projects

package
v0.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const DisplayNameAnnotation = "console.holos.run/display-name"

DisplayNameAnnotation is the annotation key for a project's display name.

Variables

This section is empty.

Functions

func CheckProjectAdminAccess 

func CheckProjectAdminAccess(email string, roles []string, shareUsers, shareRoles map[string]string) error

CheckProjectAdminAccess verifies the user has admin permission on the project.

func CheckProjectCreateAccess 

func CheckProjectCreateAccess(email string, roles []string, allProjects []*corev1.Namespace) error

CheckProjectCreateAccess verifies the user is an owner on at least one existing project.

func CheckProjectDeleteAccess 

func CheckProjectDeleteAccess(email string, roles []string, shareUsers, shareRoles map[string]string) error

CheckProjectDeleteAccess verifies the user has delete permission on the project.

func CheckProjectListAccess 

func CheckProjectListAccess(email string, roles []string, shareUsers, shareRoles map[string]string) error

CheckProjectListAccess verifies the user has list permission on the project.

func CheckProjectReadAccess 

func CheckProjectReadAccess(email string, roles []string, shareUsers, shareRoles map[string]string) error

CheckProjectReadAccess verifies the user has read permission on the project.

func CheckProjectWriteAccess 

func CheckProjectWriteAccess(email string, roles []string, shareUsers, shareRoles map[string]string) error

CheckProjectWriteAccess verifies the user has write permission on the project.

func GetDescription 

func GetDescription(ns *corev1.Namespace) string

GetDescription returns the description annotation value from a namespace.

func GetDisplayName 

func GetDisplayName(ns *corev1.Namespace) string

GetDisplayName returns the display-name annotation value from a namespace.

func GetOrganization 

func GetOrganization(ns *corev1.Namespace) string

GetOrganization returns the organization label value from a namespace.

func GetShareRoles added in v0.16.0 

func GetShareRoles(ns *corev1.Namespace) ([]secrets.AnnotationGrant, error)

GetShareRoles parses the share-roles annotation from a namespace. Returns nil if the annotation is absent.

func GetShareUsers 

func GetShareUsers(ns *corev1.Namespace) ([]secrets.AnnotationGrant, error)

GetShareUsers parses the share-users annotation from a namespace.

Types

type Handler 

type Handler struct {
	consolev1connect.UnimplementedProjectServiceHandler
	// contains filtered or unexported fields
}

Handler implements the ProjectService.

func NewHandler 

func NewHandler(k8s *K8sClient, orgResolver OrgResolver) *Handler

NewHandler creates a new ProjectService handler.

func (*Handler) CreateProject 

func (h *Handler) CreateProject(
	ctx context.Context,
	req *connect.Request[consolev1.CreateProjectRequest],
) (*connect.Response[consolev1.CreateProjectResponse], error)

CreateProject creates a new project.

func (*Handler) DeleteProject 

func (h *Handler) DeleteProject(
	ctx context.Context,
	req *connect.Request[consolev1.DeleteProjectRequest],
) (*connect.Response[consolev1.DeleteProjectResponse], error)

DeleteProject deletes a managed namespace.

func (*Handler) GetProject 

func (h *Handler) GetProject(
	ctx context.Context,
	req *connect.Request[consolev1.GetProjectRequest],
) (*connect.Response[consolev1.GetProjectResponse], error)

GetProject retrieves a project by name.

func (*Handler) GetProjectRaw added in v0.10.0 

func (h *Handler) GetProjectRaw(
	ctx context.Context,
	req *connect.Request[consolev1.GetProjectRawRequest],
) (*connect.Response[consolev1.GetProjectRawResponse], error)

GetProjectRaw retrieves the full Kubernetes Namespace object as verbatim JSON.

func (*Handler) ListProjects 

func (h *Handler) ListProjects(
	ctx context.Context,
	req *connect.Request[consolev1.ListProjectsRequest],
) (*connect.Response[consolev1.ListProjectsResponse], error)

ListProjects returns all projects the user has access to.

func (*Handler) UpdateProject 

func (h *Handler) UpdateProject(
	ctx context.Context,
	req *connect.Request[consolev1.UpdateProjectRequest],
) (*connect.Response[consolev1.UpdateProjectResponse], error)

UpdateProject updates project metadata.

func (*Handler) UpdateProjectSharing 

func (h *Handler) UpdateProjectSharing(
	ctx context.Context,
	req *connect.Request[consolev1.UpdateProjectSharingRequest],
) (*connect.Response[consolev1.UpdateProjectSharingResponse], error)

UpdateProjectSharing updates the sharing grants on a project.

type K8sClient 

type K8sClient struct {
	Resolver *resolver.Resolver
	// contains filtered or unexported fields
}

K8sClient wraps Kubernetes client operations for projects (namespaces).

func NewK8sClient 

func NewK8sClient(client kubernetes.Interface, r *resolver.Resolver) *K8sClient

NewK8sClient creates a client for project operations.

func (*K8sClient) CreateProject 

func (c *K8sClient) CreateProject(ctx context.Context, name, displayName, description, org string, shareUsers, shareRoles []secrets.AnnotationGrant) (*corev1.Namespace, error)

CreateProject creates a new namespace with managed-by and resource-type labels.

func (*K8sClient) DeleteProject 

func (c *K8sClient) DeleteProject(ctx context.Context, name string) error

DeleteProject deletes a managed project namespace. Returns an error if the namespace does not have the managed-by label.

func (*K8sClient) GetProject 

func (c *K8sClient) GetProject(ctx context.Context, name string) (*corev1.Namespace, error)

GetProject retrieves a managed project namespace by name. The name is the user-facing project name (not the Kubernetes namespace).

func (*K8sClient) ListProjects 

func (c *K8sClient) ListProjects(ctx context.Context, org string) ([]*corev1.Namespace, error)

ListProjects returns all project namespaces. When org is non-empty, filters by organization.

func (*K8sClient) UpdateProject 

func (c *K8sClient) UpdateProject(ctx context.Context, name string, displayName, description *string) (*corev1.Namespace, error)

UpdateProject updates the description and display name annotations on a managed namespace. Nil pointers preserve existing values.

func (*K8sClient) UpdateProjectSharing 

func (c *K8sClient) UpdateProjectSharing(ctx context.Context, name string, shareUsers, shareRoles []secrets.AnnotationGrant) (*corev1.Namespace, error)

UpdateProjectSharing updates the sharing annotations on a managed namespace.

type OrgResolver 

type OrgResolver interface {
	GetOrgGrants(ctx context.Context, org string) (users, roles map[string]string, err error)
}

OrgResolver resolves organization-level grants for access checks.

type ProjectGrantResolver 

type ProjectGrantResolver struct {
	// contains filtered or unexported fields
}

ProjectGrantResolver implements secrets.ProjectResolver by looking up namespace annotations for project-level grants.

func NewProjectGrantResolver 

func NewProjectGrantResolver(k8s *K8sClient) *ProjectGrantResolver

NewProjectGrantResolver creates a resolver that reads grants from project namespaces.

func (*ProjectGrantResolver) GetProjectGrants 

func (r *ProjectGrantResolver) GetProjectGrants(ctx context.Context, project string) (map[string]string, map[string]string, error)

GetProjectGrants returns the active user and role grant maps for a project. The project parameter is the user-facing project name (not the Kubernetes namespace).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.