db

package
v0.5.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2025 License: BSD-3-Clause-Clear Imports: 30 Imported by: 0

README

Policy Database

Migrations

Migrations are configurable (see service configuration readme) and in Policy are powered by Goose.

Goose runs the migrations sequentially, and each migration should have an associated ERD in markdown as well if there have been changes to the table relations in the policy schema.

Each migration is named YYYYMMDD<number>_effect.sql (i.e. 20240101000001_add_new_object.sql) so that goose can order them appropriately.

Each migration should also get a .md of the same name beside it with a description of the change to the schema and motivation behind it.

As of the time of writing this documentation, there is a CLI command on the overall platform binary to migrate up and down for testing.

Migration checklist:

  • tested migrating up and down thoroughly with CRUD before/after
  • migration file .sql named appropriately
  • migration file contains a .md associated with it
  • overall schema updated with make policy-erd-gen
Queries

Historically, queries have been written in Go with squirrel.

However, the path going forward is to migrate existing queries and write all new queries directly in SQL (see ./query.sql), and generate the Go type-safe functions to execute each query with the helpful tool sqlc.

To generate the Go code when you've added or updated a SQL query in query.sql, install sqlc, then run the generate command.

From repo root:

make policy-sql-gen

From this directory in /service/policy/db:

brew install sqlc

sqlc generate

Other useful subcommands also exist on sqlc, like vet, compile, verify, and diff.

Schema ERD

Current schema

The schema in the policy database is managed through Goose migrations (see above), which are also read into the sqlc generated code to execute db queries within Go.

However, we use a separate tool (see ADR) to generate an up-to-date schema ERD containing the entirety of the policy database.

Generating

From the repo root:

  1. Ensure your Policy postgres container is running
    • docker compose up
  2. Ensure you have run the latest Goose migrations
    • To run all migrations: go run ./service start
    • To run only some migrations: go run ./service migrate with various subcommands as needed
  3. Generate the schema
    • make policy-erd-gen

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AttributeRuleTypeEnumPrefix = "ATTRIBUTE_RULE_TYPE_ENUM_"

Functions

func UUIDToString added in v0.5.3 

func UUIDToString(uuid pgtype.UUID) string

Types

type Action added in v0.5.3 

type Action struct {
	// Unique identifier for the action
	ID string `json:"id"`
	// Unique name of the action, e.g. read, write, etc.
	Name string `json:"name"`
	// Whether the action is standard (proto-enum) or custom (user-defined).
	IsStandard bool `json:"is_standard"`
	// Metadata for the action (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store actions for use in ABAC decisioning

type ActionStandard added in v0.5.3 

type ActionStandard string
const (
	ActionCreate ActionStandard = "create"
	ActionRead   ActionStandard = "read"
	ActionUpdate ActionStandard = "update"
	ActionDelete ActionStandard = "delete"
)

func (ActionStandard) IsValid added in v0.5.3 

func (a ActionStandard) IsValid() bool

Add a validation method

func (ActionStandard) String added in v0.5.3 

func (a ActionStandard) String() string

If needed, implement the Stringer interface explicitly

type ActiveDefinitionPublicKeysView added in v0.4.39 

type ActiveDefinitionPublicKeysView struct {
	DefinitionID string `json:"definition_id"`
	Keys         []byte `json:"keys"`
}

View to retrieve active public keys mapped to attribute definitions

type ActiveNamespacePublicKeysView added in v0.4.39 

type ActiveNamespacePublicKeysView struct {
	NamespaceID string `json:"namespace_id"`
	Keys        []byte `json:"keys"`
}

View to retrieve active public keys mapped to attribute namespaces

type ActiveValuePublicKeysView added in v0.4.39 

type ActiveValuePublicKeysView struct {
	ValueID string `json:"value_id"`
	Keys    []byte `json:"keys"`
}

View to retrieve active public keys mapped to attribute values

type AssignKeyAccessServerToAttributeParams added in v0.4.25 

type AssignKeyAccessServerToAttributeParams struct {
	AttributeDefinitionID string `json:"attribute_definition_id"`
	KeyAccessServerID     string `json:"key_access_server_id"`
}

type AssignKeyAccessServerToAttributeValueParams added in v0.4.25 

type AssignKeyAccessServerToAttributeValueParams struct {
	AttributeValueID  string `json:"attribute_value_id"`
	KeyAccessServerID string `json:"key_access_server_id"`
}

type AssignKeyAccessServerToNamespaceParams added in v0.4.19 

type AssignKeyAccessServerToNamespaceParams struct {
	NamespaceID       string `json:"namespace_id"`
	KeyAccessServerID string `json:"key_access_server_id"`
}

type AsymKey added in v0.5.3 

type AsymKey struct {
	// Unique identifier for the key
	ID string `json:"id"`
	// Unique identifier for the key
	KeyID string `json:"key_id"`
	// Algorithm used to generate the key
	KeyAlgorithm int32 `json:"key_algorithm"`
	// Indicates the status of the key Active, Inactive, Compromised, or Expired
	KeyStatus int32 `json:"key_status"`
	// Indicates whether the key is stored LOCAL or REMOTE
	KeyMode int32 `json:"key_mode"`
	// Public Key Context is a json defined structure of the public key
	PublicKeyCtx []byte `json:"public_key_ctx"`
	// Private Key Context is a json defined structure of the private key. Could include information like PEM encoded key, or external key id information
	PrivateKeyCtx []byte             `json:"private_key_ctx"`
	Expiration    pgtype.Timestamptz `json:"expiration"`
	// Reference the provider configuration for this key
	ProviderConfigID pgtype.UUID `json:"provider_config_id"`
	// Additional metadata for the key
	Metadata []byte `json:"metadata"`
	// Timestamp when the key was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the key was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store asymmetric keys

type AttributeDefinition added in v0.4.17 

type AttributeDefinition struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the parent namespace of the attribute definition
	NamespaceID string `json:"namespace_id"`
	// Name of the attribute (i.e. organization or classification), unique within the namespace
	Name string `json:"name"`
	// Rule for the attribute (see protos for options)
	Rule AttributeDefinitionRule `json:"rule"`
	// Metadata for the attribute definition (see protos for structure)
	Metadata []byte `json:"metadata"`
	// Active/Inactive state
	Active    bool               `json:"active"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Order of value ids for the attribute (important for hierarchy rule)
	ValuesOrder []string `json:"values_order"`
}

Table to store the definitions of attributes

type AttributeDefinitionKeyAccessGrant added in v0.4.17 

type AttributeDefinitionKeyAccessGrant struct {
	// Foreign key to the attribute definition
	AttributeDefinitionID string `json:"attribute_definition_id"`
	// Foreign key to the KAS registration
	KeyAccessServerID string `json:"key_access_server_id"`
}

Table to store the grants of key access servers (KASs) to attribute definitions

type AttributeDefinitionPublicKeyMap added in v0.4.39 

type AttributeDefinitionPublicKeyMap struct {
	// Foreign key to the attribute definition
	DefinitionID string `json:"definition_id"`
	// Foreign key to the key access server public key for wrapping symmetric keys
	KeyAccessServerKeyID string `json:"key_access_server_key_id"`
}

Table to map public keys to attribute definitions

type AttributeDefinitionRule added in v0.4.17 

type AttributeDefinitionRule string
const (
	AttributeDefinitionRuleUNSPECIFIED AttributeDefinitionRule = "UNSPECIFIED"
	AttributeDefinitionRuleALLOF       AttributeDefinitionRule = "ALL_OF"
	AttributeDefinitionRuleANYOF       AttributeDefinitionRule = "ANY_OF"
	AttributeDefinitionRuleHIERARCHY   AttributeDefinitionRule = "HIERARCHY"
)

func (*AttributeDefinitionRule) Scan added in v0.4.17 

func (e *AttributeDefinitionRule) Scan(src interface{}) error

type AttributeFqn added in v0.4.17 

type AttributeFqn struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the namespace of the attribute
	NamespaceID pgtype.UUID `json:"namespace_id"`
	// Foreign key to the attribute definition
	AttributeID pgtype.UUID `json:"attribute_id"`
	// Foreign key to the attribute value
	ValueID pgtype.UUID `json:"value_id"`
	// Fully qualified name of the attribute (i.e. https://<namespace>/attr/<attribute name>/value/<value>)
	Fqn string `json:"fqn"`
}

Table to store the fully qualified names of attributes for reverse lookup at their object IDs

type AttributeNamespace added in v0.4.17 

type AttributeNamespace struct {
	// Primary key for the table
	ID string `json:"id"`
	// Name of the namespace (i.e. example.com)
	Name string `json:"name"`
	// Active/Inactive state
	Active bool `json:"active"`
	// Metadata for the namespace (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store the parent namespaces of platform policy attributes and related policy objects

type AttributeNamespaceKeyAccessGrant added in v0.4.19 

type AttributeNamespaceKeyAccessGrant struct {
	// Foreign key to the namespace of the KAS grant
	NamespaceID string `json:"namespace_id"`
	// Foreign key to the KAS registration
	KeyAccessServerID string `json:"key_access_server_id"`
}

Table to store the grants of key access servers (KASs) to attribute namespaces

type AttributeNamespacePublicKeyMap added in v0.4.39 

type AttributeNamespacePublicKeyMap struct {
	// Foreign key to the attribute namespace
	NamespaceID string `json:"namespace_id"`
	// Foreign key to the key access server public key for wrapping symmetric keys
	KeyAccessServerKeyID string `json:"key_access_server_key_id"`
}

Table to map public keys to attribute namespaces

type AttributeValue added in v0.4.17 

type AttributeValue struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the parent attribute definition
	AttributeDefinitionID string `json:"attribute_definition_id"`
	// Value of the attribute (i.e. "manager" or "admin" on an attribute for titles), unique within the definition
	Value string `json:"value"`
	// Metadata for the attribute value (see protos for structure)
	Metadata []byte `json:"metadata"`
	// Active/Inactive state
	Active    bool               `json:"active"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store the values of attributes

type AttributeValueKeyAccessGrant added in v0.4.17 

type AttributeValueKeyAccessGrant struct {
	// Foreign key to the attribute value
	AttributeValueID string `json:"attribute_value_id"`
	// Foreign key to the KAS registration
	KeyAccessServerID string `json:"key_access_server_id"`
}

Table to store the grants of key access servers (KASs) to attribute values

type AttributeValuePublicKeyMap added in v0.4.39 

type AttributeValuePublicKeyMap struct {
	// Foreign key to the attribute value
	ValueID string `json:"value_id"`
	// Foreign key to the key access server public key for wrapping symmetric keys
	KeyAccessServerKeyID string `json:"key_access_server_key_id"`
}

Table to map public keys to attribute values

type BaseKey added in v0.5.4 

type BaseKey struct {
	ID                   string      `json:"id"`
	KeyAccessServerKeyID pgtype.UUID `json:"key_access_server_key_id"`
}

type CreateAttributeParams added in v0.4.25 

type CreateAttributeParams struct {
	NamespaceID string                  `json:"namespace_id"`
	Name        string                  `json:"name"`
	Rule        AttributeDefinitionRule `json:"rule"`
	Metadata    []byte                  `json:"metadata"`
}

type CreateAttributeValueParams added in v0.4.25 

type CreateAttributeValueParams struct {
	AttributeDefinitionID string `json:"attribute_definition_id"`
	Value                 string `json:"value"`
	Metadata              []byte `json:"metadata"`
}

type CreateKeyAccessServerParams added in v0.4.17 

type CreateKeyAccessServerParams struct {
	Uri        string      `json:"uri"`
	PublicKey  []byte      `json:"public_key"`
	Name       pgtype.Text `json:"name"`
	Metadata   []byte      `json:"metadata"`
	SourceType pgtype.Text `json:"source_type"`
}

type CreateNamespaceParams added in v0.4.24 

type CreateNamespaceParams struct {
	Name     string `json:"name"`
	Metadata []byte `json:"metadata"`
}

type CreateResourceMappingGroupParams added in v0.4.18 

type CreateResourceMappingGroupParams struct {
	NamespaceID string `json:"namespace_id"`
	Name        string `json:"name"`
	Metadata    []byte `json:"metadata"`
}

type CreateResourceMappingParams added in v0.4.25 

type CreateResourceMappingParams struct {
	AttributeValueID string      `json:"attribute_value_id"`
	Terms            []string    `json:"terms"`
	Metadata         []byte      `json:"metadata"`
	GroupID          pgtype.UUID `json:"group_id"`
}

type CreateSubjectConditionSetParams added in v0.4.25 

type CreateSubjectConditionSetParams struct {
	Condition []byte `json:"condition"`
	Metadata  []byte `json:"metadata"`
}

type DBTX added in v0.4.17 

type DBTX interface {
	Exec(context.Context, string, ...interface{}) (pgconn.CommandTag, error)
	Query(context.Context, string, ...interface{}) (pgx.Rows, error)
	QueryRow(context.Context, string, ...interface{}) pgx.Row
	CopyFrom(ctx context.Context, tableName pgx.Identifier, columnNames []string, rowSrc pgx.CopyFromSource) (int64, error)
}

type GetAttributeParams added in v0.4.39 

type GetAttributeParams struct {
	ID  pgtype.UUID `json:"id"`
	Fqn pgtype.Text `json:"fqn"`
}

type GetAttributeRow added in v0.4.25 

type GetAttributeRow struct {
	ID            string                  `json:"id"`
	AttributeName string                  `json:"attribute_name"`
	Rule          AttributeDefinitionRule `json:"rule"`
	Metadata      []byte                  `json:"metadata"`
	NamespaceID   string                  `json:"namespace_id"`
	Active        bool                    `json:"active"`
	NamespaceName pgtype.Text             `json:"namespace_name"`
	Values        []byte                  `json:"values"`
	Grants        []byte                  `json:"grants"`
	Fqn           pgtype.Text             `json:"fqn"`
	Keys          []byte                  `json:"keys"`
}

type GetAttributeValueParams added in v0.4.39 

type GetAttributeValueParams struct {
	ID  pgtype.UUID `json:"id"`
	Fqn pgtype.Text `json:"fqn"`
}

type GetAttributeValueRow added in v0.4.25 

type GetAttributeValueRow struct {
	ID                    string      `json:"id"`
	Value                 string      `json:"value"`
	Active                bool        `json:"active"`
	Metadata              []byte      `json:"metadata"`
	AttributeDefinitionID string      `json:"attribute_definition_id"`
	Fqn                   pgtype.Text `json:"fqn"`
	Grants                []byte      `json:"grants"`
	Keys                  []byte      `json:"keys"`
}

type GetKeyAccessServerParams added in v0.4.39 

type GetKeyAccessServerParams struct {
	ID   pgtype.UUID `json:"id"`
	Name pgtype.Text `json:"name"`
	Uri  pgtype.Text `json:"uri"`
}

type GetKeyAccessServerRow added in v0.4.17 

type GetKeyAccessServerRow struct {
	ID         string      `json:"id"`
	Uri        string      `json:"uri"`
	PublicKey  []byte      `json:"public_key"`
	Name       pgtype.Text `json:"name"`
	SourceType pgtype.Text `json:"source_type"`
	Metadata   []byte      `json:"metadata"`
	Keys       []byte      `json:"keys"`
}

type GetNamespaceParams added in v0.4.39 

type GetNamespaceParams struct {
	ID   pgtype.UUID `json:"id"`
	Name pgtype.Text `json:"name"`
}

type GetNamespaceRow added in v0.4.19 

type GetNamespaceRow struct {
	ID       string      `json:"id"`
	Name     string      `json:"name"`
	Active   bool        `json:"active"`
	Fqn      pgtype.Text `json:"fqn"`
	Metadata []byte      `json:"metadata"`
	Grants   []byte      `json:"grants"`
	Keys     []byte      `json:"keys"`
}

type GetResourceMappingGroupRow added in v0.4.19 

type GetResourceMappingGroupRow struct {
	ID          string `json:"id"`
	NamespaceID string `json:"namespace_id"`
	Name        string `json:"name"`
	Metadata    []byte `json:"metadata"`
}

type GetResourceMappingRow added in v0.4.25 

type GetResourceMappingRow struct {
	ID             string   `json:"id"`
	AttributeValue []byte   `json:"attribute_value"`
	Terms          []string `json:"terms"`
	Metadata       []byte   `json:"metadata"`
	GroupID        string   `json:"group_id"`
}

type GetSubjectConditionSetRow added in v0.4.25 

type GetSubjectConditionSetRow struct {
	ID        string `json:"id"`
	Condition []byte `json:"condition"`
	Metadata  []byte `json:"metadata"`
}

type KeyAccessServer added in v0.4.17 

type KeyAccessServer struct {
	// Primary key for the table
	ID string `json:"id"`
	// URI of the KAS
	Uri string `json:"uri"`
	// Public key of the KAS (see protos for structure/options)
	PublicKey []byte `json:"public_key"`
	// Metadata for the KAS (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Optional common name of the KAS
	Name       pgtype.Text `json:"name"`
	SourceType pgtype.Text `json:"source_type"`
}

Table to store the known registrations of key access servers (KASs)

type KeyAccessServerKey added in v0.5.3 

type KeyAccessServerKey struct {
	// Unique identifier for the key
	ID string `json:"id"`
	// Unique identifier for the key
	KeyID string `json:"key_id"`
	// Algorithm used to generate the key
	KeyAlgorithm int32 `json:"key_algorithm"`
	// Indicates the status of the key Active, Inactive, Compromised, or Expired
	KeyStatus int32 `json:"key_status"`
	// Indicates whether the key is stored LOCAL or REMOTE
	KeyMode int32 `json:"key_mode"`
	// Public Key Context is a json defined structure of the public key
	PublicKeyCtx []byte `json:"public_key_ctx"`
	// Private Key Context is a json defined structure of the private key. Could include information like PEM encoded key, or external key id information
	PrivateKeyCtx []byte             `json:"private_key_ctx"`
	Expiration    pgtype.Timestamptz `json:"expiration"`
	// Reference the provider configuration for this key
	ProviderConfigID pgtype.UUID `json:"provider_config_id"`
	// Additional metadata for the key
	Metadata []byte `json:"metadata"`
	// Timestamp when the key was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the key was last updated
	UpdatedAt         pgtype.Timestamptz `json:"updated_at"`
	KeyAccessServerID string             `json:"key_access_server_id"`
}

type ListAttributeValuesParams added in v0.4.25 

type ListAttributeValuesParams struct {
	Active                pgtype.Bool `json:"active"`
	AttributeDefinitionID interface{} `json:"attribute_definition_id"`
	Offset                int32       `json:"offset_"`
	Limit                 int32       `json:"limit_"`
}

type ListAttributeValuesRow added in v0.4.25 

type ListAttributeValuesRow struct {
	ID                    string      `json:"id"`
	Value                 string      `json:"value"`
	Active                bool        `json:"active"`
	Metadata              []byte      `json:"metadata"`
	AttributeDefinitionID string      `json:"attribute_definition_id"`
	Fqn                   pgtype.Text `json:"fqn"`
	Total                 int64       `json:"total"`
}

type ListAttributesDetailParams added in v0.4.25 

type ListAttributesDetailParams struct {
	Active        pgtype.Bool `json:"active"`
	NamespaceID   interface{} `json:"namespace_id"`
	NamespaceName interface{} `json:"namespace_name"`
	Offset        int32       `json:"offset_"`
	Limit         int32       `json:"limit_"`
}

type ListAttributesDetailRow added in v0.4.25 

type ListAttributesDetailRow struct {
	ID            string                  `json:"id"`
	AttributeName string                  `json:"attribute_name"`
	Rule          AttributeDefinitionRule `json:"rule"`
	Metadata      []byte                  `json:"metadata"`
	NamespaceID   string                  `json:"namespace_id"`
	Active        bool                    `json:"active"`
	NamespaceName pgtype.Text             `json:"namespace_name"`
	Values        []byte                  `json:"values"`
	Fqn           pgtype.Text             `json:"fqn"`
	Total         int64                   `json:"total"`
}

type ListAttributesSummaryParams added in v0.4.30 

type ListAttributesSummaryParams struct {
	NamespaceID string `json:"namespace_id"`
	Offset      int32  `json:"offset_"`
	Limit       int32  `json:"limit_"`
}

type ListAttributesSummaryRow added in v0.4.25 

type ListAttributesSummaryRow struct {
	ID            string                  `json:"id"`
	AttributeName string                  `json:"attribute_name"`
	Rule          AttributeDefinitionRule `json:"rule"`
	Metadata      []byte                  `json:"metadata"`
	NamespaceID   string                  `json:"namespace_id"`
	Active        bool                    `json:"active"`
	NamespaceName pgtype.Text             `json:"namespace_name"`
	Total         int64                   `json:"total"`
}

type ListConfig added in v0.4.30 

type ListConfig struct {
	// contains filtered or unexported fields
}

type ListKeyAccessServerGrantsParams added in v0.4.19 

type ListKeyAccessServerGrantsParams struct {
	Offset  int32       `json:"offset_"`
	Limit   int32       `json:"limit_"`
	KasID   interface{} `json:"kas_id"`
	KasUri  interface{} `json:"kas_uri"`
	KasName interface{} `json:"kas_name"`
}

type ListKeyAccessServerGrantsRow added in v0.4.19 

type ListKeyAccessServerGrantsRow struct {
	KasID            string      `json:"kas_id"`
	KasUri           string      `json:"kas_uri"`
	KasName          pgtype.Text `json:"kas_name"`
	KasPublicKey     []byte      `json:"kas_public_key"`
	KasMetadata      []byte      `json:"kas_metadata"`
	AttributesGrants []byte      `json:"attributes_grants"`
	ValuesGrants     []byte      `json:"values_grants"`
	NamespaceGrants  []byte      `json:"namespace_grants"`
	Total            int64       `json:"total"`
}

type ListKeyAccessServersParams added in v0.4.30 

type ListKeyAccessServersParams struct {
	Offset int32 `json:"offset_"`
	Limit  int32 `json:"limit_"`
}

type ListKeyAccessServersRow added in v0.4.17 

type ListKeyAccessServersRow struct {
	ID         string      `json:"id"`
	Uri        string      `json:"uri"`
	PublicKey  []byte      `json:"public_key"`
	KasName    pgtype.Text `json:"kas_name"`
	SourceType pgtype.Text `json:"source_type"`
	Metadata   []byte      `json:"metadata"`
	Keys       []byte      `json:"keys"`
	Total      int64       `json:"total"`
}

type ListNamespacesParams added in v0.4.30 

type ListNamespacesParams struct {
	Active pgtype.Bool `json:"active"`
	Offset int32       `json:"offset_"`
	Limit  int32       `json:"limit_"`
}

type ListNamespacesRow added in v0.4.24 

type ListNamespacesRow struct {
	ID       string      `json:"id"`
	Name     string      `json:"name"`
	Active   bool        `json:"active"`
	Metadata []byte      `json:"metadata"`
	Fqn      pgtype.Text `json:"fqn"`
	Total    int64       `json:"total"`
}

type ListResourceMappingGroupsParams added in v0.4.30 

type ListResourceMappingGroupsParams struct {
	NamespaceID interface{} `json:"namespace_id"`
	Offset      int32       `json:"offset_"`
	Limit       int32       `json:"limit_"`
}

type ListResourceMappingGroupsRow added in v0.4.19 

type ListResourceMappingGroupsRow struct {
	ID          string `json:"id"`
	NamespaceID string `json:"namespace_id"`
	Name        string `json:"name"`
	Metadata    []byte `json:"metadata"`
	Total       int64  `json:"total"`
}

type ListResourceMappingsByFullyQualifiedGroupParams added in v0.4.19 

type ListResourceMappingsByFullyQualifiedGroupParams struct {
	NamespaceName string `json:"namespace_name"`
	GroupName     string `json:"group_name"`
}

type ListResourceMappingsByFullyQualifiedGroupRow added in v0.4.19 

type ListResourceMappingsByFullyQualifiedGroupRow struct {
	ID             string   `json:"id"`
	AttributeValue []byte   `json:"attribute_value"`
	Terms          []string `json:"terms"`
	Metadata       []byte   `json:"metadata"`
	Group          []byte   `json:"group"`
}

type ListResourceMappingsParams added in v0.4.30 

type ListResourceMappingsParams struct {
	GroupID interface{} `json:"group_id"`
	Offset  int32       `json:"offset_"`
	Limit   int32       `json:"limit_"`
}

type ListResourceMappingsRow added in v0.4.25 

type ListResourceMappingsRow struct {
	ID             string   `json:"id"`
	AttributeValue []byte   `json:"attribute_value"`
	Terms          []string `json:"terms"`
	Metadata       []byte   `json:"metadata"`
	Group          []byte   `json:"group"`
	Total          int64    `json:"total"`
}

type ListSubjectConditionSetsParams added in v0.4.30 

type ListSubjectConditionSetsParams struct {
	Offset int32 `json:"offset_"`
	Limit  int32 `json:"limit_"`
}

type ListSubjectConditionSetsRow added in v0.4.25 

type ListSubjectConditionSetsRow struct {
	ID        string `json:"id"`
	Condition []byte `json:"condition"`
	Metadata  []byte `json:"metadata"`
	Total     int64  `json:"total"`
}

type NullAttributeDefinitionRule added in v0.4.17 

type NullAttributeDefinitionRule struct {
	AttributeDefinitionRule AttributeDefinitionRule `json:"attribute_definition_rule"`
	Valid                   bool                    `json:"valid"` // Valid is true if AttributeDefinitionRule is not NULL
}

func (*NullAttributeDefinitionRule) Scan added in v0.4.17 

func (ns *NullAttributeDefinitionRule) Scan(value interface{}) error

Scan implements the Scanner interface.

func (NullAttributeDefinitionRule) Value added in v0.4.17 

func (ns NullAttributeDefinitionRule) Value() (driver.Value, error)

Value implements the driver Valuer interface.

type PolicyDBClient 

type PolicyDBClient struct {
	*db.Client

	*Queries
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(c *db.Client, logger *logger.Logger, configuredListLimitMax, configuredListLimitDefault int32) PolicyDBClient

func (PolicyDBClient) AssignKeyAccessServerToAttribute 

func (c PolicyDBClient) AssignKeyAccessServerToAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)

func (PolicyDBClient) AssignKeyAccessServerToNamespace added in v0.4.19 

func (c PolicyDBClient) AssignKeyAccessServerToNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)

func (PolicyDBClient) AssignKeyAccessServerToValue 

func (c PolicyDBClient) AssignKeyAccessServerToValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)

func (PolicyDBClient) AssignPublicKeyToAttribute added in v0.4.39 

func (c PolicyDBClient) AssignPublicKeyToAttribute(ctx context.Context, k *attributes.AttributeKey) (*attributes.AttributeKey, error)

func (PolicyDBClient) AssignPublicKeyToNamespace added in v0.4.39 

func (c PolicyDBClient) AssignPublicKeyToNamespace(ctx context.Context, k *namespaces.NamespaceKey) (*namespaces.NamespaceKey, error)

func (PolicyDBClient) AssignPublicKeyToValue added in v0.4.39 

func (c PolicyDBClient) AssignPublicKeyToValue(ctx context.Context, k *attributes.ValueKey) (*attributes.ValueKey, error)

func (*PolicyDBClient) AttrFqnReindex 

func (c *PolicyDBClient) AttrFqnReindex(ctx context.Context) (res struct {
	Namespaces []struct {
		ID  string
		Fqn string
	}
	Attributes []struct {
		ID  string
		Fqn string
	}
	Values []struct {
		ID  string
		Fqn string
	}
},
)

AttrFqnReindex will reindex all namespace, attribute, and attribute_value FQNs

func (PolicyDBClient) CreateAction added in v0.5.3 

func (c PolicyDBClient) CreateAction(ctx context.Context, req *actions.CreateActionRequest) (*policy.Action, error)

func (PolicyDBClient) CreateAttribute 

func (c PolicyDBClient) CreateAttribute(ctx context.Context, r *attributes.CreateAttributeRequest) (*policy.Attribute, error)

func (PolicyDBClient) CreateAttributeValue 

func (c PolicyDBClient) CreateAttributeValue(ctx context.Context, attributeID string, r *attributes.CreateAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) CreateKey added in v0.5.3 

func (c PolicyDBClient) CreateKey(ctx context.Context, r *kasregistry.CreateKeyRequest) (*kasregistry.CreateKeyResponse, error)

* Key Access Server Keys

func (PolicyDBClient) CreateKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) CreateKeyAccessServer(ctx context.Context, r *kasregistry.CreateKeyAccessServerRequest) (*policy.KeyAccessServer, error)

func (PolicyDBClient) CreateNamespace 

func (c PolicyDBClient) CreateNamespace(ctx context.Context, r *namespaces.CreateNamespaceRequest) (*policy.Namespace, error)

func (PolicyDBClient) CreateProviderConfig added in v0.5.3 

func (c PolicyDBClient) CreateProviderConfig(ctx context.Context, r *keymanagement.CreateProviderConfigRequest) (*policy.KeyProviderConfig, error)

func (PolicyDBClient) CreateRegisteredResource added in v0.5.3 

func (c PolicyDBClient) CreateRegisteredResource(ctx context.Context, r *registeredresources.CreateRegisteredResourceRequest) (*policy.RegisteredResource, error)

func (PolicyDBClient) CreateRegisteredResourceValue added in v0.5.3 

func (c PolicyDBClient) CreateRegisteredResourceValue(ctx context.Context, r *registeredresources.CreateRegisteredResourceValueRequest) (*policy.RegisteredResourceValue, error)

func (PolicyDBClient) CreateResourceMapping 

func (c PolicyDBClient) CreateResourceMapping(ctx context.Context, r *resourcemapping.CreateResourceMappingRequest) (*policy.ResourceMapping, error)

func (PolicyDBClient) CreateResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) CreateResourceMappingGroup(ctx context.Context, r *resourcemapping.CreateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) CreateSubjectConditionSet 

func (c PolicyDBClient) CreateSubjectConditionSet(ctx context.Context, s *subjectmapping.SubjectConditionSetCreate) (*policy.SubjectConditionSet, error)

Creates a new subject condition set and returns it

func (PolicyDBClient) CreateSubjectMapping 

func (c PolicyDBClient) CreateSubjectMapping(ctx context.Context, s *subjectmapping.CreateSubjectMappingRequest) (*policy.SubjectMapping, error)

Creates a new subject mapping and returns it. If an existing subject condition set id is provided, it will be used. If a new subject condition set is provided, it will be created. The existing subject condition set id takes precedence.

func (PolicyDBClient) DeactivateAttribute 

func (c PolicyDBClient) DeactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)

func (PolicyDBClient) DeactivateAttributeValue 

func (c PolicyDBClient) DeactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)

func (PolicyDBClient) DeactivateNamespace 

func (c PolicyDBClient) DeactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)

func (PolicyDBClient) DeleteAction added in v0.5.3 

func (c PolicyDBClient) DeleteAction(ctx context.Context, req *actions.DeleteActionRequest) (*policy.Action, error)

func (PolicyDBClient) DeleteAllBaseKeys added in v0.5.4 

func (c PolicyDBClient) DeleteAllBaseKeys(ctx context.Context) error

********************** TESTING ONLY ************************

func (PolicyDBClient) DeleteAllUnmappedSubjectConditionSets added in v0.4.27 

func (c PolicyDBClient) DeleteAllUnmappedSubjectConditionSets(ctx context.Context) ([]*policy.SubjectConditionSet, error)

Deletes/prunes all subject condition sets not referenced within a subject mapping

func (PolicyDBClient) DeleteKey added in v0.5.3 

func (c PolicyDBClient) DeleteKey(ctx context.Context, id string) (*policy.AsymmetricKey, error)

We don't currently expose this at the Service layer, but it is used by test code.

func (PolicyDBClient) DeleteKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) DeleteKeyAccessServer(ctx context.Context, id string) (*policy.KeyAccessServer, error)

func (PolicyDBClient) DeleteProviderConfig added in v0.5.3 

func (c PolicyDBClient) DeleteProviderConfig(ctx context.Context, id string) (*policy.KeyProviderConfig, error)

func (PolicyDBClient) DeleteRegisteredResource added in v0.5.3 

func (c PolicyDBClient) DeleteRegisteredResource(ctx context.Context, id string) (*policy.RegisteredResource, error)

func (PolicyDBClient) DeleteRegisteredResourceValue added in v0.5.3 

func (c PolicyDBClient) DeleteRegisteredResourceValue(ctx context.Context, id string) (*policy.RegisteredResourceValue, error)

func (PolicyDBClient) DeleteResourceMapping 

func (c PolicyDBClient) DeleteResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)

func (PolicyDBClient) DeleteResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) DeleteResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) DeleteSubjectConditionSet 

func (c PolicyDBClient) DeleteSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)

Deletes specified subject condition set and returns the id of the deleted

func (PolicyDBClient) DeleteSubjectMapping 

func (c PolicyDBClient) DeleteSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)

Deletes specified subject mapping and returns the id of the deleted

func (PolicyDBClient) GetAction added in v0.5.3 

func (c PolicyDBClient) GetAction(ctx context.Context, req *actions.GetActionRequest) (*policy.Action, error)

func (PolicyDBClient) GetAttribute 

func (c PolicyDBClient) GetAttribute(ctx context.Context, identifier any) (*policy.Attribute, error)

func (PolicyDBClient) GetAttributeByFqn 

func (c PolicyDBClient) GetAttributeByFqn(ctx context.Context, fqn string) (*policy.Attribute, error)

func (PolicyDBClient) GetAttributeValue 

func (c PolicyDBClient) GetAttributeValue(ctx context.Context, identifier any) (*policy.Value, error)

func (PolicyDBClient) GetAttributesByNamespace 

func (c PolicyDBClient) GetAttributesByNamespace(ctx context.Context, namespaceID string) ([]*policy.Attribute, error)

func (*PolicyDBClient) GetAttributesByValueFqns 

func (c *PolicyDBClient) GetAttributesByValueFqns(ctx context.Context, r *attributes.GetAttributeValuesByFqnsRequest) (map[string]*attributes.GetAttributeValuesByFqnsResponse_AttributeAndValue, error)

func (PolicyDBClient) GetBaseKey added in v0.5.4 

func (c PolicyDBClient) GetBaseKey(ctx context.Context) (*kasregistry.SimpleKasKey, error)

func (PolicyDBClient) GetKey added in v0.5.3 

func (c PolicyDBClient) GetKey(ctx context.Context, identifier any) (*policy.KasKey, error)

func (PolicyDBClient) GetKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) GetKeyAccessServer(ctx context.Context, identifier any) (*policy.KeyAccessServer, error)

func (PolicyDBClient) GetMatchedSubjectMappings 

func (c PolicyDBClient) GetMatchedSubjectMappings(ctx context.Context, properties []*policy.SubjectProperty) ([]*policy.SubjectMapping, error)

GetMatchedSubjectMappings liberally returns a list of SubjectMappings based on the provided SubjectProperties. The SubjectMappings are returned if an external selector field matches.

NOTE: Any matched SubjectMappings cannot entitle without resolution of the Condition Sets returned. Each contains logic that must be applied to a subject Entity Representation to assure entitlement.

func (PolicyDBClient) GetNamespace 

func (c PolicyDBClient) GetNamespace(ctx context.Context, identifier any) (*policy.Namespace, error)

func (PolicyDBClient) GetProviderConfig added in v0.5.3 

func (c PolicyDBClient) GetProviderConfig(ctx context.Context, identifier any) (*policy.KeyProviderConfig, error)

func (PolicyDBClient) GetRegisteredResource added in v0.5.3 

func (c PolicyDBClient) GetRegisteredResource(ctx context.Context, r *registeredresources.GetRegisteredResourceRequest) (*policy.RegisteredResource, error)

func (PolicyDBClient) GetRegisteredResourceValue added in v0.5.3 

func (c PolicyDBClient) GetRegisteredResourceValue(ctx context.Context, r *registeredresources.GetRegisteredResourceValueRequest) (*policy.RegisteredResourceValue, error)

func (PolicyDBClient) GetRegisteredResourceValuesByFQNs added in v0.5.3 

func (c PolicyDBClient) GetRegisteredResourceValuesByFQNs(ctx context.Context, r *registeredresources.GetRegisteredResourceValuesByFQNsRequest) (map[string]*policy.RegisteredResourceValue, error)

func (PolicyDBClient) GetResourceMapping 

func (c PolicyDBClient) GetResourceMapping(ctx context.Context, id string) (*policy.ResourceMapping, error)

func (PolicyDBClient) GetResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) GetResourceMappingGroup(ctx context.Context, id string) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) GetSubjectConditionSet 

func (c PolicyDBClient) GetSubjectConditionSet(ctx context.Context, id string) (*policy.SubjectConditionSet, error)

func (PolicyDBClient) GetSubjectMapping 

func (c PolicyDBClient) GetSubjectMapping(ctx context.Context, id string) (*policy.SubjectMapping, error)

func (PolicyDBClient) ListActions added in v0.5.3 

func (c PolicyDBClient) ListActions(ctx context.Context, req *actions.ListActionsRequest) (*actions.ListActionsResponse, error)

func (PolicyDBClient) ListAllAttributeValues 

func (c PolicyDBClient) ListAllAttributeValues(ctx context.Context) ([]*policy.Value, error)

Loads all attribute values into memory by making iterative db roundtrip requests of defaultObjectListAllLimit size

func (PolicyDBClient) ListAllAttributes 

func (c PolicyDBClient) ListAllAttributes(ctx context.Context) ([]*policy.Attribute, error)

Loads all attributes into memory by making iterative db roundtrip requests of defaultObjectListAllLimit size

func (PolicyDBClient) ListAllNamespaces added in v0.4.30 

func (c PolicyDBClient) ListAllNamespaces(ctx context.Context) ([]*policy.Namespace, error)

Loads all namespaces into memory by making iterative db roundtrip requests of defaultObjectListAllLimit size

func (PolicyDBClient) ListAttributeValues 

func (c PolicyDBClient) ListAttributeValues(ctx context.Context, r *attributes.ListAttributeValuesRequest) (*attributes.ListAttributeValuesResponse, error)

func (PolicyDBClient) ListAttributes added in v0.4.25 

func (c PolicyDBClient) ListAttributes(ctx context.Context, r *attributes.ListAttributesRequest) (*attributes.ListAttributesResponse, error)

func (PolicyDBClient) ListAttributesByFqns added in v0.4.25 

func (c PolicyDBClient) ListAttributesByFqns(ctx context.Context, fqns []string) ([]*policy.Attribute, error)

func (PolicyDBClient) ListKeyAccessServerGrants added in v0.4.19 

func (c PolicyDBClient) ListKeyAccessServerGrants(ctx context.Context, r *kasregistry.ListKeyAccessServerGrantsRequest) (*kasregistry.ListKeyAccessServerGrantsResponse, error)

func (PolicyDBClient) ListKeyAccessServers added in v0.2.0 

func (c PolicyDBClient) ListKeyAccessServers(ctx context.Context, r *kasregistry.ListKeyAccessServersRequest) (*kasregistry.ListKeyAccessServersResponse, error)

func (PolicyDBClient) ListKeys added in v0.5.3 

func (c PolicyDBClient) ListKeys(ctx context.Context, r *kasregistry.ListKeysRequest) (*kasregistry.ListKeysResponse, error)

func (PolicyDBClient) ListNamespaces 

func (c PolicyDBClient) ListNamespaces(ctx context.Context, r *namespaces.ListNamespacesRequest) (*namespaces.ListNamespacesResponse, error)

func (PolicyDBClient) ListProviderConfigs added in v0.5.3 

func (c PolicyDBClient) ListProviderConfigs(ctx context.Context, page *policy.PageRequest) (*keymanagement.ListProviderConfigsResponse, error)

func (PolicyDBClient) ListRegisteredResourceValues added in v0.5.3 

func (c PolicyDBClient) ListRegisteredResourceValues(ctx context.Context, r *registeredresources.ListRegisteredResourceValuesRequest) (*registeredresources.ListRegisteredResourceValuesResponse, error)

func (PolicyDBClient) ListRegisteredResources added in v0.5.3 

func (c PolicyDBClient) ListRegisteredResources(ctx context.Context, r *registeredresources.ListRegisteredResourcesRequest) (*registeredresources.ListRegisteredResourcesResponse, error)

func (PolicyDBClient) ListResourceMappingGroups added in v0.4.19 

func (c PolicyDBClient) ListResourceMappingGroups(ctx context.Context, r *resourcemapping.ListResourceMappingGroupsRequest) (*resourcemapping.ListResourceMappingGroupsResponse, error)

func (PolicyDBClient) ListResourceMappings 

func (c PolicyDBClient) ListResourceMappings(ctx context.Context, r *resourcemapping.ListResourceMappingsRequest) (*resourcemapping.ListResourceMappingsResponse, error)

func (PolicyDBClient) ListResourceMappingsByGroupFqns added in v0.4.19 

func (c PolicyDBClient) ListResourceMappingsByGroupFqns(ctx context.Context, fqns []string) (map[string]*resourcemapping.ResourceMappingsByGroup, error)

func (PolicyDBClient) ListSubjectConditionSets 

func (c PolicyDBClient) ListSubjectConditionSets(ctx context.Context, r *subjectmapping.ListSubjectConditionSetsRequest) (*subjectmapping.ListSubjectConditionSetsResponse, error)

func (PolicyDBClient) ListSubjectMappings 

func (c PolicyDBClient) ListSubjectMappings(ctx context.Context, r *subjectmapping.ListSubjectMappingsRequest) (*subjectmapping.ListSubjectMappingsResponse, error)

func (PolicyDBClient) RemoveKeyAccessServerFromAttribute 

func (c PolicyDBClient) RemoveKeyAccessServerFromAttribute(ctx context.Context, k *attributes.AttributeKeyAccessServer) (*attributes.AttributeKeyAccessServer, error)

func (PolicyDBClient) RemoveKeyAccessServerFromNamespace added in v0.4.19 

func (c PolicyDBClient) RemoveKeyAccessServerFromNamespace(ctx context.Context, k *namespaces.NamespaceKeyAccessServer) (*namespaces.NamespaceKeyAccessServer, error)

func (PolicyDBClient) RemoveKeyAccessServerFromValue 

func (c PolicyDBClient) RemoveKeyAccessServerFromValue(ctx context.Context, k *attributes.ValueKeyAccessServer) (*attributes.ValueKeyAccessServer, error)

func (PolicyDBClient) RemovePublicKeyFromAttribute added in v0.4.39 

func (c PolicyDBClient) RemovePublicKeyFromAttribute(ctx context.Context, k *attributes.AttributeKey) (*attributes.AttributeKey, error)

func (PolicyDBClient) RemovePublicKeyFromNamespace added in v0.4.39 

func (c PolicyDBClient) RemovePublicKeyFromNamespace(ctx context.Context, k *namespaces.NamespaceKey) (*namespaces.NamespaceKey, error)

func (PolicyDBClient) RemovePublicKeyFromValue added in v0.4.39 

func (c PolicyDBClient) RemovePublicKeyFromValue(ctx context.Context, k *attributes.ValueKey) (*attributes.ValueKey, error)

func (PolicyDBClient) RotateKey added in v0.5.3 

func (c PolicyDBClient) RotateKey(ctx context.Context, activeKey *policy.KasKey, newKey *kasregistry.RotateKeyRequest_NewKey) (*kasregistry.RotateKeyResponse, error)

func (*PolicyDBClient) RunInTx added in v0.4.31 

func (c *PolicyDBClient) RunInTx(ctx context.Context, query func(txClient *PolicyDBClient) error) error

func (PolicyDBClient) SetBaseKey added in v0.5.4 

func (c PolicyDBClient) SetBaseKey(ctx context.Context, r *kasregistry.SetBaseKeyRequest) (*kasregistry.SetBaseKeyResponse, error)

func (PolicyDBClient) SetBaseKeyOnWellKnownConfig added in v0.5.4 

func (c PolicyDBClient) SetBaseKeyOnWellKnownConfig(ctx context.Context) error

func (PolicyDBClient) UnsafeDeleteAttribute added in v0.4.8 

func (c PolicyDBClient) UnsafeDeleteAttribute(ctx context.Context, existing *policy.Attribute, fqn string) (*policy.Attribute, error)

func (PolicyDBClient) UnsafeDeleteAttributeValue added in v0.4.8 

func (c PolicyDBClient) UnsafeDeleteAttributeValue(ctx context.Context, toDelete *policy.Value, r *unsafe.UnsafeDeleteAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) UnsafeDeleteNamespace added in v0.4.7 

func (c PolicyDBClient) UnsafeDeleteNamespace(ctx context.Context, existing *policy.Namespace, fqn string) (*policy.Namespace, error)

func (PolicyDBClient) UnsafeReactivateAttribute added in v0.4.8 

func (c PolicyDBClient) UnsafeReactivateAttribute(ctx context.Context, id string) (*policy.Attribute, error)

func (PolicyDBClient) UnsafeReactivateAttributeValue added in v0.4.8 

func (c PolicyDBClient) UnsafeReactivateAttributeValue(ctx context.Context, id string) (*policy.Value, error)

func (PolicyDBClient) UnsafeReactivateNamespace added in v0.4.7 

func (c PolicyDBClient) UnsafeReactivateNamespace(ctx context.Context, id string) (*policy.Namespace, error)

func (PolicyDBClient) UnsafeUpdateAttribute added in v0.4.8 

func (c PolicyDBClient) UnsafeUpdateAttribute(ctx context.Context, r *unsafe.UnsafeUpdateAttributeRequest) (*policy.Attribute, error)

func (PolicyDBClient) UnsafeUpdateAttributeValue added in v0.4.8 

func (c PolicyDBClient) UnsafeUpdateAttributeValue(ctx context.Context, r *unsafe.UnsafeUpdateAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) UnsafeUpdateNamespace added in v0.4.7 

func (c PolicyDBClient) UnsafeUpdateNamespace(ctx context.Context, id string, name string) (*policy.Namespace, error)

UNSAFE OPERATIONS

func (PolicyDBClient) UpdateAction added in v0.5.3 

func (c PolicyDBClient) UpdateAction(ctx context.Context, req *actions.UpdateActionRequest) (*policy.Action, error)

func (PolicyDBClient) UpdateAttribute 

func (c PolicyDBClient) UpdateAttribute(ctx context.Context, id string, r *attributes.UpdateAttributeRequest) (*policy.Attribute, error)

func (PolicyDBClient) UpdateAttributeValue 

func (c PolicyDBClient) UpdateAttributeValue(ctx context.Context, r *attributes.UpdateAttributeValueRequest) (*policy.Value, error)

func (PolicyDBClient) UpdateKey added in v0.5.3 

func (c PolicyDBClient) UpdateKey(ctx context.Context, r *kasregistry.UpdateKeyRequest) (*policy.KasKey, error)

func (PolicyDBClient) UpdateKeyAccessServer added in v0.2.0 

func (c PolicyDBClient) UpdateKeyAccessServer(ctx context.Context, id string, r *kasregistry.UpdateKeyAccessServerRequest) (*policy.KeyAccessServer, error)

func (PolicyDBClient) UpdateNamespace 

func (c PolicyDBClient) UpdateNamespace(ctx context.Context, id string, r *namespaces.UpdateNamespaceRequest) (*policy.Namespace, error)

func (PolicyDBClient) UpdateProviderConfig added in v0.5.3 

func (c PolicyDBClient) UpdateProviderConfig(ctx context.Context, r *keymanagement.UpdateProviderConfigRequest) (*policy.KeyProviderConfig, error)

func (PolicyDBClient) UpdateRegisteredResource added in v0.5.3 

func (c PolicyDBClient) UpdateRegisteredResource(ctx context.Context, r *registeredresources.UpdateRegisteredResourceRequest) (*policy.RegisteredResource, error)

func (PolicyDBClient) UpdateRegisteredResourceValue added in v0.5.3 

func (c PolicyDBClient) UpdateRegisteredResourceValue(ctx context.Context, r *registeredresources.UpdateRegisteredResourceValueRequest) (*policy.RegisteredResourceValue, error)

func (PolicyDBClient) UpdateResourceMapping 

func (c PolicyDBClient) UpdateResourceMapping(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingRequest) (*policy.ResourceMapping, error)

func (PolicyDBClient) UpdateResourceMappingGroup added in v0.4.19 

func (c PolicyDBClient) UpdateResourceMappingGroup(ctx context.Context, id string, r *resourcemapping.UpdateResourceMappingGroupRequest) (*policy.ResourceMappingGroup, error)

func (PolicyDBClient) UpdateSubjectConditionSet 

func (c PolicyDBClient) UpdateSubjectConditionSet(ctx context.Context, r *subjectmapping.UpdateSubjectConditionSetRequest) (*policy.SubjectConditionSet, error)

Mutates provided fields and returns the updated subject condition set

func (PolicyDBClient) UpdateSubjectMapping 

func (c PolicyDBClient) UpdateSubjectMapping(ctx context.Context, r *subjectmapping.UpdateSubjectMappingRequest) (*policy.SubjectMapping, error)

Mutates provided fields and returns the updated subject mapping

type ProviderConfig added in v0.5.3 

type ProviderConfig struct {
	// Unique identifier for the provider configuration
	ID string `json:"id"`
	// Name of the key provider
	ProviderName string `json:"provider_name"`
	// Configuration details for the key provider
	Config []byte `json:"config"`
	// Timestamp when the provider configuration was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the provider configuration was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Additional metadata for the provider configuration
	Metadata []byte `json:"metadata"`
}

Table to store key provider configurations

type Queries added in v0.4.17 

type Queries struct {
	// contains filtered or unexported fields
}

func New added in v0.4.17 

func New(db DBTX) *Queries

func (*Queries) AssignKeyAccessServerToAttribute added in v0.4.25 

func (q *Queries) AssignKeyAccessServerToAttribute(ctx context.Context, arg AssignKeyAccessServerToAttributeParams) (int64, error)

AssignKeyAccessServerToAttribute 

INSERT INTO attribute_definition_key_access_grants (attribute_definition_id, key_access_server_id)
VALUES ($1, $2)

func (*Queries) AssignKeyAccessServerToAttributeValue added in v0.4.25 

func (q *Queries) AssignKeyAccessServerToAttributeValue(ctx context.Context, arg AssignKeyAccessServerToAttributeValueParams) (int64, error)

AssignKeyAccessServerToAttributeValue 

INSERT INTO attribute_value_key_access_grants (attribute_value_id, key_access_server_id)
VALUES ($1, $2)

func (*Queries) AssignKeyAccessServerToNamespace added in v0.4.19 

func (q *Queries) AssignKeyAccessServerToNamespace(ctx context.Context, arg AssignKeyAccessServerToNamespaceParams) (int64, error)

AssignKeyAccessServerToNamespace 

INSERT INTO attribute_namespace_key_access_grants (namespace_id, key_access_server_id)
VALUES ($1, $2)

func (*Queries) CreateAttribute added in v0.4.25 

func (q *Queries) CreateAttribute(ctx context.Context, arg CreateAttributeParams) (string, error)

CreateAttribute 

INSERT INTO attribute_definitions (namespace_id, name, rule, metadata)
VALUES ($1, $2, $3, $4)
RETURNING id

func (*Queries) CreateAttributeValue added in v0.4.25 

func (q *Queries) CreateAttributeValue(ctx context.Context, arg CreateAttributeValueParams) (string, error)

CreateAttributeValue 

INSERT INTO attribute_values (attribute_definition_id, value, metadata)
VALUES ($1, $2, $3)
RETURNING id

func (*Queries) CreateKeyAccessServer added in v0.4.17 

func (q *Queries) CreateKeyAccessServer(ctx context.Context, arg CreateKeyAccessServerParams) (string, error)

CreateKeyAccessServer 

INSERT INTO key_access_servers (uri, public_key, name, metadata, source_type)
VALUES ($1, $2, $3, $4, $5)
RETURNING id

func (*Queries) CreateNamespace added in v0.4.24 

func (q *Queries) CreateNamespace(ctx context.Context, arg CreateNamespaceParams) (string, error)

CreateNamespace 

INSERT INTO attribute_namespaces (name, metadata)
VALUES ($1, $2)
RETURNING id

func (*Queries) CreateResourceMapping added in v0.4.25 

func (q *Queries) CreateResourceMapping(ctx context.Context, arg CreateResourceMappingParams) (string, error)

CreateResourceMapping 

INSERT INTO resource_mappings (attribute_value_id, terms, metadata, group_id)
VALUES ($1, $2, $3, $4)
RETURNING id

func (*Queries) CreateResourceMappingGroup added in v0.4.18 

func (q *Queries) CreateResourceMappingGroup(ctx context.Context, arg CreateResourceMappingGroupParams) (string, error)

CreateResourceMappingGroup 

INSERT INTO resource_mapping_groups (namespace_id, name, metadata)
VALUES ($1, $2, $3)
RETURNING id

func (*Queries) CreateSubjectConditionSet added in v0.4.25 

func (q *Queries) CreateSubjectConditionSet(ctx context.Context, arg CreateSubjectConditionSetParams) (string, error)

CreateSubjectConditionSet 

INSERT INTO subject_condition_set (condition, metadata)
VALUES ($1, $2)
RETURNING id

func (*Queries) DeleteAllUnmappedSubjectConditionSets added in v0.4.27 

func (q *Queries) DeleteAllUnmappedSubjectConditionSets(ctx context.Context) ([]string, error)

DeleteAllUnmappedSubjectConditionSets 

DELETE FROM subject_condition_set
WHERE id NOT IN (SELECT DISTINCT sm.subject_condition_set_id FROM subject_mappings sm)
RETURNING id

func (*Queries) DeleteAttribute added in v0.4.25 

func (q *Queries) DeleteAttribute(ctx context.Context, id string) (int64, error)

DeleteAttribute 

DELETE FROM attribute_definitions WHERE id = $1

func (*Queries) DeleteAttributeValue added in v0.4.25 

func (q *Queries) DeleteAttributeValue(ctx context.Context, id string) (int64, error)

DeleteAttributeValue 

DELETE FROM attribute_values WHERE id = $1

func (*Queries) DeleteKeyAccessServer added in v0.4.17 

func (q *Queries) DeleteKeyAccessServer(ctx context.Context, id string) (int64, error)

DeleteKeyAccessServer 

DELETE FROM key_access_servers WHERE id = $1

func (*Queries) DeleteNamespace added in v0.4.24 

func (q *Queries) DeleteNamespace(ctx context.Context, id string) (int64, error)

DeleteNamespace 

DELETE FROM attribute_namespaces WHERE id = $1

func (*Queries) DeleteResourceMapping added in v0.4.25 

func (q *Queries) DeleteResourceMapping(ctx context.Context, id string) (int64, error)

DeleteResourceMapping 

DELETE FROM resource_mappings WHERE id = $1

func (*Queries) DeleteResourceMappingGroup added in v0.4.18 

func (q *Queries) DeleteResourceMappingGroup(ctx context.Context, id string) (int64, error)

DeleteResourceMappingGroup 

DELETE FROM resource_mapping_groups WHERE id = $1

func (*Queries) DeleteSubjectConditionSet added in v0.4.25 

func (q *Queries) DeleteSubjectConditionSet(ctx context.Context, id string) (int64, error)

DeleteSubjectConditionSet 

DELETE FROM subject_condition_set WHERE id = $1

func (*Queries) GetAttribute added in v0.4.25 

func (q *Queries) GetAttribute(ctx context.Context, arg GetAttributeParams) (GetAttributeRow, error)

GetAttribute 

SELECT
    ad.id,
    ad.name as attribute_name,
    ad.rule,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ad.metadata -> 'labels', 'created_at', ad.created_at, 'updated_at', ad.updated_at)) AS metadata,
    ad.namespace_id,
    ad.active,
    n.name as namespace_name,
    JSON_AGG(
        JSON_BUILD_OBJECT(
            'id', avt.id,
            'value', avt.value,
            'active', avt.active,
            'fqn', CONCAT(fqns.fqn, '/value/', avt.value)
        ) ORDER BY ARRAY_POSITION(ad.values_order, avt.id)
    ) AS values,
    JSONB_AGG(
        DISTINCT JSONB_BUILD_OBJECT(
            'id', kas.id,
            'uri', kas.uri,
            'name', kas.name,
            'public_key', kas.public_key
        )
    ) FILTER (WHERE adkag.attribute_definition_id IS NOT NULL) AS grants,
    fqns.fqn,
    defk.keys as keys
FROM attribute_definitions ad
LEFT JOIN attribute_namespaces n ON n.id = ad.namespace_id
LEFT JOIN (
    SELECT
        av.id,
        av.value,
        av.active,
        JSON_AGG(DISTINCT JSONB_BUILD_OBJECT('id', vkas.id,'uri', vkas.uri,'name', vkas.name,'public_key', vkas.public_key )) FILTER (WHERE vkas.id IS NOT NULL AND vkas.uri IS NOT NULL AND vkas.public_key IS NOT NULL) AS val_grants_arr,
        av.attribute_definition_id
    FROM attribute_values av
    LEFT JOIN attribute_value_key_access_grants avg ON av.id = avg.attribute_value_id
    LEFT JOIN key_access_servers vkas ON avg.key_access_server_id = vkas.id
    GROUP BY av.id
) avt ON avt.attribute_definition_id = ad.id
LEFT JOIN attribute_definition_key_access_grants adkag ON adkag.attribute_definition_id = ad.id
LEFT JOIN key_access_servers kas ON kas.id = adkag.key_access_server_id
LEFT JOIN attribute_fqns fqns ON fqns.attribute_id = ad.id AND fqns.value_id IS NULL
LEFT JOIN (
    SELECT
        k.definition_id,
        JSONB_AGG(
            DISTINCT JSONB_BUILD_OBJECT(
                'key', JSONB_BUILD_OBJECT(
                    'id', kask.id,
                    'key_id', kask.key_id,
                    'key_status', kask.key_status,
                    'key_mode', kask.key_mode,
                    'key_algorithm', kask.key_algorithm,
                    'public_key_ctx', kask.public_key_ctx
                ),
                'kas_id', kask.key_access_server_id,
                'kas_uri', kas.uri
            )
        ) FILTER (WHERE kask.id IS NOT NULL) AS keys
    FROM attribute_definition_public_key_map k
    INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id
    INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id
    GROUP BY k.definition_id
) defk ON ad.id = defk.definition_id
WHERE ($1::uuid IS NULL OR ad.id = $1::uuid)
  AND ($2::text IS NULL OR REGEXP_REPLACE(fqns.fqn, '^https?://', '') = REGEXP_REPLACE($2::text, '^https?://', ''))
GROUP BY ad.id, n.name, fqns.fqn, defk.keys

func (*Queries) GetAttributeValue added in v0.4.25 

func (q *Queries) GetAttributeValue(ctx context.Context, arg GetAttributeValueParams) (GetAttributeValueRow, error)

GetAttributeValue 

SELECT
    av.id,
    av.value,
    av.active,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', av.metadata -> 'labels', 'created_at', av.created_at, 'updated_at', av.updated_at)) as metadata,
    av.attribute_definition_id,
    fqns.fqn,
    JSONB_AGG(
        DISTINCT JSONB_BUILD_OBJECT(
            'id', kas.id,
            'uri', kas.uri,
            'name', kas.name,
            'public_key', kas.public_key
        )
    ) FILTER (WHERE avkag.attribute_value_id IS NOT NULL) AS grants,
    value_keys.keys as keys
FROM attribute_values av
LEFT JOIN attribute_fqns fqns ON av.id = fqns.value_id
LEFT JOIN attribute_value_key_access_grants avkag ON av.id = avkag.attribute_value_id
LEFT JOIN key_access_servers kas ON avkag.key_access_server_id = kas.id
LEFT JOIN (
    SELECT
        k.value_id,
        JSONB_AGG(
            DISTINCT JSONB_BUILD_OBJECT(
                'kas_id', kask.key_access_server_id,
                'kas_uri', kas.uri,
                'key', JSONB_BUILD_OBJECT(
                    'id', kask.id,
                    'key_id', kask.key_id,
                    'key_status', kask.key_status,
                    'key_mode', kask.key_mode,
                    'key_algorithm', kask.key_algorithm,
                    'public_key_ctx', kask.public_key_ctx
                )
            )
        ) FILTER (WHERE kask.id IS NOT NULL) AS keys
    FROM attribute_value_public_key_map k
    INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id
    INNER JOIN key_access_servers kas ON kas.id = kask.key_access_server_id
    GROUP BY k.value_id
) value_keys ON av.id = value_keys.value_id
WHERE ($1::uuid IS NULL OR av.id = $1::uuid)
  AND ($2::text IS NULL OR REGEXP_REPLACE(fqns.fqn, '^https?://', '') = REGEXP_REPLACE($2::text, '^https?://', ''))
GROUP BY av.id, fqns.fqn, value_keys.keys

func (*Queries) GetKeyAccessServer added in v0.4.17 

func (q *Queries) GetKeyAccessServer(ctx context.Context, arg GetKeyAccessServerParams) (GetKeyAccessServerRow, error)

GetKeyAccessServer 

SELECT
    kas.id,
    kas.uri,
    kas.public_key,
    kas.name,
    kas.source_type,
    JSON_STRIP_NULLS(
        JSON_BUILD_OBJECT(
            'labels', metadata -> 'labels',
            'created_at', created_at,
            'updated_at', updated_at
        )
    ) AS metadata,
    kask_keys.keys
FROM key_access_servers AS kas
LEFT JOIN (
        SELECT
            kask.key_access_server_id,
            JSONB_AGG(
                DISTINCT JSONB_BUILD_OBJECT(
                    'kas_id', kask.key_access_server_id,
                    'key', JSONB_BUILD_OBJECT(
                        'id', kask.id,
                        'key_id', kask.key_id,
                        'key_status', kask.key_status,
                        'key_mode', kask.key_mode,
                        'key_algorithm', kask.key_algorithm,
                        'public_key_ctx', kask.public_key_ctx
                    )
                )
            ) FILTER (WHERE kask.id IS NOT NULL) AS keys
        FROM key_access_server_keys kask
        GROUP BY kask.key_access_server_id
    ) kask_keys ON kas.id = kask_keys.key_access_server_id
WHERE ($1::uuid IS NULL OR kas.id = $1::uuid)
  AND ($2::text IS NULL OR kas.name = $2::text)
  AND ($3::text IS NULL OR kas.uri = $3::text)

func (*Queries) GetNamespace added in v0.4.19 

func (q *Queries) GetNamespace(ctx context.Context, arg GetNamespaceParams) (GetNamespaceRow, error)

GetNamespace 

SELECT
    ns.id,
    ns.name,
    ns.active,
    fqns.fqn,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ns.metadata -> 'labels', 'created_at', ns.created_at, 'updated_at', ns.updated_at)) as metadata,
    JSONB_AGG(DISTINCT JSONB_BUILD_OBJECT(
        'id', kas.id,
        'uri', kas.uri,
        'name', kas.name,
        'public_key', kas.public_key
    )) FILTER (WHERE kas_ns_grants.namespace_id IS NOT NULL) as grants,
    nmp_keys.keys as keys
FROM attribute_namespaces ns
LEFT JOIN attribute_namespace_key_access_grants kas_ns_grants ON kas_ns_grants.namespace_id = ns.id
LEFT JOIN key_access_servers kas ON kas.id = kas_ns_grants.key_access_server_id
LEFT JOIN attribute_fqns fqns ON fqns.namespace_id = ns.id
LEFT JOIN (
    SELECT
        k.namespace_id,
        JSONB_AGG(
            DISTINCT JSONB_BUILD_OBJECT(
                'kas_id', kask.key_access_server_id,
                'kas_uri', kas.uri,
                'key', JSONB_BUILD_OBJECT(
                    'id', kask.id,
                    'key_id', kask.key_id,
                    'key_status', kask.key_status,
                    'key_mode', kask.key_mode,
                    'key_algorithm', kask.key_algorithm,
                    'public_key_ctx', kask.public_key_ctx
                )
            )
        ) FILTER (WHERE kask.id IS NOT NULL) AS keys
    FROM attribute_namespace_public_key_map k
    INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id
    INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id
    GROUP BY k.namespace_id
) nmp_keys ON ns.id = nmp_keys.namespace_id
WHERE fqns.attribute_id IS NULL AND fqns.value_id IS NULL
  AND ($1::uuid IS NULL OR ns.id = $1::uuid)
  AND ($2::text IS NULL OR ns.name = REGEXP_REPLACE($2::text, '^https?://', ''))
GROUP BY ns.id, fqns.fqn, nmp_keys.keys

func (*Queries) GetResourceMapping added in v0.4.25 

func (q *Queries) GetResourceMapping(ctx context.Context, id string) (GetResourceMappingRow, error)

GetResourceMapping 

SELECT
    m.id,
    JSON_BUILD_OBJECT('id', av.id, 'value', av.value, 'fqn', fqns.fqn) as attribute_value,
    m.terms,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', m.metadata -> 'labels', 'created_at', m.created_at, 'updated_at', m.updated_at)) as metadata,
    COALESCE(m.group_id::TEXT, '')::TEXT as group_id
FROM resource_mappings m
LEFT JOIN attribute_values av on m.attribute_value_id = av.id
LEFT JOIN attribute_fqns fqns on av.id = fqns.value_id
WHERE m.id = $1
GROUP BY av.id, m.id, fqns.fqn

func (*Queries) GetResourceMappingGroup added in v0.4.18 

func (q *Queries) GetResourceMappingGroup(ctx context.Context, id string) (GetResourceMappingGroupRow, error)

GetResourceMappingGroup 

SELECT id, namespace_id, name,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata
FROM resource_mapping_groups
WHERE id = $1

func (*Queries) GetSubjectConditionSet added in v0.4.25 

func (q *Queries) GetSubjectConditionSet(ctx context.Context, id string) (GetSubjectConditionSetRow, error)

GetSubjectConditionSet 

SELECT
    id,
    condition,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', metadata -> 'labels', 'created_at', created_at, 'updated_at', updated_at)) as metadata
FROM subject_condition_set
WHERE id = $1

func (*Queries) ListAttributeValues added in v0.4.25 

func (q *Queries) ListAttributeValues(ctx context.Context, arg ListAttributeValuesParams) ([]ListAttributeValuesRow, error)

-------------------------------------------------------------- ATTRIBUTE VALUES -------------------------------------------------------------- 

WITH counted AS (
    SELECT COUNT(av.id) AS total
    FROM attribute_values av
)
SELECT
    av.id,
    av.value,
    av.active,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', av.metadata -> 'labels', 'created_at', av.created_at, 'updated_at', av.updated_at)) as metadata,
    av.attribute_definition_id,
    fqns.fqn,
    counted.total
FROM attribute_values av
CROSS JOIN counted
LEFT JOIN attribute_fqns fqns ON av.id = fqns.value_id
WHERE (
    ($1::BOOLEAN IS NULL OR av.active = $1) AND
    (NULLIF($2, '') IS NULL OR av.attribute_definition_id = $2::UUID)
)
LIMIT $4
OFFSET $3

func (*Queries) ListAttributesDetail added in v0.4.25 

func (q *Queries) ListAttributesDetail(ctx context.Context, arg ListAttributesDetailParams) ([]ListAttributesDetailRow, error)

-------------------------------------------------------------- ATTRIBUTES -------------------------------------------------------------- 

WITH counted AS (
    SELECT COUNT(ad.id) AS total
    FROM attribute_definitions ad
)
SELECT
    ad.id,
    ad.name as attribute_name,
    ad.rule,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ad.metadata -> 'labels', 'created_at', ad.created_at, 'updated_at', ad.updated_at)) AS metadata,
    ad.namespace_id,
    ad.active,
    n.name as namespace_name,
    JSON_AGG(
        JSON_BUILD_OBJECT(
            'id', avt.id,
            'value', avt.value,
            'active', avt.active,
            'fqn', CONCAT(fqns.fqn, '/value/', avt.value)
        ) ORDER BY ARRAY_POSITION(ad.values_order, avt.id)
    ) AS values,
    fqns.fqn,
    counted.total
FROM attribute_definitions ad
CROSS JOIN counted
LEFT JOIN attribute_namespaces n ON n.id = ad.namespace_id
LEFT JOIN (
  SELECT
    av.id,
    av.value,
    av.active,
    JSON_AGG(
        DISTINCT JSONB_BUILD_OBJECT(
            'id', vkas.id,
            'uri', vkas.uri,
            'name', vkas.name,
            'public_key', vkas.public_key
        )
    ) FILTER (WHERE vkas.id IS NOT NULL AND vkas.uri IS NOT NULL AND vkas.public_key IS NOT NULL) AS val_grants_arr,
    av.attribute_definition_id
  FROM attribute_values av
  LEFT JOIN attribute_value_key_access_grants avg ON av.id = avg.attribute_value_id
  LEFT JOIN key_access_servers vkas ON avg.key_access_server_id = vkas.id
  GROUP BY av.id
) avt ON avt.attribute_definition_id = ad.id
LEFT JOIN attribute_fqns fqns ON fqns.attribute_id = ad.id AND fqns.value_id IS NULL
WHERE
    ($1::BOOLEAN IS NULL OR ad.active = $1) AND
    (NULLIF($2, '') IS NULL OR ad.namespace_id = $2::uuid) AND
    (NULLIF($3, '') IS NULL OR n.name = $3)
GROUP BY ad.id, n.name, fqns.fqn, counted.total
LIMIT $5
OFFSET $4

func (*Queries) ListAttributesSummary added in v0.4.25 

func (q *Queries) ListAttributesSummary(ctx context.Context, arg ListAttributesSummaryParams) ([]ListAttributesSummaryRow, error)

ListAttributesSummary 

WITH counted AS (
    SELECT COUNT(ad.id) AS total FROM attribute_definitions ad
)
SELECT
    ad.id,
    ad.name as attribute_name,
    ad.rule,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ad.metadata -> 'labels', 'created_at', ad.created_at, 'updated_at', ad.updated_at)) AS metadata,
    ad.namespace_id,
    ad.active,
    n.name as namespace_name,
    counted.total
FROM attribute_definitions ad
CROSS JOIN counted
LEFT JOIN attribute_namespaces n ON n.id = ad.namespace_id
WHERE ad.namespace_id = $1
GROUP BY ad.id, n.name, counted.total
LIMIT $3
OFFSET $2

func (*Queries) ListKeyAccessServerGrants added in v0.4.19 

func (q *Queries) ListKeyAccessServerGrants(ctx context.Context, arg ListKeyAccessServerGrantsParams) ([]ListKeyAccessServerGrantsRow, error)

-------------------------------------------------------------- KEY ACCESS SERVERS -------------------------------------------------------------- 

WITH listed AS (
    SELECT
        COUNT(*) OVER () AS total,
        kas.id AS kas_id,
        kas.uri AS kas_uri,
        kas.name AS kas_name,
        kas.public_key AS kas_public_key,
        JSON_STRIP_NULLS(JSON_BUILD_OBJECT(
            'labels', kas.metadata -> 'labels',
            'created_at', kas.created_at,
            'updated_at', kas.updated_at
        )) AS kas_metadata,
        JSON_AGG(DISTINCT JSONB_BUILD_OBJECT(
            'id', attrkag.attribute_definition_id,
            'fqn', fqns_on_attr.fqn
        )) FILTER (WHERE attrkag.attribute_definition_id IS NOT NULL) AS attributes_grants,
        JSON_AGG(DISTINCT JSONB_BUILD_OBJECT(
            'id', valkag.attribute_value_id,
            'fqn', fqns_on_vals.fqn
        )) FILTER (WHERE valkag.attribute_value_id IS NOT NULL) AS values_grants,
        JSON_AGG(DISTINCT JSONB_BUILD_OBJECT(
            'id', nskag.namespace_id,
            'fqn', fqns_on_ns.fqn
        )) FILTER (WHERE nskag.namespace_id IS NOT NULL) AS namespace_grants
    FROM key_access_servers AS kas
    LEFT JOIN
        attribute_definition_key_access_grants AS attrkag
        ON kas.id = attrkag.key_access_server_id
    LEFT JOIN
        attribute_fqns AS fqns_on_attr
        ON attrkag.attribute_definition_id = fqns_on_attr.attribute_id
            AND fqns_on_attr.value_id IS NULL
    LEFT JOIN
        attribute_value_key_access_grants AS valkag
        ON kas.id = valkag.key_access_server_id
    LEFT JOIN
        attribute_fqns AS fqns_on_vals
        ON valkag.attribute_value_id = fqns_on_vals.value_id
    LEFT JOIN
        attribute_namespace_key_access_grants AS nskag
        ON kas.id = nskag.key_access_server_id
    LEFT JOIN
        attribute_fqns AS fqns_on_ns
            ON nskag.namespace_id = fqns_on_ns.namespace_id
        AND fqns_on_ns.attribute_id IS NULL AND fqns_on_ns.value_id IS NULL
    WHERE (NULLIF($3, '') IS NULL OR kas.id = $3::uuid)
        AND (NULLIF($4, '') IS NULL OR kas.uri = $4::varchar)
        AND (NULLIF($5, '') IS NULL OR kas.name = $5::varchar)
    GROUP BY
        kas.id
)
SELECT
    listed.kas_id,
    listed.kas_uri,
    listed.kas_name,
    listed.kas_public_key,
    listed.kas_metadata,
    listed.attributes_grants,
    listed.values_grants,
    listed.namespace_grants,
    listed.total
FROM listed
LIMIT $2
OFFSET $1

func (*Queries) ListKeyAccessServers added in v0.4.17 

func (q *Queries) ListKeyAccessServers(ctx context.Context, arg ListKeyAccessServersParams) ([]ListKeyAccessServersRow, error)

ListKeyAccessServers 

WITH counted AS (
    SELECT COUNT(kas.id) AS total
    FROM key_access_servers AS kas
)
SELECT kas.id,
    kas.uri,
    kas.public_key,
    kas.name AS kas_name,
    kas.source_type,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', kas.metadata -> 'labels', 'created_at', kas.created_at, 'updated_at', kas.updated_at)) AS metadata,
    kask_keys.keys,
    counted.total
FROM key_access_servers AS kas
CROSS JOIN counted
LEFT JOIN (
        SELECT
            kask.key_access_server_id,
            JSONB_AGG(
                DISTINCT JSONB_BUILD_OBJECT(
                    'kas_id', kask.key_access_server_id,
                    'key', JSONB_BUILD_OBJECT(
                        'id', kask.id,
                        'key_id', kask.key_id,
                        'key_status', kask.key_status,
                        'key_mode', kask.key_mode,
                        'key_algorithm', kask.key_algorithm,
                        'public_key_ctx', kask.public_key_ctx
                    )
                )
            ) FILTER (WHERE kask.id IS NOT NULL) AS keys
        FROM key_access_server_keys kask
        GROUP BY kask.key_access_server_id
    ) kask_keys ON kas.id = kask_keys.key_access_server_id
LIMIT $2
OFFSET $1

func (*Queries) ListNamespaces added in v0.4.24 

func (q *Queries) ListNamespaces(ctx context.Context, arg ListNamespacesParams) ([]ListNamespacesRow, error)

-------------------------------------------------------------- NAMESPACES -------------------------------------------------------------- 

WITH counted AS (
    SELECT COUNT(id) AS total FROM attribute_namespaces
)
SELECT
    ns.id,
    ns.name,
    ns.active,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', ns.metadata -> 'labels', 'created_at', ns.created_at, 'updated_at', ns.updated_at)) as metadata,
    fqns.fqn,
    counted.total
FROM attribute_namespaces ns
CROSS JOIN counted
LEFT JOIN attribute_fqns fqns ON ns.id = fqns.namespace_id AND fqns.attribute_id IS NULL
WHERE ($1::BOOLEAN IS NULL OR ns.active = $1::BOOLEAN)
LIMIT $3
OFFSET $2

func (*Queries) ListResourceMappingGroups added in v0.4.18 

func (q *Queries) ListResourceMappingGroups(ctx context.Context, arg ListResourceMappingGroupsParams) ([]ListResourceMappingGroupsRow, error)

-------------------------------------------------------------- RESOURCE MAPPING GROUPS -------------------------------------------------------------- 

WITH counted AS (
    SELECT COUNT(rmg.id) AS total
    FROM resource_mapping_groups rmg
)
SELECT rmg.id,
    rmg.namespace_id,
    rmg.name,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', rmg.metadata -> 'labels', 'created_at', rmg.created_at, 'updated_at', rmg.updated_at)) as metadata,
    counted.total
FROM resource_mapping_groups rmg
CROSS JOIN counted
WHERE (NULLIF($1, '') IS NULL OR rmg.namespace_id = $1::uuid)
LIMIT $3
OFFSET $2

func (*Queries) ListResourceMappings added in v0.4.25 

func (q *Queries) ListResourceMappings(ctx context.Context, arg ListResourceMappingsParams) ([]ListResourceMappingsRow, error)

-------------------------------------------------------------- RESOURCE MAPPING -------------------------------------------------------------- 

WITH counted AS (
    SELECT COUNT(rm.id) AS total
    FROM resource_mappings rm
)
SELECT
    m.id,
    JSON_BUILD_OBJECT('id', av.id, 'value', av.value, 'fqn', fqns.fqn) as attribute_value,
    m.terms,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', m.metadata -> 'labels', 'created_at', m.created_at, 'updated_at', m.updated_at)) as metadata,
    JSON_STRIP_NULLS(
        JSON_BUILD_OBJECT(
            'id', rmg.id,
            'name', rmg.name,
            'namespace_id', rmg.namespace_id
        )
    ) AS group,
    counted.total
FROM resource_mappings m
CROSS JOIN counted
LEFT JOIN attribute_values av on m.attribute_value_id = av.id
LEFT JOIN attribute_fqns fqns on av.id = fqns.value_id
LEFT JOIN resource_mapping_groups rmg ON m.group_id = rmg.id
WHERE (NULLIF($1, '') IS NULL OR m.group_id = $1::UUID)
GROUP BY av.id, m.id, fqns.fqn, rmg.id, rmg.name, rmg.namespace_id, counted.total
LIMIT $3
OFFSET $2

func (*Queries) ListResourceMappingsByFullyQualifiedGroup added in v0.4.19 

func (q *Queries) ListResourceMappingsByFullyQualifiedGroup(ctx context.Context, arg ListResourceMappingsByFullyQualifiedGroupParams) ([]ListResourceMappingsByFullyQualifiedGroupRow, error)

CTE to cache the group JSON build since it will be the same for all mappings of the group 

WITH groups_cte AS (
    SELECT
        g.id,
        JSON_BUILD_OBJECT(
            'id', g.id,
            'namespace_id', g.namespace_id,
            'name', g.name,
            'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT(
                'labels', g.metadata -> 'labels',
                'created_at', g.created_at,
                'updated_at', g.updated_at
            ))
        ) as group
    FROM resource_mapping_groups g
    JOIN attribute_namespaces ns on g.namespace_id = ns.id
    WHERE ns.name = $1 AND g.name = $2
)
SELECT
    m.id,
    JSON_BUILD_OBJECT('id', av.id, 'value', av.value, 'fqn', fqns.fqn) as attribute_value,
    m.terms,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', m.metadata -> 'labels', 'created_at', m.created_at, 'updated_at', m.updated_at)) as metadata,
    g.group
FROM resource_mappings m
JOIN groups_cte g ON m.group_id = g.id
JOIN attribute_values av on m.attribute_value_id = av.id
JOIN attribute_fqns fqns on av.id = fqns.value_id

func (*Queries) ListSubjectConditionSets added in v0.4.25 

func (q *Queries) ListSubjectConditionSets(ctx context.Context, arg ListSubjectConditionSetsParams) ([]ListSubjectConditionSetsRow, error)

-------------------------------------------------------------- SUBJECT CONDITION SETS -------------------------------------------------------------- 

WITH counted AS (
    SELECT COUNT(scs.id) AS total
    FROM subject_condition_set scs
)
SELECT
    scs.id,
    scs.condition,
    JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', scs.metadata -> 'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at)) as metadata,
    counted.total
FROM subject_condition_set scs
CROSS JOIN counted
LIMIT $2
OFFSET $1

func (*Queries) RemoveKeyAccessServerFromAttribute added in v0.4.25 

func (q *Queries) RemoveKeyAccessServerFromAttribute(ctx context.Context, arg RemoveKeyAccessServerFromAttributeParams) (int64, error)

RemoveKeyAccessServerFromAttribute 

DELETE FROM attribute_definition_key_access_grants
WHERE attribute_definition_id = $1 AND key_access_server_id = $2

func (*Queries) RemoveKeyAccessServerFromAttributeValue added in v0.4.25 

func (q *Queries) RemoveKeyAccessServerFromAttributeValue(ctx context.Context, arg RemoveKeyAccessServerFromAttributeValueParams) (int64, error)

RemoveKeyAccessServerFromAttributeValue 

DELETE FROM attribute_value_key_access_grants
WHERE attribute_value_id = $1 AND key_access_server_id = $2

func (*Queries) RemoveKeyAccessServerFromNamespace added in v0.4.19 

func (q *Queries) RemoveKeyAccessServerFromNamespace(ctx context.Context, arg RemoveKeyAccessServerFromNamespaceParams) (int64, error)

RemoveKeyAccessServerFromNamespace 

DELETE FROM attribute_namespace_key_access_grants
WHERE namespace_id = $1 AND key_access_server_id = $2

func (*Queries) UpdateAttribute added in v0.4.25 

func (q *Queries) UpdateAttribute(ctx context.Context, arg UpdateAttributeParams) (int64, error)

UpdateAttribute: Unsafe and Safe Updates both 

UPDATE attribute_definitions
SET
    name = COALESCE($2, name),
    rule = COALESCE($3, rule),
    values_order = COALESCE($4, values_order),
    metadata = COALESCE($5, metadata),
    active = COALESCE($6, active)
WHERE id = $1

func (*Queries) UpdateAttributeValue added in v0.4.25 

func (q *Queries) UpdateAttributeValue(ctx context.Context, arg UpdateAttributeValueParams) (int64, error)

UpdateAttributeValue: Safe and Unsafe Updates both 

UPDATE attribute_values
SET
    value = COALESCE($2, value),
    active = COALESCE($3, active),
    metadata = COALESCE($4, metadata)
WHERE id = $1

func (*Queries) UpdateKeyAccessServer added in v0.4.17 

func (q *Queries) UpdateKeyAccessServer(ctx context.Context, arg UpdateKeyAccessServerParams) (int64, error)

UpdateKeyAccessServer 

UPDATE key_access_servers
SET
    uri = COALESCE($2, uri),
    public_key = COALESCE($3, public_key),
    name = COALESCE($4, name),
    metadata = COALESCE($5, metadata),
    source_type = COALESCE($6, source_type)
WHERE id = $1

func (*Queries) UpdateNamespace added in v0.4.24 

func (q *Queries) UpdateNamespace(ctx context.Context, arg UpdateNamespaceParams) (int64, error)

UpdateNamespace: both Safe and Unsafe Updates 

UPDATE attribute_namespaces
SET
    name = COALESCE($2, name),
    active = COALESCE($3, active),
    metadata = COALESCE($4, metadata)
WHERE id = $1

func (*Queries) UpdateResourceMapping added in v0.4.25 

func (q *Queries) UpdateResourceMapping(ctx context.Context, arg UpdateResourceMappingParams) (int64, error)

UpdateResourceMapping 

UPDATE resource_mappings
SET
    attribute_value_id = COALESCE($2, attribute_value_id),
    terms = COALESCE($3, terms),
    metadata = COALESCE($4, metadata),
    group_id = COALESCE($5, group_id)
WHERE id = $1

func (*Queries) UpdateResourceMappingGroup added in v0.4.18 

func (q *Queries) UpdateResourceMappingGroup(ctx context.Context, arg UpdateResourceMappingGroupParams) (int64, error)

UpdateResourceMappingGroup 

UPDATE resource_mapping_groups
SET
    namespace_id = COALESCE($2, namespace_id),
    name = COALESCE($3, name),
    metadata = COALESCE($4, metadata)
WHERE id = $1

func (*Queries) UpdateSubjectConditionSet added in v0.4.25 

func (q *Queries) UpdateSubjectConditionSet(ctx context.Context, arg UpdateSubjectConditionSetParams) (int64, error)

UpdateSubjectConditionSet 

UPDATE subject_condition_set
SET
    condition = COALESCE($2, condition),
    metadata = COALESCE($3, metadata)
WHERE id = $1

func (*Queries) UpsertAttributeDefinitionFqn added in v0.4.25 

func (q *Queries) UpsertAttributeDefinitionFqn(ctx context.Context, attributeID string) ([]UpsertAttributeDefinitionFqnRow, error)

UpsertAttributeDefinitionFqn 

WITH new_fqns_cte AS (
    -- get attribute definition fqns
    SELECT
        ns.id AS namespace_id,
        ad.id AS attribute_id,
        NULL::UUID AS value_id,
        CONCAT('https://', ns.name, '/attr/', ad.name) AS fqn
    FROM attribute_definitions ad
    JOIN attribute_namespaces ns ON ad.namespace_id = ns.id
    WHERE ad.id = $1
    UNION
    -- get attribute value fqns
    SELECT
        ns.id as namespace_id,
        ad.id as attribute_id,
        av.id as value_id,
        CONCAT('https://', ns.name, '/attr/', ad.name, '/value/', av.value) AS fqn
    FROM attribute_values av
    JOIN attribute_definitions ad on av.attribute_definition_id = ad.id
    JOIN attribute_namespaces ns on ad.namespace_id = ns.id
    WHERE ad.id = $1
)
INSERT INTO attribute_fqns (namespace_id, attribute_id, value_id, fqn)
SELECT
    namespace_id,
    attribute_id,
    value_id,
    fqn
FROM new_fqns_cte
ON CONFLICT (namespace_id, attribute_id, value_id)
    DO UPDATE
        SET fqn = EXCLUDED.fqn
RETURNING
    COALESCE(namespace_id::TEXT, '')::TEXT as namespace_id,
    COALESCE(attribute_id::TEXT, '')::TEXT as attribute_id,
    COALESCE(value_id::TEXT, '')::TEXT as value_id,
    fqn

func (*Queries) UpsertAttributeNamespaceFqn added in v0.4.25 

func (q *Queries) UpsertAttributeNamespaceFqn(ctx context.Context, namespaceID string) ([]UpsertAttributeNamespaceFqnRow, error)

UpsertAttributeNamespaceFqn 

WITH new_fqns_cte AS (
    -- get namespace fqns
    SELECT
        ns.id as namespace_id,
        NULL::UUID as attribute_id,
        NULL::UUID as value_id,
        CONCAT('https://', ns.name) AS fqn
    FROM attribute_namespaces ns
    WHERE ns.id = $1
    UNION
    -- get attribute definition fqns
    SELECT
        ns.id as namespace_id,
        ad.id as attribute_id,
        NULL::UUID as value_id,
        CONCAT('https://', ns.name, '/attr/', ad.name) AS fqn
    FROM attribute_definitions ad
    JOIN attribute_namespaces ns on ad.namespace_id = ns.id
    WHERE ns.id = $1
    UNION
    -- get attribute value fqns
    SELECT
        ns.id as namespace_id,
        ad.id as attribute_id,
        av.id as value_id,
        CONCAT('https://', ns.name, '/attr/', ad.name, '/value/', av.value) AS fqn
    FROM attribute_values av
    JOIN attribute_definitions ad on av.attribute_definition_id = ad.id
    JOIN attribute_namespaces ns on ad.namespace_id = ns.id
    WHERE ns.id = $1
)
INSERT INTO attribute_fqns (namespace_id, attribute_id, value_id, fqn)
SELECT
    namespace_id,
    attribute_id,
    value_id,
    fqn
FROM new_fqns_cte
ON CONFLICT (namespace_id, attribute_id, value_id)
    DO UPDATE
        SET fqn = EXCLUDED.fqn
RETURNING
    COALESCE(namespace_id::TEXT, '')::TEXT as namespace_id,
    COALESCE(attribute_id::TEXT, '')::TEXT as attribute_id,
    COALESCE(value_id::TEXT, '')::TEXT as value_id,
    fqn

func (*Queries) UpsertAttributeValueFqn added in v0.4.25 

func (q *Queries) UpsertAttributeValueFqn(ctx context.Context, valueID string) ([]UpsertAttributeValueFqnRow, error)

-------------------------------------------------------------- ATTRIBUTE FQN -------------------------------------------------------------- 

WITH new_fqns_cte AS (
    -- get attribute value fqns
    SELECT
        ns.id AS namespace_id,
        ad.id AS attribute_id,
        av.id AS value_id,
        CONCAT('https://', ns.name, '/attr/', ad.name, '/value/', av.value) AS fqn
    FROM attribute_values av
    INNER JOIN attribute_definitions AS ad ON av.attribute_definition_id = ad.id
    INNER JOIN attribute_namespaces AS ns ON ad.namespace_id = ns.id
    WHERE av.id = $1
)

INSERT INTO attribute_fqns (namespace_id, attribute_id, value_id, fqn)
SELECT
    namespace_id,
    attribute_id,
    value_id,
    fqn
FROM new_fqns_cte
ON CONFLICT (namespace_id, attribute_id, value_id)
    DO UPDATE
        SET fqn = EXCLUDED.fqn
RETURNING
    COALESCE(namespace_id::TEXT, '')::TEXT AS namespace_id,
    COALESCE(attribute_id::TEXT, '')::TEXT AS attribute_id,
    COALESCE(value_id::TEXT, '')::TEXT AS value_id,
    fqn

func (*Queries) WithTx added in v0.4.17 

func (q *Queries) WithTx(tx pgx.Tx) *Queries

type RegisteredResource added in v0.5.3 

type RegisteredResource struct {
	// Primary key for the table
	ID string `json:"id"`
	// Name for the registered resource
	Name string `json:"name"`
	// Metadata for the registered resource (see protos for structure)
	Metadata []byte `json:"metadata"`
	// Timestamp when the record was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the record was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store registered resources

type RegisteredResourceActionAttributeValue added in v0.5.3 

type RegisteredResourceActionAttributeValue struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the registered_resource_values table
	RegisteredResourceValueID string `json:"registered_resource_value_id"`
	// Foreign key to the actions table
	ActionID string `json:"action_id"`
	// Foreign key to the attribute_values table
	AttributeValueID string `json:"attribute_value_id"`
	// Timestamp when the record was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the record was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store the linkage of registered resource values to actions and attribute values

type RegisteredResourceValue added in v0.5.3 

type RegisteredResourceValue struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the registered_resources table
	RegisteredResourceID string `json:"registered_resource_id"`
	// Value for the registered resource value
	Value string `json:"value"`
	// Metadata for the registered resource value (see protos for structure)
	Metadata []byte `json:"metadata"`
	// Timestamp when the record was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the record was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}

Table to store registered resource values

type RemoveKeyAccessServerFromAttributeParams added in v0.4.25 

type RemoveKeyAccessServerFromAttributeParams struct {
	AttributeDefinitionID string `json:"attribute_definition_id"`
	KeyAccessServerID     string `json:"key_access_server_id"`
}

type RemoveKeyAccessServerFromAttributeValueParams added in v0.4.25 

type RemoveKeyAccessServerFromAttributeValueParams struct {
	AttributeValueID  string `json:"attribute_value_id"`
	KeyAccessServerID string `json:"key_access_server_id"`
}

type RemoveKeyAccessServerFromNamespaceParams added in v0.4.19 

type RemoveKeyAccessServerFromNamespaceParams struct {
	NamespaceID       string `json:"namespace_id"`
	KeyAccessServerID string `json:"key_access_server_id"`
}

type ResourceMapping added in v0.4.17 

type ResourceMapping struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the attribute value
	AttributeValueID string `json:"attribute_value_id"`
	// Terms to match against resource data (i.e. translations "roi", "rey", or "kung" in a terms list could map to the value "/attr/card/value/king")
	Terms []string `json:"terms"`
	// Metadata for the resource mapping (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Foreign key to the parent group of the resource mapping (optional, a resource mapping may not be in a group)
	GroupID pgtype.UUID `json:"group_id"`
}

Table to store associated terms that should map resource data to attribute values

type ResourceMappingGroup added in v0.4.18 

type ResourceMappingGroup struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the namespace of the attribute
	NamespaceID string `json:"namespace_id"`
	// Name for the group of resource mappings
	Name      string             `json:"name"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	Metadata  []byte             `json:"metadata"`
}

Table to store the groups of resource mappings by unique namespace and group name combinations

type SubjectConditionSet added in v0.4.17 

type SubjectConditionSet struct {
	// Primary key for the table
	ID string `json:"id"`
	// Conditions that must be met for the subject entity to be entitled to the attribute value (see protos for JSON structure)
	Condition []byte `json:"condition"`
	// Metadata for the condition set (see protos for structure)
	Metadata       []byte             `json:"metadata"`
	CreatedAt      pgtype.Timestamptz `json:"created_at"`
	UpdatedAt      pgtype.Timestamptz `json:"updated_at"`
	SelectorValues []string           `json:"selector_values"`
}

Table to store sets of conditions that logically entitle subject entity representations to attribute values via a subject mapping

type SubjectMapping added in v0.4.17 

type SubjectMapping struct {
	// Primary key for the table
	ID string `json:"id"`
	// Foreign key to the attribute value
	AttributeValueID string `json:"attribute_value_id"`
	// Metadata for the subject mapping (see protos for structure)
	Metadata  []byte             `json:"metadata"`
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Foreign key to the condition set that entitles the subject entity to the attribute value
	SubjectConditionSetID pgtype.UUID `json:"subject_condition_set_id"`
}

Table to store conditions that logically entitle subject entity representations to attribute values

type SubjectMappingAction added in v0.5.3 

type SubjectMappingAction struct {
	SubjectMappingID string           `json:"subject_mapping_id"`
	ActionID         string           `json:"action_id"`
	CreatedAt        pgtype.Timestamp `json:"created_at"`
}

type SymKey added in v0.5.3 

type SymKey struct {
	// Unique identifier for the key
	ID string `json:"id"`
	// Unique identifier for the key
	KeyID string `json:"key_id"`
	// Indicates the status of the key Active, Inactive, Compromised, or Expired
	KeyStatus int32 `json:"key_status"`
	// Indicates whether the key is stored LOCAL or REMOTE
	KeyMode int32 `json:"key_mode"`
	// Key value in binary format
	KeyValue []byte `json:"key_value"`
	// Reference the provider configuration for this key
	ProviderConfigID pgtype.UUID `json:"provider_config_id"`
	// Timestamp when the key was created
	CreatedAt pgtype.Timestamptz `json:"created_at"`
	// Timestamp when the key was last updated
	UpdatedAt pgtype.Timestamptz `json:"updated_at"`
	// Additional metadata for the key
	Metadata   []byte             `json:"metadata"`
	Expiration pgtype.Timestamptz `json:"expiration"`
}

Table to store symmetric keys

type UpdateAttributeParams added in v0.4.25 

type UpdateAttributeParams struct {
	ID          string                      `json:"id"`
	Name        pgtype.Text                 `json:"name"`
	Rule        NullAttributeDefinitionRule `json:"rule"`
	ValuesOrder []string                    `json:"values_order"`
	Metadata    []byte                      `json:"metadata"`
	Active      pgtype.Bool                 `json:"active"`
}

type UpdateAttributeValueParams added in v0.4.25 

type UpdateAttributeValueParams struct {
	ID       string      `json:"id"`
	Value    pgtype.Text `json:"value"`
	Active   pgtype.Bool `json:"active"`
	Metadata []byte      `json:"metadata"`
}

type UpdateKeyAccessServerParams added in v0.4.17 

type UpdateKeyAccessServerParams struct {
	ID         string      `json:"id"`
	Uri        pgtype.Text `json:"uri"`
	PublicKey  []byte      `json:"public_key"`
	Name       pgtype.Text `json:"name"`
	Metadata   []byte      `json:"metadata"`
	SourceType pgtype.Text `json:"source_type"`
}

type UpdateNamespaceParams added in v0.4.24 

type UpdateNamespaceParams struct {
	ID       string      `json:"id"`
	Name     pgtype.Text `json:"name"`
	Active   pgtype.Bool `json:"active"`
	Metadata []byte      `json:"metadata"`
}

type UpdateResourceMappingGroupParams added in v0.4.18 

type UpdateResourceMappingGroupParams struct {
	ID          string      `json:"id"`
	NamespaceID pgtype.UUID `json:"namespace_id"`
	Name        pgtype.Text `json:"name"`
	Metadata    []byte      `json:"metadata"`
}

type UpdateResourceMappingParams added in v0.4.25 

type UpdateResourceMappingParams struct {
	ID               string      `json:"id"`
	AttributeValueID pgtype.UUID `json:"attribute_value_id"`
	Terms            []string    `json:"terms"`
	Metadata         []byte      `json:"metadata"`
	GroupID          pgtype.UUID `json:"group_id"`
}

type UpdateSubjectConditionSetParams added in v0.4.25 

type UpdateSubjectConditionSetParams struct {
	ID        string `json:"id"`
	Condition []byte `json:"condition"`
	Metadata  []byte `json:"metadata"`
}

type UpsertAttributeDefinitionFqnRow added in v0.4.27 

type UpsertAttributeDefinitionFqnRow struct {
	NamespaceID string `json:"namespace_id"`
	AttributeID string `json:"attribute_id"`
	ValueID     string `json:"value_id"`
	Fqn         string `json:"fqn"`
}

type UpsertAttributeNamespaceFqnRow added in v0.4.27 

type UpsertAttributeNamespaceFqnRow struct {
	NamespaceID string `json:"namespace_id"`
	AttributeID string `json:"attribute_id"`
	ValueID     string `json:"value_id"`
	Fqn         string `json:"fqn"`
}

type UpsertAttributeValueFqnRow added in v0.4.27 

type UpsertAttributeValueFqnRow struct {
	NamespaceID string `json:"namespace_id"`
	AttributeID string `json:"attribute_id"`
	ValueID     string `json:"value_id"`
	Fqn         string `json:"fqn"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.