fga

package

v0.26.2 Latest Latest Go to latest Published: Mar 24, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/platform-mesh/security-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func InitialTuplesForAccount(in InitialTuplesForAccountInput) ([]v1alpha1.Tuple, error)
func ReferencingAccountTupleKey(objectType, accountOriginClusterID, accountName string) *openfgav1.ReadRequestTupleKey
func ReferencingOwnerRoleTupleKey(objectType, accountOriginClusterID, accountName string) *openfgav1.ReadRequestTupleKey
func RenderRolePrefix(objectType, originClusterID, name string) string
func TuplesForOrganization(in TuplesForOrganizationInput) ([]v1alpha1.Tuple, error)
type BaseTuplesInput
type CachingStoreIDGetter
- func NewCachingStoreIDGetter(fga openfgav1.OpenFGAServiceClient, ttl time.Duration, loadCtx context.Context, ...) *CachingStoreIDGetter
- func (m *CachingStoreIDGetter) Get(ctx context.Context, storeName string) (string, error)
type InitialTuplesForAccountInput
type StoreIDGetter
type TupleFilter
- func IsTupleOfAccountFilter(generatedClusterID string) TupleFilter
type TupleManager
- func NewTupleManager(client openfgav1.OpenFGAServiceClient, storeID, authorizationModelID string, ...) *TupleManager
type TuplesForOrganizationInput

Constants ¶

View Source

const AuthorizationModelIDLatest = ""

AuthorizationModelIDLatest is to explicitely acknowledge that no ID means latest.

Variables ¶

This section is empty.

Functions ¶

func InitialTuplesForAccount ¶

func InitialTuplesForAccount(in InitialTuplesForAccountInput) ([]v1alpha1.Tuple, error)

InitialTuplesForAccount returns FGA tuples for an account not of type organization.

func ReferencingAccountTupleKey ¶

func ReferencingAccountTupleKey(objectType, accountOriginClusterID, accountName string) *openfgav1.ReadRequestTupleKey

ReferencingAccountTupleKey returns a key that can be used to List tuples that reference a given account.

func ReferencingOwnerRoleTupleKey ¶

func ReferencingOwnerRoleTupleKey(objectType, accountOriginClusterID, accountName string) *openfgav1.ReadRequestTupleKey

ReferencingOwnerRoleTupleKey returns a key that can be used to List tuples that reference the owner role of a given account.

func RenderRolePrefix ¶

func RenderRolePrefix(objectType, originClusterID, name string) string

RenderRolePrefix returns the prefix for role User strings that reference an Account's roles (e.g. "role:objectType/originClusterID/name/").

func TuplesForOrganization ¶

func TuplesForOrganization(in TuplesForOrganizationInput) ([]v1alpha1.Tuple, error)

TuplesForOrganization returns FGA tuples for an Account of type organization.

Types ¶

type BaseTuplesInput ¶

type BaseTuplesInput struct {
	Creator                string
	AccountOriginClusterID string
	AccountName            string
	CreatorRelation        string
	ObjectType             string
}

type CachingStoreIDGetter ¶

type CachingStoreIDGetter struct {
	// contains filtered or unexported fields
}

CachingStoreIDGetter maps store names to IDs by listing stores in OpenFGA but keeps a local cache to avoid frequent list calls.

func NewCachingStoreIDGetter ¶

func NewCachingStoreIDGetter(fga openfgav1.OpenFGAServiceClient, ttl time.Duration, loadCtx context.Context, log *logger.Logger) *CachingStoreIDGetter

func (*CachingStoreIDGetter) Get ¶

func (m *CachingStoreIDGetter) Get(ctx context.Context, storeName string) (string, error)

Get returns the store ID for the given store name.

type InitialTuplesForAccountInput ¶

type InitialTuplesForAccountInput struct {
	BaseTuplesInput
	ParentOriginClusterID string
	ParentName            string
	ParentRelation        string
}

type StoreIDGetter ¶

type StoreIDGetter interface {
	Get(ctx context.Context, storeName string) (string, error)
}

StoreIDGetter should return the OpenFGA store ID for a store name.

type TupleFilter ¶

type TupleFilter func(t v1alpha1.Tuple) bool

func IsTupleOfAccountFilter ¶

func IsTupleOfAccountFilter(generatedClusterID string) TupleFilter

IsTupleOfAccountFilter returns a filter determining whether a tuple is tied to the given account, i.e. contains its cluster id.

type TupleManager ¶

type TupleManager struct {
	// contains filtered or unexported fields
}

TupleManager wraps around FGA attributes to write and delete sets of tuples.

func NewTupleManager ¶

func NewTupleManager(client openfgav1.OpenFGAServiceClient, storeID, authorizationModelID string, log *logger.Logger) *TupleManager

func (*TupleManager) Apply ¶

func (m *TupleManager) Apply(ctx context.Context, tuples []v1alpha1.Tuple) error

Apply writes a given set of tuples within a single transaction and ignores duplicate writes.

func (*TupleManager) Delete ¶

func (m *TupleManager) Delete(ctx context.Context, tuples []v1alpha1.Tuple) error

Delete deletes a given set of tuples within a single transaction and ignores duplicate deletions.

func (*TupleManager) ListWithFilter ¶

func (m *TupleManager) ListWithFilter(ctx context.Context, filter TupleFilter) ([]v1alpha1.Tuple, error)

ListWithFilter gets all tuples in the store and returns a list of all tuples that match the given filter.

func (*TupleManager) ListWithKey ¶

func (m *TupleManager) ListWithKey(ctx context.Context, key *openfgav1.ReadRequestTupleKey) ([]v1alpha1.Tuple, error)

ListWithKey reads tuples from the store filtered by the given ReadRequestTupleKey.

type TuplesForOrganizationInput ¶

type TuplesForOrganizationInput struct {
	BaseTuplesInput
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL