casbin

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ResourceCluster           = "cluster"
	ResourceGlobalEnvironment = "global-environment"
	ResourceEnvironment       = "environment"
	ResourceGit               = "git"
	ResourceDocker            = "docker"
	ResourceMigrate           = "migrate"
	ResourceUser              = "user"
	ResourceNotification      = "notification"
	ResourceTemplate          = "template"
	ResourceTerminal          = "terminal"

	ResourceProjects     = "projects"
	ResourceApplications = "applications"
	ResourceDockerAuto   = "docker-auto"
	ResourceGitAuto      = "git-auto"

	ResourceAutocomplete = "autocomplete"
	ResourceChartGroup   = "chart-group"

	// ResourceJobs ,ResourceJobsEnv ,ResourceWorkflow these three resources are being used in jobs for rbac.
	ResourceJobs     = "jobs"
	ResourceJobsEnv  = "jobenv"
	ResourceWorkflow = "workflow"

	ResourceTeam    = "team"
	ResourceAdmin   = "admin"
	ResourceGlobal  = "global-resource"
	ResourceHelmApp = "helm-app"
	ActionGet       = "get"
	ActionCreate    = "create"
	ActionUpdate    = "update"
	ActionDelete    = "delete"
	ActionSync      = "sync"
	ActionTrigger   = "trigger"
	ActionNotify    = "notify"
	ActionExec      = "exec"

	ClusterResourceRegex         = "%s/%s"    // {cluster}/{namespace}
	ClusterObjectRegex           = "%s/%s/%s" // {groupName}/{kindName}/{objectName}
	ClusterEmptyGroupPlaceholder = "k8sempty"
)
View Source
const CasbinDefaultDatabase = "casbin"

Variables

This section is empty.

Functions

func Create

func Create() (*casbin.SyncedEnforcer, error)

func CreateV2 added in v0.7.1

func CreateV2() (*casbinv2.SyncedEnforcer, error)

func DeleteRoleForUser

func DeleteRoleForUser(user string, role string) bool

func GetAllSubjects

func GetAllSubjects() []string

func GetRolesForUser

func GetRolesForUser(user string) ([]string, error)

func GetUserByRole

func GetUserByRole(role string) ([]string, error)

func LoadPolicy

func LoadPolicy()

func MatchKeyByPart

func MatchKeyByPart(key1 string, key2 string) bool

MatchKeyByPart checks whether values in key1 matches all values of key2(values are obtained by splitting key by "/") For example - key1 = "a/b/c" matches key2 = "a/*/c" but not matches for key2 = "a/*/d"

func MatchKeyByPartFunc

func MatchKeyByPartFunc(args ...interface{}) (interface{}, error)

MatchKeyByPartFunc is the wrapper of our own customised MatchKeyByPart Func

func RemovePoliciesByAllRoles

func RemovePoliciesByAllRoles(roles []string) bool

TODO RemovePoliciesByAllRoles this method is currently not working as in casbin v1 internally it matches whole string arrays but we are only using role to delete,this has to be fixed or casbin has to be upgraded to v2. In v2 casbin, we first delete from adapter(database) and delete from model(cache) so it deletes from db but when deleting from cache it maintains a Policy Map whose key is combination of all v0,v1,v2 etc and we only have role, so it returns no error but false as output, but this is not blocking can be handled through Loading.

func RemovePoliciesByRoles

func RemovePoliciesByRoles(roles string) bool

Types

type Action

type Action string

type CacheData

type CacheData struct {
	// contains filtered or unexported fields
}

type Enforcer

type Enforcer interface {
	Enforce(token string, resource string, action string, resourceItem string) bool
	//EnforceErr(emailId string, resource string, action string, resourceItem string) error
	EnforceInBatch(token string, resource string, action string, vals []string) map[string]bool
	//EnforceByEmail(emailId string, resource string, action string, resourceItem string) bool
	//EnforceByEmailInBatch(emailId string, resource string, action string, vals []string) map[string]bool
	InvalidateCache(emailId string) bool
	InvalidateCompleteCache()
	ReloadPolicy() error
	GetCacheDump() string
}

type EnforcerConfig

type EnforcerConfig struct {
	CacheEnabled          bool `env:"ENFORCER_CACHE" envDefault:"false"`
	CacheExpirationInSecs int  `env:"ENFORCER_CACHE_EXPIRATION_IN_SEC" envDefault:"86400"`
	EnforcerBatchSize     int  `env:"ENFORCER_MAX_BATCH_SIZE" envDefault:"1"`
	UseCasbinV2           bool `env:"USE_CASBIN_V2" envDefault:"false"`
}

type EnforcerImpl

type EnforcerImpl struct {
	*cache.Cache
	Enforcer   *casbin.SyncedEnforcer
	EnforcerV2 *casbinv2.SyncedEnforcer
	*middleware.SessionManager
	// contains filtered or unexported fields
}

Enforcer is a wrapper around an Casbin enforcer that: * is backed by a kubernetes config map * has a predefined RBAC model * supports a built-in policy * supports a user-defined bolicy * supports a custom JWT claims enforce function

func NewEnforcerImpl

func NewEnforcerImpl(
	enforcer *casbin.SyncedEnforcer,
	enforcerV2 *casbinv2.SyncedEnforcer,
	sessionManager *middleware.SessionManager,
	logger *zap.SugaredLogger) (*EnforcerImpl, error)

func (*EnforcerImpl) Enforce

func (e *EnforcerImpl) Enforce(token string, resource string, action string, resourceItem string) bool

Enforce is a wrapper around casbin.Enforce to additionally enforce a default role and a custom claims function

func (*EnforcerImpl) EnforceByEmail

func (e *EnforcerImpl) EnforceByEmail(emailId string, resource string, action string, resourceItem string) bool

func (*EnforcerImpl) EnforceByEmailInBatch

func (e *EnforcerImpl) EnforceByEmailInBatch(emailId string, resource string, action string, vals []string) map[string]bool

func (*EnforcerImpl) EnforceErr

func (e *EnforcerImpl) EnforceErr(emailId string, resource string, action string, resourceItem string) error

EnforceErr is a convenience helper to wrap a failed enforcement with a detailed error about the request

func (*EnforcerImpl) EnforceInBatch

func (e *EnforcerImpl) EnforceInBatch(token string, resource string, action string, vals []string) map[string]bool

func (*EnforcerImpl) GetCacheDump

func (e *EnforcerImpl) GetCacheDump() string

func (*EnforcerImpl) InvalidateCache

func (e *EnforcerImpl) InvalidateCache(emailId string) bool

func (*EnforcerImpl) InvalidateCompleteCache

func (e *EnforcerImpl) InvalidateCompleteCache()

func (*EnforcerImpl) ReloadPolicy

func (e *EnforcerImpl) ReloadPolicy() error

func (*EnforcerImpl) VerifyTokenAndGetEmail

func (e *EnforcerImpl) VerifyTokenAndGetEmail(tokenString string) (string, bool)

type Object

type Object string

type Policy

type Policy struct {
	Type PolicyType `json:"type"`
	Sub  Subject    `json:"sub"`
	Res  Resource   `json:"res"`
	Act  Action     `json:"act"`
	Obj  Object     `json:"obj"`
}

func AddPolicy

func AddPolicy(policies []Policy) []Policy

func RemovePolicy

func RemovePolicy(policies []Policy) []Policy

type PolicyType

type PolicyType string

type Resource

type Resource string

type Subject

type Subject string

type Version added in v0.7.1

type Version string
const (
	CasbinV1 Version = "V1"
	CasbinV2 Version = "V2"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL