Documentation
¶
Index ¶
- type ActionResponse
- type ActionsListResponse
- type AnalyticsResponse
- type AnalyticsSummary
- type AuditLogEntry
- type AuditLogResponse
- type BatchEvaluateRequest
- type BatchEvaluateResponse
- type BatchEvaluationResult
- type CreateActionRequest
- type CreateNamespaceRequest
- type CreatePolicyRequest
- type CreateResourceRequest
- type ErrorResponse
- type EvaluateRequest
- type EvaluateResponse
- type GetMigrationStatusRequest
- type GetMigrationStatusResponse
- type InstantiateTemplateRequest
- type MessageResponse
- type MigrateAllRequest
- type MigrateAllResponse
- type MigrateRBACRequest
- type MigrateRolesRequest
- type MigrateRolesResponse
- type MigrationErrorResponse
- type MigrationHandler
- type MigrationResponse
- type MigrationStatusResponse
- type NamespaceResponse
- type NamespacesListResponse
- type PoliciesListResponse
- type PolicyPreviewResponse
- type PolicyResponse
- type PolicyStats
- type PolicyTestCase
- type PolicyTestResult
- type PreviewConversionRequest
- type PreviewConversionResponse
- type ResourceAttributeInput
- type ResourceAttributeRequest
- type ResourceResponse
- type ResourceTypeStats
- type ResourcesListResponse
- type StatusResponse
- type TemplateResponse
- type TemplatesListResponse
- type TestCase
- type TestCaseResult
- type TestPolicyRequest
- type TestPolicyResponse
- type UpdateNamespaceRequest
- type UpdatePolicyRequest
- type ValidatePolicyRequest
- type ValidatePolicyResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ActionResponse ¶
type ActionResponse struct {
ID string `json:"id"`
NamespaceID string `json:"namespaceId"`
Name string `json:"name"`
Description string `json:"description"`
CreatedAt time.Time `json:"createdAt"`
}
ActionResponse represents a single action definition response.
func ToActionResponse ¶
func ToActionResponse(a *core.ActionDefinition) *ActionResponse
ToActionResponse converts a core.ActionDefinition to an ActionResponse.
type ActionsListResponse ¶
type ActionsListResponse struct {
Actions []*ActionResponse `json:"actions"`
TotalCount int `json:"totalCount"`
}
ActionsListResponse represents a list of action definitions.
type AnalyticsResponse ¶
type AnalyticsResponse struct {
Summary AnalyticsSummary `json:"summary"`
TimeRange struct {
Start time.Time `json:"start"`
End time.Time `json:"end"`
} `json:"timeRange"`
GeneratedAt time.Time `json:"generatedAt"`
}
AnalyticsResponse represents analytics data response.
type AnalyticsSummary ¶
type AnalyticsSummary struct {
TotalPolicies int `json:"totalPolicies"`
ActivePolicies int `json:"activePolicies"`
TotalEvaluations int64 `json:"totalEvaluations"`
AllowedCount int64 `json:"allowedCount"`
DeniedCount int64 `json:"deniedCount"`
AvgLatencyMs float64 `json:"avgLatencyMs"`
CacheHitRate float64 `json:"cacheHitRate"`
TopPolicies []PolicyStats `json:"topPolicies,omitempty"`
TopResourceTypes []ResourceTypeStats `json:"topResourceTypes,omitempty"`
}
AnalyticsSummary represents summary analytics data.
type AuditLogEntry ¶
type AuditLogEntry struct {
ID string `json:"id"`
AppID string `json:"appId"`
EnvironmentID string `json:"environmentId"`
UserOrganizationID *string `json:"userOrganizationId,omitempty"`
ActorID string `json:"actorId"`
Action string `json:"action"`
ResourceType string `json:"resourceType"`
ResourceID string `json:"resourceId"`
OldValue map[string]any `json:"oldValue,omitempty"`
NewValue map[string]any `json:"newValue,omitempty"`
IPAddress string `json:"ipAddress"`
UserAgent string `json:"userAgent"`
Timestamp time.Time `json:"timestamp"`
}
AuditLogEntry represents a single audit log entry.
func ToAuditLogEntry ¶
func ToAuditLogEntry(e *core.AuditEvent) *AuditLogEntry
ToAuditLogEntry converts a core.AuditEvent to an AuditLogEntry.
type AuditLogResponse ¶
type AuditLogResponse struct {
Entries []*AuditLogEntry `json:"entries"`
TotalCount int `json:"totalCount"`
Page int `json:"page"`
PageSize int `json:"pageSize"`
}
AuditLogResponse represents a list of audit log entries.
type BatchEvaluateRequest ¶
type BatchEvaluateRequest struct {
Requests []EvaluateRequest `json:"requests" validate:"required,min=1,max=100"`
}
BatchEvaluateRequest represents a batch evaluation request.
type BatchEvaluateResponse ¶
type BatchEvaluateResponse struct {
Results []*BatchEvaluationResult `json:"results"`
TotalEvaluations int `json:"totalEvaluations"`
TotalTimeMs float64 `json:"totalTimeMs"`
SuccessCount int `json:"successCount"`
FailureCount int `json:"failureCount"`
}
BatchEvaluateResponse represents the result of a batch evaluation.
type BatchEvaluationResult ¶
type BatchEvaluationResult struct {
Index int `json:"index"`
ResourceType string `json:"resourceType"`
ResourceID string `json:"resourceId,omitempty"`
Action string `json:"action"`
Allowed bool `json:"allowed"`
Policies []string `json:"policies,omitempty"`
Error string `json:"error,omitempty"`
EvaluationTimeMs float64 `json:"evaluationTimeMs"`
}
BatchEvaluationResult represents a single evaluation in a batch.
type CreateActionRequest ¶
type CreateActionRequest struct {
NamespaceID string `json:"namespaceId" validate:"required"`
Name string `json:"name" validate:"required,min=3,max=50"`
Description string `json:"description" validate:"max=500"`
}
CreateActionRequest represents a request to create an action definition.
type CreateNamespaceRequest ¶
type CreateNamespaceRequest struct {
Name string `json:"name" validate:"required,min=3,max=100"`
Description string `json:"description" validate:"max=500"`
TemplateID string `json:"templateId,omitempty"`
InheritPlatform bool `json:"inheritPlatform"`
}
CreateNamespaceRequest represents a request to create a namespace.
type CreatePolicyRequest ¶
type CreatePolicyRequest struct {
NamespaceID string `json:"namespaceId" validate:"required"`
Name string `json:"name" validate:"required,min=3,max=100"`
Description string `json:"description" validate:"max=500"`
Expression string `json:"expression" validate:"required"`
ResourceType string `json:"resourceType" validate:"required"`
Actions []string `json:"actions" validate:"required,min=1"`
Priority int `json:"priority" validate:"min=0,max=1000"`
Enabled bool `json:"enabled"`
}
CreatePolicyRequest represents a request to create a new policy.
type CreateResourceRequest ¶
type CreateResourceRequest struct {
NamespaceID string `json:"namespaceId" validate:"required"`
Type string `json:"type" validate:"required,min=3,max=50"`
Description string `json:"description" validate:"max=500"`
Attributes []ResourceAttributeRequest `json:"attributes" validate:"required,min=1"`
}
CreateResourceRequest represents a request to create a resource definition.
type ErrorResponse ¶
type ErrorResponse = responses.ErrorResponse
Use shared response types from core.
type EvaluateRequest ¶
type EvaluateRequest struct {
Principal map[string]any `json:"principal" validate:"required"`
Resource map[string]any `json:"resource" validate:"required"`
Request map[string]any `json:"request,omitempty"`
Action string `json:"action" validate:"required"`
ResourceType string `json:"resourceType" validate:"required"`
ResourceID string `json:"resourceId,omitempty"`
Context map[string]any `json:"context,omitempty"`
}
EvaluateRequest represents a request to evaluate a permission.
type EvaluateResponse ¶
type EvaluateResponse struct {
Allowed bool `json:"allowed"`
MatchedPolicies []string `json:"matchedPolicies,omitempty"`
EvaluatedPolicies int `json:"evaluatedPolicies"`
EvaluationTimeMs float64 `json:"evaluationTimeMs"`
CacheHit bool `json:"cacheHit"`
Error string `json:"error,omitempty"`
Reason string `json:"reason,omitempty"`
}
EvaluateResponse represents the result of a permission evaluation.
type GetMigrationStatusRequest ¶ added in v0.0.3
type GetMigrationStatusRequest struct {
}
GetMigrationStatusRequest is the request to get migration status.
type GetMigrationStatusResponse ¶ added in v0.0.3
type GetMigrationStatusResponse struct {
HasMigratedPolicies bool `json:"hasMigratedPolicies"`
MigratedCount int `json:"migratedCount"`
LastMigrationAt string `json:"lastMigrationAt,omitempty"`
PendingRBACPolicies int `json:"pendingRbacPolicies"`
}
GetMigrationStatusResponse is the response with migration status.
type InstantiateTemplateRequest ¶
type InstantiateTemplateRequest struct {
NamespaceID string `json:"namespaceId" validate:"required"`
Name string `json:"name" validate:"required,min=3,max=100"`
Description string `json:"description" validate:"max=500"`
Parameters map[string]any `json:"parameters" validate:"required"`
ResourceType string `json:"resourceType" validate:"required"`
Actions []string `json:"actions" validate:"required,min=1"`
Priority int `json:"priority" validate:"min=0,max=1000"`
Enabled bool `json:"enabled"`
}
InstantiateTemplateRequest represents a request to instantiate a template.
type MessageResponse ¶
type MessageResponse = responses.MessageResponse
Use shared response types from core.
type MigrateAllRequest ¶ added in v0.0.3
type MigrateAllRequest struct {
DryRun bool `json:"dryRun"`
PreserveOriginal bool `json:"preserveOriginal"`
}
MigrateAllRequest is the request to migrate all RBAC policies.
type MigrateAllResponse ¶ added in v0.0.3
type MigrateAllResponse struct {
TotalPolicies int `json:"totalPolicies"`
MigratedPolicies int `json:"migratedPolicies"`
SkippedPolicies int `json:"skippedPolicies"`
FailedPolicies int `json:"failedPolicies"`
Errors []MigrationErrorResponse `json:"errors,omitempty"`
ConvertedPolicies []PolicyPreviewResponse `json:"convertedPolicies,omitempty"`
StartedAt string `json:"startedAt"`
CompletedAt string `json:"completedAt"`
DryRun bool `json:"dryRun"`
}
MigrateAllResponse is the response from migrating all RBAC policies.
type MigrateRBACRequest ¶
type MigrateRBACRequest struct {
NamespaceID string `json:"namespaceId" validate:"required"`
ValidateEquivalence bool `json:"validateEquivalence"`
KeepRBACPolicies bool `json:"keepRbacPolicies"`
DryRun bool `json:"dryRun"`
}
MigrateRBACRequest represents a request to migrate from RBAC to permissions.
type MigrateRolesRequest ¶ added in v0.0.3
type MigrateRolesRequest struct {
DryRun bool `json:"dryRun"`
}
MigrateRolesRequest is the request to migrate role-based permissions.
type MigrateRolesResponse ¶ added in v0.0.3
type MigrateRolesResponse = MigrateAllResponse
MigrateRolesResponse is the response from migrating roles.
type MigrationErrorResponse ¶ added in v0.0.3
type MigrationErrorResponse struct {
PolicyIndex int `json:"policyIndex"`
Subject string `json:"subject"`
Resource string `json:"resource"`
Error string `json:"error"`
}
MigrationErrorResponse represents a migration error in API response.
type MigrationHandler ¶ added in v0.0.3
type MigrationHandler struct {
// contains filtered or unexported fields
}
MigrationHandler handles RBAC migration API endpoints.
func NewMigrationHandler ¶ added in v0.0.3
func NewMigrationHandler(migrationService *migration.RBACMigrationService) *MigrationHandler
NewMigrationHandler creates a new migration handler.
func (*MigrationHandler) MigrateAll ¶ added in v0.0.3
func (h *MigrationHandler) MigrateAll(c forge.Context) error
MigrateAll migrates all RBAC policies to the permissions system.
func (*MigrationHandler) MigrateRoles ¶ added in v0.0.3
func (h *MigrationHandler) MigrateRoles(c forge.Context) error
MigrateRoles migrates role-based permissions to policies.
func (*MigrationHandler) PreviewConversion ¶ added in v0.0.3
func (h *MigrationHandler) PreviewConversion(c forge.Context) error
PreviewConversion previews the conversion of an RBAC policy.
type MigrationResponse ¶
type MigrationResponse struct {
MigrationID string `json:"migrationId"`
Status string `json:"status"`
Message string `json:"message"`
StartedAt time.Time `json:"startedAt"`
}
MigrationResponse represents the result of starting a migration.
type MigrationStatusResponse ¶
type MigrationStatusResponse struct {
AppID string `json:"appId"`
EnvironmentID string `json:"environmentId"`
UserOrganizationID *string `json:"userOrganizationId,omitempty"`
Status string `json:"status"`
StartedAt time.Time `json:"startedAt"`
CompletedAt *time.Time `json:"completedAt,omitempty"`
TotalPolicies int `json:"totalPolicies"`
MigratedCount int `json:"migratedCount"`
FailedCount int `json:"failedCount"`
ValidationPassed bool `json:"validationPassed"`
Errors []string `json:"errors,omitempty"`
Progress float64 `json:"progress"`
}
MigrationStatusResponse represents the status of a migration.
type NamespaceResponse ¶
type NamespaceResponse struct {
ID string `json:"id"`
AppID string `json:"appId"`
EnvironmentID string `json:"environmentId"`
UserOrganizationID *string `json:"userOrganizationId,omitempty"`
Name string `json:"name"`
Description string `json:"description"`
TemplateID *string `json:"templateId,omitempty"`
InheritPlatform bool `json:"inheritPlatform"`
ResourceCount int `json:"resourceCount"`
ActionCount int `json:"actionCount"`
PolicyCount int `json:"policyCount"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
}
NamespaceResponse represents a single namespace response.
func ToNamespaceResponse ¶
func ToNamespaceResponse(n *core.Namespace) *NamespaceResponse
ToNamespaceResponse converts a core.Namespace to a NamespaceResponse.
type NamespacesListResponse ¶
type NamespacesListResponse struct {
Namespaces []*NamespaceResponse `json:"namespaces"`
TotalCount int `json:"totalCount"`
}
NamespacesListResponse represents a list of namespaces.
type PoliciesListResponse ¶
type PoliciesListResponse struct {
Policies []*PolicyResponse `json:"policies"`
TotalCount int `json:"totalCount"`
Page int `json:"page"`
PageSize int `json:"pageSize"`
}
PoliciesListResponse represents a list of policies.
type PolicyPreviewResponse ¶ added in v0.0.3
type PolicyPreviewResponse struct {
Name string `json:"name"`
Expression string `json:"expression"`
Resource string `json:"resourceType"`
Actions []string `json:"actions"`
Description string `json:"description"`
}
PolicyPreviewResponse represents a preview of a converted policy.
type PolicyResponse ¶
type PolicyResponse struct {
ID string `json:"id"`
AppID string `json:"appId"`
EnvironmentID string `json:"environmentId"`
UserOrganizationID *string `json:"userOrganizationId,omitempty"`
NamespaceID string `json:"namespaceId"`
Name string `json:"name"`
Description string `json:"description"`
Expression string `json:"expression"`
ResourceType string `json:"resourceType"`
Actions []string `json:"actions"`
Priority int `json:"priority"`
Enabled bool `json:"enabled"`
Version int `json:"version"`
CreatedBy string `json:"createdBy"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
}
PolicyResponse represents a single policy response.
func ToPolicyResponse ¶
func ToPolicyResponse(p *core.Policy) *PolicyResponse
ToPolicyResponse converts a core.Policy to a PolicyResponse.
type PolicyStats ¶
type PolicyStats struct {
PolicyID string `json:"policyId"`
PolicyName string `json:"policyName"`
EvaluationCount int64 `json:"evaluationCount"`
AllowCount int64 `json:"allowCount"`
DenyCount int64 `json:"denyCount"`
AvgLatencyMs float64 `json:"avgLatencyMs"`
}
PolicyStats represents statistics for a single policy.
type PolicyTestCase ¶
type PolicyTestCase = TestCase
PolicyTestCase is an alias for TestCase for backwards compatibility.
type PolicyTestResult ¶
type PolicyTestResult = TestCaseResult
PolicyTestResult is an alias for TestCaseResult for backwards compatibility.
type PreviewConversionRequest ¶ added in v0.0.3
type PreviewConversionRequest struct {
Subject string `json:"subject" validate:"required"`
Actions []string `json:"actions" validate:"required,min=1"`
Resource string `json:"resource" validate:"required"`
Condition string `json:"condition,omitempty"`
}
PreviewConversionRequest is the request to preview an RBAC policy conversion.
type PreviewConversionResponse ¶ added in v0.0.3
type PreviewConversionResponse struct {
Success bool `json:"success"`
CELExpression string `json:"celExpression,omitempty"`
ResourceType string `json:"resourceType,omitempty"`
ResourceID string `json:"resourceId,omitempty"`
PolicyName string `json:"policyName,omitempty"`
Error string `json:"error,omitempty"`
}
PreviewConversionResponse is the response from previewing a conversion.
type ResourceAttributeInput ¶
type ResourceAttributeInput = ResourceAttributeRequest
ResourceAttributeInput is an alias for ResourceAttributeRequest for backwards compatibility.
type ResourceAttributeRequest ¶ added in v0.0.3
type ResourceAttributeRequest struct {
Name string `json:"name" validate:"required,min=1,max=50"`
Type string `json:"type" validate:"required,oneof=string int bool array object"`
Required bool `json:"required"`
Default any `json:"default,omitempty"`
Description string `json:"description,omitempty" validate:"max=200"`
}
ResourceAttributeRequest represents an attribute in a create/update request.
type ResourceResponse ¶
type ResourceResponse struct {
ID string `json:"id"`
NamespaceID string `json:"namespaceId"`
Type string `json:"type"`
Description string `json:"description"`
Attributes []core.ResourceAttribute `json:"attributes"`
CreatedAt time.Time `json:"createdAt"`
}
ResourceResponse represents a single resource definition response.
func ToResourceResponse ¶
func ToResourceResponse(r *core.ResourceDefinition) *ResourceResponse
ToResourceResponse converts a core.ResourceDefinition to a ResourceResponse.
type ResourceTypeStats ¶
type ResourceTypeStats struct {
ResourceType string `json:"resourceType"`
EvaluationCount int64 `json:"evaluationCount"`
AllowRate float64 `json:"allowRate"`
AvgLatencyMs float64 `json:"avgLatencyMs"`
}
ResourceTypeStats represents statistics for a resource type.
type ResourcesListResponse ¶
type ResourcesListResponse struct {
Resources []*ResourceResponse `json:"resources"`
TotalCount int `json:"totalCount"`
}
ResourcesListResponse represents a list of resource definitions.
type StatusResponse ¶
type StatusResponse = responses.StatusResponse
Use shared response types from core.
type TemplateResponse ¶
type TemplateResponse struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Category string `json:"category"`
Expression string `json:"expression"`
Parameters []core.TemplateParameter `json:"parameters"`
Examples []string `json:"examples"`
}
TemplateResponse represents a single policy template.
type TemplatesListResponse ¶
type TemplatesListResponse struct {
Templates []*TemplateResponse `json:"templates"`
TotalCount int `json:"totalCount"`
Categories []string `json:"categories"`
}
TemplatesListResponse represents a list of policy templates.
type TestCase ¶ added in v0.0.3
type TestCase struct {
Name string `json:"name" validate:"required"`
Principal map[string]any `json:"principal" validate:"required"`
Resource map[string]any `json:"resource" validate:"required"`
Request map[string]any `json:"request,omitempty"`
Action string `json:"action" validate:"required"`
Expected bool `json:"expected"`
}
TestCase represents a single test case for policy testing.
type TestCaseResult ¶ added in v0.0.3
type TestCaseResult struct {
Name string `json:"name"`
Passed bool `json:"passed"`
Actual bool `json:"actual"`
Expected bool `json:"expected"`
Error string `json:"error,omitempty"`
EvaluationTimeMs float64 `json:"evaluationTimeMs"`
}
TestCaseResult represents the result of a single test case.
type TestPolicyRequest ¶
type TestPolicyRequest struct {
Expression string `json:"expression" validate:"required"`
ResourceType string `json:"resourceType" validate:"required"`
Actions []string `json:"actions" validate:"required,min=1"`
TestCases []TestCase `json:"testCases" validate:"required,min=1"`
}
TestPolicyRequest represents a request to test a policy with sample data.
type TestPolicyResponse ¶
type TestPolicyResponse struct {
Passed bool `json:"passed"`
Results []TestCaseResult `json:"results"`
Total int `json:"total"`
PassCnt int `json:"passedCount"`
FailCnt int `json:"failedCount"`
Error string `json:"error,omitempty"`
}
TestPolicyResponse represents the result of policy testing.
type UpdateNamespaceRequest ¶
type UpdateNamespaceRequest struct {
Name string `json:"name,omitempty" validate:"omitempty,min=3,max=100"`
Description string `json:"description,omitempty" validate:"omitempty,max=500"`
InheritPlatform *bool `json:"inheritPlatform,omitempty"`
}
UpdateNamespaceRequest represents a request to update a namespace.
type UpdatePolicyRequest ¶
type UpdatePolicyRequest struct {
Name string `json:"name,omitempty" validate:"omitempty,min=3,max=100"`
Description string `json:"description,omitempty" validate:"omitempty,max=500"`
Expression string `json:"expression,omitempty"`
ResourceType string `json:"resourceType,omitempty"`
Actions []string `json:"actions,omitempty"`
Priority int `json:"priority,omitempty" validate:"omitempty,min=0,max=1000"`
Enabled *bool `json:"enabled,omitempty"`
}
UpdatePolicyRequest represents a request to update an existing policy.
type ValidatePolicyRequest ¶
type ValidatePolicyRequest struct {
Expression string `json:"expression" validate:"required"`
ResourceType string `json:"resourceType" validate:"required"`
}
ValidatePolicyRequest represents a request to validate a policy expression.
type ValidatePolicyResponse ¶
type ValidatePolicyResponse struct {
Valid bool `json:"valid"`
Error string `json:"error,omitempty"`
Errors []string `json:"errors,omitempty"`
Warnings []string `json:"warnings,omitempty"`
Complexity int `json:"complexity,omitempty"`
Message string `json:"message,omitempty"`
}
ValidatePolicyResponse represents the result of policy validation.
Source Files
Click to show internal directories.
Click to hide internal directories.