Documentation

Overview

    Package realmset provides queryable representation of LUCI Realms DB.

    Used internally by authdb.Snapshot.

    Index

    Constants

    View Source
    const ExpectedAPIVersion = 1

      ExpectedAPIVersion is the supported value of api_version field.

      See Build implementation for details.

      Variables

      This section is empty.

      Functions

      This section is empty.

      Types

      type PermissionIndex

      type PermissionIndex uint32

        PermissionIndex is used in place of permission names.

        Note: should match an int type used in `permissions` field in the proto.

        type Realms

        type Realms struct {
        	// contains filtered or unexported fields
        }

          Realms is a queryable representation of realms.Realms proto.

          func Build

          func Build(r *protocol.Realms, qg *graph.QueryableGraph) (*Realms, error)

            Build constructs Realms from the proto message and the group graph.

            func (*Realms) Data

            func (r *Realms) Data(realm string) *protocol.RealmData

              Data returns RealmData attached to a realm or nil if none.

              func (*Realms) HasRealm

              func (r *Realms) HasRealm(realm string) bool

                HasRealm returns true if the given realm exists in the DB.

                func (*Realms) PermissionIndex

                func (r *Realms) PermissionIndex(perm realms.Permission) (idx PermissionIndex, ok bool)

                  PermissionIndex returns an index of the given permission.

                  It can be passed to QueryAuthorized. Returns (0, false) if there's no such permission in the Realms DB.

                  func (*Realms) QueryAuthorized

                  func (r *Realms) QueryAuthorized(realm string, perm PermissionIndex) (graph.SortedNodeSet, stringset.Set)

                    QueryAuthorized returns a representation of principals that have the requested permission in the given realm.

                    The permission should be given as its index obtained via PermissionIndex.

                    The realm name is not validated. Unknown or invalid realms are silently treated as empty. No fallback to @root happens.

                    Returns a set of groups with principals that have the permission and a set of identity strings that were specified in the realm ACL directly (not via a group). nils are used in place of empty sets.

                    The set of groups is represented by a sorted slice of group indexes in a graph.QueryableGraph which was passed to Build().

                    Source Files