Documentation
¶
Index ¶
- func OwnedByOrganization(scope OrganizationScopeReader, organizationID OrganizationID) (bool, error)
- func OwnedByProject(scope ProjectScopeReader, organizationID OrganizationID, projectID ProjectID) (bool, error)
- func SameProject(a, b ProjectScopeReader) (bool, error)
- type AllocationID
- type GroupID
- type OAuth2ProviderID
- type OrganizationID
- type OrganizationScopeReader
- type ProjectID
- type ProjectScopeReader
- type ServiceAccountID
- type UserID
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func OwnedByOrganization ¶ added in v1.17.7
func OwnedByOrganization(scope OrganizationScopeReader, organizationID OrganizationID) (bool, error)
OwnedByOrganization reports whether scope is owned by the given organization. It returns an error if the resource's owning scope cannot be determined (e.g. a missing or malformed label).
This is a referential-integrity check — does this resource live in the expected organization — and is the typed equivalent of core's AssertOrganizationOwnership. It is deliberately NOT an RBAC check: RBAC asks whether the caller may act in an organization, whereas this asks whether a specific resource belongs to one. Using an RBAC scope check here would let a caller authorized for several organizations relate resources across tenancy boundaries. Callers map a false result to their own transport error (the convention is 404, so resource existence is not leaked); this package stays free of transport-error concerns.
func OwnedByProject ¶ added in v1.17.7
func OwnedByProject(scope ProjectScopeReader, organizationID OrganizationID, projectID ProjectID) (bool, error)
OwnedByProject reports whether scope is owned by the given organization and project. It returns an error if the resource's owning scope cannot be determined. It is the typed equivalent of core's AssertProjectOwnership; see OwnedByOrganization for why this is an ownership-equality check rather than an RBAC check.
func SameProject ¶ added in v1.17.7
func SameProject(a, b ProjectScopeReader) (bool, error)
SameProject reports whether a and b are owned by the same organization and project. It returns an error if either resource's owning scope cannot be determined (e.g. missing or malformed labels).
Use this before establishing a relationship between two project-scoped resources — for example, ensuring a server and the SSH certificate authority it references live in the same project. Callers decide how to treat a false result (typically a forbidden/bad-request response); this package stays free of transport-error concerns.
Types ¶
type AllocationID ¶
AllocationID is a UUID-backed identifier for resource allocations. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.
func MustParseAllocationID ¶
func MustParseAllocationID(s string) AllocationID
MustParseAllocationID parses s as a UUID into an AllocationID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).
func ParseAllocationID ¶
func ParseAllocationID(s string) (AllocationID, error)
ParseAllocationID parses s as a UUID into an AllocationID, returning an error if s is not a valid UUID.
func (AllocationID) MarshalText ¶
func (v AllocationID) MarshalText() ([]byte, error)
func (AllocationID) String ¶
func (v AllocationID) String() string
func (*AllocationID) UnmarshalText ¶
func (v *AllocationID) UnmarshalText(b []byte) error
type GroupID ¶
GroupID is a UUID-backed identifier for groups. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.
func MustParseGroupID ¶
MustParseGroupID parses s as a UUID into a GroupID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).
func ParseGroupID ¶
ParseGroupID parses s as a UUID into a GroupID, returning an error if s is not a valid UUID.
func (GroupID) MarshalText ¶
func (*GroupID) UnmarshalText ¶
type OAuth2ProviderID ¶
OAuth2ProviderID is a UUID-backed identifier for OAuth2 providers. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.
func MustParseOAuth2ProviderID ¶
func MustParseOAuth2ProviderID(s string) OAuth2ProviderID
MustParseOAuth2ProviderID parses s as a UUID into an OAuth2ProviderID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).
func ParseOAuth2ProviderID ¶
func ParseOAuth2ProviderID(s string) (OAuth2ProviderID, error)
ParseOAuth2ProviderID parses s as a UUID into an OAuth2ProviderID, returning an error if s is not a valid UUID.
func (OAuth2ProviderID) MarshalText ¶
func (v OAuth2ProviderID) MarshalText() ([]byte, error)
func (OAuth2ProviderID) String ¶
func (v OAuth2ProviderID) String() string
func (*OAuth2ProviderID) UnmarshalText ¶
func (v *OAuth2ProviderID) UnmarshalText(b []byte) error
type OrganizationID ¶
OrganizationID is a UUID-backed identifier for organizations. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.
func MustParseOrganizationID ¶
func MustParseOrganizationID(s string) OrganizationID
MustParseOrganizationID parses s as a UUID into an OrganizationID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).
func ParseOrganizationID ¶
func ParseOrganizationID(s string) (OrganizationID, error)
ParseOrganizationID parses s as a UUID into an OrganizationID, returning an error if s is not a valid UUID.
func (OrganizationID) MarshalText ¶
func (v OrganizationID) MarshalText() ([]byte, error)
func (OrganizationID) String ¶
func (v OrganizationID) String() string
func (*OrganizationID) UnmarshalText ¶
func (v *OrganizationID) UnmarshalText(b []byte) error
type OrganizationScopeReader ¶ added in v1.17.7
type OrganizationScopeReader interface {
OrganizationID() (OrganizationID, error)
}
OrganizationScopeReader is implemented by resources that can report the typed organization ID that owns them, recovered from their Kubernetes labels. It lets scope-aware code (RBAC checks, principal enrichment, reference management) accept a resource directly and perform the label-read-and-parse step in one place.
type ProjectID ¶
ProjectID is a UUID-backed identifier for projects. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.
func MustParseProjectID ¶
MustParseProjectID parses s as a UUID into a ProjectID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).
func ParseProjectID ¶
ParseProjectID parses s as a UUID into a ProjectID, returning an error if s is not a valid UUID.
func (ProjectID) MarshalText ¶
func (*ProjectID) UnmarshalText ¶
type ProjectScopeReader ¶ added in v1.17.7
type ProjectScopeReader interface {
OrganizationScopeReader
OrganizationAndProjectID() (OrganizationID, ProjectID, error)
}
ProjectScopeReader is implemented by resources that can report the typed organization and project IDs that own them. It embeds OrganizationScopeReader because every project-scoped resource necessarily belongs to an organization, so anything that knows its project also knows its organization.
type ServiceAccountID ¶
ServiceAccountID is a UUID-backed identifier for service accounts. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.
func MustParseServiceAccountID ¶
func MustParseServiceAccountID(s string) ServiceAccountID
MustParseServiceAccountID parses s as a UUID into a ServiceAccountID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).
func ParseServiceAccountID ¶
func ParseServiceAccountID(s string) (ServiceAccountID, error)
ParseServiceAccountID parses s as a UUID into a ServiceAccountID, returning an error if s is not a valid UUID.
func (ServiceAccountID) MarshalText ¶
func (v ServiceAccountID) MarshalText() ([]byte, error)
func (ServiceAccountID) String ¶
func (v ServiceAccountID) String() string
func (*ServiceAccountID) UnmarshalText ¶
func (v *ServiceAccountID) UnmarshalText(b []byte) error
type UserID ¶
UserID is a UUID-backed identifier for users. It is a distinct named type so the compiler prevents accidental interchange with any other ID type. UnmarshalText delegates to uuid.UUID, so the oapi-codegen runtime rejects non-UUID path parameter values before any handler is reached.
func MustParseUserID ¶
MustParseUserID parses s as a UUID into a UserID. Panics if s is not a valid UUID; use only where s is guaranteed valid (e.g. previously validated API path parameters).
func ParseUserID ¶
ParseUserID parses s as a UUID into a UserID, returning an error if s is not a valid UUID.