admin

package
v1.48.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2026 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Overview

Package admin provides REST API endpoints for administrative operations.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RequireAdmin 

func RequireAdmin(auth Authenticator) func(http.Handler) http.Handler

RequireAdmin creates middleware that enforces admin authentication.

func RequirePersona added in v0.17.0 

func RequirePersona(auth Authenticator) func(http.Handler) http.Handler

RequirePersona creates middleware that enforces authentication via an Authenticator (which already includes persona validation).

Types

type APIKeyAuthenticator 

type APIKeyAuthenticator struct {
	Keys map[string]User // key -> user info
}

APIKeyAuthenticator validates admin access via API keys.

func (*APIKeyAuthenticator) Authenticate 

func (a *APIKeyAuthenticator) Authenticate(r *http.Request) (*User, error)

Authenticate checks the X-API-Key or Authorization header.

type APIKeyManager added in v0.17.0 

type APIKeyManager interface {
	ListKeys() []auth.APIKeySummary
	GenerateKey(name string, roles []string) (string, error)
	RemoveByName(name string) bool
}

APIKeyManager manages API keys at runtime.

type AuditMetricsQuerier added in v0.17.1 

type AuditMetricsQuerier interface {
	Timeseries(ctx context.Context, filter audit.TimeseriesFilter) ([]audit.TimeseriesBucket, error)
	Breakdown(ctx context.Context, filter audit.BreakdownFilter) ([]audit.BreakdownEntry, error)
	Overview(ctx context.Context, filter audit.MetricsFilter) (*audit.Overview, error)
	Performance(ctx context.Context, filter audit.MetricsFilter) (*audit.PerformanceStats, error)
	Enrichment(ctx context.Context, startTime, endTime *time.Time) (*audit.EnrichmentStats, error)
	Discovery(ctx context.Context, startTime, endTime *time.Time) (*audit.DiscoveryStats, error)
}

AuditMetricsQuerier provides aggregate audit metrics.

type AuditQuerier added in v0.17.0 

type AuditQuerier interface {
	Query(ctx context.Context, filter audit.QueryFilter) ([]audit.Event, error)
	Count(ctx context.Context, filter audit.QueryFilter) (int, error)
	Distinct(ctx context.Context, column string, startTime, endTime *time.Time) ([]string, error)
	DistinctPairs(ctx context.Context, col1, col2 string, startTime, endTime *time.Time) (map[string]string, error)
}

AuditQuerier queries audit events.

type Authenticator 

type Authenticator interface {
	Authenticate(r *http.Request) (*User, error)
}

Authenticator validates admin credentials.

type ConfigStore added in v0.17.0 

type ConfigStore interface {
	Get(ctx context.Context, key string) (*configstore.Entry, error)
	Set(ctx context.Context, key, value, author string) error
	Delete(ctx context.Context, key, author string) error
	List(ctx context.Context) ([]configstore.Entry, error)
	Changelog(ctx context.Context, limit int) ([]configstore.ChangelogEntry, error)
	Mode() string
}

ConfigStore abstracts configstore.Store for testability.

type ConnectionStore added in v1.48.0 

type ConnectionStore interface {
	List(ctx context.Context) ([]platform.ConnectionInstance, error)
	Get(ctx context.Context, kind, name string) (*platform.ConnectionInstance, error)
	Set(ctx context.Context, inst platform.ConnectionInstance) error
	Delete(ctx context.Context, kind, name string) error
}

ConnectionStore abstracts platform.ConnectionStore for testability.

type Deps added in v0.17.0 

type Deps struct {
	Config              *platform.Config
	ConfigStore         ConfigStore
	FileDefaults        map[string]string
	PersonaRegistry     PersonaRegistry
	ToolkitRegistry     ToolkitRegistry
	MCPServer           *mcp.Server
	AuditQuerier        AuditQuerier
	AuditMetricsQuerier AuditMetricsQuerier
	Knowledge           *KnowledgeHandler
	APIKeyManager       APIKeyManager
	BrowserAuth         *browsersession.Authenticator
	DatabaseAvailable   bool
	PlatformTools       []platform.ToolInfo
	AssetStore          portal.AssetStore
	ShareStore          portal.ShareStore
	VersionStore        portal.VersionStore
	S3Client            portal.S3Client
	S3Bucket            string
	ConnectionStore     ConnectionStore
	ConnectionSources   *platform.ConnectionSourceMap
}

Deps holds dependencies for the admin handler.

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler provides admin REST API endpoints.

func NewHandler 

func NewHandler(deps Deps, authMiddle func(http.Handler) http.Handler) *Handler

NewHandler creates a new admin API handler.

func (*Handler) ServeHTTP 

func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP implements http.Handler.

type KnowledgeHandler 

type KnowledgeHandler struct {
	// contains filtered or unexported fields
}

KnowledgeHandler provides admin REST endpoints for knowledge management.

func NewKnowledgeHandler 

func NewKnowledgeHandler(
	insightStore knowledge.InsightStore,
	changesetStore knowledge.ChangesetStore,
	writer knowledge.DataHubWriter,
) *KnowledgeHandler

NewKnowledgeHandler creates a new knowledge admin handler.

func (*KnowledgeHandler) GetChangeset 

func (h *KnowledgeHandler) GetChangeset(w http.ResponseWriter, r *http.Request)

GetChangeset handles GET /api/v1/admin/knowledge/changesets/{id}.

@Summary Get changeset @Description Returns a single changeset by ID. @Tags Knowledge @Produce json @Param id path string true "Changeset ID" @Success 200 {object} knowledge.Changeset @Failure 404 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/changesets/{id} [get]

func (*KnowledgeHandler) GetInsight 

func (h *KnowledgeHandler) GetInsight(w http.ResponseWriter, r *http.Request)

GetInsight handles GET /api/v1/admin/knowledge/insights/{id}.

@Summary Get insight @Description Returns a single insight by ID. @Tags Knowledge @Produce json @Param id path string true "Insight ID" @Success 200 {object} knowledge.Insight @Failure 404 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/insights/{id} [get]

func (*KnowledgeHandler) GetStats 

func (h *KnowledgeHandler) GetStats(w http.ResponseWriter, r *http.Request)

GetStats handles GET /api/v1/admin/knowledge/insights/stats.

@Summary Get insight stats @Description Returns aggregated insight statistics by entity, category, confidence, and status. @Tags Knowledge @Produce json @Param status query string false "Filter by status" @Param category query string false "Filter by category" @Param entity_urn query string false "Filter by entity URN" @Param captured_by query string false "Filter by capturer" @Param confidence query string false "Filter by confidence level" @Param since query string false "Insights after this time (RFC 3339)" @Param until query string false "Insights before this time (RFC 3339)" @Success 200 {object} knowledge.InsightStats @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/insights/stats [get]

func (*KnowledgeHandler) ListChangesets 

func (h *KnowledgeHandler) ListChangesets(w http.ResponseWriter, r *http.Request)

ListChangesets handles GET /api/v1/admin/knowledge/changesets.

@Summary List changesets @Description Returns paginated changesets with optional filtering. @Tags Knowledge @Produce json @Param entity_urn query string false "Filter by entity URN" @Param applied_by query string false "Filter by applier" @Param rolled_back query boolean false "Filter by rollback state" @Param since query string false "Changesets after this time (RFC 3339)" @Param until query string false "Changesets before this time (RFC 3339)" @Param page query integer false "Page number, 1-based (default: 1)" @Param per_page query integer false "Results per page (default: 20)" @Success 200 {object} changesetListResponse @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/changesets [get]

func (*KnowledgeHandler) ListInsights 

func (h *KnowledgeHandler) ListInsights(w http.ResponseWriter, r *http.Request)

ListInsights handles GET /api/v1/admin/knowledge/insights.

@Summary List insights @Description Returns paginated insights with optional filtering. @Tags Knowledge @Produce json @Param status query string false "Filter by status" @Param category query string false "Filter by category" @Param entity_urn query string false "Filter by entity URN" @Param captured_by query string false "Filter by capturer" @Param confidence query string false "Filter by confidence level" @Param since query string false "Insights after this time (RFC 3339)" @Param until query string false "Insights before this time (RFC 3339)" @Param page query integer false "Page number, 1-based (default: 1)" @Param per_page query integer false "Results per page (default: 20)" @Success 200 {object} insightListResponse @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/insights [get]

func (*KnowledgeHandler) RollbackChangeset 

func (h *KnowledgeHandler) RollbackChangeset(w http.ResponseWriter, r *http.Request)

RollbackChangeset handles POST /api/v1/admin/knowledge/changesets/{id}/rollback.

@Summary Rollback changeset @Description Rolls back a changeset, restoring previous values to DataHub. @Tags Knowledge @Produce json @Param id path string true "Changeset ID" @Success 200 {object} statusResponse @Failure 404 {object} problemDetail @Failure 409 {object} problemDetail @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/changesets/{id}/rollback [post]

func (*KnowledgeHandler) UpdateInsight 

func (h *KnowledgeHandler) UpdateInsight(w http.ResponseWriter, r *http.Request)

UpdateInsight handles PUT /api/v1/admin/knowledge/insights/{id}.

@Summary Update insight @Description Update insight text, category, or confidence. Cannot edit an applied insight. @Tags Knowledge @Accept json @Produce json @Param id path string true "Insight ID" @Param body body insightUpdateRequest true "Fields to update" @Success 200 {object} statusResponse @Failure 400 {object} problemDetail @Failure 404 {object} problemDetail @Failure 409 {object} problemDetail @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/insights/{id} [put]

func (*KnowledgeHandler) UpdateInsightStatus 

func (h *KnowledgeHandler) UpdateInsightStatus(w http.ResponseWriter, r *http.Request)

UpdateInsightStatus handles PUT /api/v1/admin/knowledge/insights/{id}/status.

@Summary Update insight status @Description Approve or reject an insight. Status must be 'approved' or 'rejected'. @Tags Knowledge @Accept json @Produce json @Param id path string true "Insight ID" @Param body body statusUpdateRequest true "Status update" @Success 200 {object} statusResponse @Failure 400 {object} problemDetail @Failure 404 {object} problemDetail @Failure 409 {object} problemDetail @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/insights/{id}/status [put]

type PersonaRegistry added in v0.17.0 

type PersonaRegistry interface {
	All() []*persona.Persona
	Get(name string) (*persona.Persona, bool)
	Register(p *persona.Persona) error
	Unregister(name string) error
	DefaultName() string
}

PersonaRegistry abstracts persona.Registry for testability.

type PlatformAuthOption added in v0.32.0 

type PlatformAuthOption func(*PlatformAuthenticator)

PlatformAuthOption configures the PlatformAuthenticator.

func WithBrowserSessionAuth added in v0.32.0 

func WithBrowserSessionAuth(ba *browsersession.Authenticator) PlatformAuthOption

WithBrowserSessionAuth adds cookie-based authentication.

type PlatformAuthenticator added in v0.17.0 

type PlatformAuthenticator struct {
	// contains filtered or unexported fields
}

PlatformAuthenticator wraps the platform's middleware.Authenticator chain for HTTP admin requests, validating that the resolved persona matches the configured admin persona.

func NewPlatformAuthenticator added in v0.17.0 

func NewPlatformAuthenticator(
	auth middleware.Authenticator,
	adminPersona string,
	registry *persona.Registry,
	opts ...PlatformAuthOption,
) *PlatformAuthenticator

NewPlatformAuthenticator creates a PlatformAuthenticator that bridges the platform's MCP auth chain to HTTP admin requests.

func (*PlatformAuthenticator) Authenticate added in v0.17.0 

func (pa *PlatformAuthenticator) Authenticate(r *http.Request) (*User, error)

Authenticate extracts credentials from the HTTP request, delegates to the platform authenticator, then checks that the resolved persona matches the admin persona. It checks browser session cookies first, then falls back to token-based authentication.

type ToolkitRegistry added in v0.17.0 

type ToolkitRegistry interface {
	All() []registry.Toolkit
	AllTools() []string
	GetToolkitForTool(toolName string) registry.ToolkitMatch
}

ToolkitRegistry abstracts registry.Registry for testability.

type User 

type User struct {
	UserID string
	Email  string
	Roles  []string
}

User holds information about the authenticated admin user.

func GetUser 

func GetUser(ctx context.Context) *User

GetUser returns the User from context, or nil if not set.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.