casbin

package
v0.6.24 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 29, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ResourceCluster           = "cluster"
	ResourceGlobalEnvironment = "global-environment"
	ResourceEnvironment       = "environment"
	ResourceGit               = "git"
	ResourceDocker            = "docker"
	ResourceMigrate           = "migrate"
	ResourceUser              = "user"
	ResourceNotification      = "notification"
	ResourceTemplate          = "template"
	ResourceTerminal          = "terminal"

	ResourceProjects     = "projects"
	ResourceApplications = "applications"
	ResourceDockerAuto   = "docker-auto"
	ResourceGitAuto      = "git-auto"

	ResourceAutocomplete = "autocomplete"
	ResourceChartGroup   = "chart-group"

	ResourceTeam    = "team"
	ResourceAdmin   = "admin"
	ResourceGlobal  = "global-resource"
	ResourceHelmApp = "helm-app"
	ActionGet       = "get"
	ActionCreate    = "create"
	ActionUpdate    = "update"
	ActionDelete    = "delete"
	ActionSync      = "sync"
	ActionTrigger   = "trigger"
	ActionNotify    = "notify"
	ActionExec      = "exec"

	ClusterResourceRegex         = "%s/%s"    // {cluster}/{namespace}
	ClusterObjectRegex           = "%s/%s/%s" // {groupName}/{kindName}/{objectName}
	ClusterEmptyGroupPlaceholder = "k8sempty"
)

Variables

This section is empty.

Functions

func Create

func Create() *casbin.SyncedEnforcer

func DeleteRoleForUser

func DeleteRoleForUser(user string, role string) bool

func GetAllSubjects

func GetAllSubjects() []string

func GetRolesForUser

func GetRolesForUser(user string) ([]string, error)

func GetUserByRole

func GetUserByRole(role string) ([]string, error)

func LoadPolicy

func LoadPolicy()

func MatchKeyByPart added in v0.3.15

func MatchKeyByPart(key1 string, key2 string) bool

MatchKeyByPart checks whether values in key1 matches all values of key2(values are obtained by splitting key by "/") For example - key1 = "a/b/c" matches key2 = "a/*/c" but not matches for key2 = "a/*/d"

func MatchKeyByPartFunc added in v0.3.15

func MatchKeyByPartFunc(args ...interface{}) (interface{}, error)

MatchKeyByPartFunc is the wrapper of our own customised MatchKeyByPart Func

func RemovePoliciesByRoles added in v0.3.15

func RemovePoliciesByRoles(roles string) bool

Types

type Action

type Action string

type CacheData added in v0.4.28

type CacheData struct {
	// contains filtered or unexported fields
}

type Enforcer

type Enforcer interface {
	Enforce(emailId string, resource string, action string, resourceItem string) bool
	EnforceErr(emailId string, resource string, action string, resourceItem string) error
	EnforceByEmail(emailId string, resource string, action string, resourceItem string) bool
	EnforceByEmailInBatch(emailId string, resource string, action string, vals []string) map[string]bool
	InvalidateCache(emailId string) bool
	InvalidateCompleteCache()
	ReloadPolicy() error
	GetCacheDump() string
}

type EnforcerConfig added in v0.4.28

type EnforcerConfig struct {
	CacheEnabled          bool `env:"ENFORCER_CACHE" envDefault:"false"`
	CacheExpirationInSecs int  `env:"ENFORCER_CACHE_EXPIRATION_IN_SEC" envDefault:"86400"`
	EnforcerBatchSize     int  `env:"ENFORCER_MAX_BATCH_SIZE" envDefault:"1"`
}

type EnforcerImpl

type EnforcerImpl struct {
	*cache.Cache
	*casbin.SyncedEnforcer
	*middleware.SessionManager
	// contains filtered or unexported fields
}

Enforcer is a wrapper around an Casbin enforcer that: * is backed by a kubernetes config map * has a predefined RBAC model * supports a built-in policy * supports a user-defined bolicy * supports a custom JWT claims enforce function

func NewEnforcerImpl

func NewEnforcerImpl(
	enforcer *casbin.SyncedEnforcer,
	sessionManager *middleware.SessionManager,
	logger *zap.SugaredLogger) *EnforcerImpl

func (*EnforcerImpl) Enforce

func (e *EnforcerImpl) Enforce(token string, resource string, action string, resourceItem string) bool

Enforce is a wrapper around casbin.Enforce to additionally enforce a default role and a custom claims function

func (*EnforcerImpl) EnforceByEmail

func (e *EnforcerImpl) EnforceByEmail(emailId string, resource string, action string, resourceItem string) bool

func (*EnforcerImpl) EnforceByEmailInBatch added in v0.4.24

func (e *EnforcerImpl) EnforceByEmailInBatch(emailId string, resource string, action string, vals []string) map[string]bool

func (*EnforcerImpl) EnforceErr

func (e *EnforcerImpl) EnforceErr(emailId string, resource string, action string, resourceItem string) error

EnforceErr is a convenience helper to wrap a failed enforcement with a detailed error about the request

func (*EnforcerImpl) GetCacheDump added in v0.4.28

func (e *EnforcerImpl) GetCacheDump() string

func (*EnforcerImpl) InvalidateCache added in v0.4.24

func (e *EnforcerImpl) InvalidateCache(emailId string) bool

func (*EnforcerImpl) InvalidateCompleteCache added in v0.4.24

func (e *EnforcerImpl) InvalidateCompleteCache()

func (*EnforcerImpl) ReloadPolicy added in v0.4.28

func (e *EnforcerImpl) ReloadPolicy() error

func (*EnforcerImpl) VerifyTokenAndGetEmail added in v0.6.11

func (e *EnforcerImpl) VerifyTokenAndGetEmail(tokenString string) (string, bool)

type Object

type Object string

type Policy

type Policy struct {
	Type PolicyType `json:"type"`
	Sub  Subject    `json:"sub"`
	Res  Resource   `json:"res"`
	Act  Action     `json:"act"`
	Obj  Object     `json:"obj"`
}

func AddPolicy

func AddPolicy(policies []Policy) []Policy

func RemovePolicy

func RemovePolicy(policies []Policy) []Policy

type PolicyType

type PolicyType string

type Resource

type Resource string

type Subject

type Subject string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL