services

package
v1.294.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2026 License: MIT Imports: 42 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Environment variable names for Claude credentials
	EnvClaudeAccessToken  = "CLAUDE_ACCESS_TOKEN"
	EnvClaudeRefreshToken = "CLAUDE_REFRESH_TOKEN"
	EnvClaudeExpiresAt    = "CLAUDE_EXPIRES_AT"
)

Variables

This section is empty.

Functions

func BoolPtr added in v1.148.0 

func BoolPtr(b bool) *bool

BoolPtr returns a pointer to a bool

func BootstrapPersonalAPIKeys added in v1.219.0 

func BootstrapPersonalAPIKeys(
	ctx context.Context,
	authService *SimpleAuthService,
	personalAPIKeyRepo repositories.PersonalAPIKeyRepository,
) error

BootstrapPersonalAPIKeys loads existing personal API keys from Kubernetes into auth service

func BootstrapServiceAccounts added in v1.216.0 

func BootstrapServiceAccounts(
	ctx context.Context,
	authService *SimpleAuthService,
	teamConfigRepo repositories.TeamConfigRepository,
) error

BootstrapServiceAccounts loads existing service accounts from Kubernetes and creates missing ones

func ExtractTeamEnvFile added in v1.148.0 

func ExtractTeamEnvFile(tags map[string]string) string

ExtractTeamEnvFile extracts the env_file value from tags

func HashLabelValue added in v1.160.0 

func HashLabelValue(value string) string

HashLabelValue creates a sha256 hash of a value for use as a Kubernetes label value This allows querying by values that may contain invalid characters (e.g., "/" in team IDs) The hash is truncated to 16 characters for brevity while maintaining uniqueness

func HashTeamID added in v1.148.0 

func HashTeamID(teamID string) string

HashTeamID creates a sha256 hash of the team ID for use as a Kubernetes label value This allows querying by team_id without sanitization issues (e.g., "/" in team IDs) The hash is truncated to 63 characters to fit within Kubernetes label value limits

func Int64Ptr added in v1.148.0 

func Int64Ptr(i int64) *int64

Int64Ptr returns a pointer to an int64

func MergeEnvironmentVariables added in v1.148.0 

func MergeEnvironmentVariables(cfg EnvMergeConfig) (map[string]string, error)

MergeEnvironmentVariables merges environment variables from multiple sources with the following priority (highest to lowest): 1. Request environment variables 2. Team/organization specific environment file (from tags["env_file"]) 3. Auth team environment file (from team_role_mapping) 4. Role-based environment variables

func SanitizeLabelKey added in v1.148.0 

func SanitizeLabelKey(s string) string

SanitizeLabelKey sanitizes a string to be used as a Kubernetes label key

func SanitizeLabelValue added in v1.148.0 

func SanitizeLabelValue(s string) string

SanitizeLabelValue sanitizes a string to be used as a Kubernetes label value

func SanitizeSecretName added in v1.148.0 

func SanitizeSecretName(s string) string

SanitizeSecretName sanitizes a string to be used as a Kubernetes Secret name Secret names must be lowercase, alphanumeric, and may contain dashes Example: "myorg/backend-team" -> "myorg-backend-team"

Types

type AuthServiceForBootstrap added in v1.216.0 

type AuthServiceForBootstrap interface {
	CreateServiceAccountForTeam(ctx context.Context, teamID string, teamConfigRepo repositories.TeamConfigRepository) error
	LoadServiceAccountFromTeamConfig(ctx context.Context, teamConfig interface{}) error
}

AuthServiceForBootstrap defines the interface for auth service methods needed by bootstrap

type ChainCredentialProvider added in v1.148.0 

type ChainCredentialProvider struct {
	// contains filtered or unexported fields
}

ChainCredentialProvider tries multiple providers in order until one succeeds

func NewChainCredentialProvider added in v1.148.0 

func NewChainCredentialProvider(providers ...CredentialProvider) *ChainCredentialProvider

NewChainCredentialProvider creates a new ChainCredentialProvider

func (*ChainCredentialProvider) Load added in v1.148.0 

func (p *ChainCredentialProvider) Load(userID string) (*ClaudeCredentials, error)

Load attempts to load credentials from each provider in order Returns the first successful result Returns nil, nil if all providers return nil

func (*ChainCredentialProvider) Name added in v1.148.0 

func (p *ChainCredentialProvider) Name() string

Name returns the provider name

type ClaudeCredentials added in v1.148.0 

type ClaudeCredentials struct {
	AccessToken  string
	RefreshToken string
	ExpiresAt    string // epoch milliseconds as string

	// RawJSON contains the original credentials.json file content
	// When set, this should be used directly instead of reconstructing from fields
	RawJSON []byte
}

ClaudeCredentials represents Claude authentication credentials

type CredentialProvider added in v1.148.0 

type CredentialProvider interface {
	// Name returns the provider name for logging purposes
	Name() string

	// Load attempts to load credentials from this provider for the specified user
	// userID is used to locate user-specific credential files
	// Returns nil, nil if credentials are not available (not an error)
	// Returns nil, error if there was an error loading credentials
	Load(userID string) (*ClaudeCredentials, error)
}

CredentialProvider is an interface for loading Claude credentials from various sources

func DefaultCredentialProvider added in v1.148.0 

func DefaultCredentialProvider() CredentialProvider

DefaultCredentialProvider returns the default credential provider chain Order: Environment variables (highest priority) -> File

type EncryptionServiceFactory added in v1.179.0 

type EncryptionServiceFactory struct {
	// contains filtered or unexported fields
}

EncryptionServiceFactory は EncryptionService の実装を作成するファクトリー

func NewEncryptionServiceFactory added in v1.179.0 

func NewEncryptionServiceFactory(prefix string) *EncryptionServiceFactory

NewEncryptionServiceFactory は EncryptionServiceFactory を作成する 環境変数から設定を読み込む prefix が空の場合は "AGENTAPI_ENCRYPTION" を使用

func (*EncryptionServiceFactory) Create added in v1.179.0 

func (f *EncryptionServiceFactory) Create() (services.EncryptionService, error)

Create は EncryptionService の実装を作成する 優先順位: KMS → Local → Noop

type EncryptionServiceRegistry added in v1.179.0 

type EncryptionServiceRegistry struct {
	// contains filtered or unexported fields
}

EncryptionServiceRegistry manages multiple EncryptionService implementations and selects the appropriate one based on encryption metadata

func NewEncryptionServiceRegistry added in v1.179.0 

func NewEncryptionServiceRegistry(primary services.EncryptionService) *EncryptionServiceRegistry

NewEncryptionServiceRegistry creates a new registry

func (*EncryptionServiceRegistry) GetForDecryption added in v1.179.0 

func (r *EncryptionServiceRegistry) GetForDecryption(metadata services.EncryptionMetadata) services.EncryptionService

GetForDecryption returns the appropriate service for decrypting based on metadata Falls back to primary if no matching service is found

func (*EncryptionServiceRegistry) GetForEncryption added in v1.179.0 

func (r *EncryptionServiceRegistry) GetForEncryption() services.EncryptionService

GetForEncryption returns the primary service used for encrypting new values

func (*EncryptionServiceRegistry) Register added in v1.179.0 

func (r *EncryptionServiceRegistry) Register(service services.EncryptionService)

Register adds an EncryptionService to the registry

func (*EncryptionServiceRegistry) SetPrimary added in v1.179.0 

func (r *EncryptionServiceRegistry) SetPrimary(service services.EncryptionService)

SetPrimary sets the primary encryption service

type EnvCredentialProvider added in v1.148.0 

type EnvCredentialProvider struct{}

EnvCredentialProvider loads credentials from environment variables

func NewEnvCredentialProvider added in v1.148.0 

func NewEnvCredentialProvider() *EnvCredentialProvider

NewEnvCredentialProvider creates a new EnvCredentialProvider

func (*EnvCredentialProvider) Load added in v1.148.0 

func (p *EnvCredentialProvider) Load(_ string) (*ClaudeCredentials, error)

Load attempts to load credentials from environment variables userID is ignored for environment variable provider Returns nil, nil if CLAUDE_ACCESS_TOKEN is not set

func (*EnvCredentialProvider) Name added in v1.148.0 

func (p *EnvCredentialProvider) Name() string

Name returns the provider name

type EnvMergeConfig added in v1.148.0 

type EnvMergeConfig struct {
	RoleEnvFiles    *config.RoleEnvFilesConfig
	UserRole        string
	TeamEnvFile     string // From tags["env_file"]
	AuthTeamEnvFile string // From team_role_mapping
	RequestEnv      map[string]string
}

EnvMergeConfig contains configuration for environment variable merging

type FileCredentialProvider added in v1.148.0 

type FileCredentialProvider struct {
	// contains filtered or unexported fields
}

FileCredentialProvider loads credentials from user-specific credential files When userID is provided, it looks for credentials at: $HOME/.agentapi-proxy/myclaudes/[userID]/.claude/.credentials.json When userID is empty, it falls back to ~/.claude/.credentials.json

func NewFileCredentialProvider added in v1.148.0 

func NewFileCredentialProvider() *FileCredentialProvider

NewFileCredentialProvider creates a new FileCredentialProvider with default path

func NewFileCredentialProviderWithPath added in v1.148.0 

func NewFileCredentialProviderWithPath(path string) *FileCredentialProvider

NewFileCredentialProviderWithPath creates a new FileCredentialProvider with custom path This is primarily used for testing

func (*FileCredentialProvider) Load added in v1.148.0 

func (p *FileCredentialProvider) Load(userID string) (*ClaudeCredentials, error)

Load attempts to load credentials from the file If userID is provided, looks in the user-specific directory Returns nil, nil if the file doesn't exist Returns nil, error if there was an error reading the file

func (*FileCredentialProvider) Name added in v1.148.0 

func (p *FileCredentialProvider) Name() string

Name returns the provider name

type KMSEncryptionService added in v1.179.0 

type KMSEncryptionService struct {
	// contains filtered or unexported fields
}

KMSEncryptionService は AWS KMS を使用した暗号化サービス

func NewKMSEncryptionService added in v1.179.0 

func NewKMSEncryptionService(keyID, region string) (*KMSEncryptionService, error)

NewKMSEncryptionService は KMSEncryptionService を作成する

func (*KMSEncryptionService) Algorithm added in v1.179.0 

func (s *KMSEncryptionService) Algorithm() string

Algorithm は "aws-kms" を返す

func (*KMSEncryptionService) Decrypt added in v1.179.0 

func (s *KMSEncryptionService) Decrypt(ctx context.Context, encrypted *services.EncryptedData) (string, error)

Decrypt は AWS KMS で暗号化されたデータを復号する

func (*KMSEncryptionService) Encrypt added in v1.179.0 

func (s *KMSEncryptionService) Encrypt(ctx context.Context, plaintext string) (*services.EncryptedData, error)

Encrypt は平文を AWS KMS で暗号化する

func (*KMSEncryptionService) KeyID added in v1.179.0 

func (s *KMSEncryptionService) KeyID() string

KeyID は KMS キー ID を返す

type KubernetesSession added in v1.148.0 

type KubernetesSession struct {
	// contains filtered or unexported fields
}

KubernetesSession represents a session running in a Kubernetes Deployment

func NewKubernetesSession added in v1.148.0 

func NewKubernetesSession(
	id string,
	request *entities.RunServerRequest,
	deploymentName, serviceName, pvcName, namespace string,
	servicePort int,
	cancelFunc context.CancelFunc,
	webhookPayload []byte,
) *KubernetesSession

NewKubernetesSession creates a new KubernetesSession

func (*KubernetesSession) Addr added in v1.148.0 

func (s *KubernetesSession) Addr() string

Addr returns the address (host:port) the session is running on For Kubernetes sessions, this returns the Service DNS name with port

func (*KubernetesSession) Cancel added in v1.148.0 

func (s *KubernetesSession) Cancel()

Cancel cancels the session context to trigger shutdown

func (*KubernetesSession) DeploymentName added in v1.148.0 

func (s *KubernetesSession) DeploymentName() string

DeploymentName returns the Kubernetes Deployment name

func (*KubernetesSession) Description added in v1.148.0 

func (s *KubernetesSession) Description() string

Description returns the session description (cached initial message)

func (*KubernetesSession) ID added in v1.148.0 

func (s *KubernetesSession) ID() string

ID returns the session ID

func (*KubernetesSession) Namespace added in v1.148.0 

func (s *KubernetesSession) Namespace() string

Namespace returns the Kubernetes namespace

func (*KubernetesSession) PVCName added in v1.148.0 

func (s *KubernetesSession) PVCName() string

PVCName returns the Kubernetes PVC name

func (*KubernetesSession) Request added in v1.148.0 

func (s *KubernetesSession) Request() *entities.RunServerRequest

Request returns the run server request

func (*KubernetesSession) Scope added in v1.148.0 

func (s *KubernetesSession) Scope() entities.ResourceScope

Scope returns the resource scope ("user" or "team")

func (*KubernetesSession) ServiceDNS added in v1.148.0 

func (s *KubernetesSession) ServiceDNS() string

ServiceDNS returns the Kubernetes Service DNS name for this session

func (*KubernetesSession) ServiceName added in v1.148.0 

func (s *KubernetesSession) ServiceName() string

ServiceName returns the Kubernetes Service name

func (*KubernetesSession) ServicePort added in v1.148.0 

func (s *KubernetesSession) ServicePort() int

ServicePort returns the service port

func (*KubernetesSession) SetDescription added in v1.169.0 

func (s *KubernetesSession) SetDescription(desc string)

SetDescription sets the session description (used for restored sessions from Secret)

func (*KubernetesSession) SetStartedAt added in v1.148.0 

func (s *KubernetesSession) SetStartedAt(t time.Time)

SetStartedAt sets the session start time (used for restored sessions)

func (*KubernetesSession) SetStatus added in v1.148.0 

func (s *KubernetesSession) SetStatus(status string)

SetStatus updates the session status

func (*KubernetesSession) SetUpdatedAt added in v1.190.0 

func (s *KubernetesSession) SetUpdatedAt(t time.Time)

SetUpdatedAt sets the last updated time (used for restored sessions)

func (*KubernetesSession) StartedAt added in v1.148.0 

func (s *KubernetesSession) StartedAt() time.Time

StartedAt returns when the session was started

func (*KubernetesSession) Status added in v1.148.0 

func (s *KubernetesSession) Status() string

Status returns the current status of the session

func (*KubernetesSession) Tags added in v1.148.0 

func (s *KubernetesSession) Tags() map[string]string

Tags returns the session tags

func (*KubernetesSession) TeamID added in v1.148.0 

func (s *KubernetesSession) TeamID() string

TeamID returns the team ID when Scope is "team"

func (*KubernetesSession) TouchUpdatedAt added in v1.190.0 

func (s *KubernetesSession) TouchUpdatedAt()

TouchUpdatedAt updates the updatedAt timestamp to now

func (*KubernetesSession) UpdatedAt added in v1.190.0 

func (s *KubernetesSession) UpdatedAt() time.Time

UpdatedAt returns when the session was last updated

func (*KubernetesSession) UserID added in v1.148.0 

func (s *KubernetesSession) UserID() string

UserID returns the user ID that owns this session

func (*KubernetesSession) WebhookPayload added in v1.205.0 

func (s *KubernetesSession) WebhookPayload() []byte

WebhookPayload returns the webhook payload JSON

type KubernetesSessionManager added in v1.148.0 

type KubernetesSessionManager struct {
	// contains filtered or unexported fields
}

func NewKubernetesSessionManager added in v1.148.0 

func NewKubernetesSessionManager(
	cfg *config.Config,
	verbose bool,
	lgr *logger.Logger,
) (*KubernetesSessionManager, error)

NewKubernetesSessionManager creates a new KubernetesSessionManager

func NewKubernetesSessionManagerWithClient added in v1.148.0 

func NewKubernetesSessionManagerWithClient(
	cfg *config.Config,
	verbose bool,
	lgr *logger.Logger,
	client kubernetes.Interface,
) (*KubernetesSessionManager, error)

NewKubernetesSessionManagerWithClient creates a new KubernetesSessionManager with a custom client This is useful for testing with a fake client

func (*KubernetesSessionManager) CreateSession added in v1.148.0 

func (m *KubernetesSessionManager) CreateSession(ctx context.Context, id string, req *entities.RunServerRequest, webhookPayload []byte) (entities.Session, error)

CreateSession creates a new session with a Kubernetes Deployment

func (*KubernetesSessionManager) DeleteSession added in v1.148.0 

func (m *KubernetesSessionManager) DeleteSession(id string) error

DeleteSession stops and removes a session If the session is not in memory, it attempts to restore from Kubernetes Service first

func (*KubernetesSessionManager) GetClient added in v1.148.0 

func (m *KubernetesSessionManager) GetClient() kubernetes.Interface

GetClient returns the Kubernetes client (used by subscription secret syncer)

func (*KubernetesSessionManager) GetInitialMessage added in v1.211.0 

func (m *KubernetesSessionManager) GetInitialMessage(ctx context.Context, session *KubernetesSession) string

GetInitialMessage retrieves the initial message from Secret for a given session

func (*KubernetesSessionManager) GetMessages added in v1.201.0 

func (m *KubernetesSessionManager) GetMessages(ctx context.Context, id string) ([]portrepos.Message, error)

GetMessages retrieves conversation history from a session

func (*KubernetesSessionManager) GetNamespace added in v1.148.0 

func (m *KubernetesSessionManager) GetNamespace() string

GetNamespace returns the Kubernetes namespace (used by subscription secret syncer)

func (*KubernetesSessionManager) GetPersonalAPIKeyRepository added in v1.219.0 

func (m *KubernetesSessionManager) GetPersonalAPIKeyRepository() portrepos.PersonalAPIKeyRepository

GetPersonalAPIKeyRepository returns the personal API key repository

func (*KubernetesSessionManager) GetSession added in v1.148.0 

func (m *KubernetesSessionManager) GetSession(id string) entities.Session

GetSession returns a session by ID If the session is not in memory, it attempts to restore from Kubernetes Service

func (*KubernetesSessionManager) ListSessions added in v1.148.0 

func (m *KubernetesSessionManager) ListSessions(filter entities.SessionFilter) []entities.Session

ListSessions returns all sessions matching the filter Sessions are retrieved from Kubernetes Services to survive proxy restarts

func (*KubernetesSessionManager) SendMessage added in v1.194.0 

func (m *KubernetesSessionManager) SendMessage(ctx context.Context, id string, message string) error

SendMessage sends a message to an existing session

func (*KubernetesSessionManager) SetPersonalAPIKeyRepository added in v1.218.0 

func (m *KubernetesSessionManager) SetPersonalAPIKeyRepository(repo portrepos.PersonalAPIKeyRepository)

SetPersonalAPIKeyRepository sets the personal API key repository

func (*KubernetesSessionManager) SetServiceAccountEnsurer added in v1.236.0 

func (m *KubernetesSessionManager) SetServiceAccountEnsurer(ensurer ServiceAccountEnsurer)

SetServiceAccountEnsurer sets the service account ensurer for team-scoped session creation

func (*KubernetesSessionManager) SetSettingsRepository added in v1.148.0 

func (m *KubernetesSessionManager) SetSettingsRepository(repo portrepos.SettingsRepository)

SetSettingsRepository sets the settings repository for Bedrock configuration

func (*KubernetesSessionManager) SetTeamConfigRepository added in v1.217.0 

func (m *KubernetesSessionManager) SetTeamConfigRepository(repo portrepos.TeamConfigRepository)

SetTeamConfigRepository sets the team config repository for service account configuration

func (*KubernetesSessionManager) Shutdown added in v1.148.0 

func (m *KubernetesSessionManager) Shutdown(timeout time.Duration) error

Shutdown gracefully stops all sessions Note: This does NOT delete Kubernetes resources (Deployment, Service, PVC, Secret). Resources are preserved so sessions can be restored when the proxy restarts. Use DeleteSession to explicitly delete a session and its resources.

func (*KubernetesSessionManager) StopAgent added in v1.289.0 

func (m *KubernetesSessionManager) StopAgent(ctx context.Context, id string) error

StopAgent sends a stop_agent action to the running agent in the session via the claude-agentapi POST /action endpoint. This terminates the running agent task without deleting the session.

func (*KubernetesSessionManager) UpdateServiceAnnotation added in v1.190.0 

func (m *KubernetesSessionManager) UpdateServiceAnnotation(ctx context.Context, sessionID, key, value string) error

UpdateServiceAnnotation updates a specific annotation on a session's Service

func (*KubernetesSessionManager) UpdateSlackLastMessageAt added in v1.277.0 

func (m *KubernetesSessionManager) UpdateSlackLastMessageAt(id string, t time.Time) error

sanitizeLabelKey sanitizes a string to be used as a Kubernetes label key UpdateSlackLastMessageAt updates the agentapi.proxy/slack-last-message-at annotation on the session's Kubernetes Service. This is internal metadata used by the Slackbot cleanup worker to determine when the last message was sent to a session. It is NOT exposed via session.Tags() and will not affect session reuse filtering.

type KubernetesSubscriptionSecretSyncer added in v1.148.0 

type KubernetesSubscriptionSecretSyncer struct {
	// contains filtered or unexported fields
}

KubernetesSubscriptionSecretSyncer syncs subscription data to Kubernetes Secrets

func NewKubernetesSubscriptionSecretSyncer added in v1.148.0 

func NewKubernetesSubscriptionSecretSyncer(
	clientset kubernetes.Interface,
	namespace string,
	storage notification.Storage,
	secretPrefix string,
) *KubernetesSubscriptionSecretSyncer

NewKubernetesSubscriptionSecretSyncer creates a new KubernetesSubscriptionSecretSyncer

func (*KubernetesSubscriptionSecretSyncer) GetSecretName added in v1.148.0 

func (s *KubernetesSubscriptionSecretSyncer) GetSecretName(userID string) string

GetSecretName returns the secret name for a given user ID

func (*KubernetesSubscriptionSecretSyncer) Sync added in v1.148.0 

func (s *KubernetesSubscriptionSecretSyncer) Sync(userID string) error

Sync creates or updates the subscription Secret for a user

type LocalEncryptionService added in v1.179.0 

type LocalEncryptionService struct {
	// contains filtered or unexported fields
}

LocalEncryptionService は AES-256-GCM を使用したローカル暗号化サービス

func NewLocalEncryptionService added in v1.179.0 

func NewLocalEncryptionService(keyPath string, keyEnvVar string) (*LocalEncryptionService, error)

NewLocalEncryptionService は LocalEncryptionService を作成する keyPath が指定されていない場合、環境変数から読み込む keyEnvVar が空の場合は "AGENTAPI_ENCRYPTION_KEY" を使用

func (*LocalEncryptionService) Algorithm added in v1.179.0 

func (s *LocalEncryptionService) Algorithm() string

Algorithm は "aes-256-gcm" を返す

func (*LocalEncryptionService) Decrypt added in v1.179.0 

func (s *LocalEncryptionService) Decrypt(ctx context.Context, encrypted *services.EncryptedData) (string, error)

Decrypt は AES-256-GCM で暗号化されたデータを復号する

func (*LocalEncryptionService) Encrypt added in v1.179.0 

func (s *LocalEncryptionService) Encrypt(ctx context.Context, plaintext string) (*services.EncryptedData, error)

Encrypt は平文を AES-256-GCM で暗号化する

func (*LocalEncryptionService) KeyID added in v1.179.0 

func (s *LocalEncryptionService) KeyID() string

KeyID はキーのフィンガープリントを返す

type NoopEncryptionService added in v1.179.0 

type NoopEncryptionService struct{}

NoopEncryptionService は暗号化を行わないダミーの実装 インターフェースが通る状態を作るために使用する

func NewNoopEncryptionService added in v1.179.0 

func NewNoopEncryptionService() *NoopEncryptionService

NewNoopEncryptionService は NoopEncryptionService を作成する

func (*NoopEncryptionService) Algorithm added in v1.179.0 

func (s *NoopEncryptionService) Algorithm() string

Algorithm は "noop" を返す

func (*NoopEncryptionService) Decrypt added in v1.179.0 

func (s *NoopEncryptionService) Decrypt(ctx context.Context, encrypted *services.EncryptedData) (string, error)

Decrypt は暗号化されたデータをそのまま返す(復号しない)

func (*NoopEncryptionService) Encrypt added in v1.179.0 

func (s *NoopEncryptionService) Encrypt(ctx context.Context, plaintext string) (*services.EncryptedData, error)

Encrypt は平文をそのまま返す(暗号化しない)

func (*NoopEncryptionService) KeyID added in v1.179.0 

func (s *NoopEncryptionService) KeyID() string

KeyID は "noop" を返す

type ServiceAccountEnsurer added in v1.236.0 

type ServiceAccountEnsurer interface {
	EnsureServiceAccount(ctx context.Context, teamID string) error
}

KubernetesSessionManager manages sessions using Kubernetes Deployments ServiceAccountEnsurer ensures a service account exists for a team. Implementations must be safe to call concurrently.

type SimpleAuthService 

type SimpleAuthService struct {
	// contains filtered or unexported fields
}

SimpleAuthService implements AuthService with simple in-memory authentication

func NewSimpleAuthService 

func NewSimpleAuthService() *SimpleAuthService

NewSimpleAuthService creates a new SimpleAuthService

func (*SimpleAuthService) AddUser 

func (s *SimpleAuthService) AddUser(user *entities.User)

AddUser adds a user to the service (for testing/demo purposes)

func (*SimpleAuthService) AuthenticateUser 

func (s *SimpleAuthService) AuthenticateUser(ctx context.Context, credentials *services.Credentials) (*entities.User, error)

AuthenticateUser authenticates a user with the given credentials

func (*SimpleAuthService) CreateServiceAccountForTeam added in v1.216.0 

func (s *SimpleAuthService) CreateServiceAccountForTeam(ctx context.Context, teamID string, teamConfigRepo repositories.TeamConfigRepository) (*entities.User, *entities.ServiceAccount, error)

CreateServiceAccountForTeam creates a service account for a team

func (*SimpleAuthService) GenerateAPIKey 

func (s *SimpleAuthService) GenerateAPIKey(ctx context.Context, userID entities.UserID, permissions []entities.Permission) (*services.APIKey, error)

GenerateAPIKey generates a new API key for a user

func (*SimpleAuthService) LoadPersonalAPIKey added in v1.219.0 

func (s *SimpleAuthService) LoadPersonalAPIKey(ctx context.Context, personalAPIKey *entities.PersonalAPIKey) error

LoadPersonalAPIKey loads a personal API key into memory

func (*SimpleAuthService) LoadServiceAccountFromTeamConfig added in v1.216.0 

func (s *SimpleAuthService) LoadServiceAccountFromTeamConfig(ctx context.Context, teamConfig *entities.TeamConfig) error

LoadServiceAccountFromTeamConfig loads a service account from team config into memory

func (*SimpleAuthService) RefreshUserInfo 

func (s *SimpleAuthService) RefreshUserInfo(ctx context.Context, user *entities.User) (*entities.User, error)

RefreshUserInfo refreshes user information from external sources

func (*SimpleAuthService) RevokeAPIKey 

func (s *SimpleAuthService) RevokeAPIKey(ctx context.Context, apiKey string) error

RevokeAPIKey revokes an existing API key

func (*SimpleAuthService) SetGitHubAuthConfig added in v1.71.0 

func (s *SimpleAuthService) SetGitHubAuthConfig(cfg *config.GitHubAuthConfig)

SetGitHubAuthConfig sets the GitHub authentication configuration. If a provider has already been set via SetGitHubProvider, it is preserved. Otherwise a new GitHubAuthProvider is created from the config.

func (*SimpleAuthService) SetGitHubProvider added in v1.287.0 

func (s *SimpleAuthService) SetGitHubProvider(provider *auth.GitHubAuthProvider)

SetGitHubProvider injects a pre-configured GitHubAuthProvider. This allows the caller to supply a provider that already has optional dependencies (e.g. TeamMappingRepository) wired in.

func (*SimpleAuthService) ValidateAPIKey 

func (s *SimpleAuthService) ValidateAPIKey(ctx context.Context, apiKey string) (*entities.User, error)

ValidateAPIKey validates an API key and returns the associated user

func (*SimpleAuthService) ValidatePermission 

func (s *SimpleAuthService) ValidatePermission(ctx context.Context, user *entities.User, permission entities.Permission) error

ValidatePermission checks if a user has a specific permission

type SimpleNotificationService 

type SimpleNotificationService struct {
	// contains filtered or unexported fields
}

SimpleNotificationService implements NotificationService with basic functionality

func NewSimpleNotificationService 

func NewSimpleNotificationService() *SimpleNotificationService

NewSimpleNotificationService creates a new SimpleNotificationService

func (*SimpleNotificationService) SendBulkNotifications 

func (s *SimpleNotificationService) SendBulkNotifications(ctx context.Context, notification *entities.Notification, subscriptions []*entities.Subscription) ([]*services.NotificationResult, error)

SendBulkNotifications sends notifications to multiple subscriptions

func (*SimpleNotificationService) SendNotification 

func (s *SimpleNotificationService) SendNotification(ctx context.Context, notification *entities.Notification, subscription *entities.Subscription) error

SendNotification sends a notification to a specific subscription

func (*SimpleNotificationService) TestNotification 

func (s *SimpleNotificationService) TestNotification(ctx context.Context, subscription *entities.Subscription) error

TestNotification sends a test notification to verify the subscription

func (*SimpleNotificationService) ValidateSubscription 

func (s *SimpleNotificationService) ValidateSubscription(ctx context.Context, subscription *entities.Subscription) error

ValidateSubscription validates a push notification subscription

type SlackChannelResolver added in v1.266.0 

type SlackChannelResolver struct {
	// contains filtered or unexported fields
}

SlackChannelResolver resolves Slack channel IDs to names using the Slack API, with a two-level cache: in-memory (sync.Map) and a Kubernetes ConfigMap for persistence.

func NewSlackChannelResolver added in v1.266.0 

func NewSlackChannelResolver(kubeClient kubernetes.Interface, namespace string) *SlackChannelResolver

NewSlackChannelResolver creates a new SlackChannelResolver

func (*SlackChannelResolver) GetBotToken added in v1.266.0 

func (r *SlackChannelResolver) GetBotToken(ctx context.Context, secretName, secretKey string) (string, error)

GetBotToken retrieves the Slack bot token from a Kubernetes Secret.

func (*SlackChannelResolver) PostMessage added in v1.269.0 

func (r *SlackChannelResolver) PostMessage(ctx context.Context, channel, threadTS, text, botToken string) error

PostMessage posts a message to a Slack channel, optionally in a thread. If threadTS is non-empty, the message is posted as a thread reply. Requires a bot token with chat:write scope.

func (*SlackChannelResolver) ResolveChannelName added in v1.266.0 

func (r *SlackChannelResolver) ResolveChannelName(ctx context.Context, channelID, botToken string) (string, error)

ResolveChannelName resolves a Slack channel ID to its name. Resolution order:

  1. In-memory cache
  2. Kubernetes ConfigMap (persistent)
  3. Slack API conversations.info (requires bot token with channels:read / groups:read scope)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.