casbin

package
v0.6.10-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ResourceCluster           = "cluster"
	ResourceGlobalEnvironment = "global-environment"
	ResourceEnvironment       = "environment"
	ResourceGit               = "git"
	ResourceDocker            = "docker"
	ResourceMigrate           = "migrate"
	ResourceUser              = "user"
	ResourceNotification      = "notification"
	ResourceTemplate          = "template"
	ResourceTerminal          = "terminal"

	ResourceProjects     = "projects"
	ResourceApplications = "applications"
	ResourceDockerAuto   = "docker-auto"
	ResourceGitAuto      = "git-auto"

	ResourceAutocomplete = "autocomplete"
	ResourceChartGroup   = "chart-group"

	ResourceTeam    = "team"
	ResourceAdmin   = "admin"
	ResourceGlobal  = "global-resource"
	ResourceHelmApp = "helm-app"
	ActionGet       = "get"
	ActionCreate    = "create"
	ActionUpdate    = "update"
	ActionDelete    = "delete"
	ActionSync      = "sync"
	ActionTrigger   = "trigger"
	ActionNotify    = "notify"
	ActionExec      = "exec"
)

Variables

This section is empty.

Functions

func Create 

func Create() *casbin.SyncedEnforcer

func DeleteRoleForUser 

func DeleteRoleForUser(user string, role string) bool

func GetAllSubjects 

func GetAllSubjects() []string

func GetRolesForUser 

func GetRolesForUser(user string) ([]string, error)

func GetUserByRole 

func GetUserByRole(role string) ([]string, error)

func LoadPolicy 

func LoadPolicy()

func MatchKeyByPart added in v0.3.15 

func MatchKeyByPart(key1 string, key2 string) bool

MatchKeyByPart checks whether values in key1 matches all values of key2(values are obtained by splitting key by "/") For example - key1 = "a/b/c" matches key2 = "a/*/c" but not matches for key2 = "a/*/d"

func MatchKeyByPartFunc added in v0.3.15 

func MatchKeyByPartFunc(args ...interface{}) (interface{}, error)

MatchKeyByPartFunc is the wrapper of our own customised MatchKeyByPart Func

func RemovePoliciesByRoles added in v0.3.15 

func RemovePoliciesByRoles(roles string) bool

Types

type Action 

type Action string

type CacheData added in v0.4.28 

type CacheData struct {
	// contains filtered or unexported fields
}

type Enforcer 

type Enforcer interface {
	Enforce(emailId string, resource string, action string, resourceItem string) bool
	EnforceErr(emailId string, resource string, action string, resourceItem string) error
	EnforceByEmail(emailId string, resource string, action string, resourceItem string) bool
	EnforceByEmailInBatch(emailId string, resource string, action string, vals []string) map[string]bool
	InvalidateCache(emailId string) bool
	InvalidateCompleteCache()
	ReloadPolicy() error
	GetCacheDump() string
}

type EnforcerConfig added in v0.4.28 

type EnforcerConfig struct {
	CacheEnabled          bool `env:"ENFORCER_CACHE" envDefault:"false"`
	CacheExpirationInSecs int  `env:"ENFORCER_CACHE_EXPIRATION_IN_SEC" envDefault:"86400"`
	EnforcerBatchSize     int  `env:"ENFORCER_MAX_BATCH_SIZE" envDefault:"1"`
}

type EnforcerImpl 

type EnforcerImpl struct {
	*cache.Cache
	*casbin.SyncedEnforcer
	*middleware.SessionManager
	// contains filtered or unexported fields
}

Enforcer is a wrapper around an Casbin enforcer that: * is backed by a kubernetes config map * has a predefined RBAC model * supports a built-in policy * supports a user-defined bolicy * supports a custom JWT claims enforce function

func NewEnforcerImpl 

func NewEnforcerImpl(
	enforcer *casbin.SyncedEnforcer,
	sessionManager *middleware.SessionManager,
	logger *zap.SugaredLogger) *EnforcerImpl

func (*EnforcerImpl) Enforce 

func (e *EnforcerImpl) Enforce(token string, resource string, action string, resourceItem string) bool

Enforce is a wrapper around casbin.Enforce to additionally enforce a default role and a custom claims function

func (*EnforcerImpl) EnforceByEmail 

func (e *EnforcerImpl) EnforceByEmail(emailId string, resource string, action string, resourceItem string) bool

func (*EnforcerImpl) EnforceByEmailInBatch added in v0.4.24 

func (e *EnforcerImpl) EnforceByEmailInBatch(emailId string, resource string, action string, vals []string) map[string]bool

func (*EnforcerImpl) EnforceErr 

func (e *EnforcerImpl) EnforceErr(emailId string, resource string, action string, resourceItem string) error

EnforceErr is a convenience helper to wrap a failed enforcement with a detailed error about the request

func (*EnforcerImpl) GetCacheDump added in v0.4.28 

func (e *EnforcerImpl) GetCacheDump() string

func (*EnforcerImpl) InvalidateCache added in v0.4.24 

func (e *EnforcerImpl) InvalidateCache(emailId string) bool

func (*EnforcerImpl) InvalidateCompleteCache added in v0.4.24 

func (e *EnforcerImpl) InvalidateCompleteCache()

func (*EnforcerImpl) ReloadPolicy added in v0.4.28 

func (e *EnforcerImpl) ReloadPolicy() error

type Object 

type Object string

type Policy 

type Policy struct {
	Type PolicyType `json:"type"`
	Sub  Subject    `json:"sub"`
	Res  Resource   `json:"res"`
	Act  Action     `json:"act"`
	Obj  Object     `json:"obj"`
}

func AddPolicy 

func AddPolicy(policies []Policy) []Policy

func RemovePolicy 

func RemovePolicy(policies []Policy) []Policy

type PolicyType 

type PolicyType string

type Resource 

type Resource string

type Subject 

type Subject string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.