access

package
v0.0.0-...-1cb9f0d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 15, 2026 License: AGPL-3.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

View Source 
const APIName = "gram"

APIName is the name of the API as defined in the design.

View Source 
const APIVersion = "0.0.1"

APIVersion is the version of the API as defined in the design.

View Source 
const ServiceName = "access"

ServiceName is the name of the service as defined in the design. This is the same value that is set in the endpoint request contexts under the ServiceKey key.

Variables

View Source 
var MethodNames = [15]string{"listRoles", "getRole", "createRole", "updateRole", "deleteRole", "listScopes", "listMembers", "listGrants", "updateMemberRole", "getRBACStatus", "enableRBAC", "disableRBAC", "listChallenges", "listChallengeBuckets", "resolveChallenge"}

MethodNames lists the service method names as defined in the design. These are the same values that are set in the endpoint request contexts under the MethodKey key.

Functions

func MakeBadRequest 

func MakeBadRequest(err error) *goa.ServiceError

MakeBadRequest builds a goa.ServiceError from an error.

func MakeConflict 

func MakeConflict(err error) *goa.ServiceError

MakeConflict builds a goa.ServiceError from an error.

func MakeForbidden 

func MakeForbidden(err error) *goa.ServiceError

MakeForbidden builds a goa.ServiceError from an error.

func MakeGatewayError 

func MakeGatewayError(err error) *goa.ServiceError

MakeGatewayError builds a goa.ServiceError from an error.

func MakeInvalid 

func MakeInvalid(err error) *goa.ServiceError

MakeInvalid builds a goa.ServiceError from an error.

func MakeInvariantViolation 

func MakeInvariantViolation(err error) *goa.ServiceError

MakeInvariantViolation builds a goa.ServiceError from an error.

func MakeNotFound 

func MakeNotFound(err error) *goa.ServiceError

MakeNotFound builds a goa.ServiceError from an error.

func MakeUnauthorized 

func MakeUnauthorized(err error) *goa.ServiceError

MakeUnauthorized builds a goa.ServiceError from an error.

func MakeUnexpected 

func MakeUnexpected(err error) *goa.ServiceError

MakeUnexpected builds a goa.ServiceError from an error.

func MakeUnsupportedMedia 

func MakeUnsupportedMedia(err error) *goa.ServiceError

MakeUnsupportedMedia builds a goa.ServiceError from an error.

func NewCreateRoleEndpoint 

func NewCreateRoleEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewCreateRoleEndpoint returns an endpoint function that calls the method "createRole" of service "access".

func NewDeleteRoleEndpoint 

func NewDeleteRoleEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewDeleteRoleEndpoint returns an endpoint function that calls the method "deleteRole" of service "access".

func NewDisableRBACEndpoint 

func NewDisableRBACEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewDisableRBACEndpoint returns an endpoint function that calls the method "disableRBAC" of service "access".

func NewEnableRBACEndpoint 

func NewEnableRBACEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewEnableRBACEndpoint returns an endpoint function that calls the method "enableRBAC" of service "access".

func NewGetRBACStatusEndpoint 

func NewGetRBACStatusEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewGetRBACStatusEndpoint returns an endpoint function that calls the method "getRBACStatus" of service "access".

func NewGetRoleEndpoint 

func NewGetRoleEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewGetRoleEndpoint returns an endpoint function that calls the method "getRole" of service "access".

func NewListChallengeBucketsEndpoint 

func NewListChallengeBucketsEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewListChallengeBucketsEndpoint returns an endpoint function that calls the method "listChallengeBuckets" of service "access".

func NewListChallengesEndpoint 

func NewListChallengesEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewListChallengesEndpoint returns an endpoint function that calls the method "listChallenges" of service "access".

func NewListGrantsEndpoint 

func NewListGrantsEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewListGrantsEndpoint returns an endpoint function that calls the method "listGrants" of service "access".

func NewListMembersEndpoint 

func NewListMembersEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewListMembersEndpoint returns an endpoint function that calls the method "listMembers" of service "access".

func NewListRolesEndpoint 

func NewListRolesEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewListRolesEndpoint returns an endpoint function that calls the method "listRoles" of service "access".

func NewListScopesEndpoint 

func NewListScopesEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewListScopesEndpoint returns an endpoint function that calls the method "listScopes" of service "access".

func NewResolveChallengeEndpoint 

func NewResolveChallengeEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewResolveChallengeEndpoint returns an endpoint function that calls the method "resolveChallenge" of service "access".

func NewUpdateMemberRoleEndpoint 

func NewUpdateMemberRoleEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewUpdateMemberRoleEndpoint returns an endpoint function that calls the method "updateMemberRole" of service "access".

func NewUpdateRoleEndpoint 

func NewUpdateRoleEndpoint(s Service, authAPIKeyFn security.AuthAPIKeyFunc) goa.Endpoint

NewUpdateRoleEndpoint returns an endpoint function that calls the method "updateRole" of service "access".

Types

type AccessMember 

type AccessMember struct {
	// User ID.
	ID string
	// Display name.
	Name string
	// Email address.
	Email string
	// Avatar URL.
	PhotoURL *string
	// Currently assigned role ID.
	RoleID string
	// When the member joined the organization.
	JoinedAt string
}

AccessMember is the result type of the access service updateMemberRole method.

type Auther 

type Auther interface {
	// APIKeyAuth implements the authorization logic for the APIKey security scheme.
	APIKeyAuth(ctx context.Context, key string, schema *security.APIKeyScheme) (context.Context, error)
}

Auther defines the authorization functions to be implemented by the service.

type AuthzChallenge 

type AuthzChallenge struct {
	// Unique challenge identifier.
	ID string
	// When the authz decision was made.
	Timestamp string
	// Organization the principal was acting in.
	OrganizationID string
	// Project scope (empty for org-level checks).
	ProjectID *string
	// Principal URN e.g. user:<uuid> or api_key:<id>.
	PrincipalUrn string
	// Kind of principal.
	PrincipalType string
	// Email when available.
	UserEmail *string
	// User avatar URL when available.
	PhotoURL  *string
	Operation string
	Outcome   string
	Reason    string
	// Scope that was checked.
	Scope string
	// Resource kind of the check.
	ResourceKind *string
	// Resource ID of the check.
	ResourceID *string
	// Roles the principal had loaded.
	RoleSlugs []string
	// Total grants evaluated.
	EvaluatedGrantCount int
	// Number of grants that matched.
	MatchedGrantCount int
	// When the challenge was resolved by an admin.
	ResolvedAt *string
	// How the challenge was resolved.
	ResolutionType *string
	// URN of the admin who resolved.
	ResolvedBy *string
	// Role slug assigned (when resolution_type=role_assigned).
	ResolutionRoleSlug *string
}

type ChallengeBucket 

type ChallengeBucket struct {
	// ID of the most recent challenge in the bucket.
	ID string
	// Timestamp of the most recent challenge in the bucket.
	LastSeen string
	// Timestamp of the earliest challenge in the bucket.
	FirstSeen string
	// Organization the principal was acting in.
	OrganizationID string
	// Project scope (empty for org-level checks).
	ProjectID *string
	// Principal URN e.g. user:<uuid> or api_key:<id>.
	PrincipalUrn string
	// Kind of principal.
	PrincipalType string
	// Email when available.
	UserEmail *string
	// User avatar URL when available.
	PhotoURL  *string
	Operation string
	Outcome   string
	Reason    string
	// Scope that was checked.
	Scope string
	// Resource kind of the check.
	ResourceKind *string
	// Resource ID of the check.
	ResourceID *string
	// Roles the principal had loaded.
	RoleSlugs []string
	// Total grants evaluated.
	EvaluatedGrantCount int
	// Number of grants that matched.
	MatchedGrantCount int
	// Number of individual challenges in this bucket.
	ChallengeCount int
	// IDs of all challenges in this bucket.
	ChallengeIds []string
	// When the bucket was resolved by an admin.
	ResolvedAt *string
	// How the bucket was resolved.
	ResolutionType *string
	// URN of the admin who resolved.
	ResolvedBy *string
	// Role slug assigned (when resolution_type=role_assigned).
	ResolutionRoleSlug *string
}

A group of consecutive challenges with the same dimensions that occurred within a 10-minute window.

type ChallengeResolution 

type ChallengeResolution struct {
	// Resolution record ID.
	ID string
	// Organization ID.
	OrganizationID string
	// ClickHouse challenge ID.
	ChallengeID string
	// Denied principal.
	PrincipalUrn string
	// Denied scope.
	Scope string
	// Resource kind.
	ResourceKind *string
	// Resource ID.
	ResourceID     *string
	ResolutionType string
	// Assigned role slug.
	RoleSlug *string
	// Admin who resolved.
	ResolvedBy string
	CreatedAt  string
}

type Client 

type Client struct {
	ListRolesEndpoint            goa.Endpoint
	GetRoleEndpoint              goa.Endpoint
	CreateRoleEndpoint           goa.Endpoint
	UpdateRoleEndpoint           goa.Endpoint
	DeleteRoleEndpoint           goa.Endpoint
	ListScopesEndpoint           goa.Endpoint
	ListMembersEndpoint          goa.Endpoint
	ListGrantsEndpoint           goa.Endpoint
	UpdateMemberRoleEndpoint     goa.Endpoint
	GetRBACStatusEndpoint        goa.Endpoint
	EnableRBACEndpoint           goa.Endpoint
	DisableRBACEndpoint          goa.Endpoint
	ListChallengesEndpoint       goa.Endpoint
	ListChallengeBucketsEndpoint goa.Endpoint
	ResolveChallengeEndpoint     goa.Endpoint
}

Client is the "access" service client.

func NewClient 

func NewClient(listRoles, getRole, createRole, updateRole, deleteRole, listScopes, listMembers, listGrants, updateMemberRole, getRBACStatus, enableRBAC, disableRBAC, listChallenges, listChallengeBuckets, resolveChallenge goa.Endpoint) *Client

NewClient initializes a "access" service client given the endpoints.

func (*Client) CreateRole 

func (c *Client) CreateRole(ctx context.Context, p *CreateRolePayload) (res *Role, err error)

CreateRole calls the "createRole" endpoint of the "access" service. CreateRole may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) DeleteRole 

func (c *Client) DeleteRole(ctx context.Context, p *DeleteRolePayload) (err error)

DeleteRole calls the "deleteRole" endpoint of the "access" service. DeleteRole may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) DisableRBAC 

func (c *Client) DisableRBAC(ctx context.Context, p *DisableRBACPayload) (err error)

DisableRBAC calls the "disableRBAC" endpoint of the "access" service. DisableRBAC may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) EnableRBAC 

func (c *Client) EnableRBAC(ctx context.Context, p *EnableRBACPayload) (err error)

EnableRBAC calls the "enableRBAC" endpoint of the "access" service. EnableRBAC may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) GetRBACStatus 

func (c *Client) GetRBACStatus(ctx context.Context, p *GetRBACStatusPayload) (res *RBACStatus, err error)

GetRBACStatus calls the "getRBACStatus" endpoint of the "access" service. GetRBACStatus may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) GetRole 

func (c *Client) GetRole(ctx context.Context, p *GetRolePayload) (res *Role, err error)

GetRole calls the "getRole" endpoint of the "access" service. GetRole may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) ListChallengeBuckets 

func (c *Client) ListChallengeBuckets(ctx context.Context, p *ListChallengeBucketsPayload) (res *ListChallengeBucketsResult, err error)

ListChallengeBuckets calls the "listChallengeBuckets" endpoint of the "access" service. ListChallengeBuckets may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) ListChallenges 

func (c *Client) ListChallenges(ctx context.Context, p *ListChallengesPayload) (res *ListChallengesResult, err error)

ListChallenges calls the "listChallenges" endpoint of the "access" service. ListChallenges may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) ListGrants 

func (c *Client) ListGrants(ctx context.Context, p *ListGrantsPayload) (res *ListUserGrantsResult, err error)

ListGrants calls the "listGrants" endpoint of the "access" service. ListGrants may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) ListMembers 

func (c *Client) ListMembers(ctx context.Context, p *ListMembersPayload) (res *ListMembersResult, err error)

ListMembers calls the "listMembers" endpoint of the "access" service. ListMembers may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) ListRoles 

func (c *Client) ListRoles(ctx context.Context, p *ListRolesPayload) (res *ListRolesResult, err error)

ListRoles calls the "listRoles" endpoint of the "access" service. ListRoles may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) ListScopes 

func (c *Client) ListScopes(ctx context.Context, p *ListScopesPayload) (res *ListScopesResult, err error)

ListScopes calls the "listScopes" endpoint of the "access" service. ListScopes may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) ResolveChallenge 

func (c *Client) ResolveChallenge(ctx context.Context, p *ResolveChallengePayload) (res *ResolveChallengesResult, err error)

ResolveChallenge calls the "resolveChallenge" endpoint of the "access" service. ResolveChallenge may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) UpdateMemberRole 

func (c *Client) UpdateMemberRole(ctx context.Context, p *UpdateMemberRolePayload) (res *AccessMember, err error)

UpdateMemberRole calls the "updateMemberRole" endpoint of the "access" service. UpdateMemberRole may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

func (*Client) UpdateRole 

func (c *Client) UpdateRole(ctx context.Context, p *UpdateRolePayload) (res *Role, err error)

UpdateRole calls the "updateRole" endpoint of the "access" service. UpdateRole may return the following errors:

  • "unauthorized" (type *goa.ServiceError): unauthorized access
  • "forbidden" (type *goa.ServiceError): permission denied
  • "bad_request" (type *goa.ServiceError): request is invalid
  • "not_found" (type *goa.ServiceError): resource not found
  • "conflict" (type *goa.ServiceError): resource already exists
  • "unsupported_media" (type *goa.ServiceError): unsupported media type
  • "invalid" (type *goa.ServiceError): request contains one or more invalidation fields
  • "invariant_violation" (type *goa.ServiceError): an unexpected error occurred
  • "unexpected" (type *goa.ServiceError): an unexpected error occurred
  • "gateway_error" (type *goa.ServiceError): an unexpected error occurred
  • error: internal error

type CreateRolePayload 

type CreateRolePayload struct {
	ApikeyToken  *string
	SessionToken *string
	// Display name for the role.
	Name string
	// Description of what this role can do.
	Description string
	// Scope grants to assign.
	Grants []*RoleGrant
	// Optional member IDs to additionally assign to this role on creation.
	MemberIds []string
}

CreateRolePayload is the payload type of the access service createRole method.

type DeleteRolePayload 

type DeleteRolePayload struct {
	// The ID of the role to delete.
	ID           string
	ApikeyToken  *string
	SessionToken *string
}

DeleteRolePayload is the payload type of the access service deleteRole method.

type DisableRBACPayload 

type DisableRBACPayload struct {
	SessionToken *string
}

DisableRBACPayload is the payload type of the access service disableRBAC method.

type EnableRBACPayload 

type EnableRBACPayload struct {
	SessionToken *string
}

EnableRBACPayload is the payload type of the access service enableRBAC method.

type Endpoints 

type Endpoints struct {
	ListRoles            goa.Endpoint
	GetRole              goa.Endpoint
	CreateRole           goa.Endpoint
	UpdateRole           goa.Endpoint
	DeleteRole           goa.Endpoint
	ListScopes           goa.Endpoint
	ListMembers          goa.Endpoint
	ListGrants           goa.Endpoint
	UpdateMemberRole     goa.Endpoint
	GetRBACStatus        goa.Endpoint
	EnableRBAC           goa.Endpoint
	DisableRBAC          goa.Endpoint
	ListChallenges       goa.Endpoint
	ListChallengeBuckets goa.Endpoint
	ResolveChallenge     goa.Endpoint
}

Endpoints wraps the "access" service endpoints.

func NewEndpoints 

func NewEndpoints(s Service) *Endpoints

NewEndpoints wraps the methods of the "access" service with endpoints.

func (*Endpoints) Use 

func (e *Endpoints) Use(m func(goa.Endpoint) goa.Endpoint)

Use applies the given middleware to all the "access" service endpoints.

type GetRBACStatusPayload 

type GetRBACStatusPayload struct {
	SessionToken *string
}

GetRBACStatusPayload is the payload type of the access service getRBACStatus method.

type GetRolePayload 

type GetRolePayload struct {
	// The ID of the role.
	ID           string
	ApikeyToken  *string
	SessionToken *string
}

GetRolePayload is the payload type of the access service getRole method.

type ListChallengeBucketsPayload 

type ListChallengeBucketsPayload struct {
	// Filter by outcome.
	Outcome *string
	// Filter by principal URN.
	PrincipalUrn *string
	// Filter by scope.
	Scope *string
	// Filter to a specific project.
	ProjectID *string
	// Filter by resolution state. True = only resolved, false = only unresolved.
	Resolved *bool
	// Maximum number of buckets to return.
	Limit int
	// Number of buckets to skip.
	Offset       int
	ApikeyToken  *string
	SessionToken *string
}

ListChallengeBucketsPayload is the payload type of the access service listChallengeBuckets method.

type ListChallengeBucketsResult 

type ListChallengeBucketsResult struct {
	// The challenge buckets.
	Buckets []*ChallengeBucket
	// Total number of matching buckets for pagination.
	Total int
}

ListChallengeBucketsResult is the result type of the access service listChallengeBuckets method.

type ListChallengesPayload 

type ListChallengesPayload struct {
	// Filter by outcome.
	Outcome *string
	// Filter by principal URN.
	PrincipalUrn *string
	// Filter by scope.
	Scope *string
	// Filter to a specific project.
	ProjectID *string
	// Filter by resolution state. True = only resolved, false = only unresolved.
	Resolved *bool
	// Fetch specific challenges by ID. When set, other filters and pagination are
	// ignored.
	Ids []string
	// Maximum number of results to return.
	Limit int
	// Number of results to skip.
	Offset       int
	ApikeyToken  *string
	SessionToken *string
}

ListChallengesPayload is the payload type of the access service listChallenges method.

type ListChallengesResult 

type ListChallengesResult struct {
	// The challenge events.
	Challenges []*AuthzChallenge
	// Total number of matching challenges for pagination.
	Total int
}

ListChallengesResult is the result type of the access service listChallenges method.

type ListGrantsPayload 

type ListGrantsPayload struct {
	ApikeyToken  *string
	SessionToken *string
}

ListGrantsPayload is the payload type of the access service listGrants method.

type ListMembersPayload 

type ListMembersPayload struct {
	ApikeyToken  *string
	SessionToken *string
}

ListMembersPayload is the payload type of the access service listMembers method.

type ListMembersResult 

type ListMembersResult struct {
	// The members in your organization.
	Members []*AccessMember
}

ListMembersResult is the result type of the access service listMembers method.

type ListRoleGrant 

type ListRoleGrant struct {
	// The scope slug this grant applies to.
	Scope string
	// The inherited scopes the primary scope grants.
	SubScopes []string
	// Selector constraints. Null means unrestricted.
	Selectors []*Selector
}

type ListRolesPayload 

type ListRolesPayload struct {
	ApikeyToken  *string
	SessionToken *string
}

ListRolesPayload is the payload type of the access service listRoles method.

type ListRolesResult 

type ListRolesResult struct {
	// The roles in your organization.
	Roles []*Role
}

ListRolesResult is the result type of the access service listRoles method.

type ListScopesPayload 

type ListScopesPayload struct {
	ApikeyToken  *string
	SessionToken *string
}

ListScopesPayload is the payload type of the access service listScopes method.

type ListScopesResult 

type ListScopesResult struct {
	// The scopes available in access control.
	Scopes []*ScopeDefinition
}

ListScopesResult is the result type of the access service listScopes method.

type ListUserGrantsResult 

type ListUserGrantsResult struct {
	// The user's effective grants in this organization.
	Grants []*ListRoleGrant
}

ListUserGrantsResult is the result type of the access service listGrants method.

type RBACStatus 

type RBACStatus struct {
	// Whether RBAC enforcement is currently enabled for this organization.
	RbacEnabled bool
}

RBACStatus is the result type of the access service getRBACStatus method.

type ResolveChallengePayload 

type ResolveChallengePayload struct {
	ApikeyToken  *string
	SessionToken *string
	// IDs of the challenges in ClickHouse to resolve.
	ChallengeIds []string
	// Principal that was denied.
	PrincipalUrn string
	// Scope that was denied.
	Scope string
	// Resource kind from the challenge.
	ResourceKind *string
	// Resource ID from the challenge.
	ResourceID *string
	// How the challenge is being resolved.
	ResolutionType string
	// Role slug to assign (required when resolution_type=role_assigned).
	RoleSlug *string
}

ResolveChallengePayload is the payload type of the access service resolveChallenge method.

type ResolveChallengesResult 

type ResolveChallengesResult struct {
	// The created resolution records.
	Resolutions []*ChallengeResolution
}

ResolveChallengesResult is the result type of the access service resolveChallenge method.

type Role 

type Role struct {
	// Unique role identifier.
	ID string
	// Display name of the role.
	Name string
	// Human-readable description.
	Description string
	// Whether this is a built-in system role that cannot be deleted.
	IsSystem bool
	// Scope grants assigned to this role.
	Grants []*RoleGrant
	// Number of members assigned to this role.
	MemberCount int
	CreatedAt   string
	UpdatedAt   string
}

Role is the result type of the access service getRole method.

type RoleGrant 

type RoleGrant struct {
	// The scope slug this grant applies to.
	Scope string
	// Selector constraints. Null means unrestricted.
	Selectors []*Selector
}

type ScopeDefinition 

type ScopeDefinition struct {
	// Unique scope identifier.
	Slug string
	// What this scope protects.
	Description string
	// The type of resource this scope applies to.
	ResourceType string
}

type Selector 

type Selector struct {
	// The kind of resource this selector targets.
	ResourceKind string
	// The resource identifier, or '*' for all resources of this kind.
	ResourceID string
	// Tool disposition filter (MCP scopes only).
	Disposition *string
	// Specific tool name filter (MCP scopes only).
	Tool *string
	// Project filter (MCP scopes only). When set with resource_id='*', grants
	// access to all servers in the project.
	ProjectID *string
}

A constraint that narrows which resources a grant applies to.

type Service 

type Service interface {
	// List all roles for the current organization.
	ListRoles(context.Context, *ListRolesPayload) (res *ListRolesResult, err error)
	// Get a role by ID.
	GetRole(context.Context, *GetRolePayload) (res *Role, err error)
	// Create a new custom role.
	CreateRole(context.Context, *CreateRolePayload) (res *Role, err error)
	// Update an existing custom role.
	UpdateRole(context.Context, *UpdateRolePayload) (res *Role, err error)
	// Delete a custom role (system roles cannot be deleted).
	DeleteRole(context.Context, *DeleteRolePayload) (err error)
	// List all available scopes and their resource types.
	ListScopes(context.Context, *ListScopesPayload) (res *ListScopesResult, err error)
	// List all team members with their role assignments.
	ListMembers(context.Context, *ListMembersPayload) (res *ListMembersResult, err error)
	// List the current user's effective grants, including inherited role grants.
	ListGrants(context.Context, *ListGrantsPayload) (res *ListUserGrantsResult, err error)
	// Change a team member's role assignment.
	UpdateMemberRole(context.Context, *UpdateMemberRolePayload) (res *AccessMember, err error)
	// Returns whether RBAC is currently enabled for the current organization.
	GetRBACStatus(context.Context, *GetRBACStatusPayload) (res *RBACStatus, err error)
	// Enable RBAC for the current organization. Seeds default grants for system
	// roles.
	EnableRBAC(context.Context, *EnableRBACPayload) (err error)
	// Disable RBAC enforcement for the current organization.
	DisableRBAC(context.Context, *DisableRBACPayload) (err error)
	// List authz challenge events from ClickHouse, enriched with resolution state
	// from PostgreSQL.
	ListChallenges(context.Context, *ListChallengesPayload) (res *ListChallengesResult, err error)
	// List authz challenges grouped into time-based burst buckets. Consecutive
	// challenges with the same dimensions within a 10-minute window are collapsed
	// into a single bucket.
	ListChallengeBuckets(context.Context, *ListChallengeBucketsPayload) (res *ListChallengeBucketsResult, err error)
	// Record resolutions for one or more denied authz challenges. The caller is
	// responsible for assigning the role first.
	ResolveChallenge(context.Context, *ResolveChallengePayload) (res *ResolveChallengesResult, err error)
}

Manage roles, team member access control, and authorization challenge events.

type UpdateMemberRolePayload 

type UpdateMemberRolePayload struct {
	ApikeyToken  *string
	SessionToken *string
	// The user ID to update.
	UserID string
	// The new role ID to assign.
	RoleID string
}

UpdateMemberRolePayload is the payload type of the access service updateMemberRole method.

type UpdateRolePayload 

type UpdateRolePayload struct {
	ApikeyToken  *string
	SessionToken *string
	// The ID of the role to update.
	ID string
	// Updated display name.
	Name *string
	// Updated description.
	Description *string
	// Updated scope grants.
	Grants []*RoleGrant
	// Optional member IDs to additionally assign to this role. Existing
	// assignments are preserved.
	MemberIds []string
}

UpdateRolePayload is the payload type of the access service updateRole method.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.