Documentation
¶
Overview ¶
Package realmset provides queryable representation of LUCI Realms DB.
Used internally by authdb.Snapshot.
Index ¶
Constants ¶
const ExpectedAPIVersion = 1
ExpectedAPIVersion is the supported value of api_version field.
See Build implementation for details.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PermissionIndex ¶
type PermissionIndex uint32
PermissionIndex is used in place of permission names.
Note: should match an int type used in `permissions` field in the proto.
type Realms ¶
type Realms struct {
// contains filtered or unexported fields
}
Realms is a queryable representation of realms.Realms proto.
func (*Realms) PermissionIndex ¶
func (r *Realms) PermissionIndex(perm realms.Permission) (idx PermissionIndex, ok bool)
PermissionIndex returns an index of the given permission.
It can be passed to QueryAuthorized. Returns (0, false) if there's no such permission in the Realms DB.
func (*Realms) QueryAuthorized ¶
func (r *Realms) QueryAuthorized(realm string, perm PermissionIndex) (graph.SortedNodeSet, stringset.Set)
QueryAuthorized returns a representation of principals that have the requested permission in the given realm.
The permission should be given as its index obtained via PermissionIndex.
The realm name is not validated. Unknown or invalid realms are silently treated as empty. No fallback to @root happens.
Returns a set of groups with principals that have the permission and a set of identity strings that were specified in the realm ACL directly (not via a group). nils are used in place of empty sets.
The set of groups is represented by a sorted slice of group indexes in a graph.QueryableGraph which was passed to Build().
Source Files