storage

package
v0.0.14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 4, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AttributeProvider 

type AttributeProvider interface {
	// GetUserAttributes fetches user attributes (roles, department, metadata)
	GetUserAttributes(ctx context.Context, userID xid.ID) (map[string]interface{}, error)

	// GetResourceAttributes fetches resource attributes (owner, tags, metadata)
	GetResourceAttributes(ctx context.Context, resourceType string, resourceID xid.ID) (map[string]interface{}, error)

	// GetRequestAttributes fetches request context (IP, time, geo)
	GetRequestAttributes(ctx context.Context) (map[string]interface{}, error)
}

AttributeProvider fetches attributes for ABAC evaluation Updated for V2 architecture: App → Environment → Organization

type AuditFilters 

type AuditFilters struct {
	ActorID      *xid.ID
	Action       *string
	ResourceType *string
	StartTime    *time.Time
	EndTime      *time.Time
	Limit        int
	Offset       int
}

AuditFilters defines filtering options for audit queries

type Cache 

type Cache interface {
	// Get retrieves a compiled policy from cache
	Get(ctx context.Context, key string) (*engine.CompiledPolicy, error)

	// Set stores a compiled policy in cache
	Set(ctx context.Context, key string, policy *engine.CompiledPolicy, ttl time.Duration) error

	// Delete removes a policy from cache
	Delete(ctx context.Context, key string) error

	// DeleteByApp removes all policies for an app
	DeleteByApp(ctx context.Context, appID xid.ID) error

	// DeleteByEnvironment removes all policies for an environment
	DeleteByEnvironment(ctx context.Context, appID, envID xid.ID) error

	// DeleteByOrganization removes all policies for a user-created organization
	DeleteByOrganization(ctx context.Context, appID, envID, userOrgID xid.ID) error

	// GetMulti retrieves multiple policies
	GetMulti(ctx context.Context, keys []string) (map[string]*engine.CompiledPolicy, error)

	// SetMulti stores multiple policies
	SetMulti(ctx context.Context, policies map[string]*engine.CompiledPolicy, ttl time.Duration) error

	// Stats returns cache statistics
	Stats() CacheStats
}

Cache defines the caching interface for compiled policies V2 Architecture: App → Environment → Organization

func NewHybridCache added in v0.0.3 

func NewHybridCache(redisClient *redis.Client, config interface{}) Cache

NewHybridCache creates a new hybrid cache

func NewMemoryCache 

func NewMemoryCache(config interface{}) Cache

NewMemoryCache creates a new memory cache

func NewRedisCache 

func NewRedisCache(client *redis.Client, config interface{}) Cache

NewRedisCache creates a new Redis cache

type CacheConfig added in v0.0.3 

type CacheConfig struct {
	MaxSize    int           `json:"maxSize" yaml:"maxSize"`
	DefaultTTL time.Duration `json:"defaultTtl" yaml:"defaultTtl"`
	Backend    string        `json:"backend" yaml:"backend"` // memory, redis, hybrid
}

CacheConfig holds cache configuration

type CacheStats 

type CacheStats struct {
	Hits        int64
	Misses      int64
	Evictions   int64
	Size        int64
	HitRate     float64
	LastUpdated time.Time
}

CacheStats provides cache performance metrics

type EvaluationStats added in v0.0.3 

type EvaluationStats struct {
	TotalEvaluations int64
	AllowedCount     int64
	DeniedCount      int64
	AvgLatencyMs     float64
	CacheHits        int64
	CacheMisses      int64
}

EvaluationStats represents aggregated evaluation statistics

type HybridCache added in v0.0.3 

type HybridCache struct {
	// contains filtered or unexported fields
}

HybridCache combines memory and Redis caching

func (*HybridCache) Delete added in v0.0.3 

func (c *HybridCache) Delete(ctx context.Context, key string) error

Delete removes from both caches

func (*HybridCache) DeleteByApp added in v0.0.3 

func (c *HybridCache) DeleteByApp(ctx context.Context, appID xid.ID) error

DeleteByApp removes from both caches

func (*HybridCache) DeleteByEnvironment added in v0.0.3 

func (c *HybridCache) DeleteByEnvironment(ctx context.Context, appID, envID xid.ID) error

DeleteByEnvironment removes from both caches

func (*HybridCache) DeleteByOrganization added in v0.0.3 

func (c *HybridCache) DeleteByOrganization(ctx context.Context, appID, envID, userOrgID xid.ID) error

DeleteByOrganization removes from both caches

func (*HybridCache) Get added in v0.0.3 

func (c *HybridCache) Get(ctx context.Context, key string) (*engine.CompiledPolicy, error)

Get retrieves from memory first, then Redis

func (*HybridCache) GetMulti added in v0.0.3 

func (c *HybridCache) GetMulti(ctx context.Context, keys []string) (map[string]*engine.CompiledPolicy, error)

GetMulti retrieves from memory first, then Redis

func (*HybridCache) Set added in v0.0.3 

func (c *HybridCache) Set(ctx context.Context, key string, policy *engine.CompiledPolicy, ttl time.Duration) error

Set stores in both memory and Redis

func (*HybridCache) SetMulti added in v0.0.3 

func (c *HybridCache) SetMulti(ctx context.Context, policies map[string]*engine.CompiledPolicy, ttl time.Duration) error

SetMulti stores in both caches

func (*HybridCache) Stats added in v0.0.3 

func (c *HybridCache) Stats() CacheStats

Stats returns combined cache statistics

type MemoryCache 

type MemoryCache struct {
	// contains filtered or unexported fields
}

MemoryCache is an in-memory LRU cache implementation V2 Architecture: App → Environment → Organization

func (*MemoryCache) Delete 

func (c *MemoryCache) Delete(ctx context.Context, key string) error

Delete removes a policy from cache

func (*MemoryCache) DeleteByApp 

func (c *MemoryCache) DeleteByApp(ctx context.Context, appID xid.ID) error

DeleteByApp removes all policies for an app

func (*MemoryCache) DeleteByEnvironment added in v0.0.3 

func (c *MemoryCache) DeleteByEnvironment(ctx context.Context, appID, envID xid.ID) error

DeleteByEnvironment removes all policies for an environment

func (*MemoryCache) DeleteByOrganization 

func (c *MemoryCache) DeleteByOrganization(ctx context.Context, appID, envID, userOrgID xid.ID) error

DeleteByOrganization removes all policies for an organization

func (*MemoryCache) Get 

func (c *MemoryCache) Get(ctx context.Context, key string) (*engine.CompiledPolicy, error)

Get retrieves a compiled policy from cache

func (*MemoryCache) GetMulti 

func (c *MemoryCache) GetMulti(ctx context.Context, keys []string) (map[string]*engine.CompiledPolicy, error)

GetMulti retrieves multiple policies

func (*MemoryCache) Set 

func (c *MemoryCache) Set(ctx context.Context, key string, policy *engine.CompiledPolicy, ttl time.Duration) error

Set stores a compiled policy in cache

func (*MemoryCache) SetMulti 

func (c *MemoryCache) SetMulti(ctx context.Context, policies map[string]*engine.CompiledPolicy, ttl time.Duration) error

SetMulti stores multiple policies

func (*MemoryCache) Stats 

func (c *MemoryCache) Stats() CacheStats

Stats returns cache statistics

type PolicyFilters 

type PolicyFilters struct {
	ResourceType *string
	Actions      []string
	Enabled      *bool
	NamespaceID  *xid.ID
	Limit        int
	Offset       int
}

PolicyFilters defines filtering options for policy queries

type RedisCache 

type RedisCache struct {
	// contains filtered or unexported fields
}

RedisCache is a Redis-backed cache implementation V2 Architecture: App → Environment → Organization

func (*RedisCache) Delete 

func (c *RedisCache) Delete(ctx context.Context, key string) error

Delete removes a policy from Redis

func (*RedisCache) DeleteByApp 

func (c *RedisCache) DeleteByApp(ctx context.Context, appID xid.ID) error

DeleteByApp removes all policies for an app using pattern matching

func (*RedisCache) DeleteByEnvironment added in v0.0.3 

func (c *RedisCache) DeleteByEnvironment(ctx context.Context, appID, envID xid.ID) error

DeleteByEnvironment removes all policies for an environment

func (*RedisCache) DeleteByOrganization 

func (c *RedisCache) DeleteByOrganization(ctx context.Context, appID, envID, userOrgID xid.ID) error

DeleteByOrganization removes all policies for an organization

func (*RedisCache) Get 

func (c *RedisCache) Get(ctx context.Context, key string) (*engine.CompiledPolicy, error)

Get retrieves a compiled policy from Redis Note: This returns nil because CEL programs cannot be serialized Use Redis cache for metadata caching only

func (*RedisCache) GetMulti 

func (c *RedisCache) GetMulti(ctx context.Context, keys []string) (map[string]*engine.CompiledPolicy, error)

GetMulti retrieves multiple policies from Redis

func (*RedisCache) Set 

func (c *RedisCache) Set(ctx context.Context, key string, policy *engine.CompiledPolicy, ttl time.Duration) error

Set stores policy metadata in Redis

func (*RedisCache) SetMulti 

func (c *RedisCache) SetMulti(ctx context.Context, policies map[string]*engine.CompiledPolicy, ttl time.Duration) error

SetMulti stores multiple policies in Redis

func (*RedisCache) Stats 

func (c *RedisCache) Stats() CacheStats

Stats returns cache statistics

type Repository 

type Repository interface {
	// Policy operations
	CreatePolicy(ctx context.Context, policy *core.Policy) error
	GetPolicy(ctx context.Context, id xid.ID) (*core.Policy, error)
	ListPolicies(ctx context.Context, appID, envID xid.ID, userOrgID *xid.ID, filters PolicyFilters) ([]*core.Policy, error)
	UpdatePolicy(ctx context.Context, policy *core.Policy) error
	DeletePolicy(ctx context.Context, id xid.ID) error
	GetPoliciesByResourceType(ctx context.Context, appID, envID xid.ID, userOrgID *xid.ID, resourceType string) ([]*core.Policy, error)
	GetActivePolicies(ctx context.Context, appID, envID xid.ID, userOrgID *xid.ID) ([]*core.Policy, error)

	// Namespace operations
	CreateNamespace(ctx context.Context, ns *core.Namespace) error
	GetNamespace(ctx context.Context, id xid.ID) (*core.Namespace, error)
	GetNamespaceByScope(ctx context.Context, appID, envID xid.ID, userOrgID *xid.ID) (*core.Namespace, error)
	ListNamespaces(ctx context.Context, appID, envID xid.ID, userOrgID *xid.ID) ([]*core.Namespace, error)
	UpdateNamespace(ctx context.Context, ns *core.Namespace) error
	DeleteNamespace(ctx context.Context, id xid.ID) error

	// Resource definition operations
	CreateResourceDefinition(ctx context.Context, res *core.ResourceDefinition) error
	GetResourceDefinition(ctx context.Context, id xid.ID) (*core.ResourceDefinition, error)
	ListResourceDefinitions(ctx context.Context, namespaceID xid.ID) ([]*core.ResourceDefinition, error)
	DeleteResourceDefinition(ctx context.Context, id xid.ID) error

	// Action definition operations
	CreateActionDefinition(ctx context.Context, action *core.ActionDefinition) error
	GetActionDefinition(ctx context.Context, id xid.ID) (*core.ActionDefinition, error)
	ListActionDefinitions(ctx context.Context, namespaceID xid.ID) ([]*core.ActionDefinition, error)
	DeleteActionDefinition(ctx context.Context, id xid.ID) error

	// Audit operations
	CreateAuditEvent(ctx context.Context, event *core.AuditEvent) error
	ListAuditEvents(ctx context.Context, appID, envID xid.ID, userOrgID *xid.ID, filters AuditFilters) ([]*core.AuditEvent, error)

	// Analytics operations
	GetEvaluationStats(ctx context.Context, appID, envID xid.ID, userOrgID *xid.ID, timeRange map[string]interface{}) (*EvaluationStats, error)
}

Repository defines the data access interface for permissions V2 Architecture: App → Environment → Organization

func NewRepository 

func NewRepository(db *bun.DB) Repository

NewRepository creates a new Bun repository

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.