organizations

package
v0.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const DisplayNameAnnotation = "console.holos.run/display-name"

DisplayNameAnnotation is the annotation key for an organization's display name.

Variables

This section is empty.

Functions

func CheckOrgAdminAccess 

func CheckOrgAdminAccess(email string, roles []string, shareUsers, shareRoles map[string]string) error

CheckOrgAdminAccess verifies the user has admin permission on the organization.

func CheckOrgDeleteAccess 

func CheckOrgDeleteAccess(email string, roles []string, shareUsers, shareRoles map[string]string) error

CheckOrgDeleteAccess verifies the user has delete permission on the organization.

func CheckOrgListAccess 

func CheckOrgListAccess(email string, roles []string, shareUsers, shareRoles map[string]string) error

CheckOrgListAccess verifies the user has list permission on the organization.

func CheckOrgReadAccess 

func CheckOrgReadAccess(email string, roles []string, shareUsers, shareRoles map[string]string) error

CheckOrgReadAccess verifies the user has read permission on the organization.

func CheckOrgWriteAccess 

func CheckOrgWriteAccess(email string, roles []string, shareUsers, shareRoles map[string]string) error

CheckOrgWriteAccess verifies the user has write permission on the organization.

func GetDescription 

func GetDescription(ns *corev1.Namespace) string

GetDescription returns the description annotation value from a namespace.

func GetDisplayName 

func GetDisplayName(ns *corev1.Namespace) string

GetDisplayName returns the display-name annotation value from a namespace.

func GetShareRoles added in v0.16.0 

func GetShareRoles(ns *corev1.Namespace) ([]secrets.AnnotationGrant, error)

GetShareRoles parses the share-roles annotation from a namespace. Returns nil if the annotation is absent.

func GetShareUsers 

func GetShareUsers(ns *corev1.Namespace) ([]secrets.AnnotationGrant, error)

GetShareUsers parses the share-users annotation from a namespace.

Types

type Handler 

type Handler struct {
	consolev1connect.UnimplementedOrganizationServiceHandler
	// contains filtered or unexported fields
}

Handler implements the OrganizationService.

func NewHandler 

func NewHandler(k8s *K8sClient, projectLister ProjectLister, disableCreation bool, creatorUsers, creatorRoles []string) *Handler

NewHandler creates a new OrganizationService handler. disableCreation disables the implicit organization creation grant to all authenticated principals. When true, only explicit creatorUsers and creatorRoles are allowed to create organizations.

func (*Handler) CreateOrganization 

func (h *Handler) CreateOrganization(
	ctx context.Context,
	req *connect.Request[consolev1.CreateOrganizationRequest],
) (*connect.Response[consolev1.CreateOrganizationResponse], error)

CreateOrganization creates a new organization.

func (*Handler) DeleteOrganization 

func (h *Handler) DeleteOrganization(
	ctx context.Context,
	req *connect.Request[consolev1.DeleteOrganizationRequest],
) (*connect.Response[consolev1.DeleteOrganizationResponse], error)

DeleteOrganization deletes a managed organization.

func (*Handler) GetOrganization 

func (h *Handler) GetOrganization(
	ctx context.Context,
	req *connect.Request[consolev1.GetOrganizationRequest],
) (*connect.Response[consolev1.GetOrganizationResponse], error)

GetOrganization retrieves an organization by name.

func (*Handler) GetOrganizationRaw added in v0.10.0 

func (h *Handler) GetOrganizationRaw(
	ctx context.Context,
	req *connect.Request[consolev1.GetOrganizationRawRequest],
) (*connect.Response[consolev1.GetOrganizationRawResponse], error)

GetOrganizationRaw retrieves the full Kubernetes Namespace object as verbatim JSON.

func (*Handler) ListOrganizations 

func (h *Handler) ListOrganizations(
	ctx context.Context,
	req *connect.Request[consolev1.ListOrganizationsRequest],
) (*connect.Response[consolev1.ListOrganizationsResponse], error)

ListOrganizations returns all organizations the user has access to.

func (*Handler) UpdateOrganization 

func (h *Handler) UpdateOrganization(
	ctx context.Context,
	req *connect.Request[consolev1.UpdateOrganizationRequest],
) (*connect.Response[consolev1.UpdateOrganizationResponse], error)

UpdateOrganization updates organization metadata.

func (*Handler) UpdateOrganizationSharing 

func (h *Handler) UpdateOrganizationSharing(
	ctx context.Context,
	req *connect.Request[consolev1.UpdateOrganizationSharingRequest],
) (*connect.Response[consolev1.UpdateOrganizationSharingResponse], error)

UpdateOrganizationSharing updates the sharing grants on an organization.

type K8sClient 

type K8sClient struct {
	// contains filtered or unexported fields
}

K8sClient wraps Kubernetes client operations for organizations (namespaces).

func NewK8sClient 

func NewK8sClient(client kubernetes.Interface, r *resolver.Resolver) *K8sClient

NewK8sClient creates a client for organization operations.

func (*K8sClient) CreateOrganization 

func (c *K8sClient) CreateOrganization(ctx context.Context, name, displayName, description string, shareUsers, shareRoles []secrets.AnnotationGrant) (*corev1.Namespace, error)

CreateOrganization creates a new namespace with organization labels and annotations.

func (*K8sClient) DeleteOrganization 

func (c *K8sClient) DeleteOrganization(ctx context.Context, name string) error

DeleteOrganization deletes a managed organization namespace. Returns an error if the namespace does not have the expected labels.

func (*K8sClient) GetOrganization 

func (c *K8sClient) GetOrganization(ctx context.Context, name string) (*corev1.Namespace, error)

GetOrganization retrieves a managed organization namespace by name. Returns an error if the namespace does not have the expected labels.

func (*K8sClient) ListOrganizations 

func (c *K8sClient) ListOrganizations(ctx context.Context) ([]*corev1.Namespace, error)

ListOrganizations returns all namespaces with the organization resource-type label.

func (*K8sClient) UpdateOrganization 

func (c *K8sClient) UpdateOrganization(ctx context.Context, name string, displayName, description *string) (*corev1.Namespace, error)

UpdateOrganization updates the description and display name annotations on an organization namespace. Nil pointers preserve existing values.

func (*K8sClient) UpdateOrganizationSharing 

func (c *K8sClient) UpdateOrganizationSharing(ctx context.Context, name string, shareUsers, shareRoles []secrets.AnnotationGrant) (*corev1.Namespace, error)

UpdateOrganizationSharing updates the sharing annotations on an organization namespace.

type OrgGrantResolver 

type OrgGrantResolver struct {
	// contains filtered or unexported fields
}

OrgGrantResolver looks up organization-level grants for access fallback.

func NewOrgGrantResolver 

func NewOrgGrantResolver(k8s *K8sClient) *OrgGrantResolver

NewOrgGrantResolver creates a resolver that reads grants from organization namespaces.

func (*OrgGrantResolver) GetOrgGrants 

func (r *OrgGrantResolver) GetOrgGrants(ctx context.Context, org string) (map[string]string, map[string]string, error)

GetOrgGrants returns the active user and role grant maps for an organization.

type ProjectLister added in v0.10.0 

type ProjectLister interface {
	ListProjects(ctx context.Context, org string) ([]*corev1.Namespace, error)
}

ProjectLister checks for projects linked to an organization.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.