acl

package
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2026 License: CC0-1.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ClientInfo 

type ClientInfo struct {
	ClientID     string
	CertPEM      string
	Fingerprint  string
	RegisteredAt time.Time
}

ClientInfo describes a registered client.

type GrantInfo 

type GrantInfo struct {
	ClientID      string
	MethodPattern string
	GrantedAt     time.Time
	GrantedBy     string
}

GrantInfo describes a method-access grant for a client.

type RequestInfo 

type RequestInfo struct {
	ID          int64
	ClientID    string
	Methods     []string
	RequestedAt time.Time
	Status      string
}

RequestInfo describes a pending (or resolved) access request.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store provides SQLite-backed storage for per-method ACL grants, client registrations, and pending access requests.

func OpenStore 

func OpenStore(dbPath string) (_ *Store, _err error)

OpenStore opens (or creates) a SQLite database at dbPath and ensures the required tables exist.

func (*Store) ApproveRequest 

func (s *Store) ApproveRequest(
	requestID int64,
	approvedBy string,
) error

ApproveRequest marks the request as 'approved' and creates grants for each method in the request. Both operations run in a single transaction.

func (*Store) Close 

func (s *Store) Close() error

Close closes the underlying database connection.

func (*Store) CreateRequest 

func (s *Store) CreateRequest(
	clientID string,
	methods []string,
) (int64, error)

CreateRequest stores a new pending access request. The methods slice is serialized as a JSON array. Returns the request row ID.

func (*Store) DenyRequest 

func (s *Store) DenyRequest(requestID int64) error

DenyRequest marks the request as 'denied' without creating any grants.

func (*Store) Grant 

func (s *Store) Grant(
	clientID string,
	methodPattern string,
	grantedBy string,
) error

Grant inserts an access grant for the given client and method pattern. If the exact (clientID, methodPattern) pair already exists, the call is silently ignored (INSERT OR IGNORE).

func (*Store) IsMethodAllowed 

func (s *Store) IsMethodAllowed(
	clientID string,
	fullMethod string,
) (bool, error)

IsMethodAllowed checks whether any grant for the given client matches the full gRPC method name. Matching rules:

  • Exact match: pattern equals fullMethod
  • Service wildcard: "/service.Name/*" matches any method in that service
  • Global wildcard: "/*" matches everything

Uses path.Match for glob matching.

func (*Store) ListClients 

func (s *Store) ListClients() ([]ClientInfo, error)

ListClients returns all registered clients.

func (*Store) ListGrants 

func (s *Store) ListGrants(clientID string) ([]GrantInfo, error)

ListGrants returns grants for the given client. If clientID is empty, all grants are returned.

func (*Store) ListPendingRequests 

func (s *Store) ListPendingRequests() ([]RequestInfo, error)

ListPendingRequests returns all requests with status='pending'.

func (*Store) RegisterClient 

func (s *Store) RegisterClient(
	clientID string,
	certPEM string,
	fingerprint string,
) error

RegisterClient inserts a new client record.

func (*Store) Revoke 

func (s *Store) Revoke(
	clientID string,
	methodPattern string,
) error

Revoke removes the grant for the given client and method pattern.

func (*Store) RevokeClient 

func (s *Store) RevokeClient(clientID string) error

RevokeClient deletes the client record and all associated grants. Both operations run in a single transaction.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.