Documentation
¶
Index ¶
- type AssignGlobalRoleToUserParams
- type AssignRoleToServiceAccountParams
- type AssignTeamRoleToUserParams
- type DBTX
- type GetRolesForServiceAccountsRow
- type GetRolesForUsersRow
- type GitHubAuthorizationRoleCheckParams
- type HasGlobalAuthorizationParams
- type HasTeamAuthorizationParams
- type HasTeamMembershipParams
- type ListRolesForServiceAccountParams
- type ListRolesParams
- type Querier
- type Queries
- func (q *Queries) AssignGlobalRoleToUser(ctx context.Context, arg AssignGlobalRoleToUserParams) error
- func (q *Queries) AssignRoleToServiceAccount(ctx context.Context, arg AssignRoleToServiceAccountParams) error
- func (q *Queries) AssignTeamRoleToUser(ctx context.Context, arg AssignTeamRoleToUserParams) error
- func (q *Queries) CountRoles(ctx context.Context) (int64, error)
- func (q *Queries) CountRolesForServiceAccount(ctx context.Context, serviceAccountID uuid.UUID) (int64, error)
- func (q *Queries) GetRoleByName(ctx context.Context, name string) (*Role, error)
- func (q *Queries) GetRolesForServiceAccounts(ctx context.Context, serviceAccountIds []uuid.UUID) ([]*GetRolesForServiceAccountsRow, error)
- func (q *Queries) GetRolesForUsers(ctx context.Context, userIds []uuid.UUID) ([]*GetRolesForUsersRow, error)
- func (q *Queries) GitHubAuthorizationRoleCheck(ctx context.Context, arg GitHubAuthorizationRoleCheckParams) (bool, error)
- func (q *Queries) HasGlobalAuthorization(ctx context.Context, arg HasGlobalAuthorizationParams) (bool, error)
- func (q *Queries) HasTeamAuthorization(ctx context.Context, arg HasTeamAuthorizationParams) (bool, error)
- func (q *Queries) HasTeamMembership(ctx context.Context, arg HasTeamMembershipParams) (bool, error)
- func (q *Queries) ListRoles(ctx context.Context, arg ListRolesParams) ([]*Role, error)
- func (q *Queries) ListRolesForServiceAccount(ctx context.Context, arg ListRolesForServiceAccountParams) ([]*Role, error)
- func (q *Queries) RevokeRoleFromServiceAccount(ctx context.Context, arg RevokeRoleFromServiceAccountParams) error
- func (q *Queries) ServiceAccountCanAssignRole(ctx context.Context, arg ServiceAccountCanAssignRoleParams) (bool, error)
- func (q *Queries) ServiceAccountHasGlobalAuthorization(ctx context.Context, arg ServiceAccountHasGlobalAuthorizationParams) (bool, error)
- func (q *Queries) ServiceAccountHasRole(ctx context.Context, arg ServiceAccountHasRoleParams) (bool, error)
- func (q *Queries) ServiceAccountHasTeamAuthorization(ctx context.Context, arg ServiceAccountHasTeamAuthorizationParams) (bool, error)
- func (q *Queries) ServiceAccountHasTeamMembership(ctx context.Context, arg ServiceAccountHasTeamMembershipParams) (bool, error)
- func (q *Queries) UserCanAssignRole(ctx context.Context, arg UserCanAssignRoleParams) (bool, error)
- func (q *Queries) WithTx(tx pgx.Tx) *Queries
- type RevokeRoleFromServiceAccountParams
- type Role
- type ServiceAccountCanAssignRoleParams
- type ServiceAccountHasGlobalAuthorizationParams
- type ServiceAccountHasRoleParams
- type ServiceAccountHasTeamAuthorizationParams
- type ServiceAccountHasTeamMembershipParams
- type UserCanAssignRoleParams
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GetRolesForUsersRow ¶
type HasTeamMembershipParams ¶
type ListRolesParams ¶
type Querier ¶
type Querier interface {
AssignGlobalRoleToUser(ctx context.Context, arg AssignGlobalRoleToUserParams) error
AssignRoleToServiceAccount(ctx context.Context, arg AssignRoleToServiceAccountParams) error
AssignTeamRoleToUser(ctx context.Context, arg AssignTeamRoleToUserParams) error
CountRoles(ctx context.Context) (int64, error)
CountRolesForServiceAccount(ctx context.Context, serviceAccountID uuid.UUID) (int64, error)
GetRoleByName(ctx context.Context, name string) (*Role, error)
GetRolesForServiceAccounts(ctx context.Context, serviceAccountIds []uuid.UUID) ([]*GetRolesForServiceAccountsRow, error)
// TODO: This should be rewritten to fetch rows from the roles table instead as it uses the authz.Role struct, which reflects rows from the roles table.
GetRolesForUsers(ctx context.Context, userIds []uuid.UUID) ([]*GetRolesForUsersRow, error)
GitHubAuthorizationRoleCheck(ctx context.Context, arg GitHubAuthorizationRoleCheckParams) (bool, error)
HasGlobalAuthorization(ctx context.Context, arg HasGlobalAuthorizationParams) (bool, error)
HasTeamAuthorization(ctx context.Context, arg HasTeamAuthorizationParams) (bool, error)
// Strict team membership check WITHOUT admin bypass
// Used for security-sensitive operations like elevations and reading secret values
HasTeamMembership(ctx context.Context, arg HasTeamMembershipParams) (bool, error)
ListRoles(ctx context.Context, arg ListRolesParams) ([]*Role, error)
ListRolesForServiceAccount(ctx context.Context, arg ListRolesForServiceAccountParams) ([]*Role, error)
RevokeRoleFromServiceAccount(ctx context.Context, arg RevokeRoleFromServiceAccountParams) error
ServiceAccountCanAssignRole(ctx context.Context, arg ServiceAccountCanAssignRoleParams) (bool, error)
ServiceAccountHasGlobalAuthorization(ctx context.Context, arg ServiceAccountHasGlobalAuthorizationParams) (bool, error)
ServiceAccountHasRole(ctx context.Context, arg ServiceAccountHasRoleParams) (bool, error)
ServiceAccountHasTeamAuthorization(ctx context.Context, arg ServiceAccountHasTeamAuthorizationParams) (bool, error)
// Strict team membership check for service accounts WITHOUT admin bypass
ServiceAccountHasTeamMembership(ctx context.Context, arg ServiceAccountHasTeamMembershipParams) (bool, error)
UserCanAssignRole(ctx context.Context, arg UserCanAssignRoleParams) (bool, error)
}
type Queries ¶
type Queries struct {
// contains filtered or unexported fields
}
func (*Queries) AssignGlobalRoleToUser ¶
func (q *Queries) AssignGlobalRoleToUser(ctx context.Context, arg AssignGlobalRoleToUserParams) error
func (*Queries) AssignRoleToServiceAccount ¶
func (q *Queries) AssignRoleToServiceAccount(ctx context.Context, arg AssignRoleToServiceAccountParams) error
func (*Queries) AssignTeamRoleToUser ¶
func (q *Queries) AssignTeamRoleToUser(ctx context.Context, arg AssignTeamRoleToUserParams) error
func (*Queries) CountRolesForServiceAccount ¶
func (*Queries) GetRoleByName ¶
func (*Queries) GetRolesForServiceAccounts ¶
func (*Queries) GetRolesForUsers ¶
func (q *Queries) GetRolesForUsers(ctx context.Context, userIds []uuid.UUID) ([]*GetRolesForUsersRow, error)
TODO: This should be rewritten to fetch rows from the roles table instead as it uses the authz.Role struct, which reflects rows from the roles table.
func (*Queries) GitHubAuthorizationRoleCheck ¶
func (*Queries) HasGlobalAuthorization ¶
func (*Queries) HasTeamAuthorization ¶
func (*Queries) HasTeamMembership ¶
Strict team membership check WITHOUT admin bypass Used for security-sensitive operations like elevations and reading secret values
func (*Queries) ListRolesForServiceAccount ¶
func (*Queries) RevokeRoleFromServiceAccount ¶
func (q *Queries) RevokeRoleFromServiceAccount(ctx context.Context, arg RevokeRoleFromServiceAccountParams) error
func (*Queries) ServiceAccountCanAssignRole ¶
func (*Queries) ServiceAccountHasGlobalAuthorization ¶
func (*Queries) ServiceAccountHasRole ¶
func (*Queries) ServiceAccountHasTeamAuthorization ¶
func (*Queries) ServiceAccountHasTeamMembership ¶
func (q *Queries) ServiceAccountHasTeamMembership(ctx context.Context, arg ServiceAccountHasTeamMembershipParams) (bool, error)
Strict team membership check for service accounts WITHOUT admin bypass
func (*Queries) UserCanAssignRole ¶
Source Files
Click to show internal directories.
Click to hide internal directories.