persistence

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 11, 2026 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotFound = errors.New("persistence: not found")
	ErrConflict = errors.New("persistence: conflict")
)
View Source 
var (
	ErrNoMigrationsTable  = errors.New("persistence: migrations table missing")
	ErrSchemaBehindBinary = errors.New("persistence: schema behind binary")
)

Functions

func AvailableMigrationIDs 

func AvailableMigrationIDs() ([]string, error)

func CheckSchemaCompatibility 

func CheckSchemaCompatibility(ctx context.Context, store *Store) error

func EncodeAuditEventCursor 

func EncodeAuditEventCursor(c *AuditEventCursor) (string, error)

func EncodeSearchCursor 

func EncodeSearchCursor(c *SearchCursor) (string, error)

EncodeSearchCursor returns the base64-encoded JSON cursor for the supplied position. Returns "" for nil.

func MigrateDown 

func MigrateDown(ctx context.Context, store *Store, steps int) (int, error)

func MigrateUp 

func MigrateUp(ctx context.Context, store *Store) (int, error)

func NewResourceID 

func NewResourceID(prefix ResourcePrefix) string

NewResourceID generates a prefixed resource identifier with 12 random lowercase alphanumeric characters.

Types

type Account 

type Account struct {
	ID             string        `db:"id"`
	OrganizationID string        `db:"organization_id"`
	Email          string        `db:"email"`
	DisplayName    *string       `db:"display_name"`
	PasswordSalt   string        `db:"password_salt"`
	PasswordHash   string        `db:"password_hash"`
	AccountToken   string        `db:"account_token"`
	Role           AccountRole   `db:"role"`
	Status         AccountStatus `db:"status"`
	CreatedAt      time.Time     `db:"created_at"`
	UpdatedAt      time.Time     `db:"updated_at"`
}

type AccountRole 

type AccountRole string
const (
	AccountRoleAdmin  AccountRole = "admin"
	AccountRoleMember AccountRole = "member"
)

type AccountStatus 

type AccountStatus string
const (
	AccountStatusActive   AccountStatus = "active"
	AccountStatusDisabled AccountStatus = "disabled"
)

type AccountsRepository 

type AccountsRepository struct{}

func (*AccountsRepository) Create 

func (r *AccountsRepository) Create(ctx context.Context, db Queryer, acct Account) (*Account, error)

func (*AccountsRepository) Delete 

func (r *AccountsRepository) Delete(ctx context.Context, db Queryer, organizationID, accountID string) error

func (*AccountsRepository) FindByEmail 

func (r *AccountsRepository) FindByEmail(ctx context.Context, db Queryer, email string) (*Account, error)

func (*AccountsRepository) FindByToken 

func (r *AccountsRepository) FindByToken(ctx context.Context, db Queryer, token string) (*Account, error)

func (*AccountsRepository) GetByID 

func (r *AccountsRepository) GetByID(ctx context.Context, db Queryer, id string) (*Account, error)

func (*AccountsRepository) List 

func (r *AccountsRepository) List(ctx context.Context, db Queryer, organizationID *string) ([]Account, error)

func (*AccountsRepository) ListByOrganization 

func (r *AccountsRepository) ListByOrganization(ctx context.Context, db Queryer, organizationID string) ([]Account, error)

func (*AccountsRepository) RotateToken 

func (r *AccountsRepository) RotateToken(ctx context.Context, db Queryer, accountID string, token string) error

func (*AccountsRepository) UpdatePassword 

func (r *AccountsRepository) UpdatePassword(ctx context.Context, db Queryer, accountID string, salt, hash string) error
type Advertisement struct {
	ID                  string                  `db:"id"`
	OrganizationID      string                  `db:"organization_id"`
	OrganizationName    string                  `db:"organization_name"`
	AccountID           string                  `db:"account_id"`
	Name                string                  `db:"name"`
	Description         *string                 `db:"description"`
	Capabilities        CapabilitiesJSON        `db:"capabilities"`
	InteractionPatterns InteractionPatternsJSON `db:"interaction_patterns"`
	WorkgroupScopes     pq.StringArray          `db:"workgroup_scopes"`
	TunnelMode          TunnelMode              `db:"tunnel_mode"`
	ContractID          *string                 `db:"contract_id"`
	SchemaVersion       int                     `db:"schema_version"`
	Status              AdvertisementStatus     `db:"status"`
	RetractedAt         *time.Time              `db:"retracted_at"`
	CreatedAt           time.Time               `db:"created_at"`
	UpdatedAt           time.Time               `db:"updated_at"`
}

type AdvertisementStatus 

type AdvertisementStatus string
const (
	AdvertisementStatusActive    AdvertisementStatus = "active"
	AdvertisementStatusRetracted AdvertisementStatus = "retracted"
)

type AdvertisementsRepository 

type AdvertisementsRepository struct{}

func (*AdvertisementsRepository) Create 

func (r *AdvertisementsRepository) Create(ctx context.Context, db Queryer, ad Advertisement) (*Advertisement, error)

func (*AdvertisementsRepository) GetByAccountAndName 

func (r *AdvertisementsRepository) GetByAccountAndName(ctx context.Context, db Queryer, accountID, name string) (*Advertisement, error)

func (*AdvertisementsRepository) GetByID 

func (r *AdvertisementsRepository) GetByID(ctx context.Context, db Queryer, id string) (*Advertisement, error)

func (*AdvertisementsRepository) ListByAccount 

func (r *AdvertisementsRepository) ListByAccount(ctx context.Context, db Queryer, accountID string, statusFilter AdvertisementStatus) ([]Advertisement, error)

func (*AdvertisementsRepository) MarkRetracted 

func (r *AdvertisementsRepository) MarkRetracted(ctx context.Context, db Queryer, id string) error

MarkRetracted transitions the advertisement to the retracted state. Idempotent: returns nil if the advertisement is already retracted.

func (*AdvertisementsRepository) Search 

func (r *AdvertisementsRepository) Search(ctx context.Context, db Queryer, params SearchParams) ([]Advertisement, string, error)

Search executes the catalog query: visibility-enforced + filtered. Returns up to params.Limit results (defaulting to searchDefaultLimit, capped at searchMaxLimit) and a non-empty next-cursor string when further pages are available.

func (*AdvertisementsRepository) Update 

func (r *AdvertisementsRepository) Update(ctx context.Context, db Queryer, ad Advertisement) (*Advertisement, error)

type AuditEvent 

type AuditEvent struct {
	ID              int64          `db:"id"`
	OccurredAt      time.Time      `db:"occurred_at"`
	EventType       AuditEventType `db:"event_type"`
	OrganizationID  string         `db:"organization_id"`
	AccountID       *string        `db:"account_id"`
	WorkgroupID     *string        `db:"workgroup_id"`
	SessionID       *string        `db:"session_id"`
	AdvertisementID *string        `db:"advertisement_id"`
	ContractID      *string        `db:"contract_id"`
	EnvelopeID      *string        `db:"envelope_id"`
	Data            AuditEventData `db:"data"`
}

func NewAccountLoginEvent 

func NewAccountLoginEvent(acct Account) AuditEvent

func NewAccountLoginFailedEvent 

func NewAccountLoginFailedEvent(acct Account, emailAttempted string) AuditEvent

func NewAccountLogoutEvent 

func NewAccountLogoutEvent(acct Account) AuditEvent

func NewAdvertisementPublishedEvent 

func NewAdvertisementPublishedEvent(ad Advertisement) AuditEvent

func NewAdvertisementRetractedEvent 

func NewAdvertisementRetractedEvent(ad Advertisement, reason string) AuditEvent

func NewEnvelopeFlowedEvent 

func NewEnvelopeFlowedEvent(sess Session, organizationID, accountID string, countDelta, totalCount int) AuditEvent

func NewEnvironmentHeartbeatEvent 

func NewEnvironmentHeartbeatEvent(env Environment, latencyMS int) AuditEvent

func NewSessionAcceptedEvent 

func NewSessionAcceptedEvent(sess Session, organizationID, accountID string, contractID *string) AuditEvent

func NewSessionClosedEvent 

func NewSessionClosedEvent(sess Session, organizationID, accountID string, reason SessionCloseReason, detail string, durationSeconds int64, violationDimension string) AuditEvent

func NewSessionProposedEvent 

func NewSessionProposedEvent(sess Session, organizationID, accountID string) AuditEvent

func NewSessionRejectedEvent 

func NewSessionRejectedEvent(sess Session, organizationID, accountID, reason string) AuditEvent

func NewTunnelAttachedEvent 

func NewTunnelAttachedEvent(attachment TunnelAttachment, sessionID *string) AuditEvent

func NewTunnelDetachedEvent 

func NewTunnelDetachedEvent(attachment TunnelAttachment, sessionID *string, finalState TunnelAttachmentState) AuditEvent

type AuditEventCursor 

type AuditEventCursor struct {
	OccurredAt time.Time `json:"occurredAt"`
	ID         int64     `json:"id"`
}

AuditEventCursor encodes the position of the last returned audit row in the deterministic sort order (occurred_at desc, id desc).

func DecodeAuditEventCursor 

func DecodeAuditEventCursor(raw string) (*AuditEventCursor, error)

type AuditEventData 

type AuditEventData map[string]any

func (*AuditEventData) Scan 

func (d *AuditEventData) Scan(src any) error

func (AuditEventData) Value 

func (d AuditEventData) Value() (driver.Value, error)

type AuditEventListParams 

type AuditEventListParams struct {
	OrganizationID string
	EventTypes     []AuditEventType
	WorkgroupID    string
	AccountID      string
	From           *time.Time
	To             *time.Time
	Cursor         *AuditEventCursor
	Limit          int
}

type AuditEventType 

type AuditEventType string
const (
	AuditEventSessionProposed        AuditEventType = "session.proposed"
	AuditEventSessionAccepted        AuditEventType = "session.accepted"
	AuditEventSessionRejected        AuditEventType = "session.rejected"
	AuditEventSessionClosed          AuditEventType = "session.closed"
	AuditEventEnvelopeFlowed         AuditEventType = "envelope.flowed"
	AuditEventTunnelAttached         AuditEventType = "tunnel.attached"
	AuditEventTunnelDetached         AuditEventType = "tunnel.detached"
	AuditEventAdvertisementPublished AuditEventType = "advertisement.published"
	AuditEventAdvertisementRetracted AuditEventType = "advertisement.retracted"
	AuditEventEnvironmentHeartbeat   AuditEventType = "environment.heartbeat"
	AuditEventAccountLogin           AuditEventType = "account.login"
	AuditEventAccountLoginFailed     AuditEventType = "account.login_failed"
	AuditEventAccountLogout          AuditEventType = "account.logout"
)

type AuditEventsRepository 

type AuditEventsRepository struct{}

func (*AuditEventsRepository) GetByID 

func (r *AuditEventsRepository) GetByID(ctx context.Context, db Queryer, id int64) (*AuditEvent, error)

func (*AuditEventsRepository) List 

func (r *AuditEventsRepository) List(ctx context.Context, db Queryer, params AuditEventListParams) ([]AuditEvent, string, error)

func (*AuditEventsRepository) Record 

func (r *AuditEventsRepository) Record(ctx context.Context, db Queryer, event AuditEvent) error

type Bucket 

type Bucket struct {
	Start     time.Time
	Envelopes int
	Sessions  int
}

func EnvelopeBuckets 

func EnvelopeBuckets(ctx context.Context, db Queryer, orgID string, window, bucket time.Duration) ([]Bucket, error)

func EnvelopeBucketsAt 

func EnvelopeBucketsAt(ctx context.Context, db Queryer, orgID string, now time.Time, window, bucket time.Duration) ([]Bucket, error)

type CapabilitiesJSON 

type CapabilitiesJSON []Capability

CapabilitiesJSON wraps []Capability so it can be scanned from and stored to a jsonb column via database/sql.

func (*CapabilitiesJSON) Scan 

func (c *CapabilitiesJSON) Scan(src any) error

func (CapabilitiesJSON) Value 

func (c CapabilitiesJSON) Value() (driver.Value, error)

type Capability 

type Capability struct {
	Name        string            `json:"name"`
	Description string            `json:"description,omitempty"`
	Metadata    map[string]string `json:"metadata,omitempty"`
}

type Config 

type Config struct {
	DSN             string `dd:",+required,+secret"`
	MaxOpenConns    int
	MaxIdleConns    int
	ConnMaxLifetime time.Duration
}

type Contract 

type Contract struct {
	ID                           string                   `db:"id"`
	AccountID                    string                   `db:"account_id"`
	OrganizationID               string                   `db:"organization_id"`
	Name                         string                   `db:"name"`
	Description                  *string                  `db:"description"`
	SchemaVersion                int                      `db:"schema_version"`
	MaxDurationSeconds           int                      `db:"max_duration_seconds"`
	MaxEnvelopeCount             int                      `db:"max_envelope_count"`
	MaxEnvelopeBytes             int                      `db:"max_envelope_bytes"`
	AllowedMessageTypes          pq.StringArray           `db:"allowed_message_types"`
	RequiredWorkgroupMemberships pq.StringArray           `db:"required_workgroup_memberships"`
	MaturityRequirements         MaturityRequirementsJSON `db:"maturity_requirements"`
	AccessMode                   ContractAccessMode       `db:"access_mode"`
	CreatedAt                    time.Time                `db:"created_at"`
	UpdatedAt                    time.Time                `db:"updated_at"`
}

type ContractAccessMode 

type ContractAccessMode string
const (
	ContractAccessModeOpen             ContractAccessMode = "open"
	ContractAccessModeApprovalRequired ContractAccessMode = "approval_required"
)

type ContractSnapshot 

type ContractSnapshot struct {
	ContractID                   string               `json:"contractId"`
	Name                         string               `json:"name"`
	Description                  string               `json:"description,omitempty"`
	SchemaVersion                int                  `json:"schemaVersion"`
	MaxDurationSeconds           int                  `json:"maxDurationSeconds"`
	MaxEnvelopeCount             int                  `json:"maxEnvelopeCount"`
	MaxEnvelopeBytes             int                  `json:"maxEnvelopeBytes"`
	AllowedMessageTypes          []string             `json:"allowedMessageTypes"`
	RequiredWorkgroupMemberships []string             `json:"requiredWorkgroupMemberships"`
	MaturityRequirements         MaturityRequirements `json:"maturityRequirements"`
	AccessMode                   ContractAccessMode   `json:"accessMode"`
	SnapshottedAt                time.Time            `json:"snapshottedAt"`
}

ContractSnapshotJSON is the frozen shape stored on sessions.contract_snapshot. It mirrors Contract minus the ownership and resource-timestamp fields.

type ContractsRepository 

type ContractsRepository struct{}

func (*ContractsRepository) Create 

func (r *ContractsRepository) Create(ctx context.Context, db Queryer, c Contract) (*Contract, error)

Create inserts a new contract. Generates ID if empty.

func (*ContractsRepository) Delete 

func (r *ContractsRepository) Delete(ctx context.Context, db Queryer, id string) error

Delete removes a contract. Returns ErrNotFound if the contract does not exist. Callers are responsible for checking IsReferencedByActiveAdvertisement before calling.

func (*ContractsRepository) GetByAccountAndName 

func (r *ContractsRepository) GetByAccountAndName(ctx context.Context, db Queryer, accountID, name string) (*Contract, error)

func (*ContractsRepository) GetByID 

func (r *ContractsRepository) GetByID(ctx context.Context, db Queryer, id string) (*Contract, error)

func (*ContractsRepository) IsReferencedByActiveAdvertisement 

func (r *ContractsRepository) IsReferencedByActiveAdvertisement(ctx context.Context, db Queryer, contractID string) (bool, error)

IsReferencedByActiveAdvertisement reports whether any active advertisement references the given contract. Used by Delete to block removal while in use.

func (*ContractsRepository) ListByAccount 

func (r *ContractsRepository) ListByAccount(ctx context.Context, db Queryer, accountID string) ([]Contract, error)

func (*ContractsRepository) Update 

func (r *ContractsRepository) Update(ctx context.Context, db Queryer, c Contract) (*Contract, error)

type DashboardCountsResult 

type DashboardCountsResult struct {
	Stats  DashboardStats
	Ribbon DashboardRibbon
}

func DashboardCounts 

func DashboardCounts(ctx context.Context, db Queryer, orgID, accountID string) (*DashboardCountsResult, error)

func DashboardCountsAt 

func DashboardCountsAt(ctx context.Context, db Queryer, orgID, accountID string, now time.Time) (*DashboardCountsResult, error)

type DashboardRibbon 

type DashboardRibbon struct {
	WorkgroupCount     int
	AdvertisementCount int
	SessionsToday      int
	EnvironmentCount   int
}

type DashboardStats 

type DashboardStats struct {
	ActiveSessions        int
	ActiveSessionsDelta7d int
	EnvelopesToday        int
	EnvelopesYesterday    int
	ActiveWorkgroups      int
	ActiveTunnels         int
}

type Environment 

type Environment struct {
	ID                 string           `db:"id"`
	OrganizationID     string           `db:"organization_id"`
	AccountID          string           `db:"account_id"`
	Description        *string          `db:"description"`
	Host               *string          `db:"host"`
	ZitiIdentityID     string           `db:"ziti_identity_id"`
	EdgeRouterPolicyID *string          `db:"edge_router_policy_id"`
	State              EnvironmentState `db:"state"`
	Deleted            bool             `db:"deleted"`
	LastSeenAt         *time.Time       `db:"last_seen_at"`
	CreatedAt          time.Time        `db:"created_at"`
	UpdatedAt          time.Time        `db:"updated_at"`
}

type EnvironmentState 

type EnvironmentState string
const (
	EnvironmentStateEnabled  EnvironmentState = "enabled"
	EnvironmentStateDisabled EnvironmentState = "disabled"
)

type EnvironmentStatus 

type EnvironmentStatus struct {
	ID              string
	Name            string
	AccountID       string
	Status          EnvironmentStatusValue
	LastHeartbeatAt *time.Time
}

func EnvironmentStatuses 

func EnvironmentStatuses(ctx context.Context, db Queryer, orgID string) ([]EnvironmentStatus, error)

func EnvironmentStatusesAt 

func EnvironmentStatusesAt(ctx context.Context, db Queryer, orgID string, now time.Time) ([]EnvironmentStatus, error)

type EnvironmentStatusValue 

type EnvironmentStatusValue string
const (
	EnvironmentStatusOnline   EnvironmentStatusValue = "online"
	EnvironmentStatusStale    EnvironmentStatusValue = "stale"
	EnvironmentStatusUnknown  EnvironmentStatusValue = "unknown"
	EnvironmentStatusDisabled EnvironmentStatusValue = "disabled"
)

type EnvironmentsRepository 

type EnvironmentsRepository struct{}

func (*EnvironmentsRepository) Create 

func (r *EnvironmentsRepository) Create(ctx context.Context, db Queryer, env Environment) (*Environment, error)

func (*EnvironmentsRepository) Delete 

func (r *EnvironmentsRepository) Delete(ctx context.Context, db Queryer, id string, organizationID string) error

func (*EnvironmentsRepository) GetByID 

func (r *EnvironmentsRepository) GetByID(ctx context.Context, db Queryer, id string) (*Environment, error)

func (*EnvironmentsRepository) ListByAccount 

func (r *EnvironmentsRepository) ListByAccount(ctx context.Context, db Queryer, accountID string) ([]Environment, error)

func (*EnvironmentsRepository) ListByOrganization 

func (r *EnvironmentsRepository) ListByOrganization(ctx context.Context, db Queryer, organizationID string) ([]Environment, error)

func (*EnvironmentsRepository) UpdateLastSeen 

func (r *EnvironmentsRepository) UpdateLastSeen(ctx context.Context, db Queryer, id string, lastSeenAt time.Time) error

type InteractionPattern 

type InteractionPattern struct {
	Kind          InteractionPatternKind `json:"kind"`
	CustomPattern string                 `json:"customPattern,omitempty"`
}

type InteractionPatternKind 

type InteractionPatternKind string
const (
	InteractionPatternKindRequestResponse InteractionPatternKind = "request-response"
	InteractionPatternKindStream          InteractionPatternKind = "stream"
	InteractionPatternKindBroadcast       InteractionPatternKind = "broadcast"
	InteractionPatternKindCustom          InteractionPatternKind = "custom"
)

type InteractionPatternsJSON 

type InteractionPatternsJSON []InteractionPattern

InteractionPatternsJSON wraps []InteractionPattern for jsonb storage.

func (*InteractionPatternsJSON) Scan 

func (p *InteractionPatternsJSON) Scan(src any) error

func (InteractionPatternsJSON) Value 

func (p InteractionPatternsJSON) Value() (driver.Value, error)

type MaturityRequirements 

type MaturityRequirements struct {
	MinAccountAgeDays int `json:"minAccountAgeDays,omitempty"`
}

MaturityRequirements is the structured object carried in the jsonb maturity_requirements column. Zero-value MinAccountAgeDays means no gate; the field is omitempty in the JSON representation so the "absent" case round-trips cleanly.

type MaturityRequirementsJSON 

type MaturityRequirementsJSON MaturityRequirements

MaturityRequirementsJSON wraps MaturityRequirements so it can be scanned from / stored to a jsonb column via database/sql.

func (*MaturityRequirementsJSON) Scan 

func (m *MaturityRequirementsJSON) Scan(src any) error

func (MaturityRequirementsJSON) Value 

func (m MaturityRequirementsJSON) Value() (driver.Value, error)

type MigrationStatus 

type MigrationStatus struct {
	ID      string
	Applied bool
}

func MigrationStatusList 

func MigrationStatusList(ctx context.Context, store *Store) ([]MigrationStatus, error)

type Organization 

type Organization struct {
	ID        string    `db:"id"`
	Name      string    `db:"name"`
	CreatedAt time.Time `db:"created_at"`
	UpdatedAt time.Time `db:"updated_at"`
}

type OrganizationsRepository 

type OrganizationsRepository struct{}

func (*OrganizationsRepository) Create 

func (r *OrganizationsRepository) Create(ctx context.Context, db Queryer, org Organization) (*Organization, error)

func (*OrganizationsRepository) Delete 

func (r *OrganizationsRepository) Delete(ctx context.Context, db Queryer, id string) error

func (*OrganizationsRepository) GetByID 

func (r *OrganizationsRepository) GetByID(ctx context.Context, db Queryer, id string) (*Organization, error)

func (*OrganizationsRepository) List 

func (r *OrganizationsRepository) List(ctx context.Context, db Queryer) ([]Organization, error)

type Queryer 

type Queryer interface {
	ExecContext(ctx context.Context, query string, args ...any) (sql.Result, error)
	GetContext(ctx context.Context, dest any, query string, args ...any) error
	SelectContext(ctx context.Context, dest any, query string, args ...any) error
	QueryRowxContext(ctx context.Context, query string, args ...any) *sqlx.Row
}

type ResourcePrefix 

type ResourcePrefix string

ResourcePrefix distinguishes the type of resource an identifier belongs to. 

const (
	PrefixOrganization        ResourcePrefix = "org_"
	PrefixAccount             ResourcePrefix = "ac_"
	PrefixEnvironment         ResourcePrefix = "ev_"
	PrefixTunnel              ResourcePrefix = "tt_"
	PrefixAttachment          ResourcePrefix = "ta_"
	PrefixTunnelServe         ResourcePrefix = "ts_"
	PrefixWorkgroup           ResourcePrefix = "wg_"
	PrefixWorkgroupInvitation ResourcePrefix = "wgi_"
	PrefixWorkgroupMembership ResourcePrefix = "wgm_"
	PrefixAdvertisement       ResourcePrefix = "adv_"
	PrefixSession             ResourcePrefix = "ses_"
	PrefixContract            ResourcePrefix = "con_"
)

type SearchCursor 

type SearchCursor struct {
	UpdatedAt time.Time `json:"updatedAt"`
	CreatedAt time.Time `json:"createdAt"`
	ID        string    `json:"id"`
}

SearchCursor encodes the position of the last returned advertisement in the deterministic sort order (updated_at desc, created_at desc, id asc).

func DecodeSearchCursor 

func DecodeSearchCursor(raw string) (*SearchCursor, error)

DecodeSearchCursor parses a base64-encoded JSON cursor.

type SearchParams 

type SearchParams struct {
	CallerAccountID         string
	CallerWorkgroupIDs      []string
	WorkgroupFilter         []string
	CapabilityKeyword       string
	InteractionPatternKinds []InteractionPatternKind
	OwnerOrganizationID     string
	Cursor                  *SearchCursor
	Limit                   int
}

SearchParams holds the inputs to a catalog search query.

type Session 

type Session struct {
	ID                       string              `db:"id"`
	AdvertisementID          string              `db:"advertisement_id"`
	WorkgroupID              string              `db:"workgroup_id"`
	ProviderAccountID        string              `db:"provider_account_id"`
	ProviderOrganizationID   string              `db:"provider_organization_id"`
	ConsumerAccountID        string              `db:"consumer_account_id"`
	ConsumerOrganizationID   string              `db:"consumer_organization_id"`
	AdvertisementName        string              `db:"advertisement_name"`
	WorkgroupName            string              `db:"workgroup_name"`
	ProviderOrganizationName string              `db:"provider_organization_name"`
	ConsumerOrganizationName string              `db:"consumer_organization_name"`
	ProviderAccountEmail     *string             `db:"provider_account_email"`
	ConsumerAccountEmail     *string             `db:"consumer_account_email"`
	TunnelMode               TunnelMode          `db:"tunnel_mode"`
	TunnelID                 *string             `db:"tunnel_id"`
	ContractSnapshotJSON     []byte              `db:"contract_snapshot"`
	EnvelopeCount            *int                `db:"envelope_count"`
	State                    SessionState        `db:"state"`
	CloseReason              *SessionCloseReason `db:"close_reason"`
	CloseDetail              *string             `db:"close_detail"`
	ProposerMessage          *string             `db:"proposer_message"`
	ProposedAt               time.Time           `db:"proposed_at"`
	AcceptedAt               *time.Time          `db:"accepted_at"`
	ClosedAt                 *time.Time          `db:"closed_at"`
}

type SessionCloseReason 

type SessionCloseReason string
const (
	SessionCloseReasonRejected            SessionCloseReason = "rejected"
	SessionCloseReasonConsumerClose       SessionCloseReason = "consumer_close"
	SessionCloseReasonProviderClose       SessionCloseReason = "provider_close"
	SessionCloseReasonContractViolation   SessionCloseReason = "contract_violation"
	SessionCloseReasonTunnelFailed        SessionCloseReason = "tunnel_failed"
	SessionCloseReasonAdminClose          SessionCloseReason = "admin_close"
	SessionCloseReasonWorkgroupDeleted    SessionCloseReason = "workgroup_deleted"
	SessionCloseReasonEnvironmentDisabled SessionCloseReason = "environment_disabled"
)

type SessionListOrder 

type SessionListOrder string
const (
	SessionListOrderProposedAtDesc SessionListOrder = "proposedAtDesc"
	SessionListOrderClosedAtDesc   SessionListOrder = "closedAtDesc"
)

type SessionListParams 

type SessionListParams struct {
	// ParticipantAccountID restricts to sessions where the caller is
	// provider, consumer, or either, based on RoleFilter.
	ParticipantAccountID string
	RoleFilter           string // "", "provider", "consumer", "both"
	States               []SessionState
	AdvertisementID      string
	Limit                int
	OrderBy              SessionListOrder
}

SessionListParams filters session lookups.

type SessionState 

type SessionState string
const (
	SessionStateProposed  SessionState = "proposed"
	SessionStateAccepting SessionState = "accepting"
	SessionStateActive    SessionState = "active"
	SessionStateClosing   SessionState = "closing"
	SessionStateClosed    SessionState = "closed"
)

type SessionsRepository 

type SessionsRepository struct{}

func (*SessionsRepository) Create 

func (r *SessionsRepository) Create(ctx context.Context, db Queryer, sess Session) (*Session, error)

Create inserts a new session in the proposed state. ID is generated if empty.

func (*SessionsRepository) GetByID 

func (r *SessionsRepository) GetByID(ctx context.Context, db Queryer, id string) (*Session, error)

func (*SessionsRepository) GetByIDForUpdate 

func (r *SessionsRepository) GetByIDForUpdate(ctx context.Context, db Queryer, id string) (*Session, error)

func (*SessionsRepository) GetByIDWithDisplay 

func (r *SessionsRepository) GetByIDWithDisplay(ctx context.Context, db Queryer, id string) (*Session, error)

func (*SessionsRepository) GetByTunnelID 

func (r *SessionsRepository) GetByTunnelID(ctx context.Context, db Queryer, tunnelID string) (*Session, error)

func (*SessionsRepository) List 

func (r *SessionsRepository) List(ctx context.Context, db Queryer, params SessionListParams) ([]Session, error)

List returns sessions matching the filter. The zero OrderBy value preserves the historical proposed_at desc ordering.

func (*SessionsRepository) ListActiveWithDurationCap 

func (r *SessionsRepository) ListActiveWithDurationCap(ctx context.Context, db Queryer) ([]Session, error)

ListActiveWithDurationCap returns every active session whose snapshot contains a positive max_duration_seconds value. The reaper uses this to evaluate duration bounds on a periodic tick.

func (*SessionsRepository) MarkAccepting 

func (r *SessionsRepository) MarkAccepting(ctx context.Context, db Queryer, id string) (*Session, error)

MarkAccepting transitions a proposed session to accepting.

func (*SessionsRepository) MarkActive 

func (r *SessionsRepository) MarkActive(ctx context.Context, db Queryer, id, tunnelID string) (*Session, error)

MarkActive transitions an accepting session to active with the given tunnel.

func (*SessionsRepository) MarkClosed 

func (r *SessionsRepository) MarkClosed(ctx context.Context, db Queryer, id string, reason SessionCloseReason, detail string) (*Session, error)

MarkClosed transitions a session to closed with the given reason. Idempotent: returns the existing record if already closed.

func (*SessionsRepository) MarkRejected 

func (r *SessionsRepository) MarkRejected(ctx context.Context, db Queryer, id, detail string) (*Session, error)

MarkRejected closes a proposed session with reason=rejected. Idempotent: returns the current row if already closed.

func (*SessionsRepository) RecordEnvelopeCount 

func (r *SessionsRepository) RecordEnvelopeCount(ctx context.Context, db Queryer, sessionID string, count int) error

RecordEnvelopeCount stores the reported envelope count on the session row using max-seen semantics: the stored value only increases. This protects against reordered heartbeats and idempotent retries. Returns ErrNotFound when the session does not exist.

func (*SessionsRepository) RecordEnvelopeCountDelta 

func (r *SessionsRepository) RecordEnvelopeCountDelta(ctx context.Context, db Queryer, sessionID string, count int) (*Session, int, error)

RecordEnvelopeCountDelta stores the reported envelope count with max-seen semantics and returns the delta from the previously stored high-water mark. The row is selected FOR UPDATE so concurrent reports for the same session linearize before the audit event is emitted.

func (*SessionsRepository) WriteContractSnapshot 

func (r *SessionsRepository) WriteContractSnapshot(ctx context.Context, db Queryer, sessionID string, snapshotJSON []byte) error

WriteContractSnapshot persists the frozen contract snapshot onto an existing session row. Intended to be called during the accept flow alongside MarkActive, inside the same transaction.

type Store 

type Store struct {
	Organizations        *OrganizationsRepository
	Accounts             *AccountsRepository
	Environments         *EnvironmentsRepository
	Tunnels              *TunnelsRepository
	TunnelGrants         *TunnelGrantsRepository
	TunnelAttachments    *TunnelAttachmentsRepository
	TunnelServes         *TunnelServesRepository
	Workgroups           *WorkgroupsRepository
	WorkgroupInvitations *WorkgroupInvitationsRepository
	WorkgroupMemberships *WorkgroupMembershipsRepository
	Advertisements       *AdvertisementsRepository
	Sessions             *SessionsRepository
	Contracts            *ContractsRepository
	AuditEvents          *AuditEventsRepository
	// contains filtered or unexported fields
}

func Open 

func Open(ctx context.Context, cfg Config) (*Store, error)

func (*Store) Close 

func (s *Store) Close() error

func (*Store) DB 

func (s *Store) DB() *sqlx.DB

func (*Store) WithTx 

func (s *Store) WithTx(ctx context.Context, fn func(Queryer) error) error

type Tunnel 

type Tunnel struct {
	ID                        string      `db:"id"`
	OrganizationID            string      `db:"organization_id"`
	AccountID                 string      `db:"account_id"`
	EnvironmentID             string      `db:"environment_id"`
	Name                      string      `db:"name"`
	Mode                      TunnelMode  `db:"mode"`
	BackendTarget             string      `db:"backend_target"`
	ZitiServiceID             *string     `db:"ziti_service_id"`
	BindPolicyID              *string     `db:"bind_policy_id"`
	ServiceEdgeRouterPolicyID *string     `db:"service_edge_router_policy_id"`
	State                     TunnelState `db:"state"`
	Deleted                   bool        `db:"deleted"`
	CreatedAt                 time.Time   `db:"created_at"`
	UpdatedAt                 time.Time   `db:"updated_at"`
}

type TunnelAccountGrant 

type TunnelAccountGrant struct {
	TunnelID       string    `db:"tunnel_id"`
	AccountID      string    `db:"account_id"`
	OrganizationID string    `db:"organization_id"`
	Deleted        bool      `db:"deleted"`
	CreatedAt      time.Time `db:"created_at"`
	UpdatedAt      time.Time `db:"updated_at"`
}

type TunnelAttachment 

type TunnelAttachment struct {
	ID              string                `db:"id"`
	TunnelID        string                `db:"tunnel_id"`
	OrganizationID  string                `db:"organization_id"`
	AccountID       string                `db:"account_id"`
	EnvironmentID   string                `db:"environment_id"`
	ListenAddress   string                `db:"listen_address"`
	DialPolicyID    *string               `db:"dial_policy_id"`
	State           TunnelAttachmentState `db:"state"`
	LastHeartbeatAt time.Time             `db:"last_heartbeat_at"`
	DisconnectedAt  *time.Time            `db:"disconnected_at"`
	Deleted         bool                  `db:"deleted"`
	CreatedAt       time.Time             `db:"created_at"`
	UpdatedAt       time.Time             `db:"updated_at"`
}

type TunnelAttachmentDetail 

type TunnelAttachmentDetail struct {
	TunnelAttachment
	AccountEmail string     `db:"account_email"`
	TunnelName   string     `db:"tunnel_name"`
	TunnelMode   TunnelMode `db:"tunnel_mode"`
}

type TunnelAttachmentState 

type TunnelAttachmentState string
const (
	TunnelAttachmentStateActive       TunnelAttachmentState = "active"
	TunnelAttachmentStateStale        TunnelAttachmentState = "stale"
	TunnelAttachmentStateDisconnected TunnelAttachmentState = "disconnected"
)

type TunnelAttachmentsRepository 

type TunnelAttachmentsRepository struct{}

func (*TunnelAttachmentsRepository) Create 

func (r *TunnelAttachmentsRepository) Create(ctx context.Context, db Queryer, attachment TunnelAttachment) (*TunnelAttachment, error)

func (*TunnelAttachmentsRepository) DeleteByTunnel 

func (r *TunnelAttachmentsRepository) DeleteByTunnel(ctx context.Context, db Queryer, tunnelID, organizationID string) error

func (*TunnelAttachmentsRepository) GetByID 

func (r *TunnelAttachmentsRepository) GetByID(ctx context.Context, db Queryer, id string) (*TunnelAttachment, error)

func (*TunnelAttachmentsRepository) GetByIDForAccount 

func (r *TunnelAttachmentsRepository) GetByIDForAccount(ctx context.Context, db Queryer, id, organizationID, accountID string) (*TunnelAttachment, error)

func (*TunnelAttachmentsRepository) Heartbeat 

func (r *TunnelAttachmentsRepository) Heartbeat(ctx context.Context, db Queryer, id, organizationID, accountID string, at time.Time) error

func (*TunnelAttachmentsRepository) ListByTunnel 

func (r *TunnelAttachmentsRepository) ListByTunnel(ctx context.Context, db Queryer, tunnelID, organizationID string) ([]TunnelAttachmentDetail, error)

func (*TunnelAttachmentsRepository) ListByTunnelAndAccount 

func (r *TunnelAttachmentsRepository) ListByTunnelAndAccount(ctx context.Context, db Queryer, tunnelID, organizationID, accountID string) ([]TunnelAttachment, error)

func (*TunnelAttachmentsRepository) ListExpiredActive 

func (r *TunnelAttachmentsRepository) ListExpiredActive(ctx context.Context, db Queryer, before time.Time) ([]TunnelAttachment, error)

func (*TunnelAttachmentsRepository) UpdateState 

func (r *TunnelAttachmentsRepository) UpdateState(ctx context.Context, db Queryer, id string, state TunnelAttachmentState, disconnectedAt *time.Time) error

type TunnelGrant 

type TunnelGrant struct {
	TunnelID  string    `db:"tunnel_id"`
	AccountID string    `db:"account_id"`
	Email     string    `db:"email"`
	CreatedAt time.Time `db:"created_at"`
}

type TunnelGrantsRepository 

type TunnelGrantsRepository struct{}

func (*TunnelGrantsRepository) Create 

func (r *TunnelGrantsRepository) Create(ctx context.Context, db Queryer, grant TunnelAccountGrant) (*TunnelAccountGrant, error)

func (*TunnelGrantsRepository) Delete 

func (r *TunnelGrantsRepository) Delete(ctx context.Context, db Queryer, tunnelID, accountID, organizationID string) error

func (*TunnelGrantsRepository) DeleteByTunnel 

func (r *TunnelGrantsRepository) DeleteByTunnel(ctx context.Context, db Queryer, tunnelID, organizationID string) error

func (*TunnelGrantsRepository) IsGranted 

func (r *TunnelGrantsRepository) IsGranted(ctx context.Context, db Queryer, tunnelID, accountID string) (bool, error)

func (*TunnelGrantsRepository) ListByTunnel 

func (r *TunnelGrantsRepository) ListByTunnel(ctx context.Context, db Queryer, tunnelID, organizationID string) ([]TunnelGrant, error)

type TunnelMode 

type TunnelMode string
const (
	TunnelModeHTTP TunnelMode = "http"
	TunnelModeTCP  TunnelMode = "tcp"
	TunnelModeUDP  TunnelMode = "udp"
)

type TunnelServe 

type TunnelServe struct {
	ID              string           `db:"id"`
	TunnelID        string           `db:"tunnel_id"`
	OrganizationID  string           `db:"organization_id"`
	AccountID       string           `db:"account_id"`
	EnvironmentID   string           `db:"environment_id"`
	State           TunnelServeState `db:"state"`
	LastHeartbeatAt time.Time        `db:"last_heartbeat_at"`
	DisconnectedAt  *time.Time       `db:"disconnected_at"`
	Deleted         bool             `db:"deleted"`
	CreatedAt       time.Time        `db:"created_at"`
	UpdatedAt       time.Time        `db:"updated_at"`
}

type TunnelServeDetail 

type TunnelServeDetail struct {
	TunnelServe
	EnvironmentHost *string `db:"environment_host"`
	TunnelName      string  `db:"tunnel_name"`
	TunnelMode      string  `db:"tunnel_mode"`
}

type TunnelServeState 

type TunnelServeState string
const (
	TunnelServeStateActive       TunnelServeState = "active"
	TunnelServeStateStale        TunnelServeState = "stale"
	TunnelServeStateDisconnected TunnelServeState = "disconnected"
)

type TunnelServesRepository 

type TunnelServesRepository struct{}

func (*TunnelServesRepository) Create 

func (r *TunnelServesRepository) Create(ctx context.Context, db Queryer, serve TunnelServe) (*TunnelServe, error)

func (*TunnelServesRepository) Delete 

func (r *TunnelServesRepository) Delete(ctx context.Context, db Queryer, id, organizationID, accountID string) error

func (*TunnelServesRepository) DeleteByTunnel 

func (r *TunnelServesRepository) DeleteByTunnel(ctx context.Context, db Queryer, tunnelID, organizationID string) error

func (*TunnelServesRepository) GetActiveByTunnel 

func (r *TunnelServesRepository) GetActiveByTunnel(ctx context.Context, db Queryer, tunnelID, organizationID string) (*TunnelServeDetail, error)

func (*TunnelServesRepository) GetByIDForAccount 

func (r *TunnelServesRepository) GetByIDForAccount(ctx context.Context, db Queryer, id, organizationID, accountID string) (*TunnelServe, error)

func (*TunnelServesRepository) Heartbeat 

func (r *TunnelServesRepository) Heartbeat(ctx context.Context, db Queryer, id, organizationID, accountID string, at time.Time) error

func (*TunnelServesRepository) ListExpiredActive 

func (r *TunnelServesRepository) ListExpiredActive(ctx context.Context, db Queryer, before time.Time) ([]TunnelServe, error)

func (*TunnelServesRepository) UpdateState 

func (r *TunnelServesRepository) UpdateState(ctx context.Context, db Queryer, id string, state TunnelServeState, disconnectedAt *time.Time) error

type TunnelState 

type TunnelState string
const (
	TunnelStateActive   TunnelState = "active"
	TunnelStateDisabled TunnelState = "disabled"
)

type TunnelsRepository 

type TunnelsRepository struct{}

func (*TunnelsRepository) Create 

func (r *TunnelsRepository) Create(ctx context.Context, db Queryer, tunnel Tunnel) (*Tunnel, error)

func (*TunnelsRepository) Delete 

func (r *TunnelsRepository) Delete(ctx context.Context, db Queryer, id string, organizationID string) error

func (*TunnelsRepository) GetByID 

func (r *TunnelsRepository) GetByID(ctx context.Context, db Queryer, id string) (*Tunnel, error)

func (*TunnelsRepository) GetByName 

func (r *TunnelsRepository) GetByName(ctx context.Context, db Queryer, organizationID, name string) (*Tunnel, error)

func (*TunnelsRepository) GetByNameGrantedToAccount 

func (r *TunnelsRepository) GetByNameGrantedToAccount(ctx context.Context, db Queryer, name, accountID string) (*Tunnel, error)

GetByNameGrantedToAccount returns a tunnel matching name where the caller's account holds an explicit tunnel_account_grants row, regardless of tunnel ownership organization. Used by the inter-organization session-connect path: the consumer's account is granted access to a tunnel owned by the provider's organization.

func (*TunnelsRepository) ListAccessibleByAccount 

func (r *TunnelsRepository) ListAccessibleByAccount(ctx context.Context, db Queryer, organizationID, accountID string, includeOwned bool) ([]Tunnel, error)

func (*TunnelsRepository) ListByEnvironment 

func (r *TunnelsRepository) ListByEnvironment(ctx context.Context, db Queryer, environmentID, organizationID string) ([]Tunnel, error)

func (*TunnelsRepository) ListByOrganization 

func (r *TunnelsRepository) ListByOrganization(ctx context.Context, db Queryer, organizationID string) ([]Tunnel, error)

func (*TunnelsRepository) ListOwnedByAccount 

func (r *TunnelsRepository) ListOwnedByAccount(ctx context.Context, db Queryer, organizationID, accountID string) ([]Tunnel, error)

type Workgroup 

type Workgroup struct {
	ID                  string         `db:"id"`
	OwnerOrganizationID string         `db:"owner_organization_id"`
	Name                string         `db:"name"`
	Description         *string        `db:"description"`
	Scope               WorkgroupScope `db:"scope"`
	State               WorkgroupState `db:"state"`
	Deleted             bool           `db:"deleted"`
	CreatedAt           time.Time      `db:"created_at"`
	UpdatedAt           time.Time      `db:"updated_at"`
}

type WorkgroupEnvelopes 

type WorkgroupEnvelopes struct {
	WorkgroupID   string `db:"workgroup_id"`
	WorkgroupName string `db:"workgroup_name"`
	Envelopes     int    `db:"envelopes"`
}

func EnvelopesByVisibleWorkgroups 

func EnvelopesByVisibleWorkgroups(ctx context.Context, db Queryer, orgID, accountID string, window time.Duration) ([]WorkgroupEnvelopes, error)

func EnvelopesByVisibleWorkgroupsAt 

func EnvelopesByVisibleWorkgroupsAt(ctx context.Context, db Queryer, orgID, accountID string, now time.Time, window time.Duration) ([]WorkgroupEnvelopes, error)

func EnvelopesByWorkgroup 

func EnvelopesByWorkgroup(ctx context.Context, db Queryer, orgID string, window time.Duration, limit int) ([]WorkgroupEnvelopes, error)

func EnvelopesByWorkgroupAt 

func EnvelopesByWorkgroupAt(ctx context.Context, db Queryer, orgID string, now time.Time, window time.Duration, limit int) ([]WorkgroupEnvelopes, error)

type WorkgroupInvitation 

type WorkgroupInvitation struct {
	ID                      string                   `db:"id"`
	WorkgroupID             string                   `db:"workgroup_id"`
	OrganizationID          string                   `db:"organization_id"`
	State                   WorkgroupInvitationState `db:"state"`
	AcknowledgedByAccountID *string                  `db:"acknowledged_by_account_id"`
	AcknowledgedAt          *time.Time               `db:"acknowledged_at"`
	CreatedAt               time.Time                `db:"created_at"`
	UpdatedAt               time.Time                `db:"updated_at"`
}

type WorkgroupInvitationState 

type WorkgroupInvitationState string
const (
	WorkgroupInvitationStatePending  WorkgroupInvitationState = "pending"
	WorkgroupInvitationStateAccepted WorkgroupInvitationState = "accepted"
	WorkgroupInvitationStateDeclined WorkgroupInvitationState = "declined"
)

type WorkgroupInvitationsRepository 

type WorkgroupInvitationsRepository struct{}

func (*WorkgroupInvitationsRepository) Create 

func (r *WorkgroupInvitationsRepository) Create(ctx context.Context, db Queryer, invitation WorkgroupInvitation) (*WorkgroupInvitation, error)

func (*WorkgroupInvitationsRepository) GetByID 

func (r *WorkgroupInvitationsRepository) GetByID(ctx context.Context, db Queryer, id string) (*WorkgroupInvitation, error)

func (*WorkgroupInvitationsRepository) GetByWorkgroupAndOrg 

func (r *WorkgroupInvitationsRepository) GetByWorkgroupAndOrg(ctx context.Context, db Queryer, workgroupID, organizationID string) (*WorkgroupInvitation, error)

func (*WorkgroupInvitationsRepository) ListByWorkgroup 

func (r *WorkgroupInvitationsRepository) ListByWorkgroup(ctx context.Context, db Queryer, workgroupID string) ([]WorkgroupInvitation, error)

func (*WorkgroupInvitationsRepository) UpdateState 

func (r *WorkgroupInvitationsRepository) UpdateState(ctx context.Context, db Queryer, id string, state WorkgroupInvitationState, acknowledgedByAccountID string, acknowledgedAt time.Time) error

type WorkgroupMembership 

type WorkgroupMembership struct {
	ID             string                  `db:"id"`
	WorkgroupID    string                  `db:"workgroup_id"`
	OrganizationID string                  `db:"organization_id"`
	AccountID      string                  `db:"account_id"`
	Role           WorkgroupMembershipRole `db:"role"`
	JoinedAt       time.Time               `db:"joined_at"`
	Deleted        bool                    `db:"deleted"`
	CreatedAt      time.Time               `db:"created_at"`
	UpdatedAt      time.Time               `db:"updated_at"`
}

type WorkgroupMembershipRole 

type WorkgroupMembershipRole string
const (
	WorkgroupMembershipRoleMember WorkgroupMembershipRole = "member"
	WorkgroupMembershipRoleAdmin  WorkgroupMembershipRole = "admin"
)

type WorkgroupMembershipsRepository 

type WorkgroupMembershipsRepository struct{}

func (*WorkgroupMembershipsRepository) CountAdmins 

func (r *WorkgroupMembershipsRepository) CountAdmins(ctx context.Context, db Queryer, workgroupID string) (int, error)

CountAdmins returns the number of non-deleted admin memberships on the given workgroup. Used by the at-least-one-admin invariant: a role demotion or membership removal is rejected if it would drive this count to zero.

func (*WorkgroupMembershipsRepository) Create 

func (r *WorkgroupMembershipsRepository) Create(ctx context.Context, db Queryer, membership WorkgroupMembership) (*WorkgroupMembership, error)

func (*WorkgroupMembershipsRepository) GetByID 

func (r *WorkgroupMembershipsRepository) GetByID(ctx context.Context, db Queryer, id string) (*WorkgroupMembership, error)

func (*WorkgroupMembershipsRepository) GetByWorkgroupAndAccount 

func (r *WorkgroupMembershipsRepository) GetByWorkgroupAndAccount(ctx context.Context, db Queryer, workgroupID, accountID string) (*WorkgroupMembership, error)

func (*WorkgroupMembershipsRepository) ListByAccount 

func (r *WorkgroupMembershipsRepository) ListByAccount(ctx context.Context, db Queryer, accountID string) ([]WorkgroupMembership, error)

func (*WorkgroupMembershipsRepository) ListByWorkgroup 

func (r *WorkgroupMembershipsRepository) ListByWorkgroup(ctx context.Context, db Queryer, workgroupID string) ([]WorkgroupMembership, error)

func (*WorkgroupMembershipsRepository) MarkDeleted 

func (r *WorkgroupMembershipsRepository) MarkDeleted(ctx context.Context, db Queryer, id string) error

func (*WorkgroupMembershipsRepository) SoftDeleteAllForWorkgroup 

func (r *WorkgroupMembershipsRepository) SoftDeleteAllForWorkgroup(ctx context.Context, db Queryer, workgroupID string) error

SoftDeleteAllForWorkgroup soft-deletes every membership on the given workgroup. Used by the workgroup delete cascade.

func (*WorkgroupMembershipsRepository) UpdateRole 

func (r *WorkgroupMembershipsRepository) UpdateRole(ctx context.Context, db Queryer, id string, role WorkgroupMembershipRole) error

type WorkgroupScope 

type WorkgroupScope string
const (
	WorkgroupScopeIntraOrg WorkgroupScope = "intra-org"
	WorkgroupScopeInterOrg WorkgroupScope = "inter-org"
)

type WorkgroupState 

type WorkgroupState string
const (
	WorkgroupStatePending  WorkgroupState = "pending"
	WorkgroupStateActive   WorkgroupState = "active"
	WorkgroupStateDeclined WorkgroupState = "declined"
)

type WorkgroupsRepository 

type WorkgroupsRepository struct{}

func (*WorkgroupsRepository) Create 

func (r *WorkgroupsRepository) Create(ctx context.Context, db Queryer, wg Workgroup) (*Workgroup, error)

func (*WorkgroupsRepository) GetByID 

func (r *WorkgroupsRepository) GetByID(ctx context.Context, db Queryer, id string) (*Workgroup, error)

func (*WorkgroupsRepository) GetByNameInOrg 

func (r *WorkgroupsRepository) GetByNameInOrg(ctx context.Context, db Queryer, ownerOrganizationID, name string) (*Workgroup, error)

func (*WorkgroupsRepository) ListAccessibleByAccount 

func (r *WorkgroupsRepository) ListAccessibleByAccount(ctx context.Context, db Queryer, accountID string) ([]Workgroup, error)

ListAccessibleByAccount returns workgroups the given account can see through the account-token surface: any workgroup the account is a non-deleted member of.

func (*WorkgroupsRepository) ListForAdmin 

func (r *WorkgroupsRepository) ListForAdmin(ctx context.Context, db Queryer, ownerOrganizationID, invitedOrganizationID string, state WorkgroupState) ([]Workgroup, error)

ListForAdmin returns workgroups across all organizations subject to optional filters. ownerOrganizationID, invitedOrganizationID, and state are each applied if non-empty.

func (*WorkgroupsRepository) MarkDeleted 

func (r *WorkgroupsRepository) MarkDeleted(ctx context.Context, db Queryer, id string) error

func (*WorkgroupsRepository) UpdateState 

func (r *WorkgroupsRepository) UpdateState(ctx context.Context, db Queryer, id string, state WorkgroupState) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.