Documentation
¶
Index ¶
- Constants
- func InitialTuplesForAccount(acc accountv1alpha1.Account, ai accountv1alpha1.AccountInfo, ...) ([]v1alpha1.Tuple, error)
- func ReferencingAccountTupleKey(objectType string, ai accountv1alpha1.AccountInfo) *openfgav1.ReadRequestTupleKey
- func ReferencingOwnerRoleTupleKey(objectType string, ai accountv1alpha1.AccountInfo) *openfgav1.ReadRequestTupleKey
- func RenderRolePrefix(objectType, originClusterID, name string) string
- func TuplesForOrganization(acc accountv1alpha1.Account, ai accountv1alpha1.AccountInfo, ...) ([]v1alpha1.Tuple, error)
- type TupleFilter
- type TupleManager
- func (m *TupleManager) Apply(ctx context.Context, tuples []v1alpha1.Tuple) error
- func (m *TupleManager) Delete(ctx context.Context, tuples []v1alpha1.Tuple) error
- func (m *TupleManager) ListWithFilter(ctx context.Context, filter TupleFilter) ([]v1alpha1.Tuple, error)
- func (m *TupleManager) ListWithKey(ctx context.Context, key *openfgav1.ReadRequestTupleKey) ([]v1alpha1.Tuple, error)
Constants ¶
const AuthorizationModelIDLatest = ""
AuthorizationModelIDLatest is to explicitely acknowledge that no ID means latest.
Variables ¶
This section is empty.
Functions ¶
func InitialTuplesForAccount ¶
func InitialTuplesForAccount(acc accountv1alpha1.Account, ai accountv1alpha1.AccountInfo, creatorRelation, parentRelation, objectType string) ([]v1alpha1.Tuple, error)
InitialTuplesForAccount returns FGA tuples for an account not of type organization.
func ReferencingAccountTupleKey ¶
func ReferencingAccountTupleKey(objectType string, ai accountv1alpha1.AccountInfo) *openfgav1.ReadRequestTupleKey
ReferencingAccountTupleKey returns a key that can be used to List tuples that reference a given account.
func ReferencingOwnerRoleTupleKey ¶
func ReferencingOwnerRoleTupleKey(objectType string, ai accountv1alpha1.AccountInfo) *openfgav1.ReadRequestTupleKey
ReferencingOwnerRoleTupleKey returns a key that can be used to List tuples that reference the owner role of a given account.
func RenderRolePrefix ¶
RenderRolePrefix returns the prefix for role User strings that reference an Account's roles (e.g. "role:objectType/originClusterID/name/").
func TuplesForOrganization ¶
func TuplesForOrganization(acc accountv1alpha1.Account, ai accountv1alpha1.AccountInfo, creatorRelation, objectType string) ([]v1alpha1.Tuple, error)
TuplesForOrganization returns FGA tuples for an Account of type organization.
Types ¶
type TupleFilter ¶
func IsTupleOfAccountFilter ¶
func IsTupleOfAccountFilter(ai accountv1alpha1.AccountInfo) TupleFilter
IsTupleOfAccountFilter returns a filter determining whether a tuple is tied to the given account, i.e. contains its cluster id.
type TupleManager ¶
type TupleManager struct {
// contains filtered or unexported fields
}
TupleManager wraps around FGA attributes to write and delete sets of tuples.
func NewTupleManager ¶
func NewTupleManager(client openfgav1.OpenFGAServiceClient, storeID, authorizationModelID string, log *logger.Logger) *TupleManager
func (*TupleManager) Apply ¶
Apply writes a given set of tuples within a single transaction and ignores duplicate writes.
func (*TupleManager) Delete ¶
Delete deletes a given set of tuples within a single transaction and ignores duplicate deletions.
func (*TupleManager) ListWithFilter ¶
func (m *TupleManager) ListWithFilter(ctx context.Context, filter TupleFilter) ([]v1alpha1.Tuple, error)
ListWithFilter gets all tuples in the store and returns a list of all tuples that match the given filter.
func (*TupleManager) ListWithKey ¶
func (m *TupleManager) ListWithKey(ctx context.Context, key *openfgav1.ReadRequestTupleKey) ([]v1alpha1.Tuple, error)
ListWithKey reads tuples from the store filtered by the given ReadRequestTupleKey.
Source Files