flex-auth/pkg/api/resource_manifest.go

package api

// ResourceManifest is the shape a protected system publishes to register
// its resources with flex-auth. The shape is pinned against the
// Markitect-side emitter in markitect-tool (MKTT-WP-0014); see
// schemas/resource_manifest.schema.json for the JSON Schema and
// examples/markitect/resource_manifest.yaml for the canonical example.
type ResourceManifest struct {
	ID            string         `json:"id"                       yaml:"id"`
	System        string         `json:"system"                   yaml:"system"`
	Resources     []Resource     `json:"resources"                yaml:"resources"`
	Actions       []string       `json:"actions,omitempty"        yaml:"actions,omitempty"`
	CaringProfile string         `json:"caring_profile,omitempty" yaml:"caring_profile,omitempty"`
	Metadata      map[string]any `json:"metadata,omitempty"       yaml:"metadata,omitempty"`
}

// Resource is one entry in a ResourceManifest.
type Resource struct {
	ID         string                  `json:"id"                   yaml:"id"`
	Type       string                  `json:"type"                 yaml:"type"`
	Path       string                  `json:"path,omitempty"       yaml:"path,omitempty"`
	Parent     string                  `json:"parent,omitempty"     yaml:"parent,omitempty"`
	Labels     []string                `json:"labels,omitempty"     yaml:"labels,omitempty"`
	TrustZone  string                  `json:"trust_zone,omitempty" yaml:"trust_zone,omitempty"`
	Owner      string                  `json:"owner,omitempty"      yaml:"owner,omitempty"`
	Caring     *CaringAccessDescriptor `json:"caring,omitempty"     yaml:"caring,omitempty"`
	Attributes map[string]any          `json:"attributes,omitempty" yaml:"attributes,omitempty"`
}

// FlexAuthContractV0 is the metadata.flex_auth_contract value that
// signals the v0 resource-registration contract.
const FlexAuthContractV0 = "resource-registration-v0"