casbin

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ResourceCluster           = "cluster"
	ResourceGlobalEnvironment = "global-environment"
	ResourceEnvironment       = "environment"
	ResourceGit               = "git"
	ResourceDocker            = "docker"
	ResourceMigrate           = "migrate"
	ResourceUser              = "user"
	ResourceNotification      = "notification"
	ResourceTemplate          = "template"
	ResourceTerminal          = "terminal"

	ResourceProjects     = "projects"
	ResourceApplications = "applications"
	ResourceDockerAuto   = "docker-auto"
	ResourceGitAuto      = "git-auto"

	ResourceAutocomplete = "autocomplete"
	ResourceChartGroup   = "chart-group"

	// ResourceJobs ,ResourceJobsEnv ,ResourceWorkflow these three resources are being used in jobs for rbac.
	ResourceJobs     = "jobs"
	ResourceJobsEnv  = "jobenv"
	ResourceWorkflow = "workflow"

	ResourceTeam    = "team"
	ResourceAdmin   = "admin"
	ResourceGlobal  = "global-resource"
	ResourceHelmApp = "helm-app"
	ActionGet       = "get"
	ActionCreate    = "create"
	ActionUpdate    = "update"
	ActionDelete    = "delete"
	ActionSync      = "sync"
	ActionTrigger   = "trigger"
	ActionNotify    = "notify"
	ActionExec      = "exec"

	ClusterResourceRegex         = "%s/%s"    // {cluster}/{namespace}
	ClusterObjectRegex           = "%s/%s/%s" // {groupName}/{kindName}/{objectName}
	ClusterEmptyGroupPlaceholder = "k8sempty"
)
View Source 
const CasbinDefaultDatabase = "casbin"

Variables

This section is empty.

Functions

func Create 

func Create() (*casbin.SyncedEnforcer, error)

func CreateV2 added in v0.7.1 

func CreateV2() (*casbinv2.SyncedEnforcer, error)

func DeleteRoleForUser 

func DeleteRoleForUser(user string, role string) bool

func GetAllSubjects 

func GetAllSubjects() []string

func GetRolesForUser 

func GetRolesForUser(user string) ([]string, error)

func GetUserByRole 

func GetUserByRole(role string) ([]string, error)

func LoadPolicy 

func LoadPolicy()

func MatchKeyByPart 

func MatchKeyByPart(key1 string, key2 string) bool

MatchKeyByPart checks whether values in key1 matches all values of key2(values are obtained by splitting key by "/") For example - key1 = "a/b/c" matches key2 = "a/*/c" but not matches for key2 = "a/*/d"

func MatchKeyByPartFunc 

func MatchKeyByPartFunc(args ...interface{}) (interface{}, error)

MatchKeyByPartFunc is the wrapper of our own customised MatchKeyByPart Func

func RemovePoliciesByAllRoles 

func RemovePoliciesByAllRoles(roles []string) bool

TODO RemovePoliciesByAllRoles this method is currently not working as in casbin v1 internally it matches whole string arrays but we are only using role to delete,this has to be fixed or casbin has to be upgraded to v2. In v2 casbin, we first delete from adapter(database) and delete from model(cache) so it deletes from db but when deleting from cache it maintains a Policy Map whose key is combination of all v0,v1,v2 etc and we only have role, so it returns no error but false as output, but this is not blocking can be handled through Loading.

func RemovePoliciesByRoles 

func RemovePoliciesByRoles(roles string) bool

Types

type Action 

type Action string

type CacheData 

type CacheData struct {
	// contains filtered or unexported fields
}

type Enforcer 

type Enforcer interface {
	Enforce(token string, resource string, action string, resourceItem string) bool
	//EnforceErr(emailId string, resource string, action string, resourceItem string) error
	EnforceInBatch(token string, resource string, action string, vals []string) map[string]bool
	//EnforceByEmail(emailId string, resource string, action string, resourceItem string) bool
	//EnforceByEmailInBatch(emailId string, resource string, action string, vals []string) map[string]bool
	InvalidateCache(emailId string) bool
	InvalidateCompleteCache()
	ReloadPolicy() error
	GetCacheDump() string
}

type EnforcerConfig 

type EnforcerConfig struct {
	CacheEnabled          bool `env:"ENFORCER_CACHE" envDefault:"false"`
	CacheExpirationInSecs int  `env:"ENFORCER_CACHE_EXPIRATION_IN_SEC" envDefault:"86400"`
	EnforcerBatchSize     int  `env:"ENFORCER_MAX_BATCH_SIZE" envDefault:"1"`
	UseCasbinV2           bool `env:"USE_CASBIN_V2" envDefault:"false"`
}

type EnforcerImpl 

type EnforcerImpl struct {
	*cache.Cache
	Enforcer   *casbin.SyncedEnforcer
	EnforcerV2 *casbinv2.SyncedEnforcer
	*middleware.SessionManager
	// contains filtered or unexported fields
}

Enforcer is a wrapper around an Casbin enforcer that: * is backed by a kubernetes config map * has a predefined RBAC model * supports a built-in policy * supports a user-defined bolicy * supports a custom JWT claims enforce function

func NewEnforcerImpl 

func NewEnforcerImpl(
	enforcer *casbin.SyncedEnforcer,
	enforcerV2 *casbinv2.SyncedEnforcer,
	sessionManager *middleware.SessionManager,
	logger *zap.SugaredLogger) (*EnforcerImpl, error)

func (*EnforcerImpl) Enforce 

func (e *EnforcerImpl) Enforce(token string, resource string, action string, resourceItem string) bool

Enforce is a wrapper around casbin.Enforce to additionally enforce a default role and a custom claims function

func (*EnforcerImpl) EnforceByEmail 

func (e *EnforcerImpl) EnforceByEmail(emailId string, resource string, action string, resourceItem string) bool

func (*EnforcerImpl) EnforceByEmailInBatch 

func (e *EnforcerImpl) EnforceByEmailInBatch(emailId string, resource string, action string, vals []string) map[string]bool

func (*EnforcerImpl) EnforceErr 

func (e *EnforcerImpl) EnforceErr(emailId string, resource string, action string, resourceItem string) error

EnforceErr is a convenience helper to wrap a failed enforcement with a detailed error about the request

func (*EnforcerImpl) EnforceInBatch 

func (e *EnforcerImpl) EnforceInBatch(token string, resource string, action string, vals []string) map[string]bool

func (*EnforcerImpl) GetCacheDump 

func (e *EnforcerImpl) GetCacheDump() string

func (*EnforcerImpl) InvalidateCache 

func (e *EnforcerImpl) InvalidateCache(emailId string) bool

func (*EnforcerImpl) InvalidateCompleteCache 

func (e *EnforcerImpl) InvalidateCompleteCache()

func (*EnforcerImpl) ReloadPolicy 

func (e *EnforcerImpl) ReloadPolicy() error

func (*EnforcerImpl) VerifyTokenAndGetEmail 

func (e *EnforcerImpl) VerifyTokenAndGetEmail(tokenString string) (string, bool)

type Object 

type Object string

type Policy 

type Policy struct {
	Type PolicyType `json:"type"`
	Sub  Subject    `json:"sub"`
	Res  Resource   `json:"res"`
	Act  Action     `json:"act"`
	Obj  Object     `json:"obj"`
}

func AddPolicy 

func AddPolicy(policies []Policy) []Policy

func RemovePolicy 

func RemovePolicy(policies []Policy) []Policy

type PolicyType 

type PolicyType string

type Resource 

type Resource string

type Subject 

type Subject string

type Version added in v0.7.1 

type Version string
const (
	CasbinV1 Version = "V1"
	CasbinV2 Version = "V2"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.