iam

package
v0.32.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2026 License: MIT Imports: 6 Imported by: 12

Documentation

Index

Constants

View Source 
const (
	FederatedIdentityEndpoint = "/v1/federated-identities"
)
View Source 
const (
	FederatedIdentityProviderEndpoint = "/v1/federated-identity-providers"
)
View Source 
const (
	OrganisationMemberEndpoint = "/v1/memberships"
)
View Source 
const (
	OrganisationMemberInviteEndpoint = "/v1/invites"
)
View Source 
const (
	OrganisationRoleEndpoint = "/v1/iam/roles"
)
View Source 
const (
	ServiceAccountEndpoint = "/v1/service-accounts"
)
View Source 
const (
	TeamEndpoint = "/v1/teams"
)

Variables

View Source 
var (
	PermissionTypes = []PermissionType{
		PermissionTypeCreate,
		PermissionTypeRead,
		PermissionTypeUpdate,
		PermissionTypeDelete,
		PermissionTypeList,
		PermissionTypeWildcard,
	}
)

Functions

This section is empty.

Types

type AccessCredentialsScope added in v0.20.0 

type AccessCredentialsScope string

AccessCredentialsScope is a type that represents a scope for an access credential 

const (
	// AccessCredentialsScopeAPIRead is a scope that allows read access to the API
	AccessCredentialsScopeAPIRead AccessCredentialsScope = "api:read"
	// AccessCredentialsScopeAPIWrite is a scope that allows write access to the API
	AccessCredentialsScopeAPIWrite AccessCredentialsScope = "api:write"
	// AccessCredentialsScopeKubernetes is a scope that allows access to the Kubernetes API
	AccessCredentialsScopeKubernetes AccessCredentialsScope = "kubernetes"
	// AccessCredentialsScopeObjectStorage is a scope that allows access to the Object Storage API
	AccessCredentialsScopeObjectStorage AccessCredentialsScope = "objectStorage"
)

type AddTeamMemberRequest 

type AddTeamMemberRequest struct {
	UserIdentity string `json:"userIdentity"`
	Role         string `json:"role"`
}

type AudienceMatchMode added in v0.29.0 

type AudienceMatchMode string

AudienceMatchMode represents how audience matching should be performed 

const (
	AudienceMatchModeExact AudienceMatchMode = "exact" // Must match exactly one of the trusted audiences
	AudienceMatchModeAny   AudienceMatchMode = "any"   // Must match any of the trusted audiences (default)
	AudienceMatchModeAll   AudienceMatchMode = "all"   // Must match all trusted audiences
)

type Client 

type Client struct {
	client.Client
}

func New 

func New(c client.Client, opts ...client.Option) (*Client, error)

func (*Client) AddRoleRule added in v0.10.0 

func (c *Client) AddRoleRule(ctx context.Context, roleIdentity string, rule OrganisationRolePermissionRule) (*OrganisationRolePermissionRule, error)

AddRoleRule adds a new permission rule to an organisation role.

func (*Client) AddTeamMember 

func (c *Client) AddTeamMember(ctx context.Context, teamID string, request AddTeamMemberRequest) error

AddTeamMember adds a member to a team.

func (*Client) CreateFederatedIdentity added in v0.29.0 

func (c *Client) CreateFederatedIdentity(ctx context.Context, create CreateFederatedIdentityRequest) (*FederatedIdentity, error)

CreateFederatedIdentity creates a new federated identity

func (*Client) CreateFederatedIdentityProvider added in v0.29.0 

func (c *Client) CreateFederatedIdentityProvider(ctx context.Context, create CreateFederatedIdentityProviderRequest) (*FederatedIdentityProvider, error)

CreateFederatedIdentityProvider creates a new federated identity provider

func (*Client) CreateOrganisationRole added in v0.10.0 

func (c *Client) CreateOrganisationRole(ctx context.Context, create CreateOrganisationRoleRequest) (*OrganisationRole, error)

CreateOrganisationRole creates a new organisation role.

func (*Client) CreateRoleBinding added in v0.10.0 

func (c *Client) CreateRoleBinding(ctx context.Context, roleIdentity string, create CreateRoleBinding) (*OrganisationRoleBinding, error)

CreateRoleBinding creates a new role binding for an organisation role.

func (*Client) CreateServiceAccount added in v0.20.0 

func (c *Client) CreateServiceAccount(ctx context.Context, create CreateServiceAccountRequest) (*ServiceAccount, error)

CreateServiceAccount creates a new service account

func (*Client) CreateServiceAccountAccessCredentials added in v0.20.0 

func (c *Client) CreateServiceAccountAccessCredentials(ctx context.Context, serviceAccountIdentity string, request CreateServiceAccountAccessCredentialRequest) (*ServiceAccountCreatedAccessCredential, error)

CreateServiceAccountAccessCredentials creates access credentials for a service account

func (*Client) CreateTeam 

func (c *Client) CreateTeam(ctx context.Context, create CreateTeam) (*Team, error)

CreateTeam creates a new team.

func (*Client) DeleteFederatedIdentity added in v0.29.0 

func (c *Client) DeleteFederatedIdentity(ctx context.Context, identity string) error

DeleteFederatedIdentity deletes a federated identity

func (*Client) DeleteFederatedIdentityProvider added in v0.29.0 

func (c *Client) DeleteFederatedIdentityProvider(ctx context.Context, identity string) error

DeleteFederatedIdentityProvider deletes a federated identity provider

func (*Client) DeleteOrganisationMember added in v0.16.0 

func (c *Client) DeleteOrganisationMember(ctx context.Context, identity string) error

DeleteOrganisationMember deletes a member from an organisation

func (*Client) DeleteOrganisationRole added in v0.10.0 

func (c *Client) DeleteOrganisationRole(ctx context.Context, identity string) error

DeleteOrganisationRole deletes a specific organisation role by its identity.

func (*Client) DeleteRoleBinding added in v0.10.0 

func (c *Client) DeleteRoleBinding(ctx context.Context, roleIdentity string, bindingIdentity string) error

DeleteRoleBinding deletes a specific role binding from an organisation role.

func (*Client) DeleteRuleFromRole added in v0.10.0 

func (c *Client) DeleteRuleFromRole(ctx context.Context, roleIdentity string, ruleIdentity string) error

DeleteRuleFromRole deletes a permission rule from an organisation role.

func (*Client) DeleteServiceAccount added in v0.20.0 

func (c *Client) DeleteServiceAccount(ctx context.Context, identity string) error

DeleteServiceAccount deletes a service account

func (*Client) DeleteServiceAccountAccessCredentials added in v0.20.0 

func (c *Client) DeleteServiceAccountAccessCredentials(ctx context.Context, serviceAccountIdentity string, credentialIdentity string) error

DeleteServiceAccountAccessCredentials deletes specific access credentials for a service account

func (*Client) DeleteTeam 

func (c *Client) DeleteTeam(ctx context.Context, identity string) error

DeleteTeam deletes a team.

func (*Client) GetFederatedIdentity added in v0.29.0 

func (c *Client) GetFederatedIdentity(ctx context.Context, identity string) (*FederatedIdentity, error)

GetFederatedIdentity retrieves a specific federated identity

func (*Client) GetFederatedIdentityProvider added in v0.29.0 

func (c *Client) GetFederatedIdentityProvider(ctx context.Context, identity string) (*FederatedIdentityProvider, error)

GetFederatedIdentityProvider retrieves a specific federated identity provider

func (*Client) GetOrganisationRole added in v0.10.0 

func (c *Client) GetOrganisationRole(ctx context.Context, identity string) (*OrganisationRole, error)

GetOrganisationRole retrieves a specific organisation role by its identity.

func (*Client) GetServiceAccount added in v0.20.0 

func (c *Client) GetServiceAccount(ctx context.Context, identity string) (*ServiceAccount, error)

GetServiceAccount retrieves a specific service account

func (*Client) GetServiceAccountAccessCredentials added in v0.20.0 

func (c *Client) GetServiceAccountAccessCredentials(ctx context.Context, serviceAccountIdentity string) ([]ServiceAccountAccessCredential, error)

GetServiceAccountAccessCredentials lists access credentials for a service account

func (*Client) GetTeam 

func (c *Client) GetTeam(ctx context.Context, identity string, _ *GetTeamRequest) (*Team, error)

GetTeam retrieves a specific team by its identity.

func (*Client) ListFederatedIdentities added in v0.29.0 

func (c *Client) ListFederatedIdentities(ctx context.Context, request *ListFederatedIdentitiesRequest) ([]FederatedIdentity, error)

ListFederatedIdentities lists all federated identities for the organisation

func (*Client) ListFederatedIdentityProviders added in v0.29.0 

func (c *Client) ListFederatedIdentityProviders(ctx context.Context, request *ListFederatedIdentityProvidersRequest) ([]FederatedIdentityProvider, error)

ListFederatedIdentityProviders lists all federated identity providers for the organisation

func (*Client) ListOrganisationMemberInvites added in v0.16.0 

func (c *Client) ListOrganisationMemberInvites(ctx context.Context, request *ListOrganisationMemberInvitesRequest) ([]OrganisationMemberInvite, error)

ListOrganisationMemberInvites lists all invites for an organisation

func (*Client) ListOrganisationMembers added in v0.16.0 

func (c *Client) ListOrganisationMembers(ctx context.Context, request *ListMembersRequest) ([]OrganisationMember, error)

ListOrganisationMembers lists all members of an organisation

func (*Client) ListOrganisationRoles added in v0.10.0 

func (c *Client) ListOrganisationRoles(ctx context.Context, request *ListOrganisationRolesRequest) ([]OrganisationRole, error)

ListOrganisationRoles lists all organisation roles for a given organisation.

func (*Client) ListRoleBindings added in v0.10.0 

func (c *Client) ListRoleBindings(ctx context.Context, roleIdentity string, request *ListRoleBindingsRequest) ([]OrganisationRoleBinding, error)

ListRoleBindings lists all role bindings for a specific organisation role.

func (*Client) ListServiceAccounts added in v0.20.0 

func (c *Client) ListServiceAccounts(ctx context.Context, request *ListServiceAccountsRequest) ([]ServiceAccount, error)

ListServiceAccounts lists all service accounts for the organisation

func (*Client) ListTeams 

func (c *Client) ListTeams(ctx context.Context, request *ListTeamsRequest) ([]Team, error)

ListTeams lists all teams for a given organisation.

func (*Client) RemoveTeamMember 

func (c *Client) RemoveTeamMember(ctx context.Context, teamID string, memberIdentity string) error

RemoveTeamMember removes a member from a team.

func (*Client) UpdateFederatedIdentity added in v0.29.0 

func (c *Client) UpdateFederatedIdentity(ctx context.Context, identity string, update UpdateFederatedIdentityRequest) (*FederatedIdentity, error)

UpdateFederatedIdentity updates a federated identity (partial update)

func (*Client) UpdateFederatedIdentityProvider added in v0.29.0 

func (c *Client) UpdateFederatedIdentityProvider(ctx context.Context, identity string, update UpdateFederatedIdentityProviderRequest) (*FederatedIdentityProvider, error)

UpdateFederatedIdentityProvider updates a federated identity provider (partial update)

func (*Client) UpdateOrganisationMember added in v0.16.0 

func (c *Client) UpdateOrganisationMember(ctx context.Context, identity string, request UpdateOrganisationMemberRequest) error

UpdateOrganisationMember updates a member of an organisation

func (*Client) UpdateServiceAccount added in v0.20.0 

func (c *Client) UpdateServiceAccount(ctx context.Context, identity string, update UpdateServiceAccountRequest) (*ServiceAccount, error)

UpdateServiceAccount updates a service account (partial update)

func (*Client) UpdateTeam 

func (c *Client) UpdateTeam(ctx context.Context, identity string, update UpdateTeam) (*Team, error)

UpdateTeam updates a team.

type CreateFederatedIdentityProviderRequest added in v0.29.0 

type CreateFederatedIdentityProviderRequest struct {
	// Name of the federated identity provider
	Name string `json:"name"`

	// Description of the federated identity provider
	Description string `json:"description,omitempty"`

	// Annotations for the federated identity provider
	Annotations map[string]string `json:"annotations,omitempty"`

	// Labels for the federated identity provider
	Labels map[string]string `json:"labels,omitempty"`

	// ProviderIssuer is the issuer URL of the OIDC provider
	// This must be unique per organisation
	ProviderIssuer string `json:"providerIssuer"`

	// ProviderJwksURI is an optional JWKS URI to override the discovered one from the issuer's openid-configuration
	ProviderJwksURI *string `json:"providerJwksUri,omitempty"`

	// LocalJWKS is an optional locally stored JWKS for offline verification
	LocalJWKS *LocalJWKS `json:"localJwks,omitempty"`

	// Status is the current status of the provider
	Status FederatedIdentityProviderStatus `json:"status,omitempty"`
}

CreateFederatedIdentityProviderRequest is the request for creating a federated identity provider

type CreateFederatedIdentityRequest added in v0.29.0 

type CreateFederatedIdentityRequest struct {
	// Name of the federated identity
	Name string `json:"name"`

	// Description of the federated identity
	Description string `json:"description,omitempty"`

	// Annotations for the federated identity
	Annotations map[string]string `json:"annotations,omitempty"`

	// Labels for the federated identity
	Labels map[string]string `json:"labels,omitempty"`

	// ServiceAccountIdentity is the identity of the service account to bind to
	ServiceAccountIdentity string `json:"serviceAccountIdentity"`

	// ProviderIdentity is the identity of the federated identity provider
	ProviderIdentity string `json:"providerIdentity"`

	// ProviderSubject is the subject identifier from the OIDC provider
	// This is the 'sub' claim from the JWT token
	ProviderSubject string `json:"providerSubject"`

	// TrustedAudiences is a list of trusted audiences for the federated identity
	TrustedAudiences []string `json:"trustedAudiences"`

	// AudienceMatchMode defines how audience matching should be performed
	AudienceMatchMode AudienceMatchMode `json:"audienceMatchMode"`

	// AllowedScopes is a list of scopes that the federated identity is allowed to access
	AllowedScopes []AccessCredentialsScope `json:"allowedScopes"`

	// ExpiresAt is the timestamp when the federated identity will expire
	ExpiresAt *time.Time `json:"expiresAt,omitempty"`

	// Conditions is a JSONB field containing conditions/claims matcher rules
	Conditions map[string]interface{} `json:"conditions,omitempty"`
}

CreateFederatedIdentityRequest is the request for creating a federated identity

type CreateOrganisationRoleRequest added in v0.10.0 

type CreateOrganisationRoleRequest struct {
	// Name of the organisationRole
	Name string `json:"name"`

	// Description of the organisationRole
	Description string `json:"description"`

	// Annotations for the organisationRole
	Annotations map[string]string `json:"annotations"`

	// Labels for the organisationRole
	Labels map[string]string `json:"labels"`
}

type CreateRoleBinding added in v0.10.0 

type CreateRoleBinding struct {
	// Name of the organisationRole
	Name string `json:"name"`

	// Description of the organisationRole
	Description string `json:"description"`

	// Annotations for the organisationRole
	Annotations map[string]string `json:"annotations"`

	// Labels for the organisationRole
	Labels map[string]string `json:"labels"`

	// UserIdentity is the identity of the user to bind
	UserIdentity *string `json:"userIdentity"`

	// TeamIdentity is the identity of the team to bind
	TeamIdentity *string `json:"teamIdentity"`

	// ServiceAccountIdentity is the identity of the service account to bind
	ServiceAccountIdentity *string `json:"serviceAccountIdentity"`

	// Scopes is the scopes to bind the role binding to
	Scopes []string `json:"scopes"`
}

type CreateServiceAccountAccessCredentialRequest added in v0.20.0 

type CreateServiceAccountAccessCredentialRequest struct {
	// Name is the name of the access credential
	Name string `json:"name"`
	// Description is the description of the access credential
	Description *string `json:"description,omitempty"`
	// ExpiresAt is the timestamp when the access credential expires
	ExpiresAt *time.Time `json:"expiresAt,omitempty"`
	// Scopes is a list of scopes for the access credential
	Scopes []AccessCredentialsScope `json:"scopes,omitempty"`
}

CreateServiceAccountAccessCredentialRequest is the request for creating an access credential for a service account

type CreateServiceAccountRequest added in v0.20.0 

type CreateServiceAccountRequest struct {
	// Name is the name of the service account
	Name string `json:"name"`
	// Description is the description of the service account
	Description *string `json:"description,omitempty"`
	// Annotations is a map of key-value pairs used for storing additional information
	Annotations map[string]string `json:"annotations,omitempty"`
	// Labels is a map of key-value pairs used for filtering and grouping service accounts
	Labels map[string]string `json:"labels,omitempty"`
}

CreateServiceAccountRequest is the request for creating a service account

type CreateTeam 

type CreateTeam struct {
	Name        string            `json:"name"`
	Description string            `json:"description"`
	Labels      map[string]string `json:"labels"`
	Annotations map[string]string `json:"annotations"`
}

type FederatedIdentity added in v0.29.0 

type FederatedIdentity struct {
	// Identity is a unique identifier for the federated identity
	Identity string `json:"identity"`
	// Name is a human-readable name of the federated identity
	Name string `json:"name"`
	// Description is a human-readable description of the federated identity
	Description string `json:"description,omitempty"`
	// Annotations is a map of key-value pairs used for storing additional information
	Annotations map[string]string `json:"annotations,omitempty"`
	// Labels is a map of key-value pairs used for filtering and grouping objects
	Labels map[string]string `json:"labels,omitempty"`

	// CreatedAt is the timestamp when the object was created
	CreatedAt time.Time `json:"createdAt"`
	// UpdatedAt is the timestamp when the object was last updated
	UpdatedAt *time.Time `json:"updatedAt,omitempty"`
	// DeletedAt is the timestamp when the object was deleted
	DeletedAt *time.Time `json:"deletedAt,omitempty"`
	// ObjectVersion represents the version of the object
	ObjectVersion int64 `json:"objectVersion"`

	// ServiceAccount is the service account that this federated identity is bound to
	ServiceAccount *ServiceAccount `json:"serviceAccount,omitempty"`

	// Provider is the federated identity provider
	Provider *FederatedIdentityProvider `json:"provider,omitempty"`

	// ProviderSubject is the subject identifier from the OIDC provider
	// This is the 'sub' claim from the JWT token
	ProviderSubject string `json:"providerSubject"`

	// TrustedAudiences is a list of trusted audiences for the federated identity
	// These are the audiences that the JWT token must contain to be considered valid
	TrustedAudiences []string `json:"trustedAudiences"`

	// AudienceMatchMode defines how audience matching should be performed
	AudienceMatchMode AudienceMatchMode `json:"audienceMatchMode"`

	// AllowedScopes is a list of scopes that the federated identity is allowed to access
	AllowedScopes []AccessCredentialsScope `json:"allowedScopes"`

	// Status is the current status of the federated identity
	Status FederatedIdentityStatus `json:"status"`

	// ExpiresAt is the timestamp when the federated identity will expire
	// If not set, the federated identity will never expire
	ExpiresAt *time.Time `json:"expiresAt,omitempty"`

	// LastUsedAt is the timestamp when the federated identity was last used
	LastUsedAt *time.Time `json:"lastUsedAt,omitempty"`

	// Conditions is a JSONB field containing conditions/claims matcher rules
	// This allows locking to specific branches, environments, PRs, ref_protected, workflow_ref, etc.
	// Example: {"branch": "main", "environment": "production", "ref_protected": true}
	Conditions map[string]interface{} `json:"conditions,omitempty"`

	// CreatedBy is the user that created the federated identity
	CreatedBy *base.AppUser `json:"createdBy,omitempty"`
}

FederatedIdentity represents a federated identity that can be used for OIDC token provisioning

type FederatedIdentityProvider added in v0.29.0 

type FederatedIdentityProvider struct {
	// Identity is a unique identifier for the federated identity provider
	Identity string `json:"identity"`
	// Name is a human-readable name of the federated identity provider
	Name string `json:"name"`
	// Description is a human-readable description of the federated identity provider
	Description string `json:"description,omitempty"`
	// Annotations is a map of key-value pairs used for storing additional information
	Annotations map[string]string `json:"annotations,omitempty"`
	// Labels is a map of key-value pairs used for filtering and grouping objects
	Labels map[string]string `json:"labels,omitempty"`

	// CreatedAt is the timestamp when the object was created
	CreatedAt time.Time `json:"createdAt"`
	// UpdatedAt is the timestamp when the object was last updated
	UpdatedAt *time.Time `json:"updatedAt,omitempty"`
	// DeletedAt is the timestamp when the object was deleted
	DeletedAt *time.Time `json:"deletedAt,omitempty"`
	// ObjectVersion represents the version of the object
	ObjectVersion int64 `json:"objectVersion"`

	// ProviderIssuer is the issuer URL of the OIDC provider
	// This must be unique per organisation
	// This is the 'iss' claim from the JWT token
	ProviderIssuer string `json:"providerIssuer"`

	// ProviderJwksURI is an optional JWKS URI to override the discovered one from the issuer's openid-configuration
	// This is useful for caching or when the discovered URI is not accessible
	ProviderJwksURI *string `json:"providerJwksUri,omitempty"`

	// LocalJWKS is an optional locally stored JWKS for offline verification
	// If provided, this JWKS will be used instead of fetching from ProviderJwksURI or issuer
	// This is useful for air-gapped environments or when you want to pin specific keys
	LocalJWKS *LocalJWKS `json:"localJwks,omitempty"`

	// Status is the current status of the provider
	Status FederatedIdentityProviderStatus `json:"status"`

	// CreatedBy is the user that created the provider
	CreatedBy *base.AppUser `json:"createdBy,omitempty"`

	// ParentResourceIdentity is the identity of the parent resource that the provider is linked to
	// This is used to link a federated identity provider to a parent resource, i.e. a kubernetes cluster
	ParentResourceIdentity *string `json:"parentResourceIdentity,omitempty"`
	// ParentResourceType is the type of the parent resource that the provider is linked to
	// This is used to link a federated identity provider to a parent resource, i.e. a kubernetes cluster
	ParentResourceType *string `json:"parentResourceType,omitempty"`
}

FederatedIdentityProvider represents an OIDC provider that can be used for token exchange

type FederatedIdentityProviderStatus added in v0.29.0 

type FederatedIdentityProviderStatus string

FederatedIdentityProviderStatus represents the status of a federated identity provider 

const (
	FederatedIdentityProviderStatusActive   FederatedIdentityProviderStatus = "active"
	FederatedIdentityProviderStatusInactive FederatedIdentityProviderStatus = "inactive"
)

type FederatedIdentityStatus added in v0.29.0 

type FederatedIdentityStatus string

FederatedIdentityStatus represents the status of a federated identity 

const (
	FederatedIdentityStatusActive   FederatedIdentityStatus = "active"
	FederatedIdentityStatusInactive FederatedIdentityStatus = "inactive"
	FederatedIdentityStatusExpired  FederatedIdentityStatus = "expired"
	FederatedIdentityStatusRevoked  FederatedIdentityStatus = "revoked"
)

type GetTeamRequest added in v0.8.0 

type GetTeamRequest struct {
}

type ListFederatedIdentitiesRequest added in v0.29.0 

type ListFederatedIdentitiesRequest struct {
	// Filters is a list of filters to apply to the request
	Filters []filters.Filter
}

ListFederatedIdentitiesRequest is the request for listing federated identities

type ListFederatedIdentityProvidersRequest added in v0.29.0 

type ListFederatedIdentityProvidersRequest struct {
	// Filters is a list of filters to apply to the request
	Filters []filters.Filter
}

ListFederatedIdentityProvidersRequest is the request for listing federated identity providers

type ListMembersRequest added in v0.16.0 

type ListMembersRequest struct {
	Filters []filters.Filter
}

type ListOrganisationMemberInvitesRequest added in v0.16.0 

type ListOrganisationMemberInvitesRequest struct {
	Filters []filters.Filter
}

type ListOrganisationRolesRequest added in v0.10.0 

type ListOrganisationRolesRequest struct {
	Filters []filters.Filter
}

type ListRoleBindingsRequest added in v0.10.0 

type ListRoleBindingsRequest struct {
	Filters []filters.Filter
}

type ListServiceAccountsRequest added in v0.20.0 

type ListServiceAccountsRequest struct {
	// Filters is a list of filters to apply to the request
	Filters []filters.Filter
}

ListServiceAccountsRequest is the request for listing service accounts

type ListTeamsRequest added in v0.8.0 

type ListTeamsRequest struct {
	Filters []filters.Filter
}

type LocalJWKS added in v0.29.0 

type LocalJWKS struct {
	Keys []map[string]interface{} `json:"keys"`
}

LocalJWKS represents a locally stored JWKS (JSON Web Key Set) This allows offline verification without fetching from the issuer

type OrganisationMember added in v0.16.0 

type OrganisationMember struct {
	Identity   string                 `json:"identity"`
	CreatedAt  time.Time              `json:"createdAt"`
	User       *base.AppUser          `json:"user"`
	MemberType OrganisationMemberType `json:"role"`
}

type OrganisationMemberInvite added in v0.16.0 

type OrganisationMemberInvite struct {
	Email               string                 `json:"email"`
	Organisation        *base.Organisation     `json:"organisation,omitempty"`
	Role                OrganisationMemberType `json:"role"`
	InvitedByUser       *base.AppUser          `json:"invitedByUser,omitempty"`
	JoinTeamOnAccept    *Team                  `json:"joinTeamOnAccept,omitempty"`
	RolebindingOnAccept *OrganisationRole      `json:"rolebindingOnAccept,omitempty"`
	CreatedAt           time.Time              `json:"createdAt"`
	ExpiresAt           *time.Time             `json:"expiresAt"`
	InviteCode          string                 `json:"inviteCode"`
}

type OrganisationMemberType added in v0.16.0 

type OrganisationMemberType string

OrganisationMemberType is a type that represents a role of a member in an organisation 

const (
	// OrganisationMemberTypeOwner is a role that indicates that the user is an owner of the organisation
	OrganisationMemberTypeOwner OrganisationMemberType = "OWNER"
	// OrganisationMemberTypeMember is a role that indicates that the user is a member of the organisation
	OrganisationMemberTypeMember OrganisationMemberType = "MEMBER"
)

type OrganisationRole added in v0.10.0 

type OrganisationRole struct {
	Identity      string            `json:"identity"`
	Name          string            `json:"name"`
	Slug          string            `json:"slug"`
	Description   string            `json:"description"`
	CreatedAt     time.Time         `json:"createdAt"`
	UpdatedAt     time.Time         `json:"updatedAt"`
	ObjectVersion int               `json:"objectVersion"`
	Labels        map[string]string `json:"labels"`
	Annotations   map[string]string `json:"annotations"`
	IsReadOnly    bool              `json:"isReadOnly,omitempty"`
	// Organisation
	Organisation *base.Organisation               `json:"organisation,omitempty"`
	Rules        []OrganisationRolePermissionRule `json:"rules,omitempty"`
	Bindings     []OrganisationRoleBinding        `json:"bindings,omitempty"`
	// System is a flag that indicates if the role is a system role. Cannot be modified by the user. Default is false. Can only be set by the system.
	System bool `json:"system,omitempty"`
}

type OrganisationRoleBinding added in v0.10.0 

type OrganisationRoleBinding struct {
	Identity         string            `json:"identity"`
	Name             string            `json:"name"`
	Slug             string            `json:"slug"`
	Description      string            `json:"description"`
	CreatedAt        time.Time         `json:"createdAt"`
	UpdatedAt        time.Time         `json:"updatedAt"`
	ObjectVersion    int               `json:"objectVersion"`
	Labels           map[string]string `json:"labels"`
	Annotations      map[string]string `json:"annotations"`
	OrganisationRole *OrganisationRole `json:"organisationRole,omitempty"`
	AppUser          *base.AppUser     `json:"user,omitempty"`
	OrganisationTeam *Team             `json:"team,omitempty"`
	ServiceAccount   *ServiceAccount   `json:"serviceAccount,omitempty"`
}

type OrganisationRolePermissionRule added in v0.10.0 

type OrganisationRolePermissionRule struct {
	// Identity is a unique identifier for the object
	Identity         string            `json:"identity"`
	OrganisationRole *OrganisationRole `json:"organisationRole,omitempty"`

	// Permission
	Resources          []string         `json:"resources"`
	ResourceIdentities []string         `json:"resourceIdentities"`
	Permissions        []PermissionType `json:"permissions"`
	// Note is a human-readable note for the permission rule
	Note string `json:"note,omitempty"`
}

type PermissionType added in v0.10.0 

type PermissionType string
const (
	PermissionTypeCreate   PermissionType = "create"
	PermissionTypeRead     PermissionType = "read"
	PermissionTypeUpdate   PermissionType = "update"
	PermissionTypeDelete   PermissionType = "delete"
	PermissionTypeList     PermissionType = "list"
	PermissionTypeWildcard PermissionType = "*"
)

type ServiceAccount added in v0.20.0 

type ServiceAccount struct {
	// Identity is the unique identifier for the service account
	Identity string `json:"identity"`
	// Name is the name of the service account
	Name string `json:"name"`
	// Slug is a human-readable unique identifier for the service account
	Slug string `json:"slug"`
	// Description is the description of the service account
	Description *string `json:"description,omitempty"`
	// Annotations is a map of key-value pairs used for storing additional information
	Annotations map[string]string `json:"annotations,omitempty"`
	// Labels is a map of key-value pairs used for filtering and grouping service accounts
	Labels map[string]string `json:"labels,omitempty"`
	// CreatedAt is the timestamp when the service account was created
	CreatedAt time.Time `json:"createdAt"`
	// UpdatedAt is the timestamp when the service account was last updated
	UpdatedAt *time.Time `json:"updatedAt,omitempty"`
	// DeletedAt is the timestamp when the service account was deleted
	DeletedAt *time.Time `json:"deletedAt,omitempty"`
	// ObjectVersion is the version of the service account
	ObjectVersion int `json:"objectVersion"`
	// Organisation is the organisation that the service account belongs to
	Organisation *base.Organisation `json:"organisation,omitempty"`
	// CreatedBy is the user that created the service account
	CreatedBy *base.AppUser `json:"createdBy,omitempty"`
	// RoleBindings is a list of role bindings for the service account
	RoleBindings []OrganisationRoleBinding `json:"roleBindings,omitempty"`
}

ServiceAccount is the response for listing service accounts

type ServiceAccountAccessCredential added in v0.20.0 

type ServiceAccountAccessCredential struct {
	// Identity is the unique identifier for the access credential
	Identity string `json:"identity"`
	// Name is the name of the access credential
	Name string `json:"name"`
	// Description is the description of the access credential
	Description *string `json:"description,omitempty"`
	// CreatedAt is the timestamp when the access credential was created
	CreatedAt time.Time `json:"createdAt"`
	// LastUsedAt is the timestamp when the access credential was last used
	LastUsedAt *time.Time `json:"lastUsedAt,omitempty"`
	// ExpiresAt is the timestamp when the access credential expires
	ExpiresAt *time.Time `json:"expiresAt,omitempty"`
	// AccessKey is the access key for the access credential
	AccessKey string `json:"accessKey"`
}

ServiceAccountAccessCredential is the response for listing access credentials for a service account

type ServiceAccountCreatedAccessCredential added in v0.20.0 

type ServiceAccountCreatedAccessCredential struct {
	// AccessKey is the access key for the access credential
	AccessKey string `json:"accessKey"`
	// AccessSecret is the access secret for the access credential
	AccessSecret string `json:"accessSecret"`
	// Identity is the unique identifier for the access credential
	Identity string `json:"identity"`
	// Scopes is a list of scopes for the access credential
	Scopes []AccessCredentialsScope `json:"scopes,omitempty"`
}

ServiceAccountCreatedAccessCredential is the response for creating an access credential for a service account

type Team 

type Team struct {
	Identity    string            `json:"identity"`
	Name        string            `json:"name"`
	Slug        string            `json:"slug"`
	Description string            `json:"description"`
	Labels      map[string]string `json:"labels"`
	Annotations map[string]string `json:"annotations"`
	CreatedAt   time.Time         `json:"createdAt"`
	UpdatedAt   *time.Time        `json:"updatedAt,omitempty"`
	Members     []TeamMember      `json:"members"`
}

type TeamMember 

type TeamMember struct {
	Identity  string       `json:"identity"`
	Role      string       `json:"role"`
	User      base.AppUser `json:"user"`
	CreatedAt time.Time    `json:"createdAt"`
	UpdatedAt *time.Time   `json:"updatedAt,omitempty"`
}

type UpdateFederatedIdentityProviderRequest added in v0.29.0 

type UpdateFederatedIdentityProviderRequest struct {
	Name        string            `json:"name,omitempty"`
	Description string            `json:"description,omitempty"`
	Annotations map[string]string `json:"annotations,omitempty"`
	Labels      map[string]string `json:"labels,omitempty"`

	// ProviderJwksURI is an optional JWKS URI to override the discovered one
	ProviderJwksURI *string `json:"providerJwksUri,omitempty"`

	// Status is the current status of the provider
	Status FederatedIdentityProviderStatus `json:"status,omitempty"`
}

UpdateFederatedIdentityProviderRequest is the request for updating a federated identity provider

type UpdateFederatedIdentityRequest added in v0.29.0 

type UpdateFederatedIdentityRequest struct {
	Name        string            `json:"name,omitempty"`
	Description string            `json:"description,omitempty"`
	Annotations map[string]string `json:"annotations,omitempty"`
	Labels      map[string]string `json:"labels,omitempty"`

	// TrustedAudiences is a list of trusted audiences for the federated identity
	TrustedAudiences []string `json:"trustedAudiences,omitempty"`

	// AudienceMatchMode defines how audience matching should be performed
	AudienceMatchMode AudienceMatchMode `json:"audienceMatchMode,omitempty"`

	// AllowedScopes is a list of scopes that the federated identity is allowed to access
	AllowedScopes []AccessCredentialsScope `json:"allowedScopes,omitempty"`

	// Status is the current status of the federated identity
	Status FederatedIdentityStatus `json:"status,omitempty"`

	// ExpiresAt is the timestamp when the federated identity will expire
	ExpiresAt *time.Time `json:"expiresAt,omitempty"`

	// Conditions is a JSONB field containing conditions/claims matcher rules
	Conditions map[string]interface{} `json:"conditions,omitempty"`
}

UpdateFederatedIdentityRequest is the request for updating a federated identity

type UpdateOrganisationMemberRequest added in v0.16.0 

type UpdateOrganisationMemberRequest struct {
	MemberType OrganisationMemberType `json:"role"`
}

type UpdateServiceAccountRequest added in v0.20.0 

type UpdateServiceAccountRequest struct {
	// Name is the name of the service account
	Name *string `json:"name,omitempty"`
	// Description is the description of the service account
	Description *string `json:"description,omitempty"`
	// Annotations is a map of key-value pairs used for storing additional information
	Annotations map[string]string `json:"annotations,omitempty"`
	// Labels is a map of key-value pairs used for filtering and grouping service accounts
	Labels map[string]string `json:"labels,omitempty"`
}

UpdateServiceAccountRequest is the request for updating a service account

type UpdateTeam 

type UpdateTeam struct {
	Name        string            `json:"name"`
	Description string            `json:"description"`
	Labels      map[string]string `json:"labels"`
	Annotations map[string]string `json:"annotations"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.