enforcer

package
v1.12.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2024 License: Apache-2.0 Imports: 11 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	// DefaultKetoRemoteRead default Keto remote read endpoint
	DefaultKetoRemoteRead = "http://localhost:4466"
	// DefaultKetoRemoteWrite default Keto remote write endpoint
	DefaultKetoRemoteWrite = "http://localhost:4467"
)
View Source 
const (
	MLPAdminRole          = "mlp.administrator"
	MLPProjectsReaderRole = "mlp.projects.reader"
	MLPProjectReaderRole  = "mlp.projects.{{ .ProjectId }}.reader"
	MLPProjectAdminRole   = "mlp.projects.{{ .ProjectId }}.administrator"
)
View Source 
const MaxKeyExpirySeconds = 600

MaxKeyExpirySeconds is the max allowed value for the KeyExpirySeconds.

Variables

This section is empty.

Functions

func ParseProjectRole added in v1.10.0 

func ParseProjectRole(roleTemplateString string, project *models.Project) (string, error)

func ParseProjectRoles added in v1.10.0 

func ParseProjectRoles(roleTemplateStrings []string, project *models.Project) ([]string, error)

func ParseRole added in v1.10.0 

func ParseRole(role string, templateContext map[string]string) (string, error)

Types

type AuthorizationUpdateRequest added in v1.10.0 

type AuthorizationUpdateRequest struct {
	RolePermissions map[string][]string
	RoleMembers     map[string][]string
}

func NewAuthorizationUpdateRequest added in v1.10.0 

func NewAuthorizationUpdateRequest() AuthorizationUpdateRequest

NewAuthorizationUpdateRequest create a new AuthorizationUpdateRequest. Multiple operations can be chained together using the AddRolePermissions and SetRoleMembers methods. No changes will be made until the AuthorizationUpdateRequest object is passed to the Enforcer, in which all the previously chained operations will be executed in batch.

func (AuthorizationUpdateRequest) AddRolePermissions added in v1.10.1 

func (a AuthorizationUpdateRequest) AddRolePermissions(role string,
	permissions []string) AuthorizationUpdateRequest

AddRolePermissions add permissions to a role, without duplication. Existing permissions will still be in place.

func (AuthorizationUpdateRequest) SetRoleMembers added in v1.10.0 

func (a AuthorizationUpdateRequest) SetRoleMembers(role string, members []string) AuthorizationUpdateRequest

SetRoleMembers set the members for a role. If the role already has members, they will be replaced.

type Builder 

type Builder struct {
	// contains filtered or unexported fields
}

Builder builder of enforcer.Enforcer

func NewEnforcerBuilder 

func NewEnforcerBuilder() *Builder

NewEnforcerBuilder create new enforcer builder with all default parameters

func (*Builder) Build 

func (b *Builder) Build() (Enforcer, error)

Build build an enforcer.Enforcer instance

func (*Builder) KetoEndpoints added in v1.10.0 

func (b *Builder) KetoEndpoints(ketoRemoteRead string, ketoRemoteWrite string) *Builder

KetoEndpoints set Keto remote read and write endpoint

func (*Builder) WithCaching added in v1.9.0 

func (b *Builder) WithCaching(keyExpirySeconds int, cacheCleanUpIntervalSeconds int) *Builder

type CacheConfig added in v1.9.0 

type CacheConfig struct {
	KeyExpirySeconds            int
	CacheCleanUpIntervalSeconds int
}

CacheConfig holds the configuration for the in-memory cache, if enabled

type Enforcer 

type Enforcer interface {
	// IsUserGrantedPermission check whether user has the required permission, both directly and indirectly
	IsUserGrantedPermission(ctx context.Context, user string, permission string) (bool, error)
	// GetUserRoles get all roles directly associated with a user
	GetUserRoles(ctx context.Context, user string) ([]string, error)
	// GetRolePermissions get all permissions directly associated with a role
	GetRolePermissions(ctx context.Context, role string) ([]string, error)
	// GetUserPermissions get all permissions associated with a user
	GetUserPermissions(ctx context.Context, user string) ([]string, error)
	// GetRoleMembers get all members for a role
	GetRoleMembers(ctx context.Context, role string) ([]string, error)
	// UpdateAuthorization update authorization rules in batches
	UpdateAuthorization(ctx context.Context, updateRequest AuthorizationUpdateRequest) error
}

Enforcer interface to enforce authorization

type InMemoryCache added in v1.9.0 

type InMemoryCache struct {
	// contains filtered or unexported fields
}

func (*InMemoryCache) LookUpUserPermission added in v1.10.0 

func (c *InMemoryCache) LookUpUserPermission(user string, permission string) (*bool, bool)

LookUpUserPermission returns the cached permission check result for a user / permission pair. The returned value indicates whether the result is cached.

func (*InMemoryCache) StoreUserPermission added in v1.10.0 

func (c *InMemoryCache) StoreUserPermission(user string, permission string, result bool)

StoreUserPermission stores the permission check result for a user / permission pair.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.