Documentation ¶
Index ¶
- Constants
- func ValidatePolicy(policy string) error
- type ClaimsEnforcerFunc
- type Enforcer
- func (e *Enforcer) CreateEnforcerWithRuntimePolicy(policy string) *casbin.Enforcer
- func (e *Enforcer) Enforce(rvals ...interface{}) bool
- func (e *Enforcer) EnforceErr(rvals ...interface{}) error
- func (e *Enforcer) EnforceRuntimePolicy(policy string, rvals ...interface{}) bool
- func (e *Enforcer) EnforceWithCustomEnforcer(enf *casbin.Enforcer, rvals ...interface{}) bool
- func (e *Enforcer) RunPolicyLoader(ctx context.Context, onUpdated func(cm *apiv1.ConfigMap) error) error
- func (e *Enforcer) SetBuiltinPolicy(policy string) error
- func (e *Enforcer) SetClaimsEnforcerFunc(claimsEnforcer ClaimsEnforcerFunc)
- func (e *Enforcer) SetDefaultRole(roleName string)
- func (e *Enforcer) SetUserPolicy(policy string) error
Constants ¶
const ( ConfigMapPolicyCSVKey = "policy.csv" ConfigMapPolicyDefaultKey = "policy.default" ConfigMapScopesKey = "scopes" )
Variables ¶
This section is empty.
Functions ¶
func ValidatePolicy ¶
ValidatePolicy verifies a policy string is acceptable to casbin
Types ¶
type ClaimsEnforcerFunc ¶
ClaimsEnforcerFunc is func template to enforce a JWT claims. The subject is replaced
type Enforcer ¶
Enforcer is a wrapper around an Casbin enforcer that: * is backed by a kubernetes config map * has a predefined RBAC model * supports a built-in policy * supports a user-defined policy * supports a custom JWT claims enforce function
func NewEnforcer ¶
func NewEnforcer(clientset kubernetes.Interface, namespace, configmap string, claimsEnforcer ClaimsEnforcerFunc) *Enforcer
func (*Enforcer) CreateEnforcerWithRuntimePolicy ¶ added in v2.1.0
CreateEnforcerWithRuntimePolicy creates an enforcer with a policy defined at run-time which augments the built-in and user-defined policy. This allows any explicit denies of the built-in, and user-defined policies to override the run-time policy. Runs normal enforcement if run-time policy is empty.
func (*Enforcer) Enforce ¶
Enforce is a wrapper around casbin.Enforce to additionally enforce a default role and a custom claims function
func (*Enforcer) EnforceErr ¶
EnforceErr is a convenience helper to wrap a failed enforcement with a detailed error about the request
func (*Enforcer) EnforceRuntimePolicy ¶
EnforceRuntimePolicy enforces a policy defined at run-time which augments the built-in and user-defined policy. This allows any explicit denies of the built-in, and user-defined policies to override the run-time policy. Runs normal enforcement if run-time policy is empty.
func (*Enforcer) EnforceWithCustomEnforcer ¶ added in v2.1.0
EnforceWithCustomEnforcer wraps enforce with an custom enforcer
func (*Enforcer) RunPolicyLoader ¶
func (e *Enforcer) RunPolicyLoader(ctx context.Context, onUpdated func(cm *apiv1.ConfigMap) error) error
RunPolicyLoader runs the policy loader which watches policy updates from the configmap and reloads them
func (*Enforcer) SetBuiltinPolicy ¶
SetBuiltinPolicy sets a built-in policy, which augments any user defined policies
func (*Enforcer) SetClaimsEnforcerFunc ¶
func (e *Enforcer) SetClaimsEnforcerFunc(claimsEnforcer ClaimsEnforcerFunc)
SetClaimsEnforcerFunc sets a claims enforce function during enforcement. The claims enforce function can extract claims from JWT token and do the proper enforcement based on user, group or any information available in the input parameter list
func (*Enforcer) SetDefaultRole ¶
SetDefaultRole sets a default role to use during enforcement. Will fall back to this role if normal enforcement fails
func (*Enforcer) SetUserPolicy ¶
SetUserPolicy sets a user policy, augmenting the built-in policy