db

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 6, 2026 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

Package db provides database models, initialization, and CRUD operations for Heimdall's tenant and policy data.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Open 

func Open(driver, dsn string) (*gorm.DB, error)

Open opens a database connection based on the driver type.

func WithNoTrace 

func WithNoTrace(ctx context.Context) context.Context

WithNoTrace returns a new context that signals DB operations to skip span creation. This is used for periodic background tasks (e.g., bundle polling) to reduce trace noise.

Types

type BundleData 

type BundleData struct {
	Tenants  map[string]interface{} `json:"tenants"`
	Policies []BundlePolicy         `json:"policies"`
}

BundleData is the OPA data document served to OPA.

type BundlePolicy 

type BundlePolicy struct {
	ID       uint        `json:"id"`
	Name     string      `json:"name"`
	Effect   string      `json:"effect"`
	Subjects []Subject   `json:"subjects"`
	Actions  []string    `json:"actions"`
	Scope    PolicyScope `json:"scope"`
	Filters  []string    `json:"filters"`
}

BundlePolicy is the policy representation in the OPA bundle.

type BundleServer 

type BundleServer struct {
	// contains filtered or unexported fields
}

BundleServer manages the OPA bundle lifecycle.

func NewBundleServer 

func NewBundleServer(store *Store, metrics Metrics) *BundleServer

NewBundleServer creates a new BundleServer that serves bundles from memory.

func (*BundleServer) Rebuild 

func (bs *BundleServer) Rebuild(ctx context.Context) (err error)

Rebuild atomically rebuilds the OPA bundle from the current database state. It is mutex-protected, idempotent, and context-aware.

func (*BundleServer) ServeHTTP 

func (bs *BundleServer) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP serves the OPA bundle file from memory.

func (*BundleServer) StartListenNotify 

func (bs *BundleServer) StartListenNotify(ctx context.Context, interval time.Duration) error

StartListenNotify starts listening for PostgreSQL NOTIFY events to trigger rebuilds. NOTE: database/sql does not support async notifications natively. For production use, replace with github.com/lib/pq or pgx listener. This implementation falls back to polling on the same interval.

func (*BundleServer) StartPolling 

func (bs *BundleServer) StartPolling(ctx context.Context, interval time.Duration)

StartPolling starts a background goroutine that periodically rebuilds the bundle. This is used for SQLite which doesn't support LISTEN/NOTIFY.

type JSONField 

type JSONField json.RawMessage

JSONField is a custom type that properly implements sql.Scanner and driver.Valuer for storing JSON data in both Postgres and SQLite.

func (JSONField) MarshalJSON 

func (j JSONField) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (JSONField) RawMessage 

func (j JSONField) RawMessage() json.RawMessage

RawMessage returns the underlying json.RawMessage.

func (*JSONField) Scan 

func (j *JSONField) Scan(value interface{}) error

Scan implements the sql.Scanner interface.

func (*JSONField) UnmarshalJSON 

func (j *JSONField) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler.

func (JSONField) Value 

func (j JSONField) Value() (driver.Value, error)

Value implements the driver.Valuer interface.

type Metrics 

type Metrics interface {
	RecordBundleRebuild(ctx context.Context)
	UpdateActiveTenants(ctx context.Context, count int64)
}

Metrics is a subset interface to avoid circular dependencies if needed, but since both are in the same or related packages, we can use the concrete type or a simplified interface. Here we use the concrete type via a local alias or interface if needed. For now, we'll assume we can pass the Metrics struct from handler.

type Policy 

type Policy struct {
	ID        uint      `gorm:"primaryKey;autoIncrement" json:"id"`
	Name      string    `gorm:"not null;uniqueIndex;size:255" json:"name"`
	Effect    string    `gorm:"not null;size:10" json:"effect"`
	Subjects  JSONField `gorm:"type:text;not null" json:"subjects"`
	Actions   JSONField `gorm:"type:text;not null" json:"actions"`
	Scope     JSONField `gorm:"type:text;not null" json:"scope"`
	Filters   JSONField `gorm:"type:text;not null" json:"filters"`
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
}

Policy represents an access control policy stored in the database.

type PolicyScope 

type PolicyScope struct {
	Tenants   []string `json:"tenants"`
	Resources []string `json:"resources"`
}

PolicyScope defines the scope of a policy.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store provides database operations for tenants and policies.

func NewStore 

func NewStore(db *gorm.DB) *Store

NewStore creates a new Store with the given GORM database connection.

func (*Store) CreatePolicy 

func (s *Store) CreatePolicy(ctx context.Context, policy *Policy) error

CreatePolicy creates a new policy after validation.

func (*Store) CreateTenant 

func (s *Store) CreateTenant(ctx context.Context, tenant *Tenant) error

CreateTenant creates a new tenant.

func (*Store) DB 

func (s *Store) DB() *gorm.DB

DB returns the underlying GORM database connection.

func (*Store) DeletePolicy 

func (s *Store) DeletePolicy(ctx context.Context, id uint) error

DeletePolicy deletes a policy by ID.

func (*Store) DeleteTenant 

func (s *Store) DeleteTenant(ctx context.Context, id string) error

DeleteTenant deletes a tenant by ID.

func (*Store) GetPolicy 

func (s *Store) GetPolicy(ctx context.Context, id uint) (*Policy, error)

GetPolicy retrieves a policy by ID.

func (*Store) GetTenant 

func (s *Store) GetTenant(ctx context.Context, id string) (*Tenant, error)

GetTenant retrieves a tenant by ID.

func (*Store) ListPolicies 

func (s *Store) ListPolicies(ctx context.Context) ([]Policy, error)

ListPolicies returns all policies.

func (*Store) ListTenants 

func (s *Store) ListTenants(ctx context.Context) ([]Tenant, error)

ListTenants returns all tenants.

func (*Store) Migrate 

func (s *Store) Migrate() error

Migrate runs AutoMigrate for all Heimdall models.

type Subject 

type Subject struct {
	Type string `json:"type" validate:"required,oneof=user group"`
	ID   string `json:"id" validate:"required"`
}

Subject represents a policy subject (user or group).

type Tenant 

type Tenant struct {
	ID        string    `gorm:"primaryKey;size:255" json:"id"`
	Name      string    `gorm:"not null;size:255" json:"name"`
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
}

Tenant represents a Mimir tenant registered in Heimdall.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.