (*policy.KeyProviderConfig, error)

func (PolicyDBClient) DeleteRegisteredResource added in v0.5.3 

func (c PolicyDBClient) DeleteRegisteredResource(ctx context.Context, id string) (*policy.RegisteredResource, error)

func (PolicyDBClient) DeleteRegisteredResourceValue added in v0.5.3 

func (c PolicyDBClient) DeleteRegisteredResourceValue(ctx context.Context, id string) (*policy.RegisteredResourceValue, error)

func (PolicyDBClient) DeleteResourceMapping 

func (c PolicyDBClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)

func (PolicyDBClient) DeleteResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) DeleteResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) DeleteSubjectConditionSet 

func (c PolicyDBClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)

Deletes specified subject condition set and returns the id of the deleted

func (PolicyDBClient) DeleteSubjectMapping 

func (c PolicyDBClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)

Deletes specified subject mapping and returns the id of the deleted

func (PolicyDBClient) GetAction added in v0.5.3 

func (c PolicyDBClient) GetAction(ctx context.Context, req *actions.GetActionRequest) (*policy.Action, error)

func (PolicyDBClient) GetAttribute 

func (c PolicyDBClient) GetAttribute(ctx context.Context, identifier any) (*policy.Attribute, error)

func (PolicyDBClient) GetAttributeByFqn 

func (c PolicyDBClient) GetAttributeByFqn(ctx context.Context, fqn string) (*policy.Attribute, error)

func (PolicyDBClient) GetAttributeValue 

func (c PolicyDBClient) GetAttributeValue(ctx context.Context, identifier any) (*policy.Value, error)

func (PolicyDBClient) GetAttributesByNamespace 

func (c PolicyDBClient) GetAttributesByNamespace(ctx context.Context, namespaceID string) ([]*policy.Attribute, error)

func (*PolicyDBClient) GetAttributesByValueFqns 

func (c *PolicyDBClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, error)

func (PolicyDBClient) GetBaseKey added in v0.5.4 

func (c PolicyDBClient) GetBaseKey(ctx context.Context) (*policy.SimpleKasKey, error)

func (PolicyDBClient) GetCertificate added in v0.11.0 

func (c PolicyDBClient) GetCertificate(ctx context.Context, id string) (*policy.Certificate, error)

GetCertificate retrieves a certificate by its ID

func (PolicyDBClient) GetKey added in v0.5.3 

func (c PolicyDBClient) GetKey(ctx context.Context, identifier any) (*policy.KasKey, error)

func (PolicyDBClient) GetKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) GetKeyAccessServer(ctx context.Context, identifier any) (*policy.KeyAccessServer, error)

func (PolicyDBClient) GetMatchedSubjectMappings 

func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)

GetMatchedSubjectMappings liberally returns a list of SubjectMappings based on the provided SubjectProperties. The SubjectMappings are returned if an external selector field matches.

NOTE: Any matched SubjectMappings cannot entitle without resolution of the Condition Sets returned. Each contains logic that must be applied to a subject Entity Representation to assure entitlement.

func (PolicyDBClient) GetNamespace 

func (c PolicyDBClient) GetNamespace(ctx context.Context, identifier any) (*policy.Namespace, error)

func (PolicyDBClient) GetObligation added in v0.10.0 

func (c PolicyDBClient) GetObligation(ctx context.Context, r *obligations.GetObligationRequest) (*policy.Obligation, error)

func (PolicyDBClient) GetObligationValue added in v0.10.0 

func (c PolicyDBClient) GetObligationValue(ctx context.Context, r *obligations.GetObligationValueRequest) (*policy.ObligationValue, error)

func (PolicyDBClient) GetObligationValuesByFQNs added in v0.10.0 

func (c PolicyDBClient) GetObligationValuesByFQNs(ctx context.Context, r *obligations.GetObligationValuesByFQNsRequest) ([]*policy.ObligationValue, error)

func (PolicyDBClient) GetObligationsByFQNs added in v0.10.0 

func (c PolicyDBClient) GetObligationsByFQNs(ctx context.Context, r *obligations.GetObligationsByFQNsRequest) ([]*policy.Obligation, error)

func (PolicyDBClient) GetProviderConfig added in v0.5.3 

func (c PolicyDBClient) GetProviderConfig(ctx context.Context, identifier any) (*policy.KeyProviderConfig, error)

func (PolicyDBClient) GetRegisteredResource added in v0.5.3 

func (c PolicyDBClient) GetRegisteredResource(ctx context.Context, r *registeredresources.GetRegisteredResourceRequest) (*policy.RegisteredResource, error)

func (PolicyDBClient) GetRegisteredResourceValue added in v0.5.3 

func (c PolicyDBClient) GetRegisteredResourceValue(ctx context.Context, r *registeredresources.GetRegisteredResourceValueRequest) (*policy.RegisteredResourceValue, error)

func (PolicyDBClient) GetRegisteredResourceValuesByFQNs added in v0.5.3 

func (c PolicyDBClient) GetRegisteredResourceValuesByFQNs(ctx context.Context, r *registeredresources.GetRegisteredResourceValuesByFQNsRequest) (map[string]*policy.RegisteredResourceValue, error)

func (PolicyDBClient) GetResourceMapping 

func (c PolicyDBClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)

func (PolicyDBClient) GetResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) GetResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) GetSubjectConditionSet 

func (c PolicyDBClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)

func (PolicyDBClient) GetSubjectMapping 

func (c PolicyDBClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)

func (PolicyDBClient) ListActions added in v0.5.3 

func (c PolicyDBClient) ListActions(ctx context.Context, req *actions.ListActionsRequest) (*actions.ListActionsResponse, error)

func (PolicyDBClient) ListAllAttributeValues 

func (c PolicyDBClient) ListAllAttributeValues(ctx context.Context) ([]*policy.Value, error)

Loads all attribute values into memory by making iterative db roundtrip requests of defaultObjectListAllLimit size

func (PolicyDBClient) ListAllNamespaces added in v0.4.30 

func (c PolicyDBClient) ListAllNamespaces(ctx context.Context) ([]*policy.Namespace, error)

Loads all namespaces into memory by making iterative db roundtrip requests of defaultObjectListAllLimit size

func (PolicyDBClient) ListAttributeValues 

func (c PolicyDBClient) ListAttributeValues(ctx context.Context, r *attributes.ListAttributeValuesRequest) (*attributes.ListAttributeValuesResponse, error)

func (PolicyDBClient) ListAttributes added in v0.4.25 

func (c PolicyDBClient) ListAttributes(ctx context.Context, r *attributes.ListAttributesRequest) (*attributes.ListAttributesResponse, error)

func (PolicyDBClient) ListAttributesByFqns added in v0.4.25 

func (c PolicyDBClient) ListAttributesByFqns(ctx context.Context, fqns []string) ([]*policy.Attribute, error)

func (PolicyDBClient) ListKeyAccessServerGrants added in v0.4.19 

func (c PolicyDBClient) ListKeyAccessServerGrants(ctx context.Context, r *kasregistry.ListKeyAccessServerGrantsRequest) (*kasregistry.ListKeyAccessServerGrantsResponse, error)

func (PolicyDBClient) ListKeyAccessServers added in v0.2.0 

func (c PolicyDBClient) ListKeyAccessServers(ctx context.Context, r *kasregistry.ListKeyAccessServersRequest) (*kasregistry.ListKeyAccessServersResponse, error)

func (PolicyDBClient) ListKeyMappings added in v0.8.0 

func (c PolicyDBClient) ListKeyMappings(ctx context.Context, r *kasregistry.ListKeyMappingsRequest) (*kasregistry.ListKeyMappingsResponse, error)

func (PolicyDBClient) ListKeys added in v0.5.3 

func (c PolicyDBClient) ListKeys(ctx context.Context, r *kasregistry.ListKeysRequest) (*kasregistry.ListKeysResponse, error)

func (PolicyDBClient) ListNamespaces 

func (c PolicyDBClient) ListNamespaces(ctx context.Context, r *namespaces.ListNamespacesRequest) (*namespaces.ListNamespacesResponse, error)

func (PolicyDBClient) ListObligationTriggers added in v0.11.0 

func (c PolicyDBClient) ListObligationTriggers(ctx context.Context, r *obligations.ListObligationTriggersRequest) ([]*policy.ObligationTrigger, *policy.PageResponse, error)

func (PolicyDBClient) ListObligations added in v0.10.0 

func (c PolicyDBClient) ListObligations(ctx context.Context, r *obligations.ListObligationsRequest) ([]*policy.Obligation, *policy.PageResponse, error)

func (PolicyDBClient) ListProviderConfigs added in v0.5.3 

func (c PolicyDBClient) ListProviderConfigs(ctx context.Context, page *policy.PageRequest) (*keymanagement.ListProviderConfigsResponse, error)

func (PolicyDBClient) ListRegisteredResourceValues added in v0.5.3 

func (c PolicyDBClient) ListRegisteredResourceValues(ctx context.Context, r *registeredresources.ListRegisteredResourceValuesRequest) (*registeredresources.ListRegisteredResourceValuesResponse, error)

func (PolicyDBClient) ListRegisteredResources added in v0.5.3 

func (c PolicyDBClient) ListRegisteredResources(ctx context.Context, r *registeredresources.ListRegisteredResourcesRequest) (*registeredresources.ListRegisteredResourcesResponse, error)

func (PolicyDBClient) ListResourceMappingGroups added in v0.4.19 

func (c PolicyDBClient) ListResourceMappingGroups(ctx context.Context, r *resourcemapping.ListResourceMappingGroupsRequest) (*resourcemapping.ListResourceMappingGroupsResponse, error)

func (PolicyDBClient) ListResourceMappings 

func (c PolicyDBClient) ListResourceMappings(ctx context.Context, r *resourcemapping.ListResourceMappingsRequest) (*resourcemapping.ListResourceMappingsResponse, error)

func (PolicyDBClient) ListResourceMappingsByGroupFqns added in v0.4.19 

func (c PolicyDBClient) ListResourceMappingsByGroupFqns(ctx context.Context, fqns []string) (map[string]*resourcemapping.ResourceMappingsByGroup, error)

func (PolicyDBClient) ListSubjectConditionSets 

func (c PolicyDBClient) ListSubjectConditionSets(ctx context.Context, r *subjectmapping.ListSubjectConditionSetsRequest) (*subjectmapping.ListSubjectConditionSetsResponse, error)

func (PolicyDBClient) ListSubjectMappings 

func (c PolicyDBClient) ListSubjectMappings(ctx context.Context, r *subjectmapping.ListSubjectMappingsRequest) (*subjectmapping.ListSubjectMappingsResponse, error)

func (PolicyDBClient) RemoveCertificateFromNamespace added in v0.11.0 

func (c PolicyDBClient) RemoveCertificateFromNamespace(ctx context.Context, namespaceIdentifier *common.IdFqnIdentifier, certificateID string) error

RemoveCertificateFromNamespace removes a certificate from a namespace and deletes the certificate if it's not used elsewhere

func (PolicyDBClient) RemoveKeyAccessServerFromAttribute 

func (c PolicyDBClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)

func (PolicyDBClient) RemoveKeyAccessServerFromNamespace added in v0.4.19 

func (c PolicyDBClient) RemoveKeyAccessServerFromNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)

func (PolicyDBClient) RemoveKeyAccessServerFromValue 

func (c PolicyDBClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)

func (PolicyDBClient) RemovePublicKeyFromAttribute added in v0.4.39 

func (c PolicyDBClient) RemovePublicKeyFromAttribute(ctx context.Context, k *attributes.AttributeKey) (*attributes.AttributeKey, error)

func (PolicyDBClient) RemovePublicKeyFromNamespace added in v0.4.39 

func (c PolicyDBClient) RemovePublicKeyFromNamespace(ctx context.Context, k *namespaces.NamespaceKey) (*namespaces.NamespaceKey, error)

func (PolicyDBClient) RemovePublicKeyFromValue added in v0.4.39 

func (c PolicyDBClient) RemovePublicKeyFromValue(ctx context.Context, k *attributes.ValueKey) (*attributes.ValueKey, error)

func (PolicyDBClient) RotateKey added in v0.5.3 

func (c PolicyDBClient) RotateKey(ctx context.Context, activeKey *policy.KasKey, newKey *kasregistry.RotateKeyRequest_NewKey) (*kasregistry.RotateKeyResponse, error)

func (*PolicyDBClient) RunInTx added in v0.4.31 

func (c *PolicyDBClient) RunInTx(ctx context.Context, query func(txClient *PolicyDBClient) error) error

func (PolicyDBClient) SetBaseKey added in v0.5.4 

func (c PolicyDBClient) SetBaseKey(ctx context.Context, r *kasregistry.SetBaseKeyRequest) (*kasregistry.SetBaseKeyResponse, error)

func (PolicyDBClient) SetBaseKeyOnWellKnownConfig added in v0.5.4 

func (c PolicyDBClient) SetBaseKeyOnWellKnownConfig(ctx context.Context) error

func (PolicyDBClient) UnsafeDeleteAttribute added in v0.4.8 

func (c PolicyDBClient) UnsafeDeleteAttribute(ctx context.Context, existing *policy.Attribute, fqn string) (*policy.Attribute, error)

func (PolicyDBClient) UnsafeDeleteAttributeValue added in v0.4.8 

func (c PolicyDBClient) UnsafeDeleteAttributeValue(ctx context.Context, toDelete *policy.Value, r *unsafe.UnsafeDeleteAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) UnsafeDeleteKey added in v0.4.39 

func (c PolicyDBClient) UnsafeDeleteKey(ctx context.Context, toDelete *policy.KasKey, r *unsafe.UnsafeDeleteKasKeyRequest) (*policy.AsymmetricKey, error)

func (PolicyDBClient) UnsafeDeleteNamespace added in v0.4.7 

func (c PolicyDBClient) UnsafeDeleteNamespace(ctx context.Context, existing *policy.Namespace, fqn string) (*policy.Namespace, error)

func (PolicyDBClient) UnsafeReactivateAttribute added in v0.4.8 

func (c PolicyDBClient) UnsafeReactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)

func (PolicyDBClient) UnsafeReactivateAttributeValue added in v0.4.8 

func (c PolicyDBClient) UnsafeReactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)

func (PolicyDBClient) UnsafeReactivateNamespace added in v0.4.7 

func (c PolicyDBClient) UnsafeReactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)

func (PolicyDBClient) UnsafeUpdateAttribute added in v0.4.8 

func (c PolicyDBClient) UnsafeUpdateAttribute(ctx context.Context, r *unsafe.UnsafeUpdateAttributeRequest) (*policy.Attribute, error)

func (PolicyDBClient) UnsafeUpdateAttributeValue added in v0.4.8 

func (c PolicyDBClient) UnsafeUpdateAttributeValue(ctx context.Context, r *unsafe.UnsafeUpdateAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) UnsafeUpdateNamespace added in v0.4.7 

func (c PolicyDBClient) UnsafeUpdateNamespace(ctx context.Context, id string, name string) (*policy.Namespace, error)

UNSAFE OPERATIONS

func (PolicyDBClient) UpdateAction added in v0.5.3 

func (c PolicyDBClient) UpdateAction(ctx context.Context, req *actions.UpdateActionRequest) (*policy.Action, error)

func (PolicyDBClient) UpdateAttribute 

func (c PolicyDBClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)

func (PolicyDBClient) UpdateAttributeValue 

func (c PolicyDBClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) UpdateKey added in v0.5.3 

func (c PolicyDBClient) UpdateKey(ctx context.Context, r *kasregistry.UpdateKeyRequest) (*policy.KasKey, error)

func (PolicyDBClient) UpdateKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) UpdateKeyAccessServer(ctx context.Context, id string, r *kasregistry.UpdateKeyAccessServerRequest) (*policy.KeyAccessServer, error)

func (PolicyDBClient) UpdateNamespace 

func (c PolicyDBClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)

func (PolicyDBClient) UpdateObligation added in v0.10.0 

func (c PolicyDBClient) UpdateObligation(ctx context.Context, r *obligations.UpdateObligationRequest) (*policy.Obligation, error)

func (PolicyDBClient) UpdateObligationValue added in v0.10.0 

func (c PolicyDBClient) UpdateObligationValue(ctx context.Context, r *obligations.UpdateObligationValueRequest) (*policy.ObligationValue, error)

func (PolicyDBClient) UpdateProviderConfig added in v0.5.3 

func (c PolicyDBClient) UpdateProviderConfig(ctx context.Context, r *keymanagement.UpdateProviderConfigRequest) (*policy.KeyProviderConfig, error)

func (PolicyDBClient) UpdateRegisteredResource added in v0.5.3 

func (c PolicyDBClient) UpdateRegisteredResource(ctx context.Context, r *registeredresources.UpdateRegisteredResourceRequest) (*policy.RegisteredResource, error)

func (PolicyDBClient) UpdateRegisteredResourceValue added in v0.5.3 

func (c PolicyDBClient) UpdateRegisteredResourceValue(ctx context.Context, r *registeredresources.UpdateRegisteredResourceValueRequest) (*policy.RegisteredResourceValue, error)

func (PolicyDBClient) UpdateResourceMapping 

func (c PolicyDBClient) UpdateResourceMapping(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingRequest) (*policy.ResourceMapping, error)

func (PolicyDBClient) UpdateResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) UpdateResourceMappingGroup(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) UpdateSubjectConditionSet 

func (c PolicyDBClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)

Mutates provided fields and returns the updated subject condition set

func (PolicyDBClient) UpdateSubjectMapping 

func (c PolicyDBClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)

Mutates provided fields and returns the updated subject mapping

type ProviderConfig added in v0.5.3 

type ProviderConfig struct {
	// Unique identifier for the provider configuration
	ID string `json:"id"`
	// Name of the key provider instance.
	ProviderName string `json:"provider_name"`
	// Configuration details for the key provider
	Config []byte `json:"config"`
	// Timestamp when the provider configuration was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the provider configuration was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Additional metadata for the provider configuration
	Metadata []byte `json:"metadata"`
	// Type of key manager (e.g., opentdf.io/basic, aws, azure, gcp)
	Manager string `json:"manager"`
}

Table to store key provider configurations

type Queries added in v0.4.17 

type Queries struct {
	// contains filtered or unexported fields
}

func New added in v0.4.17 

func New(db DBTX) *Queries

func (*Queries) WithTx added in v0.4.17 

func (q *Queries) WithTx(tx pgx.Tx) *Queries

type RegisteredResource added in v0.5.3 

type RegisteredResource struct {
	// Primary key for the table
	ID string `json:"id"`
	// Name for the registered resource
	Name string `json:"name"`
	// Metadata for the registered resource (see protos for structure)
	Metadata []byte `json:"metadata"`
	// Timestamp when the record was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the record was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store registered resources

type RegisteredResourceActionAttributeValue added in v0.5.3 

type RegisteredResourceActionAttributeValue struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the registered_resource_values table
	RegisteredResourceValueID string `json:"registered_resource_value_id"`
	// Foreign key to the actions table
	ActionID string `json:"action_id"`
	// Foreign key to the attribute_values table
	AttributeValueID string `json:"attribute_value_id"`
	// Timestamp when the record was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the record was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store the linkage of registered resource values to actions and attribute values

type RegisteredResourceValue added in v0.5.3 

type RegisteredResourceValue struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the registered_resources table
	RegisteredResourceID string `json:"registered_resource_id"`
	// Value for the registered resource value
	Value string `json:"value"`
	// Metadata for the registered resource value (see protos for structure)
	Metadata []byte `json:"metadata"`
	// Timestamp when the record was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the record was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store registered resource values

type ResourceMapping added in v0.4.17 

type ResourceMapping struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the attribute value
	AttributeValueID string `json:"attribute_value_id"`
	// Terms to match against resource data (i.e. translations "roi", "rey", or "kung" in a terms list could map to the value "/attr/card/value/king")
	Terms []string `json:"terms"`
	// Metadata for the resource mapping (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Foreign key to the parent group of the resource mapping (optional, a resource mapping may not be in a group)
	GroupID pgtype.UUID `json:"group_id"`
}

Table to store associated terms that should map resource data to attribute values

type ResourceMappingGroup added in v0.4.18 

type ResourceMappingGroup struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the namespace of the attribute
	NamespaceID string `json:"namespace_id"`
	// Name for the group of resource mappings
	Name      string             `json:"name"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	Metadata  []byte             `json:"metadata"`
}

Table to store the groups of resource mappings by unique namespace and group name combinations

type SubjectConditionSet added in v0.4.17 

type SubjectConditionSet struct {
	// Primary key for the table
	ID string `json:"id"`
	// Conditions that must be met for the subject entity to be entitled to the attribute value (see protos for JSON structure)
	Condition []byte `json:"condition"`
	// Metadata for the condition set (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Array of cached selector values extracted from the condition JSONB and maintained via trigger.
	SelectorValues []string `json:"selector_values"`
}

Table to store sets of conditions that logically entitle subject entity representations to attribute values via a subject mapping

type SubjectMapping added in v0.4.17 

type SubjectMapping struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the attribute value
	AttributeValueID string `json:"attribute_value_id"`
	// Metadata for the subject mapping (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Foreign key to the condition set that entitles the subject entity to the attribute value
	SubjectConditionSetID pgtype.UUID `json:"subject_condition_set_id"`
}

Table to store conditions that logically entitle subject entity representations to attribute values

type SubjectMappingAction added in v0.5.3 

type SubjectMappingAction struct {
	SubjectMappingID string           `json:"subject_mapping_id"`
	ActionID         string           `json:"action_id"`
	CreatedAt        pgtype.Timestamp `json:"created_at"`
}

type SymKey added in v0.5.3 

type SymKey struct {
	// Unique identifier for the key
	ID string `json:"id"`
	// Unique identifier for the key
	KeyID string `json:"key_id"`
	// Indicates the status of the key Active, Inactive, Compromised, or Expired
	KeyStatus int32 `json:"key_status"`
	// Indicates whether the key is stored LOCAL or REMOTE
	KeyMode int32 `json:"key_mode"`
	// Key value in binary format
	KeyValue []byte `json:"key_value"`
	// Reference the provider configuration for this key
	ProviderConfigID pgtype.UUID `json:"provider_config_id"`
	// Timestamp when the key was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the key was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Additional metadata for the key
	Metadata   []byte             `json:"metadata"`
	Expiration pgtype.Timestamptz `json:"expiration"`
}

Table to store symmetric keys

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.