casbin

package
v0.0.0-...-592ea60 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 4, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

README

Casbin

casbin - enables Casbin to be used as a CoreDNS firewall policy engine.

Syntax

opa ENGINE-NAME {
    model /path/to/model
    policy /path/to/policy
}

  • ENGINE-NAME is the name of the policy engine, used by the firewall plugin to uniquely identify the instance. Each instance of opa in the Corefile must have a unique ENGINE-NAME.

  • model & policy are concepts in casbin. More details, please refer to casbin

Firewall Policy Engine

This plugin is not a standalone plugin. It must be used in conjunction with the firewall plugin to function. For this plugin to be active, the firewall plugin must reference it in a rule. See the "Policy Engine Plugins" section of the firewall plugin README for more information.

Examples

Point to a local OPA instance using a rule named action in the dns package.

. {
  casbin myengine {
      model ./examples/model.conf
      policy ./examples/policy.csv
  }

  firewall query {
      casbin myengine
  }
}

model:

[request_definition]
r = client_ip, name

[policy_definition]
p = client_ip, name, action

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.client_ip == p.client_ip && r.name == p.name

policy:

p, 10.240.0.1, example.org., allow

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.