graph

package
v1.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2025 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Overview

Package graph contains code related to evaluation of authorization models through graph traversals.

Package graph is a generated GoMock package.

Index

Constants

View Source 
const BaseIndex = 0
View Source 
const DifferenceIndex = 1
View Source 
const Hundred = 100
View Source 
const IteratorMinBatchThreshold = 100

Variables

View Source 
var (
	ErrUnknownSetOperator = fmt.Errorf("%w: unexpected set operator type encountered", openfgaErrors.ErrUnknown)
	ErrPanic              = errors.New("panic captured")
)
View Source 
var (
	ErrResolutionDepthExceeded = errors.New("resolution depth exceeded")
)
View Source 
var ErrShortCircuit = errors.New("short circuit")

Functions

func BuildCacheKey added in v1.8.5 

func BuildCacheKey(req ResolveCheckRequest) string

func ContextWithResolutionDepth added in v0.2.5 

func ContextWithResolutionDepth(parent context.Context, depth uint32) context.Context

ContextWithResolutionDepth attaches the provided graph resolution depth to the parent context.

func ResolutionDepthFromContext added in v0.2.5 

func ResolutionDepthFromContext(ctx context.Context) (uint32, bool)

ResolutionDepthFromContext returns the current graph resolution depth from the provided context (if any).

Types

type CachedCheckResolver added in v1.3.1 

type CachedCheckResolver struct {
	// contains filtered or unexported fields
}

CachedCheckResolver attempts to resolve check sub-problems via prior computations before delegating the request to some underlying CheckResolver.

func NewCachedCheckResolver added in v1.3.1 

func NewCachedCheckResolver(opts ...CachedCheckResolverOpt) (*CachedCheckResolver, error)

NewCachedCheckResolver constructs a CheckResolver that delegates Check resolution to the provided delegate, but before delegating the query to the delegate a cache-key lookup is made to see if the Check sub-problem has already recently been computed. If the Check sub-problem is in the cache, then the response is returned immediately and no re-computation is necessary. NOTE: the ResolveCheck's resolution data will be set as the default values as we actually did no database lookup.

func (*CachedCheckResolver) Close added in v1.3.1 

func (c *CachedCheckResolver) Close()

Close will deallocate resource allocated by the CachedCheckResolver It will not deallocate cache if it has been passed in from WithExistingCache.

func (*CachedCheckResolver) GetDelegate added in v1.5.1 

func (c *CachedCheckResolver) GetDelegate() CheckResolver

GetDelegate returns this CachedCheckResolver's dispatch delegate.

func (*CachedCheckResolver) ResolveCheck added in v1.3.1 

func (c *CachedCheckResolver) ResolveCheck(
	ctx context.Context,
	req *ResolveCheckRequest,
) (*ResolveCheckResponse, error)

func (*CachedCheckResolver) SetDelegate added in v1.5.0 

func (c *CachedCheckResolver) SetDelegate(delegate CheckResolver)

SetDelegate sets this CachedCheckResolver's dispatch delegate.

type CachedCheckResolverOpt added in v1.3.1 

type CachedCheckResolverOpt func(*CachedCheckResolver)

CachedCheckResolverOpt defines an option that can be used to change the behavior of cachedCheckResolver instance.

func WithCacheTTL added in v1.3.1 

func WithCacheTTL(ttl time.Duration) CachedCheckResolverOpt

WithCacheTTL sets the TTL (as a duration) for any single Check cache key value.

func WithExistingCache added in v1.3.1 

func WithExistingCache(cache storage.InMemoryCache[any]) CachedCheckResolverOpt

WithExistingCache sets the cache to the specified cache. Note that the original cache will not be stopped as it may still be used by others. It is up to the caller to check whether the original cache should be stopped.

func WithLogger added in v1.3.1 

func WithLogger(logger logger.Logger) CachedCheckResolverOpt

WithLogger sets the logger for the cached check resolver.

type CheckFuncReducer added in v0.3.5 

type CheckFuncReducer func(ctx context.Context, concurrencyLimit int, handlers ...CheckHandlerFunc) (*ResolveCheckResponse, error)

CheckFuncReducer defines a function that combines or reduces one or more CheckHandlerFunc into a single CheckResponse with a maximum limit on the number of concurrent evaluations that can be in flight at any given time.

type CheckHandlerFunc added in v0.3.5 

type CheckHandlerFunc func(ctx context.Context) (*ResolveCheckResponse, error)

CheckHandlerFunc defines a function that evaluates a CheckResponse or returns an error otherwise.

type CheckResolver added in v0.3.5 

type CheckResolver interface {
	// ResolveCheck resolves a node (a single subproblem) out of a tree of problems.
	// If the depth of the tree has gotten too large, resolution is aborted and an error must be returned.
	//
	// It is expected that callers pass in, contextually:
	// - a [[storage.RelationshipTupleReader]] using [[storage.ContextWithRelationshipTupleReader]]. This is by design because this method is called by
	// [[server.Check]], but each time it is called there are invariants that must be met that relate
	// to the concurrency of the underlying RelationshipTupleReader as well as contextual tuples per
	// parent request.
	// - a [[Typesystem]]. Some implementations may panic if this isn't set.
	//
	// ResolveCheck is a recursive function. The first call to this function must be the "parent" problem to solve,
	// and recursive calls solve the child subproblems (which may be overlapping).
	//
	// Implementations must pass along the request in full, with all its fields,
	// and it must set the response in full, including the metadata, with any updates necessary.
	//
	// The return values may be nil and an error, or non-nil and an error.
	ResolveCheck(ctx context.Context, req *ResolveCheckRequest) (*ResolveCheckResponse, error)

	// Close releases resources. It must be called after the CheckResolver is done processing all requests.
	Close()

	// SetDelegate sets the next resolver in the chain. It can be the same resolver,
	// but a call to Delegate.ResolveCheck must not create infinite recursion.
	SetDelegate(delegate CheckResolver)

	GetDelegate() CheckResolver
}

type CheckResolverCloser added in v1.5.0 

type CheckResolverCloser func()

type CheckResolverOrderedBuilder added in v1.5.7 

type CheckResolverOrderedBuilder struct {
	// contains filtered or unexported fields
}

func NewOrderedCheckResolvers added in v1.5.7 

func NewOrderedCheckResolvers(opts ...CheckResolverOrderedBuilderOpt) *CheckResolverOrderedBuilder

func (*CheckResolverOrderedBuilder) Build added in v1.5.7 

func (c *CheckResolverOrderedBuilder) Build() (CheckResolver, CheckResolverCloser, error)

Build constructs a CheckResolver that is composed of various CheckResolvers in the manner of a circular linked list. The resolvers should be added from least resource intensive to most resource intensive. 

[...Other resolvers depending on the opts order]
	LocalChecker    ----------------------------^

The returned CheckResolverCloser should be used to close all resolvers involved in the list.

type CheckResolverOrderedBuilderOpt added in v1.5.7 

type CheckResolverOrderedBuilderOpt func(checkResolver *CheckResolverOrderedBuilder)

func WithCachedCheckResolverOpts added in v1.5.7 

func WithCachedCheckResolverOpts(enabled bool, opts ...CachedCheckResolverOpt) CheckResolverOrderedBuilderOpt

WithCachedCheckResolverOpts sets the opts to be used to build CachedCheckResolver.

func WithDispatchThrottlingCheckResolverOpts added in v1.5.7 

func WithDispatchThrottlingCheckResolverOpts(enabled bool, opts ...DispatchThrottlingCheckResolverOpt) CheckResolverOrderedBuilderOpt

WithDispatchThrottlingCheckResolverOpts sets the opts to be used to build DispatchThrottlingCheckResolver.

func WithLocalCheckerOpts added in v1.5.7 

func WithLocalCheckerOpts(opts ...LocalCheckerOption) CheckResolverOrderedBuilderOpt

WithLocalCheckerOpts sets the opts to be used to build LocalChecker.

func WithLocalShadowCheckerOpts added in v1.8.8 

func WithLocalShadowCheckerOpts(opts ...LocalCheckerOption) CheckResolverOrderedBuilderOpt

func WithShadowResolverEnabled added in v1.8.8 

func WithShadowResolverEnabled(enabled bool) CheckResolverOrderedBuilderOpt

func WithShadowResolverOpts added in v1.8.8 

func WithShadowResolverOpts(opts ...ShadowResolverOpt) CheckResolverOrderedBuilderOpt

type CheckResponseCacheEntry added in v1.7.0 

type CheckResponseCacheEntry struct {
	LastModified  time.Time
	CheckResponse *ResolveCheckResponse
}

func (*CheckResponseCacheEntry) CacheEntityType added in v1.8.12 

func (c *CheckResponseCacheEntry) CacheEntityType() string

type CheckRewriteResolver added in v1.9.2 

type CheckRewriteResolver interface {
	CheckResolver

	CheckRewrite(ctx context.Context, req *ResolveCheckRequest, rewrite *openfgav1.Userset) CheckHandlerFunc
}

type DispatchThrottlingCheckResolver added in v1.5.1 

type DispatchThrottlingCheckResolver struct {
	// contains filtered or unexported fields
}

DispatchThrottlingCheckResolver will prioritize requests with fewer dispatches over requests with more dispatches. Initially, request's dispatches will not be throttled and will be processed immediately. When the number of request dispatches is above the DefaultThreshold, the dispatches are placed in the throttling queue. One item form the throttling queue will be processed ticker. This allows a check / list objects request to be gradually throttled.

func NewDispatchThrottlingCheckResolver added in v1.5.1 

func NewDispatchThrottlingCheckResolver(opts ...DispatchThrottlingCheckResolverOpt) *DispatchThrottlingCheckResolver

func (*DispatchThrottlingCheckResolver) Close added in v1.5.1 

func (r *DispatchThrottlingCheckResolver) Close()

func (*DispatchThrottlingCheckResolver) GetDelegate added in v1.5.1 

func (r *DispatchThrottlingCheckResolver) GetDelegate() CheckResolver

func (*DispatchThrottlingCheckResolver) ResolveCheck added in v1.5.1 

func (r *DispatchThrottlingCheckResolver) ResolveCheck(ctx context.Context,
	req *ResolveCheckRequest,
) (*ResolveCheckResponse, error)

func (*DispatchThrottlingCheckResolver) SetDelegate added in v1.5.1 

func (r *DispatchThrottlingCheckResolver) SetDelegate(delegate CheckResolver)

type DispatchThrottlingCheckResolverConfig added in v1.5.1 

type DispatchThrottlingCheckResolverConfig struct {
	DefaultThreshold uint32
	MaxThreshold     uint32
}

DispatchThrottlingCheckResolverConfig encapsulates configuration for dispatch throttling check resolver.

type DispatchThrottlingCheckResolverOpt added in v1.5.4 

type DispatchThrottlingCheckResolverOpt func(checkResolver *DispatchThrottlingCheckResolver)

DispatchThrottlingCheckResolverOpt defines an option that can be used to change the behavior of DispatchThrottlingCheckResolver instance.

func WithConstantRateThrottler added in v1.8.9 

func WithConstantRateThrottler(frequency time.Duration, metricLabel string) DispatchThrottlingCheckResolverOpt

WithConstantRateThrottler sets the constant rate throttler to be used for DispatchThrottlingCheckResolver.

func WithDispatchThrottlingCheckResolverConfig added in v1.5.4 

func WithDispatchThrottlingCheckResolverConfig(config DispatchThrottlingCheckResolverConfig) DispatchThrottlingCheckResolverOpt

WithDispatchThrottlingCheckResolverConfig sets the config to be used for DispatchThrottlingCheckResolver.

func WithThrottler added in v1.5.4 

func WithThrottler(throttler throttler.Throttler) DispatchThrottlingCheckResolverOpt

WithThrottler sets the throttler to be used for DispatchThrottlingCheckResolver.

type EdgeCondition added in v1.3.2 

type EdgeCondition int

type LocalChecker added in v0.3.5 

type LocalChecker struct {
	// contains filtered or unexported fields
}

func LocalCheckResolver added in v1.9.0 

func LocalCheckResolver(resolver CheckResolver) (*LocalChecker, bool)

LocalCheckResolver returns the local checker in the chain of CheckResolver.

func NewLocalChecker added in v0.3.5 

func NewLocalChecker(opts ...LocalCheckerOption) *LocalChecker

NewLocalChecker constructs a LocalChecker that can be used to evaluate a Check request locally.

Developers wanting a LocalChecker with other optional layers (e.g caching and others) are encouraged to use [NewOrderedCheckResolvers] instead.

func (*LocalChecker) CheckRewrite added in v1.9.2 

func (c *LocalChecker) CheckRewrite(
	ctx context.Context,
	req *ResolveCheckRequest,
	rewrite *openfgav1.Userset,
) CheckHandlerFunc

func (*LocalChecker) Close added in v1.3.1 

func (c *LocalChecker) Close()

Close is a noop.

func (*LocalChecker) GetDelegate added in v1.5.1 

func (c *LocalChecker) GetDelegate() CheckResolver

GetDelegate sets this LocalChecker's dispatch delegate.

func (*LocalChecker) ResolveCheck added in v0.3.5 

func (c *LocalChecker) ResolveCheck(
	ctx context.Context,
	req *ResolveCheckRequest,
) (*ResolveCheckResponse, error)

ResolveCheck implements [[CheckResolver.ResolveCheck]].

func (*LocalChecker) SetDelegate added in v1.3.1 

func (c *LocalChecker) SetDelegate(delegate CheckResolver)

SetDelegate sets this LocalChecker's dispatch delegate.

type LocalCheckerOption added in v1.3.0 

type LocalCheckerOption func(d *LocalChecker)

func WithLocalCheckerLogger added in v1.5.8 

func WithLocalCheckerLogger(logger logger.Logger) LocalCheckerOption

func WithMaxResolutionDepth added in v1.8.2 

func WithMaxResolutionDepth(depth uint32) LocalCheckerOption

func WithOptimizations added in v1.7.0 

func WithOptimizations(enabled bool) LocalCheckerOption

func WithPlanner added in v1.10.0 

func WithPlanner(p planner.Manager) LocalCheckerOption

func WithResolveNodeBreadthLimit added in v1.3.0 

func WithResolveNodeBreadthLimit(limit uint32) LocalCheckerOption

WithResolveNodeBreadthLimit see server.WithResolveNodeBreadthLimit.

func WithUpstreamTimeout added in v1.10.2 

func WithUpstreamTimeout(timeout time.Duration) LocalCheckerOption

type MockCheckResolver added in v1.3.1 

type MockCheckResolver struct {
	// contains filtered or unexported fields
}

MockCheckResolver is a mock of CheckResolver interface.

func NewMockCheckResolver added in v1.3.1 

func NewMockCheckResolver(ctrl *gomock.Controller) *MockCheckResolver

NewMockCheckResolver creates a new mock instance.

func (*MockCheckResolver) Close added in v1.3.1 

func (m *MockCheckResolver) Close()

Close mocks base method.

func (*MockCheckResolver) EXPECT added in v1.3.1 

func (m *MockCheckResolver) EXPECT() *MockCheckResolverMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockCheckResolver) GetDelegate added in v1.6.2 

func (m *MockCheckResolver) GetDelegate() CheckResolver

GetDelegate mocks base method.

func (*MockCheckResolver) ResolveCheck added in v1.3.1 

func (m *MockCheckResolver) ResolveCheck(ctx context.Context, req *ResolveCheckRequest) (*ResolveCheckResponse, error)

ResolveCheck mocks base method.

func (*MockCheckResolver) SetDelegate added in v1.6.2 

func (m *MockCheckResolver) SetDelegate(delegate CheckResolver)

SetDelegate mocks base method.

type MockCheckResolverMockRecorder added in v1.3.1 

type MockCheckResolverMockRecorder struct {
	// contains filtered or unexported fields
}

MockCheckResolverMockRecorder is the mock recorder for MockCheckResolver.

func (*MockCheckResolverMockRecorder) Close added in v1.3.1 

func (mr *MockCheckResolverMockRecorder) Close() *gomock.Call

Close indicates an expected call of Close.

func (*MockCheckResolverMockRecorder) GetDelegate added in v1.6.2 

func (mr *MockCheckResolverMockRecorder) GetDelegate() *gomock.Call

GetDelegate indicates an expected call of GetDelegate.

func (*MockCheckResolverMockRecorder) ResolveCheck added in v1.3.1 

func (mr *MockCheckResolverMockRecorder) ResolveCheck(ctx, req any) *gomock.Call

ResolveCheck indicates an expected call of ResolveCheck.

func (*MockCheckResolverMockRecorder) SetDelegate added in v1.6.2 

func (mr *MockCheckResolverMockRecorder) SetDelegate(delegate any) *gomock.Call

SetDelegate indicates an expected call of SetDelegate.

type MockCheckRewriteResolver added in v1.9.2 

type MockCheckRewriteResolver struct {
	// contains filtered or unexported fields
}

MockCheckRewriteResolver is a mock of CheckRewriteResolver interface.

func NewMockCheckRewriteResolver added in v1.9.2 

func NewMockCheckRewriteResolver(ctrl *gomock.Controller) *MockCheckRewriteResolver

NewMockCheckRewriteResolver creates a new mock instance.

func (*MockCheckRewriteResolver) CheckRewrite added in v1.9.2 

func (m *MockCheckRewriteResolver) CheckRewrite(ctx context.Context, req *ResolveCheckRequest, rewrite *openfgav1.Userset) CheckHandlerFunc

CheckRewrite mocks base method.

func (*MockCheckRewriteResolver) Close added in v1.9.2 

func (m *MockCheckRewriteResolver) Close()

Close mocks base method.

func (*MockCheckRewriteResolver) EXPECT added in v1.9.2 

func (m *MockCheckRewriteResolver) EXPECT() *MockCheckRewriteResolverMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockCheckRewriteResolver) GetDelegate added in v1.9.2 

func (m *MockCheckRewriteResolver) GetDelegate() CheckResolver

GetDelegate mocks base method.

func (*MockCheckRewriteResolver) ResolveCheck added in v1.9.2 

func (m *MockCheckRewriteResolver) ResolveCheck(ctx context.Context, req *ResolveCheckRequest) (*ResolveCheckResponse, error)

ResolveCheck mocks base method.

func (*MockCheckRewriteResolver) SetDelegate added in v1.9.2 

func (m *MockCheckRewriteResolver) SetDelegate(delegate CheckResolver)

SetDelegate mocks base method.

type MockCheckRewriteResolverMockRecorder added in v1.9.2 

type MockCheckRewriteResolverMockRecorder struct {
	// contains filtered or unexported fields
}

MockCheckRewriteResolverMockRecorder is the mock recorder for MockCheckRewriteResolver.

func (*MockCheckRewriteResolverMockRecorder) CheckRewrite added in v1.9.2 

func (mr *MockCheckRewriteResolverMockRecorder) CheckRewrite(ctx, req, rewrite any) *gomock.Call

CheckRewrite indicates an expected call of CheckRewrite.

func (*MockCheckRewriteResolverMockRecorder) Close added in v1.9.2 

func (mr *MockCheckRewriteResolverMockRecorder) Close() *gomock.Call

Close indicates an expected call of Close.

func (*MockCheckRewriteResolverMockRecorder) GetDelegate added in v1.9.2 

func (mr *MockCheckRewriteResolverMockRecorder) GetDelegate() *gomock.Call

GetDelegate indicates an expected call of GetDelegate.

func (*MockCheckRewriteResolverMockRecorder) ResolveCheck added in v1.9.2 

func (mr *MockCheckRewriteResolverMockRecorder) ResolveCheck(ctx, req any) *gomock.Call

ResolveCheck indicates an expected call of ResolveCheck.

func (*MockCheckRewriteResolverMockRecorder) SetDelegate added in v1.9.2 

func (mr *MockCheckRewriteResolverMockRecorder) SetDelegate(delegate any) *gomock.Call

SetDelegate indicates an expected call of SetDelegate.

type RelationshipEdge added in v1.3.2 

type RelationshipEdge struct {
	Type RelationshipEdgeType

	// The edge is directed towards this node, which can be like group:*, or group, or group:member
	TargetReference *openfgav1.RelationReference

	// If the type is TupleToUsersetEdge, this defines the TTU condition
	TuplesetRelation string

	TargetReferenceInvolvesIntersectionOrExclusion bool
}

RelationshipEdge represents a possible relationship between some source object reference and a target user reference. The possibility is realized depending on the tuples and on the edge's type.

func (RelationshipEdge) String added in v1.3.2 

func (r RelationshipEdge) String() string

type RelationshipEdgeType added in v1.3.2 

type RelationshipEdgeType int
const (
	// DirectEdge defines a direct connection between a source object reference
	// and some target user reference.
	DirectEdge RelationshipEdgeType = iota
	// TupleToUsersetEdge defines a connection between a source object reference
	// and some target user reference that is co-dependent upon the lookup of a third object reference.
	TupleToUsersetEdge
	// ComputedUsersetEdge defines a direct connection between a source object reference
	// and some target user reference. The difference with DirectEdge is that DirectEdge will involve
	// a read of tuples and this one will not.
	ComputedUsersetEdge
)

func (RelationshipEdgeType) String added in v1.3.2 

func (r RelationshipEdgeType) String() string

type RelationshipGraph added in v1.3.2 

type RelationshipGraph struct {
	// contains filtered or unexported fields
}

RelationshipGraph represents a graph of relationships and the connectivity between object and relation references within the graph through direct or indirect relationships.

func New added in v1.3.2 

func New(typesystem *typesystem.TypeSystem) *RelationshipGraph

New returns a RelationshipGraph from an authorization model. The RelationshipGraph should be used to introspect what kind of relationships between object types can exist. To visualize this graph, use https://github.com/jon-whit/openfga-graphviz-gen

func (*RelationshipGraph) GetPrunedRelationshipEdges added in v1.3.2 

func (g *RelationshipGraph) GetPrunedRelationshipEdges(target *openfgav1.RelationReference, source *openfgav1.RelationReference) ([]*RelationshipEdge, error)

GetPrunedRelationshipEdges finds all paths from a source to a target and then returns all the edges at distance 0 or 1 of the source in those paths. If the edges from the source to the target pass through a relationship involving intersection or exclusion (directly or indirectly), then GetPrunedRelationshipEdges will just return the first-most edge involved in that rewrite.

Consider the following model:

type user type document 

relations
  define allowed: [user]
  define viewer: [user] and allowed

The pruned relationship edges from the 'user' type to 'document#viewer' returns only the edge from 'user' to 'document#viewer' and with a 'RequiresFurtherEvalCondition'. This is because when evaluating relationships involving intersection or exclusion we choose to only evaluate one operand of the rewrite rule, and for each result found we call Check on the result to evaluate the sub-condition on the 'and allowed' bit.

func (*RelationshipGraph) GetRelationshipEdges added in v1.3.2 

func (g *RelationshipGraph) GetRelationshipEdges(target *openfgav1.RelationReference, source *openfgav1.RelationReference) ([]*RelationshipEdge, error)

GetRelationshipEdges finds all paths from a source to a target and then returns all the edges at distance 0 or 1 of the source in those paths.

type ResolveCheckRequest added in v0.3.5 

type ResolveCheckRequest struct {
	StoreID                   string
	AuthorizationModelID      string // TODO replace with typesystem
	TupleKey                  *openfgav1.TupleKey
	ContextualTuples          []*openfgav1.TupleKey
	Context                   *structpb.Struct
	RequestMetadata           *ResolveCheckRequestMetadata
	VisitedPaths              map[string]struct{}
	Consistency               openfgav1.ConsistencyPreference
	LastCacheInvalidationTime time.Time
	// contains filtered or unexported fields
}

func NewResolveCheckRequest added in v1.8.5 

func NewResolveCheckRequest(
	params ResolveCheckRequestParams,
) (*ResolveCheckRequest, error)

func (*ResolveCheckRequest) GetAuthorizationModelID added in v0.3.5 

func (r *ResolveCheckRequest) GetAuthorizationModelID() string

func (*ResolveCheckRequest) GetConsistency added in v1.5.7 

func (r *ResolveCheckRequest) GetConsistency() openfgav1.ConsistencyPreference

func (*ResolveCheckRequest) GetContext added in v1.3.8 

func (r *ResolveCheckRequest) GetContext() *structpb.Struct

func (*ResolveCheckRequest) GetContextualTuples added in v0.3.5 

func (r *ResolveCheckRequest) GetContextualTuples() []*openfgav1.TupleKey

func (*ResolveCheckRequest) GetInvariantCacheKey added in v1.8.5 

func (r *ResolveCheckRequest) GetInvariantCacheKey() string

func (*ResolveCheckRequest) GetLastCacheInvalidationTime added in v1.7.0 

func (r *ResolveCheckRequest) GetLastCacheInvalidationTime() time.Time

func (*ResolveCheckRequest) GetRequestMetadata added in v1.5.1 

func (r *ResolveCheckRequest) GetRequestMetadata() *ResolveCheckRequestMetadata

func (*ResolveCheckRequest) GetStoreID added in v0.3.5 

func (r *ResolveCheckRequest) GetStoreID() string

func (*ResolveCheckRequest) GetTupleKey added in v0.3.5 

func (r *ResolveCheckRequest) GetTupleKey() *openfgav1.TupleKey

func (*ResolveCheckRequest) GetVisitedPaths added in v1.7.0 

func (r *ResolveCheckRequest) GetVisitedPaths() map[string]struct{}

type ResolveCheckRequestMetadata added in v1.5.1 

type ResolveCheckRequestMetadata struct {
	// Thinking of a Check as a tree of evaluations,
	// Depth is the current level in the tree in the current path that we are exploring.
	// When we jump one level, we increment it by 1. If it hits maxResolutionDepth (resolveNodeLimit), we throw ErrResolutionDepthExceeded.
	Depth uint32

	// DispatchCounter is the address to a shared counter that keeps track of how many calls to ResolveCheck we had to do
	// to solve the root/parent problem.
	// The contents of this counter will be written by concurrent goroutines.
	// After the root problem has been solved, this value can be read.
	DispatchCounter *atomic.Uint32

	// WasThrottled indicates whether the request was throttled
	WasThrottled *atomic.Bool
}

func NewCheckRequestMetadata added in v1.5.1 

func NewCheckRequestMetadata() *ResolveCheckRequestMetadata

type ResolveCheckRequestParams added in v1.8.5 

type ResolveCheckRequestParams struct {
	StoreID                   string
	TupleKey                  *openfgav1.TupleKey
	ContextualTuples          []*openfgav1.TupleKey
	Context                   *structpb.Struct
	Consistency               openfgav1.ConsistencyPreference
	LastCacheInvalidationTime time.Time
	AuthorizationModelID      string
}

type ResolveCheckResponse added in v0.3.5 

type ResolveCheckResponse struct {
	Allowed            bool
	ResolutionMetadata ResolveCheckResponseMetadata
}

func (*ResolveCheckResponse) GetAllowed added in v1.3.1 

func (r *ResolveCheckResponse) GetAllowed() bool

func (*ResolveCheckResponse) GetCycleDetected added in v1.5.3 

func (r *ResolveCheckResponse) GetCycleDetected() bool

func (*ResolveCheckResponse) GetResolutionMetadata added in v1.3.1 

func (r *ResolveCheckResponse) GetResolutionMetadata() ResolveCheckResponseMetadata

type ResolveCheckResponseMetadata added in v1.5.1 

type ResolveCheckResponseMetadata struct {
	// Number of Read operations accumulated after this request completes.
	DatastoreQueryCount uint32

	// Number of items read from the database after this request completes.
	DatastoreItemCount uint64

	// Indicates if the ResolveCheck subproblem that was evaluated involved
	// a cycle in the evaluation.
	CycleDetected bool
	// The total time it took to resolve the check request.
	Duration time.Duration
}

type ShadowResolver added in v1.8.8 

type ShadowResolver struct {
	// contains filtered or unexported fields
}

func NewShadowChecker added in v1.8.8 

func NewShadowChecker(main CheckResolver, shadow CheckResolver, opts ...ShadowResolverOpt) *ShadowResolver

func (ShadowResolver) Close added in v1.8.8 

func (s ShadowResolver) Close()

func (ShadowResolver) GetDelegate added in v1.8.8 

func (s ShadowResolver) GetDelegate() CheckResolver

func (ShadowResolver) ResolveCheck added in v1.8.8 

func (s ShadowResolver) ResolveCheck(ctx context.Context, req *ResolveCheckRequest) (*ResolveCheckResponse, error)

func (ShadowResolver) SetDelegate added in v1.8.8 

func (s ShadowResolver) SetDelegate(delegate CheckResolver)

type ShadowResolverOpt added in v1.8.8 

type ShadowResolverOpt func(*ShadowResolver)

func ShadowResolverWithLogger added in v1.8.8 

func ShadowResolverWithLogger(logger logger.Logger) ShadowResolverOpt

func ShadowResolverWithName added in v1.8.9 

func ShadowResolverWithName(name string) ShadowResolverOpt

func ShadowResolverWithTimeout added in v1.8.8 

func ShadowResolverWithTimeout(timeout time.Duration) ShadowResolverOpt

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.