regosql

package
v2.26.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 3, 2025 License: AGPL-3.0 Imports: 7 Imported by: 0

Documentation

Overview

Package regosql converts rego queries into SQL WHERE clauses. This is so the rego queries can be used to filter the results of a SQL query.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuditLogConverter added in v2.14.0

func AuditLogConverter() *sqltypes.VariableConverter

func ConnectionLogConverter added in v2.25.0

func ConnectionLogConverter() *sqltypes.VariableConverter

func ConvertRegoAst

func ConvertRegoAst(cfg ConvertConfig, partial *rego.PartialQueries) (sqltypes.BooleanNode, error)

ConvertRegoAst converts partial rego queries into a single SQL where clause. If the query equates to "true" then the user should have access.

func DefaultVariableConverter

func DefaultVariableConverter() *sqltypes.VariableConverter

func NoACLConverter

func NoACLConverter() *sqltypes.VariableConverter

NoACLConverter should be used when the target SQL table does not contain group or user ACL columns.

func TemplateConverter

func TemplateConverter() *sqltypes.VariableConverter

func UserConverter

func UserConverter() *sqltypes.VariableConverter

func WorkspaceConverter added in v2.8.0

func WorkspaceConverter() *sqltypes.VariableConverter

Types

type ACLMappingVar added in v2.26.0

type ACLMappingVar struct {
	// SelectSQL is used to `SELECT` the ACL mapping from the table for the
	// given resource. ie. if the full query might look like `SELECT group_acl
	// FROM things;` then you would want this to be `"group_acl"`.
	SelectSQL string
	// IndexMatcher handles variable references when indexing into the mapping.
	// (ie. `input.object.acl_group_list[input.object.org_owner]`). We need one
	// from the local context because the global one might not be correctly
	// scoped.
	IndexMatcher sqltypes.VariableMatcher
	// Used if the action list isn't directly in the ACL entry. For example, in
	// the `workspaces.group_acl` and `workspaces.user_acl` columns they're stored
	// under a `"permissions"` key.
	Subfield string

	// StructPath represents the path of the value in rego
	// ie. input.object.group_acl -> ["input", "object", "group_acl"]
	StructPath []string

	// Instance fields
	Source    sqltypes.RegoSource
	GroupNode sqltypes.Node
}

ACLMappingVar is a variable matcher that matches ACL map variables to their SQL storage. Usually the actual backing implementation is a pair of `jsonb` columns named `group_acl` and `user_acl`. Each column contains an object that looks like...

```json

{
  "<actor_id>": ["<action>", "<action>"]
}

```

func ACLMappingMatcher added in v2.26.0

func ACLMappingMatcher(indexMatcher sqltypes.VariableMatcher, selectSQL string, structPath []string) ACLMappingVar

func (ACLMappingVar) ContainsSQL added in v2.26.0

func (g ACLMappingVar) ContainsSQL(cfg *sqltypes.SQLGenerator, other sqltypes.Node) (string, error)

func (ACLMappingVar) ConvertVariable added in v2.26.0

func (g ACLMappingVar) ConvertVariable(rego ast.Ref) (sqltypes.Node, bool)

func (ACLMappingVar) SQLString added in v2.26.0

func (g ACLMappingVar) SQLString(cfg *sqltypes.SQLGenerator) string

func (ACLMappingVar) UseAs added in v2.26.0

func (ACLMappingVar) UseAs() sqltypes.Node

func (ACLMappingVar) UsingSubfield added in v2.26.0

func (g ACLMappingVar) UsingSubfield(subfield string) ACLMappingVar

type ConvertConfig

type ConvertConfig struct {
	// VariableConverter is called each time a var is encountered. This creates
	// the SQL ast for the variable. Without this, the SQL generator does not
	// know how to convert rego variables into SQL columns.
	VariableConverter sqltypes.VariableMatcher
}

ConvertConfig is required to generate SQL from the rego queries.

Directories

Path Synopsis
Package sqltypes contains the types used to convert rego queries into SQL.
Package sqltypes contains the types used to convert rego queries into SQL.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL