Documentation
¶
Overview ¶
Package storage contains storage interfaces and implementations
Index ¶
- Constants
- Variables
- func ExceededMaxTypeDefinitionsLimitError(limit int) error
- func InvalidWriteInputError(tk *openfgav1.TupleKey, operation openfgav1.TupleOperation) error
- type AssertionsBackend
- type AuthorizationModelBackend
- type AuthorizationModelReadBackend
- type ChangelogBackend
- type Deletes
- type Iterator
- type OpenFGADatastore
- type PaginationOptions
- type ReadStartingWithUserFilter
- type ReadUsersetTuplesFilter
- type RelationshipTupleReader
- type RelationshipTupleWriter
- type StoresBackend
- type TupleBackend
- type TupleIterator
- type TupleKeyFilterFunc
- type TupleKeyIterator
- type TypeDefinitionWriteBackend
- type Writes
Examples ¶
Constants ¶
View Source
const ( DefaultMaxTuplesPerWrite = 100 DefaultMaxTypesPerAuthorizationModel = 100 DefaultPageSize = 50 )
Variables ¶
View Source
var ( ErrCollision = errors.New("item already exists") ErrInvalidContinuationToken = errors.New("invalid continuation token") ErrInvalidWriteInput = errors.New("invalid write input") ErrNotFound = errors.New("not found") ErrTransactionalWriteFailed = errors.New("transactional write failed due to bad input") ErrMismatchObjectType = errors.New("mismatched types in request and continuation token") ErrExceededWriteBatchLimit = errors.New("number of operations exceeded write batch limit") ErrCancelled = errors.New("request has been cancelled") )
since these errors are allocated at init time, it is better to leave them as normal errors instead of errors that have stack encoded.
View Source
var ErrIteratorDone = errors.New("iterator done")
Functions ¶
func InvalidWriteInputError ¶
func InvalidWriteInputError(tk *openfgav1.TupleKey, operation openfgav1.TupleOperation) error
Types ¶
type AssertionsBackend ¶
type AuthorizationModelBackend ¶
type AuthorizationModelBackend interface {
AuthorizationModelReadBackend
TypeDefinitionWriteBackend
}
AuthorizationModelBackend provides an R/W interface for managing type definition.
type AuthorizationModelReadBackend ¶
type AuthorizationModelReadBackend interface {
// ReadAuthorizationModel Read the store type definition corresponding to `id`.
ReadAuthorizationModel(ctx context.Context, store string, id string) (*openfgav1.AuthorizationModel, error)
// ReadAuthorizationModels Read all type definitions ids for the supplied store.
ReadAuthorizationModels(ctx context.Context, store string, options PaginationOptions) ([]*openfgav1.AuthorizationModel, []byte, error)
FindLatestAuthorizationModelID(ctx context.Context, store string) (string, error)
}
AuthorizationModelReadBackend Provides a Read interface for managing type definitions.
type ChangelogBackend ¶
type ChangelogBackend interface {
// ReadChanges returns the writes and deletes that have occurred for tuples of a given object type within a store.
// The horizonOffset should be specified using a unit no more granular than a millisecond and should be interpreted
// as a millisecond duration.
ReadChanges(ctx context.Context, store, objectType string, paginationOptions PaginationOptions, horizonOffset time.Duration) ([]*openfgav1.TupleChange, []byte, error)
}
type Iterator ¶
type Iterator[T any] interface { // Next will return the next available item. Next() (T, error) // Stop terminates iteration over the underlying iterator. Stop() }
func NewCombinedIterator ¶
NewCombinedIterator takes generic iterators of a given type T and combines them into a single iterator that yields all the values from all iterators. Duplicates can be returned.
type OpenFGADatastore ¶
type OpenFGADatastore interface {
TupleBackend
AuthorizationModelBackend
StoresBackend
AssertionsBackend
ChangelogBackend
// IsReady reports whether the datastore is ready to accept traffic.
IsReady(ctx context.Context) (bool, error)
// Close closes the datastore and cleans up any residual resources.
Close()
}
type PaginationOptions ¶
func NewPaginationOptions ¶
func NewPaginationOptions(ps int32, contToken string) PaginationOptions
type ReadStartingWithUserFilter ¶
type ReadStartingWithUserFilter struct {
ObjectType string
Relation string
UserFilter []*openfgav1.ObjectRelation
}
ReadStartingWithUserFilter specifies the filter options that will be used to constrain the ReadStartingWithUser query.
type ReadUsersetTuplesFilter ¶ added in v0.4.0
type ReadUsersetTuplesFilter struct {
Object string // required
Relation string // required
AllowedUserTypeRestrictions []*openfgav1.RelationReference // optional
}
type RelationshipTupleReader ¶
type RelationshipTupleReader interface {
// Read the set of tuples associated with `store` and `TupleKey`, which may be nil or partially filled. If nil,
// Read will return an iterator over all the `Tuple`s in the given store. If the `TupleKey` is partially filled,
// it will return an iterator over those `Tuple`s which match the `TupleKey`. Note that at least one of `Object`
// or `User` (or both), must be specified in this case.
//
// The caller must be careful to close the TupleIterator, either by consuming the entire iterator or by closing it.
// There is NO guarantee on the order returned on the iterator.
Read(context.Context, string, *openfgav1.TupleKey) (TupleIterator, error)
// ReadPage is similar to Read, but with PaginationOptions. Instead of returning a TupleIterator, ReadPage
// returns a page of tuples and a possibly non-empty continuation token.
// The tuples returned are ordered by ULID.
ReadPage(
ctx context.Context,
store string,
tk *openfgav1.TupleKey,
opts PaginationOptions,
) ([]*openfgav1.Tuple, []byte, error)
// ReadUserTuple tries to return one tuple that matches the provided key exactly.
ReadUserTuple(
ctx context.Context,
store string,
tk *openfgav1.TupleKey,
) (*openfgav1.Tuple, error)
// ReadUsersetTuples returns all userset tuples for a specified object and relation.
// For example, given the following relationship tuples:
// document:doc1, viewer, user:*
// document:doc1, viewer, group:eng#member
// and the filter
// object=document:1, relation=viewer, allowedTypesForUser=[group#member]
// this method would return the tuple (document:doc1, viewer, group:eng#member)
// If allowedTypesForUser is empty, both tuples would be returned.
// There is NO guarantee on the order returned on the iterator.
ReadUsersetTuples(
ctx context.Context,
store string,
filter ReadUsersetTuplesFilter,
) (TupleIterator, error)
// ReadStartingWithUser performs a reverse read of relationship tuples starting at one or
// more user(s) or userset(s) and filtered by object type and relation.
//
// For example, given the following relationship tuples:
// document:doc1, viewer, user:jon
// document:doc2, viewer, group:eng#member
// document:doc3, editor, user:jon
//
// ReverseReadTuples for ['user:jon', 'group:eng#member'] filtered by 'document#viewer' would
// return ['document:doc1#viewer@user:jon', 'document:doc2#viewer@group:eng#member'].
// There is NO guarantee on the order returned on the iterator.
ReadStartingWithUser(
ctx context.Context,
store string,
filter ReadStartingWithUserFilter,
) (TupleIterator, error)
}
type RelationshipTupleWriter ¶
type RelationshipTupleWriter interface {
// Write updates data in the tuple backend, performing all delete operations in
// `deletes` before adding new values in `writes`, returning the time of the transaction, or an error.
// It is expected that
// - there is at most 10 deletes/writes
// - no duplicate item in delete/write list
Write(ctx context.Context, store string, d Deletes, w Writes) error
// MaxTuplesPerWrite returns the maximum number of items allowed in a single write transaction
MaxTuplesPerWrite() int
}
type StoresBackend ¶
type StoresBackend interface {
CreateStore(ctx context.Context, store *openfgav1.Store) (*openfgav1.Store, error)
DeleteStore(ctx context.Context, id string) error
GetStore(ctx context.Context, id string) (*openfgav1.Store, error)
ListStores(ctx context.Context, paginationOptions PaginationOptions) ([]*openfgav1.Store, []byte, error)
}
type TupleBackend ¶
type TupleBackend interface {
RelationshipTupleReader
RelationshipTupleWriter
}
A TupleBackend provides an R/W interface for managing tuples.
type TupleIterator ¶
TupleIterator is an iterator for Tuples. It is closed by explicitly calling Stop() or by calling Next() until it returns an ErrIteratorDone error.
func NewStaticTupleIterator ¶
func NewStaticTupleIterator(tuples []*openfgav1.Tuple) TupleIterator
NewStaticTupleIterator returns a TupleIterator that iterates over the provided slice.
type TupleKeyFilterFunc ¶
TupleKeyFilterFunc is a filter function that is used to filter out tuples from a TupleKey iterator that don't meet some criteria. Implementations should return true if the tuple should be returned and false if it should be filtered out.
type TupleKeyIterator ¶
TupleKeyIterator is an iterator for TupleKeys. It is closed by explicitly calling Stop() or by calling Next() until it returns an ErrIteratorDone error.
func NewFilteredTupleKeyIterator ¶
func NewFilteredTupleKeyIterator(iter TupleKeyIterator, filter TupleKeyFilterFunc) TupleKeyIterator
NewFilteredTupleKeyIterator returns an iterator that filters out all tuples that don't meet the conditions of the provided TupleFilterFunc.
Example ¶
tuples := []*openfgav1.TupleKey{
tuple.NewTupleKey("document:doc1", "viewer", "user:jon"),
tuple.NewTupleKey("document:doc1", "editor", "user:elbuo"),
}
iter := NewFilteredTupleKeyIterator(
NewStaticTupleKeyIterator(tuples),
func(tk *openfgav1.TupleKey) bool {
return tk.GetRelation() == "editor"
},
)
defer iter.Stop()
var filtered []string
for {
tuple, err := iter.Next()
if err != nil {
if err == ErrIteratorDone {
break
}
// handle the error in some way
panic(err)
}
filtered = append(filtered, fmt.Sprintf("%s#%s@%s", tuple.GetObject(), tuple.GetRelation(), tuple.GetUser()))
}
fmt.Println(filtered)
Output: [document:doc1#editor@user:elbuo]
func NewStaticTupleKeyIterator ¶
func NewStaticTupleKeyIterator(tupleKeys []*openfgav1.TupleKey) TupleKeyIterator
NewStaticTupleKeyIterator returns a TupleKeyIterator that iterates over the provided slice.
func NewTupleKeyIteratorFromTupleIterator ¶
func NewTupleKeyIteratorFromTupleIterator(iter TupleIterator) TupleKeyIterator
NewTupleKeyIteratorFromTupleIterator takes a TupleIterator and yields all of the TupleKeys from it as a TupleKeyIterator.
type TypeDefinitionWriteBackend ¶
type TypeDefinitionWriteBackend interface {
// MaxTypesPerAuthorizationModel returns the maximum number of items allowed for type definitions
MaxTypesPerAuthorizationModel() int
// WriteAuthorizationModel writes an authorization model for the given store.
WriteAuthorizationModel(ctx context.Context, store string, model *openfgav1.AuthorizationModel) error
}
TypeDefinitionWriteBackend Provides a write interface for managing typed definition.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package memory contains an implementation of the storage interface that lives in memory.
|
Package memory contains an implementation of the storage interface that lives in memory. |
|
Package mysql contains an implementation of the storage interface that works with MySQL.
|
Package mysql contains an implementation of the storage interface that works with MySQL. |
|
Package postgres contains an implementation of the storage interface that works with Postgres.
|
Package postgres contains an implementation of the storage interface that works with Postgres. |
|
Package sqlcommon contains utility functions shared among all SQL data stores.
|
Package sqlcommon contains utility functions shared among all SQL data stores. |
|
Package storagewrappers contains decorators for storage data
|
Package storagewrappers contains decorators for storage data |
Click to show internal directories.
Click to hide internal directories.