From 693dd8cfa2bbdfe73d943276c83ea73a923b0716 Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Fri, 6 Mar 2026 06:26:21 -1000 Subject: [PATCH 01/12] lol --- pkg/authorization/authorization.go | 294 ++++++++++++++ pkg/authorization/client.go | 632 +++++++++++++++++++++++++++++ 2 files changed, 926 insertions(+) create mode 100644 pkg/authorization/authorization.go create mode 100644 pkg/authorization/client.go diff --git a/pkg/authorization/authorization.go b/pkg/authorization/authorization.go new file mode 100644 index 00000000..4de2851e --- /dev/null +++ b/pkg/authorization/authorization.go @@ -0,0 +1,294 @@ +package authorization + +import "context" + +// DefaultClient is the client used by SetAPIKey and Authorization functions. +var ( + DefaultClient = &Client{ + Endpoint: "https://api.workos.com", + } +) + +// SetAPIKey sets the WorkOS API key for Authorization requests. +func SetAPIKey(apiKey string) { + DefaultClient.APIKey = apiKey +} + +// CreateEnvironmentRole creates a new environment role. +func CreateEnvironmentRole( + ctx context.Context, + opts CreateEnvironmentRoleOpts, +) (EnvironmentRole, error) { + return DefaultClient.CreateEnvironmentRole(ctx, opts) +} + +// ListEnvironmentRoles lists all environment roles. +func ListEnvironmentRoles( + ctx context.Context, +) (ListEnvironmentRolesResponse, error) { + return DefaultClient.ListEnvironmentRoles(ctx) +} + +// GetEnvironmentRole gets an environment role by slug. +func GetEnvironmentRole( + ctx context.Context, + opts GetEnvironmentRoleOpts, +) (EnvironmentRole, error) { + return DefaultClient.GetEnvironmentRole(ctx, opts) +} + +// UpdateEnvironmentRole updates an environment role. +func UpdateEnvironmentRole( + ctx context.Context, + opts UpdateEnvironmentRoleOpts, +) (EnvironmentRole, error) { + return DefaultClient.UpdateEnvironmentRole(ctx, opts) +} + +// CreateOrganizationRole creates a new organization role. +func CreateOrganizationRole( + ctx context.Context, + opts CreateOrganizationRoleOpts, +) (OrganizationRole, error) { + return DefaultClient.CreateOrganizationRole(ctx, opts) +} + +// ListOrganizationRoles lists all roles for an organization. +func ListOrganizationRoles( + ctx context.Context, + opts ListOrganizationRolesOpts, +) (ListOrganizationRolesResponse, error) { + return DefaultClient.ListOrganizationRoles(ctx, opts) +} + +// GetOrganizationRole gets an organization role by slug. +func GetOrganizationRole( + ctx context.Context, + opts GetOrganizationRoleOpts, +) (OrganizationRole, error) { + return DefaultClient.GetOrganizationRole(ctx, opts) +} + +// UpdateOrganizationRole updates an organization role. +func UpdateOrganizationRole( + ctx context.Context, + opts UpdateOrganizationRoleOpts, +) (OrganizationRole, error) { + return DefaultClient.UpdateOrganizationRole(ctx, opts) +} + +// DeleteOrganizationRole deletes an organization role. +func DeleteOrganizationRole( + ctx context.Context, + opts DeleteOrganizationRoleOpts, +) error { + return DefaultClient.DeleteOrganizationRole(ctx, opts) +} + +// SetEnvironmentRolePermissions sets permissions for an environment role. +func SetEnvironmentRolePermissions( + ctx context.Context, + opts SetEnvironmentRolePermissionsOpts, +) (EnvironmentRole, error) { + return DefaultClient.SetEnvironmentRolePermissions(ctx, opts) +} + +// AddEnvironmentRolePermission adds a permission to an environment role. +func AddEnvironmentRolePermission( + ctx context.Context, + opts AddEnvironmentRolePermissionOpts, +) (EnvironmentRole, error) { + return DefaultClient.AddEnvironmentRolePermission(ctx, opts) +} + +// SetOrganizationRolePermissions sets permissions for an organization role. +func SetOrganizationRolePermissions( + ctx context.Context, + opts SetOrganizationRolePermissionsOpts, +) (OrganizationRole, error) { + return DefaultClient.SetOrganizationRolePermissions(ctx, opts) +} + +// AddOrganizationRolePermission adds a permission to an organization role. +func AddOrganizationRolePermission( + ctx context.Context, + opts AddOrganizationRolePermissionOpts, +) (OrganizationRole, error) { + return DefaultClient.AddOrganizationRolePermission(ctx, opts) +} + +// RemoveOrganizationRolePermission removes a permission from an organization role. +func RemoveOrganizationRolePermission( + ctx context.Context, + opts RemoveOrganizationRolePermissionOpts, +) error { + return DefaultClient.RemoveOrganizationRolePermission(ctx, opts) +} + +// CreatePermission creates a new permission. +func CreatePermission( + ctx context.Context, + opts CreatePermissionOpts, +) (Permission, error) { + return DefaultClient.CreatePermission(ctx, opts) +} + +// ListPermissions lists all permissions. +func ListPermissions( + ctx context.Context, + opts ListPermissionsOpts, +) (ListPermissionsResponse, error) { + return DefaultClient.ListPermissions(ctx, opts) +} + +// GetPermission gets a permission by slug. +func GetPermission( + ctx context.Context, + opts GetPermissionOpts, +) (Permission, error) { + return DefaultClient.GetPermission(ctx, opts) +} + +// UpdatePermission updates a permission. +func UpdatePermission( + ctx context.Context, + opts UpdatePermissionOpts, +) (Permission, error) { + return DefaultClient.UpdatePermission(ctx, opts) +} + +// DeletePermission deletes a permission. +func DeletePermission( + ctx context.Context, + opts DeletePermissionOpts, +) error { + return DefaultClient.DeletePermission(ctx, opts) +} + +// GetResource gets a resource by ID. +func GetResource( + ctx context.Context, + opts GetAuthorizationResourceOpts, +) (AuthorizationResource, error) { + return DefaultClient.GetResource(ctx, opts) +} + +// CreateResource creates a new resource. +func CreateResource( + ctx context.Context, + opts CreateAuthorizationResourceOpts, +) (AuthorizationResource, error) { + return DefaultClient.CreateResource(ctx, opts) +} + +// UpdateResource updates a resource. +func UpdateResource( + ctx context.Context, + opts UpdateAuthorizationResourceOpts, +) (AuthorizationResource, error) { + return DefaultClient.UpdateResource(ctx, opts) +} + +// DeleteResource deletes a resource. +func DeleteResource( + ctx context.Context, + opts DeleteAuthorizationResourceOpts, +) error { + return DefaultClient.DeleteResource(ctx, opts) +} + +// ListResources lists resources with optional filters. +func ListResources( + ctx context.Context, + opts ListAuthorizationResourcesOpts, +) (ListAuthorizationResourcesResponse, error) { + return DefaultClient.ListResources(ctx, opts) +} + +// GetResourceByExternalID gets a resource by its external ID. +func GetResourceByExternalID( + ctx context.Context, + opts GetResourceByExternalIDOpts, +) (AuthorizationResource, error) { + return DefaultClient.GetResourceByExternalID(ctx, opts) +} + +// UpdateResourceByExternalID updates a resource by its external ID. +func UpdateResourceByExternalID( + ctx context.Context, + opts UpdateResourceByExternalIDOpts, +) (AuthorizationResource, error) { + return DefaultClient.UpdateResourceByExternalID(ctx, opts) +} + +// DeleteResourceByExternalID deletes a resource by its external ID. +func DeleteResourceByExternalID( + ctx context.Context, + opts DeleteResourceByExternalIDOpts, +) error { + return DefaultClient.DeleteResourceByExternalID(ctx, opts) +} + +// Check performs an authorization check. +func Check( + ctx context.Context, + opts AuthorizationCheckOpts, +) (AuthorizationCheckResult, error) { + return DefaultClient.Check(ctx, opts) +} + +// ListRoleAssignments lists role assignments for a membership. +func ListRoleAssignments( + ctx context.Context, + opts ListRoleAssignmentsOpts, +) (ListRoleAssignmentsResponse, error) { + return DefaultClient.ListRoleAssignments(ctx, opts) +} + +// AssignRole assigns a role to a membership. +func AssignRole( + ctx context.Context, + opts AssignRoleOpts, +) (RoleAssignment, error) { + return DefaultClient.AssignRole(ctx, opts) +} + +// RemoveRole removes a role from a membership. +func RemoveRole( + ctx context.Context, + opts RemoveRoleOpts, +) error { + return DefaultClient.RemoveRole(ctx, opts) +} + +// RemoveRoleAssignment removes a role assignment by ID. +func RemoveRoleAssignment( + ctx context.Context, + opts RemoveRoleAssignmentOpts, +) error { + return DefaultClient.RemoveRoleAssignment(ctx, opts) +} + +// ListResourcesForMembership lists resources accessible by a membership. +func ListResourcesForMembership( + ctx context.Context, + opts ListResourcesForMembershipOpts, +) (ListAuthorizationResourcesResponse, error) { + return DefaultClient.ListResourcesForMembership(ctx, opts) +} + +// ListMembershipsForResource lists memberships with access to a resource. +func ListMembershipsForResource( + ctx context.Context, + opts ListMembershipsForResourceOpts, +) (ListAuthorizationOrganizationMembershipsResponse, error) { + return DefaultClient.ListMembershipsForResource(ctx, opts) +} + +// ListMembershipsForResourceByExternalID lists memberships with access to a resource identified by external ID. +func ListMembershipsForResourceByExternalID( + ctx context.Context, + opts ListMembershipsForResourceByExternalIDOpts, +) (ListAuthorizationOrganizationMembershipsResponse, error) { + return DefaultClient.ListMembershipsForResourceByExternalID(ctx, opts) +} diff --git a/pkg/authorization/client.go b/pkg/authorization/client.go new file mode 100644 index 00000000..b9e344b6 --- /dev/null +++ b/pkg/authorization/client.go @@ -0,0 +1,632 @@ +package authorization + +import ( + "context" + "encoding/json" + "errors" + "net/http" + "sync" + "time" + + "github.com/workos/workos-go/v6/pkg/common" + "github.com/workos/workos-go/v6/pkg/retryablehttp" +) + +// ResponseLimit is the default number of records to limit a response to. +const ResponseLimit = 10 + +// Order represents the order of records. +type Order string + +// Constants that enumerate the available orders. +const ( + Asc Order = "asc" + Desc Order = "desc" +) + +// Client represents a client that performs Authorization requests to the WorkOS API. +type Client struct { + // The WorkOS API Key. It can be found in https://dashboard.workos.com/api-keys. + APIKey string + + // The http.Client that is used to manage authorization resources from WorkOS. + // Defaults to http.Client. + HTTPClient *retryablehttp.HttpClient + + // The endpoint to WorkOS API. Defaults to https://api.workos.com. + Endpoint string + + // The function used to encode in JSON. Defaults to json.Marshal. + JSONEncode func(v interface{}) ([]byte, error) + + once sync.Once +} + +func (c *Client) init() { + if c.HTTPClient == nil { + c.HTTPClient = &retryablehttp.HttpClient{Client: http.Client{Timeout: 10 * time.Second}} + } + + if c.Endpoint == "" { + c.Endpoint = "https://api.workos.com" + } + + if c.JSONEncode == nil { + c.JSONEncode = json.Marshal + } +} + +// EnvironmentRole represents a role defined at the environment level. +type EnvironmentRole struct { + Object string `json:"object"` + ID string `json:"id"` + Name string `json:"name"` + Slug string `json:"slug"` + Description string `json:"description"` + Permissions []string `json:"permissions"` + ResourceTypeSlug string `json:"resource_type_slug"` + Type string `json:"type"` + CreatedAt string `json:"created_at"` + UpdatedAt string `json:"updated_at"` +} + +// OrganizationRole represents a role defined at the organization level. +type OrganizationRole struct { + Object string `json:"object"` + ID string `json:"id"` + Name string `json:"name"` + Slug string `json:"slug"` + Description string `json:"description"` + Permissions []string `json:"permissions"` + ResourceTypeSlug string `json:"resource_type_slug"` + Type string `json:"type"` + CreatedAt string `json:"created_at"` + UpdatedAt string `json:"updated_at"` +} + +// Permission represents a permission in the authorization system. +type Permission struct { + Object string `json:"object"` + ID string `json:"id"` + Slug string `json:"slug"` + Name string `json:"name"` + Description string `json:"description"` + ResourceTypeSlug string `json:"resource_type_slug"` + System bool `json:"system"` + CreatedAt string `json:"created_at"` + UpdatedAt string `json:"updated_at"` +} + +// AuthorizationResource represents a resource in the authorization system. +type AuthorizationResource struct { + Object string `json:"object"` + ID string `json:"id"` + ExternalID string `json:"external_id"` + Name string `json:"name"` + Description string `json:"description"` + ResourceTypeSlug string `json:"resource_type_slug"` + OrganizationID string `json:"organization_id"` + ParentResourceID string `json:"parent_resource_id"` + CreatedAt string `json:"created_at"` + UpdatedAt string `json:"updated_at"` +} + +// RoleAssignment represents a role assigned to a membership. +type RoleAssignment struct { + Object string `json:"object"` + ID string `json:"id"` + Role RoleAssignmentRole `json:"role"` + Resource RoleAssignmentResource `json:"resource"` + CreatedAt string `json:"created_at"` + UpdatedAt string `json:"updated_at"` +} + +// RoleAssignmentRole contains the slug of an assigned role. +type RoleAssignmentRole struct { + Slug string `json:"slug"` +} + +// RoleAssignmentResource identifies the resource a role is assigned to. +type RoleAssignmentResource struct { + ID string `json:"id"` + ExternalID string `json:"external_id"` + ResourceTypeSlug string `json:"resource_type_slug"` +} + +// AuthorizationCheckResult contains the result of an authorization check. +type AuthorizationCheckResult struct { + Authorized bool `json:"authorized"` +} + +// AuthorizationOrganizationMembership represents a membership returned by authorization queries. +type AuthorizationOrganizationMembership struct { + Object string `json:"object"` + ID string `json:"id"` + UserID string `json:"user_id"` + OrganizationID string `json:"organization_id"` + Status string `json:"status"` + CreatedAt string `json:"created_at"` + UpdatedAt string `json:"updated_at"` + CustomAttributes map[string]interface{} `json:"custom_attributes"` +} + +// List response types + +// ListEnvironmentRolesResponse describes the response structure when listing environment roles. +type ListEnvironmentRolesResponse struct { + Data []EnvironmentRole `json:"data"` +} + +// ListOrganizationRolesResponse describes the response structure when listing organization roles. +type ListOrganizationRolesResponse struct { + Data []OrganizationRole `json:"data"` +} + +// ListPermissionsResponse describes the response structure when listing permissions. +type ListPermissionsResponse struct { + Data []Permission `json:"data"` + ListMetadata common.ListMetadata `json:"list_metadata"` +} + +// ListAuthorizationResourcesResponse describes the response structure when listing resources. +type ListAuthorizationResourcesResponse struct { + Data []AuthorizationResource `json:"data"` + ListMetadata common.ListMetadata `json:"list_metadata"` +} + +// ListRoleAssignmentsResponse describes the response structure when listing role assignments. +type ListRoleAssignmentsResponse struct { + Data []RoleAssignment `json:"data"` + ListMetadata common.ListMetadata `json:"list_metadata"` +} + +// ListAuthorizationOrganizationMembershipsResponse describes the response structure when listing memberships. +type ListAuthorizationOrganizationMembershipsResponse struct { + Data []AuthorizationOrganizationMembership `json:"data"` + ListMetadata common.ListMetadata `json:"list_metadata"` +} + +// Request opts types + +// CreateEnvironmentRoleOpts contains the options for creating an environment role. +type CreateEnvironmentRoleOpts struct { + Slug string `json:"slug"` + Name string `json:"name"` + Description string `json:"description,omitempty"` + ResourceTypeSlug string `json:"resource_type_slug,omitempty"` +} + +// GetEnvironmentRoleOpts contains the options for getting an environment role. +type GetEnvironmentRoleOpts struct { + Slug string `json:"-"` +} + +// UpdateEnvironmentRoleOpts contains the options for updating an environment role. +type UpdateEnvironmentRoleOpts struct { + Slug string `json:"-"` + Name *string `json:"name,omitempty"` + Description *string `json:"description"` +} + +// CreateOrganizationRoleOpts contains the options for creating an organization role. +type CreateOrganizationRoleOpts struct { + OrganizationID string `json:"-"` + Slug string `json:"slug"` + Name string `json:"name"` + Description string `json:"description,omitempty"` +} + +// ListOrganizationRolesOpts contains the options for listing organization roles. +type ListOrganizationRolesOpts struct { + OrganizationID string `json:"-"` +} + +// GetOrganizationRoleOpts contains the options for getting an organization role. +type GetOrganizationRoleOpts struct { + OrganizationID string `json:"-"` + Slug string `json:"-"` +} + +// UpdateOrganizationRoleOpts contains the options for updating an organization role. +type UpdateOrganizationRoleOpts struct { + OrganizationID string `json:"-"` + Slug string `json:"-"` + Name *string `json:"name,omitempty"` + Description *string `json:"description"` +} + +// DeleteOrganizationRoleOpts contains the options for deleting an organization role. +type DeleteOrganizationRoleOpts struct { + OrganizationID string `json:"-"` + Slug string `json:"-"` +} + +// SetEnvironmentRolePermissionsOpts contains the options for setting permissions on an environment role. +type SetEnvironmentRolePermissionsOpts struct { + Slug string `json:"-"` + Permissions []string `json:"permissions"` +} + +// AddEnvironmentRolePermissionOpts contains the options for adding a permission to an environment role. +type AddEnvironmentRolePermissionOpts struct { + Slug string `json:"-"` + PermissionSlug string `json:"slug"` +} + +// SetOrganizationRolePermissionsOpts contains the options for setting permissions on an organization role. +type SetOrganizationRolePermissionsOpts struct { + OrganizationID string `json:"-"` + Slug string `json:"-"` + Permissions []string `json:"permissions"` +} + +// AddOrganizationRolePermissionOpts contains the options for adding a permission to an organization role. +type AddOrganizationRolePermissionOpts struct { + OrganizationID string `json:"-"` + Slug string `json:"-"` + PermissionSlug string `json:"slug"` +} + +// RemoveOrganizationRolePermissionOpts contains the options for removing a permission from an organization role. +type RemoveOrganizationRolePermissionOpts struct { + OrganizationID string `json:"-"` + Slug string `json:"-"` + PermissionSlug string `json:"-"` +} + +// CreatePermissionOpts contains the options for creating a permission. +type CreatePermissionOpts struct { + Slug string `json:"slug"` + Name string `json:"name"` + Description string `json:"description,omitempty"` + ResourceTypeSlug string `json:"resource_type_slug,omitempty"` +} + +// ListPermissionsOpts contains the options for listing permissions. +type ListPermissionsOpts struct { + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order Order `url:"order,omitempty"` +} + +// GetPermissionOpts contains the options for getting a permission. +type GetPermissionOpts struct { + Slug string `json:"-"` +} + +// UpdatePermissionOpts contains the options for updating a permission. +type UpdatePermissionOpts struct { + Slug string `json:"-"` + Name *string `json:"name,omitempty"` + Description *string `json:"description"` +} + +// DeletePermissionOpts contains the options for deleting a permission. +type DeletePermissionOpts struct { + Slug string `json:"-"` +} + +// GetAuthorizationResourceOpts contains the options for getting a resource by ID. +type GetAuthorizationResourceOpts struct { + ResourceID string `json:"-"` +} + +// CreateAuthorizationResourceOpts contains the options for creating a resource. +type CreateAuthorizationResourceOpts struct { + ExternalID string `json:"external_id"` + Name string `json:"name"` + Description string `json:"description,omitempty"` + ResourceTypeSlug string `json:"resource_type_slug"` + OrganizationID string `json:"organization_id"` + ParentResourceID string `json:"parent_resource_id,omitempty"` + ParentResourceExternalID string `json:"parent_resource_external_id,omitempty"` + ParentResourceTypeSlug string `json:"parent_resource_type_slug,omitempty"` +} + +// UpdateAuthorizationResourceOpts contains the options for updating a resource. +type UpdateAuthorizationResourceOpts struct { + ResourceID string `json:"-"` + Name *string `json:"name,omitempty"` + Description *string `json:"description"` +} + +// DeleteAuthorizationResourceOpts contains the options for deleting a resource. +type DeleteAuthorizationResourceOpts struct { + ResourceID string `json:"-"` + CascadeDelete bool `url:"cascade_delete,omitempty"` +} + +// ListAuthorizationResourcesOpts contains the options for listing resources. +type ListAuthorizationResourcesOpts struct { + OrganizationID string `url:"organization_id,omitempty"` + ResourceTypeSlug string `url:"resource_type_slug,omitempty"` + ParentResourceID string `url:"parent_resource_id,omitempty"` + ParentResourceTypeSlug string `url:"parent_resource_type_slug,omitempty"` + ParentExternalID string `url:"parent_external_id,omitempty"` + Search string `url:"search,omitempty"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order Order `url:"order,omitempty"` +} + +// GetResourceByExternalIDOpts contains the options for getting a resource by external ID. +type GetResourceByExternalIDOpts struct { + OrganizationID string `json:"-"` + ResourceTypeSlug string `json:"-"` + ExternalID string `json:"-"` +} + +// UpdateResourceByExternalIDOpts contains the options for updating a resource by external ID. +type UpdateResourceByExternalIDOpts struct { + OrganizationID string `json:"-"` + ResourceTypeSlug string `json:"-"` + ExternalID string `json:"-"` + Name *string `json:"name,omitempty"` + Description *string `json:"description"` +} + +// DeleteResourceByExternalIDOpts contains the options for deleting a resource by external ID. +type DeleteResourceByExternalIDOpts struct { + OrganizationID string `json:"-"` + ResourceTypeSlug string `json:"-"` + ExternalID string `json:"-"` + CascadeDelete bool `url:"cascade_delete,omitempty"` +} + +// AuthorizationCheckOpts contains the options for performing an authorization check. +type AuthorizationCheckOpts struct { + OrganizationMembershipID string `json:"-"` + PermissionSlug string `json:"permission_slug"` + ResourceID string `json:"resource_id,omitempty"` + ResourceExternalID string `json:"resource_external_id,omitempty"` + ResourceTypeSlug string `json:"resource_type_slug,omitempty"` +} + +// ListRoleAssignmentsOpts contains the options for listing role assignments. +type ListRoleAssignmentsOpts struct { + OrganizationMembershipID string `json:"-"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order Order `url:"order,omitempty"` +} + +// AssignRoleOpts contains the options for assigning a role. +type AssignRoleOpts struct { + OrganizationMembershipID string `json:"-"` + RoleSlug string `json:"role_slug"` + ResourceID string `json:"resource_id,omitempty"` + ResourceExternalID string `json:"resource_external_id,omitempty"` + ResourceTypeSlug string `json:"resource_type_slug,omitempty"` +} + +// RemoveRoleOpts contains the options for removing a role. +type RemoveRoleOpts struct { + OrganizationMembershipID string `json:"-"` + RoleSlug string `json:"role_slug"` + ResourceID string `json:"resource_id,omitempty"` + ResourceExternalID string `json:"resource_external_id,omitempty"` + ResourceTypeSlug string `json:"resource_type_slug,omitempty"` +} + +// RemoveRoleAssignmentOpts contains the options for removing a role assignment by ID. +type RemoveRoleAssignmentOpts struct { + OrganizationMembershipID string `json:"-"` + RoleAssignmentID string `json:"-"` +} + +// ListResourcesForMembershipOpts contains the options for listing resources accessible by a membership. +type ListResourcesForMembershipOpts struct { + OrganizationMembershipID string `json:"-"` + PermissionSlug string `url:"permission_slug"` + ParentResourceID string `url:"parent_resource_id,omitempty"` + ParentResourceTypeSlug string `url:"parent_resource_type_slug,omitempty"` + ParentResourceExternalID string `url:"parent_resource_external_id,omitempty"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order Order `url:"order,omitempty"` +} + +// ListMembershipsForResourceOpts contains the options for listing memberships with access to a resource. +type ListMembershipsForResourceOpts struct { + ResourceID string `json:"-"` + PermissionSlug string `url:"permission_slug"` + Assignment string `url:"assignment,omitempty"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order Order `url:"order,omitempty"` +} + +// ListMembershipsForResourceByExternalIDOpts contains the options for listing memberships by resource external ID. +type ListMembershipsForResourceByExternalIDOpts struct { + OrganizationID string `json:"-"` + ResourceTypeSlug string `json:"-"` + ExternalID string `json:"-"` + PermissionSlug string `url:"permission_slug"` + Assignment string `url:"assignment,omitempty"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order Order `url:"order,omitempty"` +} + +// Stub method implementations + +// CreateEnvironmentRole creates a new environment role. +func (c *Client) CreateEnvironmentRole(ctx context.Context, opts CreateEnvironmentRoleOpts) (EnvironmentRole, error) { + return EnvironmentRole{}, errors.New("not implemented") +} + +// ListEnvironmentRoles lists all environment roles. +func (c *Client) ListEnvironmentRoles(ctx context.Context) (ListEnvironmentRolesResponse, error) { + return ListEnvironmentRolesResponse{}, errors.New("not implemented") +} + +// GetEnvironmentRole gets an environment role by slug. +func (c *Client) GetEnvironmentRole(ctx context.Context, opts GetEnvironmentRoleOpts) (EnvironmentRole, error) { + return EnvironmentRole{}, errors.New("not implemented") +} + +// UpdateEnvironmentRole updates an environment role. +func (c *Client) UpdateEnvironmentRole(ctx context.Context, opts UpdateEnvironmentRoleOpts) (EnvironmentRole, error) { + return EnvironmentRole{}, errors.New("not implemented") +} + +// CreateOrganizationRole creates a new organization role. +func (c *Client) CreateOrganizationRole(ctx context.Context, opts CreateOrganizationRoleOpts) (OrganizationRole, error) { + return OrganizationRole{}, errors.New("not implemented") +} + +// ListOrganizationRoles lists all roles for an organization. +func (c *Client) ListOrganizationRoles(ctx context.Context, opts ListOrganizationRolesOpts) (ListOrganizationRolesResponse, error) { + return ListOrganizationRolesResponse{}, errors.New("not implemented") +} + +// GetOrganizationRole gets an organization role by slug. +func (c *Client) GetOrganizationRole(ctx context.Context, opts GetOrganizationRoleOpts) (OrganizationRole, error) { + return OrganizationRole{}, errors.New("not implemented") +} + +// UpdateOrganizationRole updates an organization role. +func (c *Client) UpdateOrganizationRole(ctx context.Context, opts UpdateOrganizationRoleOpts) (OrganizationRole, error) { + return OrganizationRole{}, errors.New("not implemented") +} + +// DeleteOrganizationRole deletes an organization role. +func (c *Client) DeleteOrganizationRole(ctx context.Context, opts DeleteOrganizationRoleOpts) error { + return errors.New("not implemented") +} + +// SetEnvironmentRolePermissions sets permissions for an environment role. +func (c *Client) SetEnvironmentRolePermissions(ctx context.Context, opts SetEnvironmentRolePermissionsOpts) (EnvironmentRole, error) { + return EnvironmentRole{}, errors.New("not implemented") +} + +// AddEnvironmentRolePermission adds a permission to an environment role. +func (c *Client) AddEnvironmentRolePermission(ctx context.Context, opts AddEnvironmentRolePermissionOpts) (EnvironmentRole, error) { + return EnvironmentRole{}, errors.New("not implemented") +} + +// SetOrganizationRolePermissions sets permissions for an organization role. +func (c *Client) SetOrganizationRolePermissions(ctx context.Context, opts SetOrganizationRolePermissionsOpts) (OrganizationRole, error) { + return OrganizationRole{}, errors.New("not implemented") +} + +// AddOrganizationRolePermission adds a permission to an organization role. +func (c *Client) AddOrganizationRolePermission(ctx context.Context, opts AddOrganizationRolePermissionOpts) (OrganizationRole, error) { + return OrganizationRole{}, errors.New("not implemented") +} + +// RemoveOrganizationRolePermission removes a permission from an organization role. +func (c *Client) RemoveOrganizationRolePermission(ctx context.Context, opts RemoveOrganizationRolePermissionOpts) error { + return errors.New("not implemented") +} + +// CreatePermission creates a new permission. +func (c *Client) CreatePermission(ctx context.Context, opts CreatePermissionOpts) (Permission, error) { + return Permission{}, errors.New("not implemented") +} + +// ListPermissions lists all permissions. +func (c *Client) ListPermissions(ctx context.Context, opts ListPermissionsOpts) (ListPermissionsResponse, error) { + return ListPermissionsResponse{}, errors.New("not implemented") +} + +// GetPermission gets a permission by slug. +func (c *Client) GetPermission(ctx context.Context, opts GetPermissionOpts) (Permission, error) { + return Permission{}, errors.New("not implemented") +} + +// UpdatePermission updates a permission. +func (c *Client) UpdatePermission(ctx context.Context, opts UpdatePermissionOpts) (Permission, error) { + return Permission{}, errors.New("not implemented") +} + +// DeletePermission deletes a permission. +func (c *Client) DeletePermission(ctx context.Context, opts DeletePermissionOpts) error { + return errors.New("not implemented") +} + +// GetResource gets a resource by ID. +func (c *Client) GetResource(ctx context.Context, opts GetAuthorizationResourceOpts) (AuthorizationResource, error) { + return AuthorizationResource{}, errors.New("not implemented") +} + +// CreateResource creates a new resource. +func (c *Client) CreateResource(ctx context.Context, opts CreateAuthorizationResourceOpts) (AuthorizationResource, error) { + return AuthorizationResource{}, errors.New("not implemented") +} + +// UpdateResource updates a resource. +func (c *Client) UpdateResource(ctx context.Context, opts UpdateAuthorizationResourceOpts) (AuthorizationResource, error) { + return AuthorizationResource{}, errors.New("not implemented") +} + +// DeleteResource deletes a resource. +func (c *Client) DeleteResource(ctx context.Context, opts DeleteAuthorizationResourceOpts) error { + return errors.New("not implemented") +} + +// ListResources lists resources with optional filters. +func (c *Client) ListResources(ctx context.Context, opts ListAuthorizationResourcesOpts) (ListAuthorizationResourcesResponse, error) { + return ListAuthorizationResourcesResponse{}, errors.New("not implemented") +} + +// GetResourceByExternalID gets a resource by its external ID. +func (c *Client) GetResourceByExternalID(ctx context.Context, opts GetResourceByExternalIDOpts) (AuthorizationResource, error) { + return AuthorizationResource{}, errors.New("not implemented") +} + +// UpdateResourceByExternalID updates a resource by its external ID. +func (c *Client) UpdateResourceByExternalID(ctx context.Context, opts UpdateResourceByExternalIDOpts) (AuthorizationResource, error) { + return AuthorizationResource{}, errors.New("not implemented") +} + +// DeleteResourceByExternalID deletes a resource by its external ID. +func (c *Client) DeleteResourceByExternalID(ctx context.Context, opts DeleteResourceByExternalIDOpts) error { + return errors.New("not implemented") +} + +// Check performs an authorization check. +func (c *Client) Check(ctx context.Context, opts AuthorizationCheckOpts) (AuthorizationCheckResult, error) { + return AuthorizationCheckResult{}, errors.New("not implemented") +} + +// ListRoleAssignments lists role assignments for a membership. +func (c *Client) ListRoleAssignments(ctx context.Context, opts ListRoleAssignmentsOpts) (ListRoleAssignmentsResponse, error) { + return ListRoleAssignmentsResponse{}, errors.New("not implemented") +} + +// AssignRole assigns a role to a membership. +func (c *Client) AssignRole(ctx context.Context, opts AssignRoleOpts) (RoleAssignment, error) { + return RoleAssignment{}, errors.New("not implemented") +} + +// RemoveRole removes a role from a membership. +func (c *Client) RemoveRole(ctx context.Context, opts RemoveRoleOpts) error { + return errors.New("not implemented") +} + +// RemoveRoleAssignment removes a role assignment by ID. +func (c *Client) RemoveRoleAssignment(ctx context.Context, opts RemoveRoleAssignmentOpts) error { + return errors.New("not implemented") +} + +// ListResourcesForMembership lists resources accessible by a membership. +func (c *Client) ListResourcesForMembership(ctx context.Context, opts ListResourcesForMembershipOpts) (ListAuthorizationResourcesResponse, error) { + return ListAuthorizationResourcesResponse{}, errors.New("not implemented") +} + +// ListMembershipsForResource lists memberships with access to a resource. +func (c *Client) ListMembershipsForResource(ctx context.Context, opts ListMembershipsForResourceOpts) (ListAuthorizationOrganizationMembershipsResponse, error) { + return ListAuthorizationOrganizationMembershipsResponse{}, errors.New("not implemented") +} + +// ListMembershipsForResourceByExternalID lists memberships with access to a resource identified by external ID. +func (c *Client) ListMembershipsForResourceByExternalID(ctx context.Context, opts ListMembershipsForResourceByExternalIDOpts) (ListAuthorizationOrganizationMembershipsResponse, error) { + return ListAuthorizationOrganizationMembershipsResponse{}, errors.New("not implemented") +} From d7090cd421090366d980afe1bd4bd1ee2c240748 Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Fri, 6 Mar 2026 06:45:46 -1000 Subject: [PATCH 02/12] chore: format authorization resource opts struct Apply gofmt-aligned spacing in CreateAuthorizationResourceOpts so CI format/diff checks pass. Made-with: Cursor --- pkg/authorization/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/authorization/client.go b/pkg/authorization/client.go index b9e344b6..464cd753 100644 --- a/pkg/authorization/client.go +++ b/pkg/authorization/client.go @@ -314,7 +314,7 @@ type GetAuthorizationResourceOpts struct { // CreateAuthorizationResourceOpts contains the options for creating a resource. type CreateAuthorizationResourceOpts struct { - ExternalID string `json:"external_id"` + ExternalID string `json:"external_id"` Name string `json:"name"` Description string `json:"description,omitempty"` ResourceTypeSlug string `json:"resource_type_slug"` From 3de28f993d2f88678b33887c32d38da016ac6fea Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Fri, 6 Mar 2026 07:02:03 -1000 Subject: [PATCH 03/12] move order to common --- pkg/authorization/client.go | 97 +++++++++++++++++-------------------- pkg/common/order.go | 10 ++++ 2 files changed, 54 insertions(+), 53 deletions(-) create mode 100644 pkg/common/order.go diff --git a/pkg/authorization/client.go b/pkg/authorization/client.go index 464cd753..329dbc8b 100644 --- a/pkg/authorization/client.go +++ b/pkg/authorization/client.go @@ -15,15 +15,6 @@ import ( // ResponseLimit is the default number of records to limit a response to. const ResponseLimit = 10 -// Order represents the order of records. -type Order string - -// Constants that enumerate the available orders. -const ( - Asc Order = "asc" - Desc Order = "desc" -) - // Client represents a client that performs Authorization requests to the WorkOS API. type Client struct { // The WorkOS API Key. It can be found in https://dashboard.workos.com/api-keys. @@ -284,10 +275,10 @@ type CreatePermissionOpts struct { // ListPermissionsOpts contains the options for listing permissions. type ListPermissionsOpts struct { - Limit int `url:"limit,omitempty"` - Before string `url:"before,omitempty"` - After string `url:"after,omitempty"` - Order Order `url:"order,omitempty"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order common.Order `url:"order,omitempty"` } // GetPermissionOpts contains the options for getting a permission. @@ -339,16 +330,16 @@ type DeleteAuthorizationResourceOpts struct { // ListAuthorizationResourcesOpts contains the options for listing resources. type ListAuthorizationResourcesOpts struct { - OrganizationID string `url:"organization_id,omitempty"` - ResourceTypeSlug string `url:"resource_type_slug,omitempty"` - ParentResourceID string `url:"parent_resource_id,omitempty"` - ParentResourceTypeSlug string `url:"parent_resource_type_slug,omitempty"` - ParentExternalID string `url:"parent_external_id,omitempty"` - Search string `url:"search,omitempty"` - Limit int `url:"limit,omitempty"` - Before string `url:"before,omitempty"` - After string `url:"after,omitempty"` - Order Order `url:"order,omitempty"` + OrganizationID string `url:"organization_id,omitempty"` + ResourceTypeSlug string `url:"resource_type_slug,omitempty"` + ParentResourceID string `url:"parent_resource_id,omitempty"` + ParentResourceTypeSlug string `url:"parent_resource_type_slug,omitempty"` + ParentExternalID string `url:"parent_external_id,omitempty"` + Search string `url:"search,omitempty"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order common.Order `url:"order,omitempty"` } // GetResourceByExternalIDOpts contains the options for getting a resource by external ID. @@ -386,11 +377,11 @@ type AuthorizationCheckOpts struct { // ListRoleAssignmentsOpts contains the options for listing role assignments. type ListRoleAssignmentsOpts struct { - OrganizationMembershipID string `json:"-"` - Limit int `url:"limit,omitempty"` - Before string `url:"before,omitempty"` - After string `url:"after,omitempty"` - Order Order `url:"order,omitempty"` + OrganizationMembershipID string `json:"-"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order common.Order `url:"order,omitempty"` } // AssignRoleOpts contains the options for assigning a role. @@ -419,39 +410,39 @@ type RemoveRoleAssignmentOpts struct { // ListResourcesForMembershipOpts contains the options for listing resources accessible by a membership. type ListResourcesForMembershipOpts struct { - OrganizationMembershipID string `json:"-"` - PermissionSlug string `url:"permission_slug"` - ParentResourceID string `url:"parent_resource_id,omitempty"` - ParentResourceTypeSlug string `url:"parent_resource_type_slug,omitempty"` - ParentResourceExternalID string `url:"parent_resource_external_id,omitempty"` - Limit int `url:"limit,omitempty"` - Before string `url:"before,omitempty"` - After string `url:"after,omitempty"` - Order Order `url:"order,omitempty"` + OrganizationMembershipID string `json:"-"` + PermissionSlug string `url:"permission_slug"` + ParentResourceID string `url:"parent_resource_id,omitempty"` + ParentResourceTypeSlug string `url:"parent_resource_type_slug,omitempty"` + ParentResourceExternalID string `url:"parent_resource_external_id,omitempty"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order common.Order `url:"order,omitempty"` } // ListMembershipsForResourceOpts contains the options for listing memberships with access to a resource. type ListMembershipsForResourceOpts struct { - ResourceID string `json:"-"` - PermissionSlug string `url:"permission_slug"` - Assignment string `url:"assignment,omitempty"` - Limit int `url:"limit,omitempty"` - Before string `url:"before,omitempty"` - After string `url:"after,omitempty"` - Order Order `url:"order,omitempty"` + ResourceID string `json:"-"` + PermissionSlug string `url:"permission_slug"` + Assignment string `url:"assignment,omitempty"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order common.Order `url:"order,omitempty"` } // ListMembershipsForResourceByExternalIDOpts contains the options for listing memberships by resource external ID. type ListMembershipsForResourceByExternalIDOpts struct { - OrganizationID string `json:"-"` - ResourceTypeSlug string `json:"-"` - ExternalID string `json:"-"` - PermissionSlug string `url:"permission_slug"` - Assignment string `url:"assignment,omitempty"` - Limit int `url:"limit,omitempty"` - Before string `url:"before,omitempty"` - After string `url:"after,omitempty"` - Order Order `url:"order,omitempty"` + OrganizationID string `json:"-"` + ResourceTypeSlug string `json:"-"` + ExternalID string `json:"-"` + PermissionSlug string `url:"permission_slug"` + Assignment string `url:"assignment,omitempty"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order common.Order `url:"order,omitempty"` } // Stub method implementations diff --git a/pkg/common/order.go b/pkg/common/order.go new file mode 100644 index 00000000..3c33288f --- /dev/null +++ b/pkg/common/order.go @@ -0,0 +1,10 @@ +package common + +// Order represents the order of records. +type Order string + +// Constants that enumerate the available orders. +const ( + Asc Order = "asc" + Desc Order = "desc" +) From ceb29f789f64385d61ec66a79e3a4ba35ad4e942 Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Fri, 6 Mar 2026 07:12:00 -1000 Subject: [PATCH 04/12] stuff --- pkg/authorization/authorization.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pkg/authorization/authorization.go b/pkg/authorization/authorization.go index 4de2851e..b0afbfb1 100644 --- a/pkg/authorization/authorization.go +++ b/pkg/authorization/authorization.go @@ -205,24 +205,24 @@ func ListResources( return DefaultClient.ListResources(ctx, opts) } -// GetResourceByExternalID gets a resource by its external ID. -func GetResourceByExternalID( +// GetResourceByExternalId gets a resource by its external ID. +func GetResourceByExternalId( ctx context.Context, opts GetResourceByExternalIDOpts, ) (AuthorizationResource, error) { return DefaultClient.GetResourceByExternalID(ctx, opts) } -// UpdateResourceByExternalID updates a resource by its external ID. -func UpdateResourceByExternalID( +// UpdateResourceByExternalId updates a resource by its external ID. +func UpdateResourceByExternalId( ctx context.Context, opts UpdateResourceByExternalIDOpts, ) (AuthorizationResource, error) { return DefaultClient.UpdateResourceByExternalID(ctx, opts) } -// DeleteResourceByExternalID deletes a resource by its external ID. -func DeleteResourceByExternalID( +// DeleteResourceByExternalId deletes a resource by its external ID. +func DeleteResourceByExternalId( ctx context.Context, opts DeleteResourceByExternalIDOpts, ) error { @@ -285,8 +285,8 @@ func ListMembershipsForResource( return DefaultClient.ListMembershipsForResource(ctx, opts) } -// ListMembershipsForResourceByExternalID lists memberships with access to a resource identified by external ID. -func ListMembershipsForResourceByExternalID( +// ListMembershipsForResourceByExternalId lists memberships with access to a resource identified by external ID. +func ListMembershipsForResourceByExternalId( ctx context.Context, opts ListMembershipsForResourceByExternalIDOpts, ) (ListAuthorizationOrganizationMembershipsResponse, error) { From 6e66963602bf56ec1b3a951bc64a3cd72f213afe Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Fri, 6 Mar 2026 07:50:46 -1000 Subject: [PATCH 05/12] moar --- pkg/authorization/authorization.go | 28 +-- pkg/authorization/client.go | 265 +++++++++++++++++++---------- 2 files changed, 186 insertions(+), 107 deletions(-) diff --git a/pkg/authorization/authorization.go b/pkg/authorization/authorization.go index b0afbfb1..d0978881 100644 --- a/pkg/authorization/authorization.go +++ b/pkg/authorization/authorization.go @@ -165,7 +165,7 @@ func DeletePermission( return DefaultClient.DeletePermission(ctx, opts) } -// GetResource gets a resource by ID. +// GetResource gets a resource by Id. func GetResource( ctx context.Context, opts GetAuthorizationResourceOpts, @@ -205,28 +205,28 @@ func ListResources( return DefaultClient.ListResources(ctx, opts) } -// GetResourceByExternalId gets a resource by its external ID. +// GetResourceByExternalId gets a resource by its external Id. func GetResourceByExternalId( ctx context.Context, - opts GetResourceByExternalIDOpts, + opts GetResourceByExternalIdOpts, ) (AuthorizationResource, error) { - return DefaultClient.GetResourceByExternalID(ctx, opts) + return DefaultClient.GetResourceByExternalId(ctx, opts) } -// UpdateResourceByExternalId updates a resource by its external ID. +// UpdateResourceByExternalId updates a resource by its external Id. func UpdateResourceByExternalId( ctx context.Context, - opts UpdateResourceByExternalIDOpts, + opts UpdateResourceByExternalIdOpts, ) (AuthorizationResource, error) { - return DefaultClient.UpdateResourceByExternalID(ctx, opts) + return DefaultClient.UpdateResourceByExternalId(ctx, opts) } -// DeleteResourceByExternalId deletes a resource by its external ID. +// DeleteResourceByExternalId deletes a resource by its external Id. func DeleteResourceByExternalId( ctx context.Context, - opts DeleteResourceByExternalIDOpts, + opts DeleteResourceByExternalIdOpts, ) error { - return DefaultClient.DeleteResourceByExternalID(ctx, opts) + return DefaultClient.DeleteResourceByExternalId(ctx, opts) } // Check performs an authorization check. @@ -261,7 +261,7 @@ func RemoveRole( return DefaultClient.RemoveRole(ctx, opts) } -// RemoveRoleAssignment removes a role assignment by ID. +// RemoveRoleAssignment removes a role assignment by Id. func RemoveRoleAssignment( ctx context.Context, opts RemoveRoleAssignmentOpts, @@ -285,10 +285,10 @@ func ListMembershipsForResource( return DefaultClient.ListMembershipsForResource(ctx, opts) } -// ListMembershipsForResourceByExternalId lists memberships with access to a resource identified by external ID. +// ListMembershipsForResourceByExternalId lists memberships with access to a resource identified by external Id. func ListMembershipsForResourceByExternalId( ctx context.Context, - opts ListMembershipsForResourceByExternalIDOpts, + opts ListMembershipsForResourceByExternalIdOpts, ) (ListAuthorizationOrganizationMembershipsResponse, error) { - return DefaultClient.ListMembershipsForResourceByExternalID(ctx, opts) + return DefaultClient.ListMembershipsForResourceByExternalId(ctx, opts) } diff --git a/pkg/authorization/client.go b/pkg/authorization/client.go index 329dbc8b..cae85024 100644 --- a/pkg/authorization/client.go +++ b/pkg/authorization/client.go @@ -12,8 +12,8 @@ import ( "github.com/workos/workos-go/v6/pkg/retryablehttp" ) -// ResponseLimit is the default number of records to limit a response to. -const ResponseLimit = 10 +// DefaultListSize is the default number of records to return in list responses. +const DefaultListSize = 10 // Client represents a client that performs Authorization requests to the WorkOS API. type Client struct { @@ -47,10 +47,64 @@ func (c *Client) init() { } } +// ResourceIdentifier identifies a resource by Id or by external Id and type slug. +type ResourceIdentifier interface { + resourceIdentifierParams() map[string]interface{} +} + +// ResourceIdentifierById identifies a resource by its internal Id. +type ResourceIdentifierById struct { + ResourceId string +} + +func (r ResourceIdentifierById) resourceIdentifierParams() map[string]interface{} { + return map[string]interface{}{"resource_id": r.ResourceId} +} + +// ResourceIdentifierByExternalId identifies a resource by external Id and type slug. +type ResourceIdentifierByExternalId struct { + ResourceExternalId string + ResourceTypeSlug string +} + +func (r ResourceIdentifierByExternalId) resourceIdentifierParams() map[string]interface{} { + return map[string]interface{}{ + "resource_external_id": r.ResourceExternalId, + "resource_type_slug": r.ResourceTypeSlug, + } +} + +// ParentResourceIdentifier identifies a parent resource by Id or by external Id and type slug. +type ParentResourceIdentifier interface { + parentResourceIdentifierParams() map[string]interface{} +} + +// ParentResourceIdentifierById identifies a parent resource by its internal Id. +type ParentResourceIdentifierById struct { + ParentResourceId string +} + +func (r ParentResourceIdentifierById) parentResourceIdentifierParams() map[string]interface{} { + return map[string]interface{}{"parent_resource_id": r.ParentResourceId} +} + +// ParentResourceIdentifierByExternalId identifies a parent resource by external Id and type slug. +type ParentResourceIdentifierByExternalId struct { + ParentResourceExternalId string + ParentResourceTypeSlug string +} + +func (r ParentResourceIdentifierByExternalId) parentResourceIdentifierParams() map[string]interface{} { + return map[string]interface{}{ + "parent_resource_external_id": r.ParentResourceExternalId, + "parent_resource_type_slug": r.ParentResourceTypeSlug, + } +} + // EnvironmentRole represents a role defined at the environment level. type EnvironmentRole struct { Object string `json:"object"` - ID string `json:"id"` + Id string `json:"id"` Name string `json:"name"` Slug string `json:"slug"` Description string `json:"description"` @@ -64,7 +118,7 @@ type EnvironmentRole struct { // OrganizationRole represents a role defined at the organization level. type OrganizationRole struct { Object string `json:"object"` - ID string `json:"id"` + Id string `json:"id"` Name string `json:"name"` Slug string `json:"slug"` Description string `json:"description"` @@ -78,7 +132,7 @@ type OrganizationRole struct { // Permission represents a permission in the authorization system. type Permission struct { Object string `json:"object"` - ID string `json:"id"` + Id string `json:"id"` Slug string `json:"slug"` Name string `json:"name"` Description string `json:"description"` @@ -91,13 +145,13 @@ type Permission struct { // AuthorizationResource represents a resource in the authorization system. type AuthorizationResource struct { Object string `json:"object"` - ID string `json:"id"` - ExternalID string `json:"external_id"` + Id string `json:"id"` + ExternalId string `json:"external_id"` Name string `json:"name"` Description string `json:"description"` ResourceTypeSlug string `json:"resource_type_slug"` - OrganizationID string `json:"organization_id"` - ParentResourceID string `json:"parent_resource_id"` + OrganizationId string `json:"organization_id"` + ParentResourceId string `json:"parent_resource_id"` CreatedAt string `json:"created_at"` UpdatedAt string `json:"updated_at"` } @@ -105,7 +159,7 @@ type AuthorizationResource struct { // RoleAssignment represents a role assigned to a membership. type RoleAssignment struct { Object string `json:"object"` - ID string `json:"id"` + Id string `json:"id"` Role RoleAssignmentRole `json:"role"` Resource RoleAssignmentResource `json:"resource"` CreatedAt string `json:"created_at"` @@ -119,8 +173,8 @@ type RoleAssignmentRole struct { // RoleAssignmentResource identifies the resource a role is assigned to. type RoleAssignmentResource struct { - ID string `json:"id"` - ExternalID string `json:"external_id"` + Id string `json:"id"` + ExternalId string `json:"external_id"` ResourceTypeSlug string `json:"resource_type_slug"` } @@ -132,9 +186,9 @@ type AuthorizationCheckResult struct { // AuthorizationOrganizationMembership represents a membership returned by authorization queries. type AuthorizationOrganizationMembership struct { Object string `json:"object"` - ID string `json:"id"` - UserID string `json:"user_id"` - OrganizationID string `json:"organization_id"` + Id string `json:"id"` + UserId string `json:"user_id"` + OrganizationId string `json:"organization_id"` Status string `json:"status"` CreatedAt string `json:"created_at"` UpdatedAt string `json:"updated_at"` @@ -201,7 +255,7 @@ type UpdateEnvironmentRoleOpts struct { // CreateOrganizationRoleOpts contains the options for creating an organization role. type CreateOrganizationRoleOpts struct { - OrganizationID string `json:"-"` + OrganizationId string `json:"-"` Slug string `json:"slug"` Name string `json:"name"` Description string `json:"description,omitempty"` @@ -209,18 +263,18 @@ type CreateOrganizationRoleOpts struct { // ListOrganizationRolesOpts contains the options for listing organization roles. type ListOrganizationRolesOpts struct { - OrganizationID string `json:"-"` + OrganizationId string `json:"-"` } // GetOrganizationRoleOpts contains the options for getting an organization role. type GetOrganizationRoleOpts struct { - OrganizationID string `json:"-"` + OrganizationId string `json:"-"` Slug string `json:"-"` } // UpdateOrganizationRoleOpts contains the options for updating an organization role. type UpdateOrganizationRoleOpts struct { - OrganizationID string `json:"-"` + OrganizationId string `json:"-"` Slug string `json:"-"` Name *string `json:"name,omitempty"` Description *string `json:"description"` @@ -228,7 +282,7 @@ type UpdateOrganizationRoleOpts struct { // DeleteOrganizationRoleOpts contains the options for deleting an organization role. type DeleteOrganizationRoleOpts struct { - OrganizationID string `json:"-"` + OrganizationId string `json:"-"` Slug string `json:"-"` } @@ -246,21 +300,21 @@ type AddEnvironmentRolePermissionOpts struct { // SetOrganizationRolePermissionsOpts contains the options for setting permissions on an organization role. type SetOrganizationRolePermissionsOpts struct { - OrganizationID string `json:"-"` + OrganizationId string `json:"-"` Slug string `json:"-"` Permissions []string `json:"permissions"` } // AddOrganizationRolePermissionOpts contains the options for adding a permission to an organization role. type AddOrganizationRolePermissionOpts struct { - OrganizationID string `json:"-"` + OrganizationId string `json:"-"` Slug string `json:"-"` PermissionSlug string `json:"slug"` } // RemoveOrganizationRolePermissionOpts contains the options for removing a permission from an organization role. type RemoveOrganizationRolePermissionOpts struct { - OrganizationID string `json:"-"` + OrganizationId string `json:"-"` Slug string `json:"-"` PermissionSlug string `json:"-"` } @@ -298,43 +352,41 @@ type DeletePermissionOpts struct { Slug string `json:"-"` } -// GetAuthorizationResourceOpts contains the options for getting a resource by ID. +// GetAuthorizationResourceOpts contains the options for getting a resource by Id. type GetAuthorizationResourceOpts struct { - ResourceID string `json:"-"` + ResourceId string `json:"-"` } // CreateAuthorizationResourceOpts contains the options for creating a resource. type CreateAuthorizationResourceOpts struct { - ExternalID string `json:"external_id"` - Name string `json:"name"` - Description string `json:"description,omitempty"` - ResourceTypeSlug string `json:"resource_type_slug"` - OrganizationID string `json:"organization_id"` - ParentResourceID string `json:"parent_resource_id,omitempty"` - ParentResourceExternalID string `json:"parent_resource_external_id,omitempty"` - ParentResourceTypeSlug string `json:"parent_resource_type_slug,omitempty"` + ExternalId string `json:"external_id"` + Name string `json:"name"` + Description string `json:"description,omitempty"` + ResourceTypeSlug string `json:"resource_type_slug"` + OrganizationId string `json:"organization_id"` + Parent ParentResourceIdentifier `json:"-"` } // UpdateAuthorizationResourceOpts contains the options for updating a resource. type UpdateAuthorizationResourceOpts struct { - ResourceID string `json:"-"` + ResourceId string `json:"-"` Name *string `json:"name,omitempty"` Description *string `json:"description"` } // DeleteAuthorizationResourceOpts contains the options for deleting a resource. type DeleteAuthorizationResourceOpts struct { - ResourceID string `json:"-"` + ResourceId string `json:"-"` CascadeDelete bool `url:"cascade_delete,omitempty"` } // ListAuthorizationResourcesOpts contains the options for listing resources. type ListAuthorizationResourcesOpts struct { - OrganizationID string `url:"organization_id,omitempty"` + OrganizationId string `url:"organization_id,omitempty"` ResourceTypeSlug string `url:"resource_type_slug,omitempty"` - ParentResourceID string `url:"parent_resource_id,omitempty"` + ParentResourceId string `url:"parent_resource_id,omitempty"` ParentResourceTypeSlug string `url:"parent_resource_type_slug,omitempty"` - ParentExternalID string `url:"parent_external_id,omitempty"` + ParentExternalId string `url:"parent_external_id,omitempty"` Search string `url:"search,omitempty"` Limit int `url:"limit,omitempty"` Before string `url:"before,omitempty"` @@ -342,42 +394,40 @@ type ListAuthorizationResourcesOpts struct { Order common.Order `url:"order,omitempty"` } -// GetResourceByExternalIDOpts contains the options for getting a resource by external ID. -type GetResourceByExternalIDOpts struct { - OrganizationID string `json:"-"` +// GetResourceByExternalIdOpts contains the options for getting a resource by external Id. +type GetResourceByExternalIdOpts struct { + OrganizationId string `json:"-"` ResourceTypeSlug string `json:"-"` - ExternalID string `json:"-"` + ExternalId string `json:"-"` } -// UpdateResourceByExternalIDOpts contains the options for updating a resource by external ID. -type UpdateResourceByExternalIDOpts struct { - OrganizationID string `json:"-"` +// UpdateResourceByExternalIdOpts contains the options for updating a resource by external Id. +type UpdateResourceByExternalIdOpts struct { + OrganizationId string `json:"-"` ResourceTypeSlug string `json:"-"` - ExternalID string `json:"-"` + ExternalId string `json:"-"` Name *string `json:"name,omitempty"` Description *string `json:"description"` } -// DeleteResourceByExternalIDOpts contains the options for deleting a resource by external ID. -type DeleteResourceByExternalIDOpts struct { - OrganizationID string `json:"-"` +// DeleteResourceByExternalIdOpts contains the options for deleting a resource by external Id. +type DeleteResourceByExternalIdOpts struct { + OrganizationId string `json:"-"` ResourceTypeSlug string `json:"-"` - ExternalID string `json:"-"` + ExternalId string `json:"-"` CascadeDelete bool `url:"cascade_delete,omitempty"` } // AuthorizationCheckOpts contains the options for performing an authorization check. type AuthorizationCheckOpts struct { - OrganizationMembershipID string `json:"-"` - PermissionSlug string `json:"permission_slug"` - ResourceID string `json:"resource_id,omitempty"` - ResourceExternalID string `json:"resource_external_id,omitempty"` - ResourceTypeSlug string `json:"resource_type_slug,omitempty"` + OrganizationMembershipId string `json:"-"` + PermissionSlug string `json:"permission_slug"` + Resource ResourceIdentifier `json:"-"` } // ListRoleAssignmentsOpts contains the options for listing role assignments. type ListRoleAssignmentsOpts struct { - OrganizationMembershipID string `json:"-"` + OrganizationMembershipId string `json:"-"` Limit int `url:"limit,omitempty"` Before string `url:"before,omitempty"` After string `url:"after,omitempty"` @@ -386,44 +436,38 @@ type ListRoleAssignmentsOpts struct { // AssignRoleOpts contains the options for assigning a role. type AssignRoleOpts struct { - OrganizationMembershipID string `json:"-"` - RoleSlug string `json:"role_slug"` - ResourceID string `json:"resource_id,omitempty"` - ResourceExternalID string `json:"resource_external_id,omitempty"` - ResourceTypeSlug string `json:"resource_type_slug,omitempty"` + OrganizationMembershipId string `json:"-"` + RoleSlug string `json:"role_slug"` + Resource ResourceIdentifier `json:"-"` } // RemoveRoleOpts contains the options for removing a role. type RemoveRoleOpts struct { - OrganizationMembershipID string `json:"-"` - RoleSlug string `json:"role_slug"` - ResourceID string `json:"resource_id,omitempty"` - ResourceExternalID string `json:"resource_external_id,omitempty"` - ResourceTypeSlug string `json:"resource_type_slug,omitempty"` + OrganizationMembershipId string `json:"-"` + RoleSlug string `json:"role_slug"` + Resource ResourceIdentifier `json:"-"` } -// RemoveRoleAssignmentOpts contains the options for removing a role assignment by ID. +// RemoveRoleAssignmentOpts contains the options for removing a role assignment by Id. type RemoveRoleAssignmentOpts struct { - OrganizationMembershipID string `json:"-"` - RoleAssignmentID string `json:"-"` + OrganizationMembershipId string `json:"-"` + RoleAssignmentId string `json:"-"` } // ListResourcesForMembershipOpts contains the options for listing resources accessible by a membership. type ListResourcesForMembershipOpts struct { - OrganizationMembershipID string `json:"-"` - PermissionSlug string `url:"permission_slug"` - ParentResourceID string `url:"parent_resource_id,omitempty"` - ParentResourceTypeSlug string `url:"parent_resource_type_slug,omitempty"` - ParentResourceExternalID string `url:"parent_resource_external_id,omitempty"` - Limit int `url:"limit,omitempty"` - Before string `url:"before,omitempty"` - After string `url:"after,omitempty"` - Order common.Order `url:"order,omitempty"` + OrganizationMembershipId string `json:"-"` + PermissionSlug string `url:"permission_slug"` + ParentResource ParentResourceIdentifier `json:"-"` + Limit int `url:"limit,omitempty"` + Before string `url:"before,omitempty"` + After string `url:"after,omitempty"` + Order common.Order `url:"order,omitempty"` } // ListMembershipsForResourceOpts contains the options for listing memberships with access to a resource. type ListMembershipsForResourceOpts struct { - ResourceID string `json:"-"` + ResourceId string `json:"-"` PermissionSlug string `url:"permission_slug"` Assignment string `url:"assignment,omitempty"` Limit int `url:"limit,omitempty"` @@ -432,11 +476,11 @@ type ListMembershipsForResourceOpts struct { Order common.Order `url:"order,omitempty"` } -// ListMembershipsForResourceByExternalIDOpts contains the options for listing memberships by resource external ID. -type ListMembershipsForResourceByExternalIDOpts struct { - OrganizationID string `json:"-"` +// ListMembershipsForResourceByExternalIdOpts contains the options for listing memberships by resource external Id. +type ListMembershipsForResourceByExternalIdOpts struct { + OrganizationId string `json:"-"` ResourceTypeSlug string `json:"-"` - ExternalID string `json:"-"` + ExternalId string `json:"-"` PermissionSlug string `url:"permission_slug"` Assignment string `url:"assignment,omitempty"` Limit int `url:"limit,omitempty"` @@ -449,175 +493,210 @@ type ListMembershipsForResourceByExternalIDOpts struct { // CreateEnvironmentRole creates a new environment role. func (c *Client) CreateEnvironmentRole(ctx context.Context, opts CreateEnvironmentRoleOpts) (EnvironmentRole, error) { + c.once.Do(c.init) return EnvironmentRole{}, errors.New("not implemented") } // ListEnvironmentRoles lists all environment roles. func (c *Client) ListEnvironmentRoles(ctx context.Context) (ListEnvironmentRolesResponse, error) { + c.once.Do(c.init) return ListEnvironmentRolesResponse{}, errors.New("not implemented") } // GetEnvironmentRole gets an environment role by slug. func (c *Client) GetEnvironmentRole(ctx context.Context, opts GetEnvironmentRoleOpts) (EnvironmentRole, error) { + c.once.Do(c.init) return EnvironmentRole{}, errors.New("not implemented") } // UpdateEnvironmentRole updates an environment role. func (c *Client) UpdateEnvironmentRole(ctx context.Context, opts UpdateEnvironmentRoleOpts) (EnvironmentRole, error) { + c.once.Do(c.init) return EnvironmentRole{}, errors.New("not implemented") } // CreateOrganizationRole creates a new organization role. func (c *Client) CreateOrganizationRole(ctx context.Context, opts CreateOrganizationRoleOpts) (OrganizationRole, error) { + c.once.Do(c.init) return OrganizationRole{}, errors.New("not implemented") } // ListOrganizationRoles lists all roles for an organization. func (c *Client) ListOrganizationRoles(ctx context.Context, opts ListOrganizationRolesOpts) (ListOrganizationRolesResponse, error) { + c.once.Do(c.init) return ListOrganizationRolesResponse{}, errors.New("not implemented") } // GetOrganizationRole gets an organization role by slug. func (c *Client) GetOrganizationRole(ctx context.Context, opts GetOrganizationRoleOpts) (OrganizationRole, error) { + c.once.Do(c.init) return OrganizationRole{}, errors.New("not implemented") } // UpdateOrganizationRole updates an organization role. func (c *Client) UpdateOrganizationRole(ctx context.Context, opts UpdateOrganizationRoleOpts) (OrganizationRole, error) { + c.once.Do(c.init) return OrganizationRole{}, errors.New("not implemented") } // DeleteOrganizationRole deletes an organization role. func (c *Client) DeleteOrganizationRole(ctx context.Context, opts DeleteOrganizationRoleOpts) error { + c.once.Do(c.init) return errors.New("not implemented") } // SetEnvironmentRolePermissions sets permissions for an environment role. func (c *Client) SetEnvironmentRolePermissions(ctx context.Context, opts SetEnvironmentRolePermissionsOpts) (EnvironmentRole, error) { + c.once.Do(c.init) return EnvironmentRole{}, errors.New("not implemented") } // AddEnvironmentRolePermission adds a permission to an environment role. func (c *Client) AddEnvironmentRolePermission(ctx context.Context, opts AddEnvironmentRolePermissionOpts) (EnvironmentRole, error) { + c.once.Do(c.init) return EnvironmentRole{}, errors.New("not implemented") } // SetOrganizationRolePermissions sets permissions for an organization role. func (c *Client) SetOrganizationRolePermissions(ctx context.Context, opts SetOrganizationRolePermissionsOpts) (OrganizationRole, error) { + c.once.Do(c.init) return OrganizationRole{}, errors.New("not implemented") } // AddOrganizationRolePermission adds a permission to an organization role. func (c *Client) AddOrganizationRolePermission(ctx context.Context, opts AddOrganizationRolePermissionOpts) (OrganizationRole, error) { + c.once.Do(c.init) return OrganizationRole{}, errors.New("not implemented") } // RemoveOrganizationRolePermission removes a permission from an organization role. func (c *Client) RemoveOrganizationRolePermission(ctx context.Context, opts RemoveOrganizationRolePermissionOpts) error { + c.once.Do(c.init) return errors.New("not implemented") } // CreatePermission creates a new permission. func (c *Client) CreatePermission(ctx context.Context, opts CreatePermissionOpts) (Permission, error) { + c.once.Do(c.init) return Permission{}, errors.New("not implemented") } // ListPermissions lists all permissions. func (c *Client) ListPermissions(ctx context.Context, opts ListPermissionsOpts) (ListPermissionsResponse, error) { + c.once.Do(c.init) return ListPermissionsResponse{}, errors.New("not implemented") } // GetPermission gets a permission by slug. func (c *Client) GetPermission(ctx context.Context, opts GetPermissionOpts) (Permission, error) { + c.once.Do(c.init) return Permission{}, errors.New("not implemented") } // UpdatePermission updates a permission. func (c *Client) UpdatePermission(ctx context.Context, opts UpdatePermissionOpts) (Permission, error) { + c.once.Do(c.init) return Permission{}, errors.New("not implemented") } // DeletePermission deletes a permission. func (c *Client) DeletePermission(ctx context.Context, opts DeletePermissionOpts) error { + c.once.Do(c.init) return errors.New("not implemented") } -// GetResource gets a resource by ID. +// GetResource gets a resource by Id. func (c *Client) GetResource(ctx context.Context, opts GetAuthorizationResourceOpts) (AuthorizationResource, error) { + c.once.Do(c.init) return AuthorizationResource{}, errors.New("not implemented") } // CreateResource creates a new resource. func (c *Client) CreateResource(ctx context.Context, opts CreateAuthorizationResourceOpts) (AuthorizationResource, error) { + c.once.Do(c.init) return AuthorizationResource{}, errors.New("not implemented") } // UpdateResource updates a resource. func (c *Client) UpdateResource(ctx context.Context, opts UpdateAuthorizationResourceOpts) (AuthorizationResource, error) { + c.once.Do(c.init) return AuthorizationResource{}, errors.New("not implemented") } // DeleteResource deletes a resource. func (c *Client) DeleteResource(ctx context.Context, opts DeleteAuthorizationResourceOpts) error { + c.once.Do(c.init) return errors.New("not implemented") } // ListResources lists resources with optional filters. func (c *Client) ListResources(ctx context.Context, opts ListAuthorizationResourcesOpts) (ListAuthorizationResourcesResponse, error) { + c.once.Do(c.init) return ListAuthorizationResourcesResponse{}, errors.New("not implemented") } -// GetResourceByExternalID gets a resource by its external ID. -func (c *Client) GetResourceByExternalID(ctx context.Context, opts GetResourceByExternalIDOpts) (AuthorizationResource, error) { +// GetResourceByExternalId gets a resource by its external Id. +func (c *Client) GetResourceByExternalId(ctx context.Context, opts GetResourceByExternalIdOpts) (AuthorizationResource, error) { + c.once.Do(c.init) return AuthorizationResource{}, errors.New("not implemented") } -// UpdateResourceByExternalID updates a resource by its external ID. -func (c *Client) UpdateResourceByExternalID(ctx context.Context, opts UpdateResourceByExternalIDOpts) (AuthorizationResource, error) { +// UpdateResourceByExternalId updates a resource by its external Id. +func (c *Client) UpdateResourceByExternalId(ctx context.Context, opts UpdateResourceByExternalIdOpts) (AuthorizationResource, error) { + c.once.Do(c.init) return AuthorizationResource{}, errors.New("not implemented") } -// DeleteResourceByExternalID deletes a resource by its external ID. -func (c *Client) DeleteResourceByExternalID(ctx context.Context, opts DeleteResourceByExternalIDOpts) error { +// DeleteResourceByExternalId deletes a resource by its external Id. +func (c *Client) DeleteResourceByExternalId(ctx context.Context, opts DeleteResourceByExternalIdOpts) error { + c.once.Do(c.init) return errors.New("not implemented") } // Check performs an authorization check. func (c *Client) Check(ctx context.Context, opts AuthorizationCheckOpts) (AuthorizationCheckResult, error) { + c.once.Do(c.init) return AuthorizationCheckResult{}, errors.New("not implemented") } // ListRoleAssignments lists role assignments for a membership. func (c *Client) ListRoleAssignments(ctx context.Context, opts ListRoleAssignmentsOpts) (ListRoleAssignmentsResponse, error) { + c.once.Do(c.init) return ListRoleAssignmentsResponse{}, errors.New("not implemented") } // AssignRole assigns a role to a membership. func (c *Client) AssignRole(ctx context.Context, opts AssignRoleOpts) (RoleAssignment, error) { + c.once.Do(c.init) return RoleAssignment{}, errors.New("not implemented") } // RemoveRole removes a role from a membership. func (c *Client) RemoveRole(ctx context.Context, opts RemoveRoleOpts) error { + c.once.Do(c.init) return errors.New("not implemented") } -// RemoveRoleAssignment removes a role assignment by ID. +// RemoveRoleAssignment removes a role assignment by Id. func (c *Client) RemoveRoleAssignment(ctx context.Context, opts RemoveRoleAssignmentOpts) error { + c.once.Do(c.init) return errors.New("not implemented") } // ListResourcesForMembership lists resources accessible by a membership. func (c *Client) ListResourcesForMembership(ctx context.Context, opts ListResourcesForMembershipOpts) (ListAuthorizationResourcesResponse, error) { + c.once.Do(c.init) return ListAuthorizationResourcesResponse{}, errors.New("not implemented") } // ListMembershipsForResource lists memberships with access to a resource. func (c *Client) ListMembershipsForResource(ctx context.Context, opts ListMembershipsForResourceOpts) (ListAuthorizationOrganizationMembershipsResponse, error) { + c.once.Do(c.init) return ListAuthorizationOrganizationMembershipsResponse{}, errors.New("not implemented") } -// ListMembershipsForResourceByExternalID lists memberships with access to a resource identified by external ID. -func (c *Client) ListMembershipsForResourceByExternalID(ctx context.Context, opts ListMembershipsForResourceByExternalIDOpts) (ListAuthorizationOrganizationMembershipsResponse, error) { +// ListMembershipsForResourceByExternalId lists memberships with access to a resource identified by external Id. +func (c *Client) ListMembershipsForResourceByExternalId(ctx context.Context, opts ListMembershipsForResourceByExternalIdOpts) (ListAuthorizationOrganizationMembershipsResponse, error) { + c.once.Do(c.init) return ListAuthorizationOrganizationMembershipsResponse{}, errors.New("not implemented") } From e3c9090fc2393afb3f1622e2d34b8a56961295a1 Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Fri, 6 Mar 2026 10:46:38 -1000 Subject: [PATCH 06/12] test --- pkg/authorization/client_test.go | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 pkg/authorization/client_test.go diff --git a/pkg/authorization/client_test.go b/pkg/authorization/client_test.go new file mode 100644 index 00000000..af17b55d --- /dev/null +++ b/pkg/authorization/client_test.go @@ -0,0 +1,2 @@ +package authorization +git \ No newline at end of file From 2f953688ec3d8af5632bfe8ca9448388f523605a Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Fri, 6 Mar 2026 10:47:35 -1000 Subject: [PATCH 07/12] test --- pkg/authorization/client_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/authorization/client_test.go b/pkg/authorization/client_test.go index af17b55d..9f58f240 100644 --- a/pkg/authorization/client_test.go +++ b/pkg/authorization/client_test.go @@ -1,2 +1 @@ package authorization -git \ No newline at end of file From 2868c59d67fd652b72074fbd921b3cdb2570047f Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Mon, 9 Mar 2026 05:32:29 -1000 Subject: [PATCH 08/12] feat: add authorization path constants for consistency Add reusable path segment constants matching the Python SDK pattern for authorization API endpoints. --- pkg/authorization/client.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkg/authorization/client.go b/pkg/authorization/client.go index cae85024..82490fae 100644 --- a/pkg/authorization/client.go +++ b/pkg/authorization/client.go @@ -15,6 +15,15 @@ import ( // DefaultListSize is the default number of records to return in list responses. const DefaultListSize = 10 +// Authorization API path segments. +const ( + authorizationRolesPath = "authorization/roles" + authorizationPermissionsPath = "authorization/permissions" + authorizationResourcesPath = "authorization/resources" + authorizationOrganizationsPath = "authorization/organizations" + authorizationOrganizationMembershipsPath = "authorization/organization_memberships" +) + // Client represents a client that performs Authorization requests to the WorkOS API. type Client struct { // The WorkOS API Key. It can be found in https://dashboard.workos.com/api-keys. From ec4d16b07c3398f9248373f9e140390edb573135 Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Mon, 9 Mar 2026 05:36:05 -1000 Subject: [PATCH 09/12] refactor --- pkg/authorization/client.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/authorization/client.go b/pkg/authorization/client.go index 82490fae..b6179c4e 100644 --- a/pkg/authorization/client.go +++ b/pkg/authorization/client.go @@ -66,16 +66,16 @@ type ResourceIdentifierById struct { ResourceId string } -func (r ResourceIdentifierById) resourceIdentifierParams() map[string]interface{} { - return map[string]interface{}{"resource_id": r.ResourceId} -} - // ResourceIdentifierByExternalId identifies a resource by external Id and type slug. type ResourceIdentifierByExternalId struct { ResourceExternalId string ResourceTypeSlug string } +func (r ResourceIdentifierById) resourceIdentifierParams() map[string]interface{} { + return map[string]interface{}{"resource_id": r.ResourceId} +} + func (r ResourceIdentifierByExternalId) resourceIdentifierParams() map[string]interface{} { return map[string]interface{}{ "resource_external_id": r.ResourceExternalId, From 66333e3392852f236895413570c04aadc6f71622 Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Mon, 9 Mar 2026 06:11:14 -1000 Subject: [PATCH 10/12] added in authorization_test.go --- pkg/authorization/authorization_test.go | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 pkg/authorization/authorization_test.go diff --git a/pkg/authorization/authorization_test.go b/pkg/authorization/authorization_test.go new file mode 100644 index 00000000..e69de29b From 99f4213b56c0e769dfc43f9bbdbea82724c7eb1e Mon Sep 17 00:00:00 2001 From: swaroopakkineni Date: Mon, 9 Mar 2026 07:39:06 -1000 Subject: [PATCH 11/12] sheesh --- pkg/authorization/authorization.go | 2 +- pkg/authorization/client.go | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/authorization/authorization.go b/pkg/authorization/authorization.go index d0978881..db88d5bb 100644 --- a/pkg/authorization/authorization.go +++ b/pkg/authorization/authorization.go @@ -233,7 +233,7 @@ func DeleteResourceByExternalId( func Check( ctx context.Context, opts AuthorizationCheckOpts, -) (AuthorizationCheckResult, error) { +) (AccessCheckResponse, error) { return DefaultClient.Check(ctx, opts) } diff --git a/pkg/authorization/client.go b/pkg/authorization/client.go index b6179c4e..6b1d95c0 100644 --- a/pkg/authorization/client.go +++ b/pkg/authorization/client.go @@ -187,8 +187,8 @@ type RoleAssignmentResource struct { ResourceTypeSlug string `json:"resource_type_slug"` } -// AuthorizationCheckResult contains the result of an authorization check. -type AuthorizationCheckResult struct { +// AccessCheckResponse contains the result of an authorization check. +type AccessCheckResponse struct { Authorized bool `json:"authorized"` } @@ -663,9 +663,9 @@ func (c *Client) DeleteResourceByExternalId(ctx context.Context, opts DeleteReso } // Check performs an authorization check. -func (c *Client) Check(ctx context.Context, opts AuthorizationCheckOpts) (AuthorizationCheckResult, error) { +func (c *Client) Check(ctx context.Context, opts AuthorizationCheckOpts) (AccessCheckResponse, error) { c.once.Do(c.init) - return AuthorizationCheckResult{}, errors.New("not implemented") + return AccessCheckResponse{}, errors.New("not implemented") } // ListRoleAssignments lists role assignments for a membership. From 964e1aba9e15023e088562faa4225df36fbd3d40 Mon Sep 17 00:00:00 2001 From: Swaroop Akkineni Date: Mon, 16 Mar 2026 09:33:22 -0400 Subject: [PATCH 12/12] remove custom attributes --- pkg/authorization/client.go | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/pkg/authorization/client.go b/pkg/authorization/client.go index 6b1d95c0..00e49793 100644 --- a/pkg/authorization/client.go +++ b/pkg/authorization/client.go @@ -192,16 +192,23 @@ type AccessCheckResponse struct { Authorized bool `json:"authorized"` } +type MembershipStatus string + +const ( + MembershipStatusActive MembershipStatus = "active" + MembershipStatusInactive MembershipStatus = "inactive" + MembershipStatusPending MembershipStatus = "pending" +) + // AuthorizationOrganizationMembership represents a membership returned by authorization queries. type AuthorizationOrganizationMembership struct { - Object string `json:"object"` - Id string `json:"id"` - UserId string `json:"user_id"` - OrganizationId string `json:"organization_id"` - Status string `json:"status"` - CreatedAt string `json:"created_at"` - UpdatedAt string `json:"updated_at"` - CustomAttributes map[string]interface{} `json:"custom_attributes"` + Object string `json:"object"` + Id string `json:"id"` + OrganizationId string `json:"organization_id"` + Status MembershipStatus `json:"status"` + UserId string `json:"user_id"` + CreatedAt string `json:"created_at"` + UpdatedAt string `json:"updated_at"` } // List response types