ids

package
v1.17.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 29, 2026 License: Apache-2.0 Imports: 1 Imported by: 0

README

ids

Nominal UUID types for all resource identifiers in the identity API.

Purpose

Provides distinct named types over uuid.UUID for every resource category:

Type Identifies
OrganizationID organizations
ProjectID projects
ServiceAccountID service accounts
UserID users
GroupID groups
OAuth2ProviderID OAuth2 providers
AllocationID resource allocations

Each type is a distinct named type — not an alias — so the compiler prevents a ProjectID from being passed where an OrganizationID is expected, and so on across all seven types.

Each type implements encoding.TextUnmarshaler by delegating to uuid.UUID, so the oapi-codegen parameter binder validates UUID format at path-parameter binding time before any handler is reached. Non-UUID path values produce a 400 at the routing layer rather than propagating into business logic.

Conversion

Inward (string → typed ID): Use Parse* for untrusted input (Kubernetes labels, token claims, request body fields). Use MustParse* only where the value is guaranteed valid by a prior validation step (e.g. a path parameter that has already passed the binding layer).

Outward (typed ID → string): Call .String() to produce the canonical hyphenated UUID string for Kubernetes object names, label values, or log messages.

Scope readers

Two interfaces let scope-aware code accept a resource directly instead of bare IDs, performing the "read labels, parse to typed ID" step in one place:

Interface Method(s)
OrganizationScopeReader OrganizationID() (OrganizationID, error)
ProjectScopeReader embeds OrganizationScopeReader plus OrganizationAndProjectID() (OrganizationID, ProjectID, error)

ProjectScopeReader embeds OrganizationScopeReader because a project always belongs to an organization — anything that knows its project also knows its organization. A consumer can therefore accept the narrower OrganizationScopeReader and still be passed a project-scoped resource.

These are implemented by CRDs in other services (e.g. region's Server, Network, SecurityGroup, …), whose accessor methods recover the IDs from the standard organization/project labels. Consumers in this repo include the RBAC *Reader helpers (pkg/rbac), the principal-enrichment helpers (pkg/principal), and the References SDK client (pkg/client).

Three comparison helpers operate over these interfaces. All are referential-integrity (ownership-equality) checks, not RBAC checks: they ask whether resources belong to a given tenancy, not whether a caller may act in it. Routing these through an RBAC scope check would let a caller authorized for several projects relate resources across tenancy boundaries. All return an error only when a resource's scope cannot be read, and a bool otherwise — callers map a false result to their own transport error (the convention is 404, so resource existence is not leaked); this package stays free of transport concerns.

Helper Question
SameProject(a, b ProjectScopeReader) do two resources share an org+project?
OwnedByProject(scope ProjectScopeReader, organizationID, projectID) does a resource live in this org+project?
OwnedByOrganization(scope OrganizationScopeReader, organizationID) does a resource live in this organization?

SameProject guards relationships between two resources (e.g. a server and the SSH certificate authority it references). OwnedByProject / OwnedByOrganization are the typed equivalents of core's AssertProjectOwnership / AssertOrganizationOwnership, for verifying a resource fetched by ID actually belongs to the org/project from the request path.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func OwnedByOrganization added in v1.17.7

func OwnedByOrganization(scope OrganizationScopeReader, organizationID OrganizationID) (bool, error)

OwnedByOrganization reports whether scope is owned by the given organization. It returns an error if the resource's owning scope cannot be determined (e.g. a missing or malformed label).

This is a referential-integrity check — does this resource live in the expected organization — and is the typed equivalent of core's AssertOrganizationOwnership. It is deliberately NOT an RBAC check: RBAC asks whether the caller may act in an organization, whereas this asks whether a specific resource belongs to one. Using an RBAC scope check here would let a caller authorized for several organizations relate resources across tenancy boundaries. Callers map a false result to their own transport error (the convention is 404, so resource existence is not leaked); this package stays free of transport-error concerns.

func OwnedByProject added in v1.17.7

func OwnedByProject(scope ProjectScopeReader, organizationID OrganizationID, projectID ProjectID) (bool, error)

OwnedByProject reports whether scope is owned by the given organization and project. It returns an error if the resource's owning scope cannot be determined. It is the typed equivalent of core's AssertProjectOwnership; see OwnedByOrganization for why this is an ownership-equality check rather than an RBAC check.

func SameProject added in v1.17.7

func SameProject(a, b ProjectScopeReader) (bool, error)

SameProject reports whether a and b are owned by the same organization and project. It returns an error if either resource's owning scope cannot be determined (e.g. missing or malformed labels).

Use this before establishing a relationship between two project-scoped resources — for example, ensuring a server and the SSH certificate authority it references live in the same project. Callers decide how to treat a false result (typically a forbidden/bad-request response); this package stays free of transport-error concerns.

Types

type AllocationID

type AllocationID uuid.UUID

AllocationID is a UUID-backed identifier for resource allocations. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.

func MustParseAllocationID

func MustParseAllocationID(s string) AllocationID

MustParseAllocationID parses s as a UUID into an AllocationID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).

func ParseAllocationID

func ParseAllocationID(s string) (AllocationID, error)

ParseAllocationID parses s as a UUID into an AllocationID, returning an error if s is not a valid UUID.

func (AllocationID) MarshalText

func (v AllocationID) MarshalText() ([]byte, error)

func (AllocationID) String

func (v AllocationID) String() string

func (*AllocationID) UnmarshalText

func (v *AllocationID) UnmarshalText(b []byte) error

type GroupID

type GroupID uuid.UUID

GroupID is a UUID-backed identifier for groups. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.

func MustParseGroupID

func MustParseGroupID(s string) GroupID

MustParseGroupID parses s as a UUID into a GroupID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).

func ParseGroupID

func ParseGroupID(s string) (GroupID, error)

ParseGroupID parses s as a UUID into a GroupID, returning an error if s is not a valid UUID.

func (GroupID) MarshalText

func (v GroupID) MarshalText() ([]byte, error)

func (GroupID) String

func (v GroupID) String() string

func (*GroupID) UnmarshalText

func (v *GroupID) UnmarshalText(b []byte) error

type OAuth2ProviderID

type OAuth2ProviderID uuid.UUID

OAuth2ProviderID is a UUID-backed identifier for OAuth2 providers. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.

func MustParseOAuth2ProviderID

func MustParseOAuth2ProviderID(s string) OAuth2ProviderID

MustParseOAuth2ProviderID parses s as a UUID into an OAuth2ProviderID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).

func ParseOAuth2ProviderID

func ParseOAuth2ProviderID(s string) (OAuth2ProviderID, error)

ParseOAuth2ProviderID parses s as a UUID into an OAuth2ProviderID, returning an error if s is not a valid UUID.

func (OAuth2ProviderID) MarshalText

func (v OAuth2ProviderID) MarshalText() ([]byte, error)

func (OAuth2ProviderID) String

func (v OAuth2ProviderID) String() string

func (*OAuth2ProviderID) UnmarshalText

func (v *OAuth2ProviderID) UnmarshalText(b []byte) error

type OrganizationID

type OrganizationID uuid.UUID

OrganizationID is a UUID-backed identifier for organizations. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.

func MustParseOrganizationID

func MustParseOrganizationID(s string) OrganizationID

MustParseOrganizationID parses s as a UUID into an OrganizationID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).

func ParseOrganizationID

func ParseOrganizationID(s string) (OrganizationID, error)

ParseOrganizationID parses s as a UUID into an OrganizationID, returning an error if s is not a valid UUID.

func (OrganizationID) MarshalText

func (v OrganizationID) MarshalText() ([]byte, error)

func (OrganizationID) String

func (v OrganizationID) String() string

func (*OrganizationID) UnmarshalText

func (v *OrganizationID) UnmarshalText(b []byte) error

type OrganizationScopeReader added in v1.17.7

type OrganizationScopeReader interface {
	OrganizationID() (OrganizationID, error)
}

OrganizationScopeReader is implemented by resources that can report the typed organization ID that owns them, recovered from their Kubernetes labels. It lets scope-aware code (RBAC checks, principal enrichment, reference management) accept a resource directly and perform the label-read-and-parse step in one place.

type ProjectID

type ProjectID uuid.UUID

ProjectID is a UUID-backed identifier for projects. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.

func MustParseProjectID

func MustParseProjectID(s string) ProjectID

MustParseProjectID parses s as a UUID into a ProjectID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).

func ParseProjectID

func ParseProjectID(s string) (ProjectID, error)

ParseProjectID parses s as a UUID into a ProjectID, returning an error if s is not a valid UUID.

func (ProjectID) MarshalText

func (v ProjectID) MarshalText() ([]byte, error)

func (ProjectID) String

func (v ProjectID) String() string

func (*ProjectID) UnmarshalText

func (v *ProjectID) UnmarshalText(b []byte) error

type ProjectScopeReader added in v1.17.7

type ProjectScopeReader interface {
	OrganizationScopeReader
	OrganizationAndProjectID() (OrganizationID, ProjectID, error)
}

ProjectScopeReader is implemented by resources that can report the typed organization and project IDs that own them. It embeds OrganizationScopeReader because every project-scoped resource necessarily belongs to an organization, so anything that knows its project also knows its organization.

type ServiceAccountID

type ServiceAccountID uuid.UUID

ServiceAccountID is a UUID-backed identifier for service accounts. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.

func MustParseServiceAccountID

func MustParseServiceAccountID(s string) ServiceAccountID

MustParseServiceAccountID parses s as a UUID into a ServiceAccountID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).

func ParseServiceAccountID

func ParseServiceAccountID(s string) (ServiceAccountID, error)

ParseServiceAccountID parses s as a UUID into a ServiceAccountID, returning an error if s is not a valid UUID.

func (ServiceAccountID) MarshalText

func (v ServiceAccountID) MarshalText() ([]byte, error)

func (ServiceAccountID) String

func (v ServiceAccountID) String() string

func (*ServiceAccountID) UnmarshalText

func (v *ServiceAccountID) UnmarshalText(b []byte) error

type UserID

type UserID uuid.UUID

UserID is a UUID-backed identifier for users. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.

func MustParseUserID

func MustParseUserID(s string) UserID

MustParseUserID parses s as a UUID into a UserID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).

func ParseUserID

func ParseUserID(s string) (UserID, error)

ParseUserID parses s as a UUID into a UserID, returning an error if s is not a valid UUID.

func (UserID) MarshalText

func (v UserID) MarshalText() ([]byte, error)

func (UserID) String

func (v UserID) String() string

func (*UserID) UnmarshalText

func (v *UserID) UnmarshalText(b []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL