migration

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 8, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ConversionPreview 

type ConversionPreview struct {
	Original      *RBACPolicy `json:"original"`
	Success       bool        `json:"success"`
	CELExpression string      `json:"celExpression,omitempty"`
	ResourceType  string      `json:"resourceType,omitempty"`
	ResourceID    string      `json:"resourceId,omitempty"`
	PolicyName    string      `json:"policyName,omitempty"`
	Error         string      `json:"error,omitempty"`
}

ConversionPreview represents a preview of policy conversion

type Logger 

type Logger interface {
	Info(msg string, fields ...interface{})
	Warn(msg string, fields ...interface{})
	Error(msg string, fields ...interface{})
}

Logger interface for migration logging

type MigrationConfig 

type MigrationConfig struct {
	// BatchSize for processing policies
	BatchSize int

	// DryRun mode - log but don't persist
	DryRun bool

	// PreserveOriginal keeps RBAC policies after migration
	PreserveOriginal bool

	// DefaultNamespace for migrated policies
	DefaultNamespace string

	// DefaultPriority for migrated policies
	DefaultPriority int
}

MigrationConfig configures the migration service

func DefaultMigrationConfig 

func DefaultMigrationConfig() MigrationConfig

DefaultMigrationConfig returns default configuration

type MigrationError 

type MigrationError struct {
	PolicyIndex int    `json:"policyIndex"`
	Subject     string `json:"subject"`
	Resource    string `json:"resource"`
	Error       string `json:"error"`
}

MigrationError represents an error during migration

type MigrationPolicyRepoAdapter 

type MigrationPolicyRepoAdapter struct {
	// contains filtered or unexported fields
}

MigrationPolicyRepoAdapter adapts the permissions storage.Repository to migration.PolicyRepository

type MigrationResult 

type MigrationResult struct {
	TotalPolicies     int              `json:"totalPolicies"`
	MigratedPolicies  int              `json:"migratedPolicies"`
	SkippedPolicies   int              `json:"skippedPolicies"`
	FailedPolicies    int              `json:"failedPolicies"`
	Errors            []MigrationError `json:"errors,omitempty"`
	ConvertedPolicies []*core.Policy   `json:"convertedPolicies,omitempty"`
	StartedAt         time.Time        `json:"startedAt"`
	CompletedAt       time.Time        `json:"completedAt"`
	DryRun            bool             `json:"dryRun"`
}

MigrationResult represents the result of a migration operation

type NoOpLogger 

type NoOpLogger struct{}

NoOpLogger is a logger that does nothing (for testing)

func (*NoOpLogger) Error 

func (l *NoOpLogger) Error(msg string, fields ...interface{})

func (*NoOpLogger) Info 

func (l *NoOpLogger) Info(msg string, fields ...interface{})

func (*NoOpLogger) Warn 

func (l *NoOpLogger) Warn(msg string, fields ...interface{})

type PolicyRepository 

type PolicyRepository interface {
	CreatePolicy(ctx context.Context, policy *core.Policy) error
	GetPoliciesByResourceType(ctx context.Context, appID, envID xid.ID, userOrgID *xid.ID, resourceType string) ([]*core.Policy, error)
}

PolicyRepository interface for storing migrated policies

type RBACAdapterConfig 

type RBACAdapterConfig struct {
	RBACService    *rbac.Service
	RoleRepo       rbac.RoleRepository
	PermissionRepo rbac.PermissionRepository
	RolePermRepo   rbac.RolePermissionRepository
	PolicyRepo     rbac.PolicyRepository
}

RBACAdapterConfig configures the RBAC adapter

type RBACMigrationService 

type RBACMigrationService struct {
	// contains filtered or unexported fields
}

RBACMigrationService handles migration from the legacy RBAC system to the new CEL-based permissions system

func NewRBACMigrationService 

func NewRBACMigrationService(
	policyRepo PolicyRepository,
	rbacService RBACService,
	logger Logger,
	config MigrationConfig,
) *RBACMigrationService

NewRBACMigrationService creates a new RBAC migration service

func (*RBACMigrationService) ConvertPolicy 

func (s *RBACMigrationService) ConvertPolicy(
	ctx context.Context,
	rbacPolicy *RBACPolicy,
	appID, envID xid.ID,
	userOrgID *xid.ID,
	createdBy xid.ID,
) (*core.Policy, error)

ConvertPolicy converts a single RBAC policy to a CEL policy

func (*RBACMigrationService) MigrateAll 

func (s *RBACMigrationService) MigrateAll(ctx context.Context, appID, envID xid.ID, userOrgID *xid.ID, createdBy xid.ID) (*MigrationResult, error)

MigrateAll migrates all RBAC policies to the permissions system

func (*RBACMigrationService) MigrateRoles 

func (s *RBACMigrationService) MigrateRoles(ctx context.Context, appID, envID xid.ID, createdBy xid.ID) (*MigrationResult, error)

MigrateRoles migrates role-based permissions to policies

func (*RBACMigrationService) PreviewConversion 

func (s *RBACMigrationService) PreviewConversion(ctx context.Context, rbacPolicy *RBACPolicy) (*ConversionPreview, error)

PreviewConversion previews the conversion of an RBAC policy without storing

type RBACPolicy 

type RBACPolicy struct {
	Subject   string   `json:"subject"`   // e.g., "user", "role:admin"
	Actions   []string `json:"actions"`   // e.g., ["read", "write"]
	Resource  string   `json:"resource"`  // e.g., "project:*", "document:123"
	Condition string   `json:"condition"` // e.g., "owner = true"
}

RBACPolicy represents a legacy RBAC policy

type RBACService 

type RBACService interface {
	// GetAllPolicies returns all RBAC policies
	GetAllPolicies(ctx context.Context) ([]*RBACPolicy, error)

	// GetRoles returns all roles
	GetRoles(ctx context.Context, appID xid.ID) ([]*schema.Role, error)

	// GetRolePermissions returns permissions for a role
	GetRolePermissions(ctx context.Context, roleID xid.ID) ([]*schema.Permission, error)
}

RBACService interface for reading existing RBAC data

type RBACServiceAdapter 

type RBACServiceAdapter struct {
	// contains filtered or unexported fields
}

RBACServiceAdapter adapts the core rbac.Service to the migration.RBACService interface

func NewRBACServiceAdapter 

func NewRBACServiceAdapter(cfg RBACAdapterConfig) *RBACServiceAdapter

NewRBACServiceAdapter creates a new RBAC service adapter

func (*RBACServiceAdapter) AddPolicy 

func (a *RBACServiceAdapter) AddPolicy(policy *RBACPolicy)

AddPolicy adds a policy to the in-memory list (for testing or manual policies)

func (*RBACServiceAdapter) ClearPolicies 

func (a *RBACServiceAdapter) ClearPolicies()

ClearPolicies clears the in-memory policy list

func (*RBACServiceAdapter) GetAllAppPermissions 

func (a *RBACServiceAdapter) GetAllAppPermissions(ctx context.Context, appID xid.ID) ([]*schema.Permission, error)

GetAllAppPermissions returns all permissions for an app

func (*RBACServiceAdapter) GetAllPolicies 

func (a *RBACServiceAdapter) GetAllPolicies(ctx context.Context) ([]*RBACPolicy, error)

GetAllPolicies returns all RBAC policies

func (*RBACServiceAdapter) GetOrgRoles 

func (a *RBACServiceAdapter) GetOrgRoles(ctx context.Context, orgID xid.ID) ([]*schema.Role, error)

GetOrgRoles returns all roles for an organization

func (*RBACServiceAdapter) GetRolePermissions 

func (a *RBACServiceAdapter) GetRolePermissions(ctx context.Context, roleID xid.ID) ([]*schema.Permission, error)

GetRolePermissions returns permissions for a role

func (*RBACServiceAdapter) GetRoles 

func (a *RBACServiceAdapter) GetRoles(ctx context.Context, appID xid.ID) ([]*schema.Role, error)

GetRoles returns all roles for an app

type UserRoleAdapter 

type UserRoleAdapter struct {
	// contains filtered or unexported fields
}

UserRoleAdapter provides user role operations for attribute resolution

func NewUserRoleAdapter 

func NewUserRoleAdapter(
	userRoleRepo rbac.UserRoleRepository,
	roleRepo rbac.RoleRepository,
	rolePermRepo rbac.RolePermissionRepository,
) *UserRoleAdapter

NewUserRoleAdapter creates a new user role adapter

func (*UserRoleAdapter) GetUserPermissions 

func (a *UserRoleAdapter) GetUserPermissions(ctx context.Context, userID, orgID xid.ID) ([]string, error)

GetUserPermissions returns permission names for a user based on their roles

func (*UserRoleAdapter) GetUserRoles 

func (a *UserRoleAdapter) GetUserRoles(ctx context.Context, userID, orgID xid.ID) ([]string, error)

GetUserRoles returns role names for a user in an organization

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.