README
¶
casbin-blob-adapter
Azure Blob Storage adapter for casbin.
Casbin adapter implementation for Azure Blob Storage.
Installation
go get github.com/RedeployAB/casbin-blob-adapter
Example usage
This example uses azcore.TokenCredential as credentials for the
adapter. See Constructor functions below
for other options.
package main
import (
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
blobadapter "github.com/RedeployAB/casbin-blob-adapter"
"github.com/casbin/casbin/v2"
)
func main() {
// Create credentials for Azure Blob Storage (service principal, managed identity, az cli).
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
// Handle error.
}
// Create the adapter for Azure Blob Storage. Provide account (storage account name),
// container name, blob name and credentials. If the container and blob does not exist,
// they will be created.
a, err := blobadapter.NewAdapter("account", "container", "policy.csv", cred)
if err != nil {
// Handle error.
}
e, err := casbin.NewEnforcer("rbac_with_domains_model.conf", a)
if err != nil {
// Handle error.
}
// Load the policy from the specified blob in Azure Blob Storage manually.
// NOTE: Like all implicit and explicit adapters the policies is loaded
// automatically when calling NewEnforcer. This method can be used at
// runtime to reload policy.
if err := e.LoadPolicy(); err != nil {
// Handle error.
}
// Check the permission.
ok, err := e.Enforce("alice", "domain1", "data1", "read")
if err != nil {
// Handle error.
}
// Modify policy.
// e.AddPolicy(...)
// e.RemovePolicy(...)
// Save policy back to the blob in Azure Blob Storage.
if err := e.SavePolicy(); err != nil {
// Handle error.
}
}
Constructor functions
NewAdapter(account string, container string, blob string, cred azcore.TokenCredential, options ...Option) (*Adapter, error)
Uses azcore.TokenCredential. See azidentity for
more options on creating credentials.
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
// Handle error.
}
a, err := blobadapter.NewAdapter("account", "container", "policy.csv", cred)
if err != nil {
// Handle error.
}
NewAdapterFromConnectionString(connectionString string, container string, blob string, options ...Option) (*Adapter, error)
Uses a connection string for an Azure Storage account.
a, err := blobadapter.NewAdapterFromConnectionString("connectionstring", "container", "policy.csv")
if err != nil {
// Handle error.
}
NewAdapterFromSharedKeyCredential(account string, key string, container string, blob string, options ...Option) (*Adapter, error)
Uses storage account name and key for an Azure Storage account.
a, err := blobadapter.NewAdapterFromSharedKeyCredential("account", "key", "container", "policy.csv")
if err != nil {
// Handle error.
}
Documentation
¶
Index ¶
- Variables
- type Adapter
- func NewAdapter(account, container, blob string, cred azcore.TokenCredential, ...) (*Adapter, error)
- func NewAdapterFromConnectionString(connectionString, container, blob string, options ...Option) (*Adapter, error)
- func NewAdapterFromSharedKeyCredential(account, key, container, blob string, options ...Option) (*Adapter, error)
- func (a *Adapter) AddPolicy(sec, ptype string, rule []string) error
- func (a *Adapter) LoadPolicy(model model.Model) error
- func (a *Adapter) RemoveFilteredPolicy(sec, ptype string, fieldIndex int, fieldValues ...string) error
- func (a *Adapter) RemovePolicy(sec, ptype string, rule []string) error
- func (a *Adapter) SavePolicy(model model.Model) error
- type Option
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidAccount is returned when the account is invalid. ErrInvalidAccount = errors.New("invalid account") // ErrInvalidCredential is returned when the credentials are invald. ErrInvalidCredential = errors.New("invalid credentials") // ErrInvalidConnectionString is returned when the connection string is invalid. ErrInvalidConnectionString = errors.New("invalid connection string") // ErrInvalidKey is returned when the key is invalid. ErrInvalidKey = errors.New("invalid key") // ErrInvalidContainer is returned when the container is invalid. ErrInvalidContainer = errors.New("invalid container") // ErrInvalidBlob is returned when the blob is invalid. ErrInvalidBlob = errors.New("invalid blob") // ErrContainerDoesNotExist is returned when the container does not exist. ErrContainerDoesNotExist = errors.New("container does not exist") // ErrBlobDoesNotExist is returned when the blob does not exist. ErrBlobDoesNotExist = errors.New("blob does not exist") )
Functions ¶
This section is empty.
Types ¶
type Adapter ¶
type Adapter struct {
// contains filtered or unexported fields
}
Adapter is an Azure Blob Storage adapter for casbin.
func NewAdapter ¶
func NewAdapter(account, container, blob string, cred azcore.TokenCredential, options ...Option) (*Adapter, error)
NewAdapter returns a new adapter with the given account, container, blob and credentials. If the container and blob does not exist, they will be created.
func NewAdapterFromConnectionString ¶
func NewAdapterFromConnectionString(connectionString, container, blob string, options ...Option) (*Adapter, error)
NewAdapterFromConnectionString returns a new adapter with the given connection string, container and blob. If the container and blob does not exist, they will be created.
func NewAdapterFromSharedKeyCredential ¶
func NewAdapterFromSharedKeyCredential(account, key, container, blob string, options ...Option) (*Adapter, error)
NewAdapterFromSharedKeyCredential returns a new adapter with the given account, key, container and blob. If the container and blob does not exist, they will be created.
func (*Adapter) AddPolicy ¶
AddPolicy adds a policy rule to the storage. NOTE: This method is not implemented.
func (*Adapter) LoadPolicy ¶
LoadPolicy loads all policy rules from the storage.
func (*Adapter) RemoveFilteredPolicy ¶
func (a *Adapter) RemoveFilteredPolicy(sec, ptype string, fieldIndex int, fieldValues ...string) error
RemoveFilteredPolicy removes policy rules that match the filter from the storage. NOTE: This method is not implemented.
func (*Adapter) RemovePolicy ¶
RemovePolicy removes a policy rule from the storage. NOTE: This method is not implemented.
Source Files