signoz/pkg/authz/authz.go

package authz

import (
	"context"

	"github.com/SigNoz/signoz/pkg/factory"
	"github.com/SigNoz/signoz/pkg/types/authtypes"
	openfgav1 "github.com/openfga/api/proto/openfga/v1"
)

type AuthZ interface {
	factory.Service

	// Check returns error when the upstream authorization server is unavailable or the subject (s) doesn't have relation (r) on object (o).
	Check(context.Context, *openfgav1.TupleKey) error

	// CheckWithTupleCreation takes upon the responsibility for generating the tuples alongside everything Check does.
	CheckWithTupleCreation(context.Context, authtypes.Claims, authtypes.Relation, authtypes.Typeable, []authtypes.Selector) error

	// writes the tuples to upstream server
	Write(context.Context, *openfgav1.WriteRequest) error

	// lists the selectors for objects assigned to subject (s) with relation (r) on resource (s)
	ListObjects(context.Context, string, authtypes.Relation, authtypes.Typeable) ([]*authtypes.Object, error)
}
feat(authz): embed openfga server (#8966) * feat(access-control): embed openfga in signoz * feat(authz): rename access control to authz * feat(authz): fix codeowners and go mod tidy * feat(authz): fix lint * feat(authz): update go version and move convertor to instrumentation * feat(authz): some more lint issues * feat(authz): some more lint issues * feat(authz): some more lint issues * feat(authz): fix more lint issues * feat(authz): make logger converter interface 2025-09-01 17:10:13 +05:30			`package authz`

feat(authz): add openfga authz middleware (#8990) * feat(authz): add openfga authz middleware * feat(authz): update the auth context * feat(authz): update the auth context * feat(authz): update check request * feat(authz): update check request * feat(authz): add lifecycle tests * feat(authz): add lifecycle tests * feat(authz): add start-stop tests 2025-09-04 14:07:11 +05:30			`import (`
			`"context"`

			`"github.com/SigNoz/signoz/pkg/factory"`
feat(authz): build authz service (#9064) * feat(authz): define the domain layer * feat(authz): added openfga schema and split the enterprise code * feat(authz): revert http handler * feat(authz): address comments * feat(authz): address comments * feat(authz): typo comments * feat(authz): address review comments * feat(authz): address review comments * feat(authz): update the oss model * feat(authz): update the sequential check 2025-09-17 21:35:11 +05:30			`"github.com/SigNoz/signoz/pkg/types/authtypes"`
feat(authz): add openfga authz middleware (#8990) * feat(authz): add openfga authz middleware * feat(authz): update the auth context * feat(authz): update the auth context * feat(authz): update check request * feat(authz): update check request * feat(authz): add lifecycle tests * feat(authz): add lifecycle tests * feat(authz): add start-stop tests 2025-09-04 14:07:11 +05:30			`openfgav1 "github.com/openfga/api/proto/openfga/v1"`
			`)`
feat(authz): embed openfga server (#8966) * feat(access-control): embed openfga in signoz * feat(authz): rename access control to authz * feat(authz): fix codeowners and go mod tidy * feat(authz): fix lint * feat(authz): update go version and move convertor to instrumentation * feat(authz): some more lint issues * feat(authz): some more lint issues * feat(authz): some more lint issues * feat(authz): fix more lint issues * feat(authz): make logger converter interface 2025-09-01 17:10:13 +05:30
			`type AuthZ interface {`
			`factory.Service`
feat(authz): add openfga authz middleware (#8990) * feat(authz): add openfga authz middleware * feat(authz): update the auth context * feat(authz): update the auth context * feat(authz): update check request * feat(authz): update check request * feat(authz): add lifecycle tests * feat(authz): add lifecycle tests * feat(authz): add start-stop tests 2025-09-04 14:07:11 +05:30
			`// Check returns error when the upstream authorization server is unavailable or the subject (s) doesn't have relation (r) on object (o).`
feat(authz): build role module (#9136) * feat(authz): build role module * feat(authz): build role module * feat(authz): refactor the role module to move transactions out * feat(authz): add handler implementation except patch objects * feat(authz): added the missing handler * feat(authz): added changes for selectors * feat(authz): added changes for selectors * feat(authz): added changes for selectors * feat(authz): make the role create handler just to create metadata * feat(authz): address review comments * feat(authz): address review comments * feat(authz): address review comments * feat(authz): address review comments 2025-09-29 17:45:52 +05:30			`Check(context.Context, *openfgav1.TupleKey) error`
feat(authz): build authz service (#9064) * feat(authz): define the domain layer * feat(authz): added openfga schema and split the enterprise code * feat(authz): revert http handler * feat(authz): address comments * feat(authz): address comments * feat(authz): typo comments * feat(authz): address review comments * feat(authz): address review comments * feat(authz): update the oss model * feat(authz): update the sequential check 2025-09-17 21:35:11 +05:30
			`// CheckWithTupleCreation takes upon the responsibility for generating the tuples alongside everything Check does.`
feat(authz): build role module (#9136) * feat(authz): build role module * feat(authz): build role module * feat(authz): refactor the role module to move transactions out * feat(authz): add handler implementation except patch objects * feat(authz): added the missing handler * feat(authz): added changes for selectors * feat(authz): added changes for selectors * feat(authz): added changes for selectors * feat(authz): make the role create handler just to create metadata * feat(authz): address review comments * feat(authz): address review comments * feat(authz): address review comments * feat(authz): address review comments 2025-09-29 17:45:52 +05:30			`CheckWithTupleCreation(context.Context, authtypes.Claims, authtypes.Relation, authtypes.Typeable, []authtypes.Selector) error`

			`// writes the tuples to upstream server`
			`Write(context.Context, *openfgav1.WriteRequest) error`

			`// lists the selectors for objects assigned to subject (s) with relation (r) on resource (s)`
			`ListObjects(context.Context, string, authtypes.Relation, authtypes.Typeable) ([]*authtypes.Object, error)`
feat(authz): embed openfga server (#8966) * feat(access-control): embed openfga in signoz * feat(authz): rename access control to authz * feat(authz): fix codeowners and go mod tidy * feat(authz): fix lint * feat(authz): update go version and move convertor to instrumentation * feat(authz): some more lint issues * feat(authz): some more lint issues * feat(authz): some more lint issues * feat(authz): fix more lint issues * feat(authz): make logger converter interface 2025-09-01 17:10:13 +05:30			`}`