bootstrap

package
v0.103.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 18, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyServiceDefinitionOverAZSchema 

func ApplyServiceDefinitionOverAZSchema(serviceDef *schema.ServiceDefinition, existingDefinitions []*azcore.NamespaceDefinition) ([]*azcore.NamespaceDefinition, error)

ApplyServiceDefinitionOverAZSchema applies the provided user defined service over existing schema and returns the updated schema

func BuildServiceDefinitionFromAZSchema 

func BuildServiceDefinitionFromAZSchema(azDefinitions []*azcore.NamespaceDefinition, serviceFilter ...string) (schema.ServiceDefinition, error)

BuildServiceDefinitionFromAZSchema converts authzed schema to frontier service definition. This conversion is lossy, and it only keeps list of permissions used in the schema per resource

func GetBaseAZSchema 

func GetBaseAZSchema() []*azcore.NamespaceDefinition

func PrepareSchemaAsAZSource 

func PrepareSchemaAsAZSource(authzedDefinitions []*azcore.NamespaceDefinition) (string, error)

func ValidatePreparedAZSchema 

func ValidatePreparedAZSchema(ctx context.Context, azSchemaSource string) error

Types

type AdminConfig 

type AdminConfig struct {
	// Users are a list of email-ids/uuids which needs to be promoted as superusers
	// if email is provided and user doesn't exist, user is created by default
	Users []string `yaml:"users" mapstructure:"users"`
}

AdminConfig is platform administration configuration

type AuthzEngine 

type AuthzEngine interface {
	WriteSchema(ctx context.Context, schema string) error
}

type BillingPlanRepository added in v0.8.0 

type BillingPlanRepository interface {
	Get(ctx context.Context) (plan.File, error)
}

type FileService 

type FileService interface {
	GetDefinition(ctx context.Context) (*schema.ServiceDefinition, error)
}

type NamespaceService 

type NamespaceService interface {
	Upsert(ctx context.Context, ns namespace.Namespace) (namespace.Namespace, error)
}

type PermissionService 

type PermissionService interface {
	List(ctx context.Context, flt permission.Filter) ([]permission.Permission, error)
	Upsert(ctx context.Context, action permission.Permission) (permission.Permission, error)
}

type PlanService added in v0.8.0 

type PlanService interface {
	UpsertPlans(ctx context.Context, planFile plan.File) error
}

type PolicyService added in v0.103.0 

type PolicyService interface {
	Create(ctx context.Context, pol policy.Policy) (policy.Policy, error)
	List(ctx context.Context, flt policy.Filter) ([]policy.Policy, error)
}

PolicyService is policy.Service narrowed to what backfill needs. Goes through Create so the SpiceDB rolebinding tuples land alongside the row.

type RelationService added in v0.93.0 

type RelationService interface {
	Create(ctx context.Context, rel relation.Relation) (relation.Relation, error)
	Delete(ctx context.Context, rel relation.Relation) error
}

type RoleService 

type RoleService interface {
	Get(ctx context.Context, id string) (role.Role, error)
	List(ctx context.Context, f role.Filter) ([]role.Role, error)
	Upsert(ctx context.Context, toCreate role.Role) (role.Role, error)
}

type Service 

type Service struct {
	// contains filtered or unexported fields
}

func NewBootstrapService 

func NewBootstrapService(
	logger *slog.Logger,
	config AdminConfig,
	schemaConfig FileService,
	namespaceService NamespaceService,
	roleService RoleService,
	actionService PermissionService,
	userService UserService,
	authzEngine AuthzEngine,
	relationService RelationService,
	policyService PolicyService,
	serviceuserRepo ServiceUserBackfiller,
	patDeniedPerms map[string]struct{},
	planService PlanService,
	planLocalRepo BillingPlanRepository,
) *Service

func (Service) AppendSchema 

func (s Service) AppendSchema(ctx context.Context, customServiceDefinition schema.ServiceDefinition) error

func (Service) MakeSuperUsers 

func (s Service) MakeSuperUsers(ctx context.Context) error

MakeSuperUsers promote ordinary users to superuser

func (Service) MigrateBillingPlans added in v0.8.0 

func (s Service) MigrateBillingPlans(ctx context.Context) error

func (Service) MigrateRoles 

func (s Service) MigrateRoles(ctx context.Context) error

MigrateRoles migrate predefined roles to org

func (Service) MigrateSchema 

func (s Service) MigrateSchema(ctx context.Context) error

func (Service) MigrateServiceUserOrgPolicies added in v0.103.0 

func (s Service) MigrateServiceUserOrgPolicies(ctx context.Context) error

MigrateServiceUserOrgPolicies backfills the org policy for service users that have only a SpiceDB member relation (legacy creation flow). Idempotent: on a clean cluster the candidate query returns zero rows and this is a no-op. Per-row failures are joined into the return value and also logged; the call site decides whether to abort or warn-and-continue.

type ServiceUserBackfiller added in v0.103.0 

type ServiceUserBackfiller interface {
	ListMissingOrgPolicy(ctx context.Context) ([]ServiceUserCandidate, error)
}

ServiceUserBackfiller exposes the set-difference query. Narrow on purpose — bootstrap shouldn't be able to mutate service users.

type ServiceUserCandidate added in v0.103.0 

type ServiceUserCandidate struct {
	ServiceUserID string
	OrgID         string
}

ServiceUserCandidate is a service user missing its owning-org policy row.

type UserService 

type UserService interface {
	Sudo(ctx context.Context, id string, relationName string) error
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.