Documentation
¶
Index ¶
- Constants
- func Create() *casbin.Enforcer
- func DeleteRoleForUser(user string, role string) bool
- func GetAllSubjects() []string
- func GetRolesForUser(user string) ([]string, error)
- func GetUserByRole(role string) ([]string, error)
- func LoadPolicy()
- func MatchKeyByPart(key1 string, key2 string) bool
- func MatchKeyByPartFunc(args ...interface{}) (interface{}, error)
- func RemovePoliciesByRoles(roles string) bool
- type Action
- type Enforcer
- type EnforcerImpl
- type Object
- type Policy
- type PolicyType
- type Resource
- type Subject
Constants ¶
const ( ResourceCluster = "cluster" ResourceGlobalEnvironment = "global-environment" ResourceEnvironment = "environment" ResourceGit = "git" ResourceDocker = "docker" ResourceMigrate = "migrate" ResourceUser = "user" ResourceNotification = "notification" ResourceTemplate = "template" ResourceTerminal = "terminal" ResourceProjects = "projects" ResourceApplications = "applications" ResourceDockerAuto = "docker-auto" ResourceGitAuto = "git-auto" ResourceAutocomplete = "autocomplete" ResourceChartGroup = "chart-group" ResourceTeam = "team" ResourceAdmin = "admin" ResourceGlobal = "global-resource" ResourceHelmApp = "helm-app" ActionGet = "get" ActionCreate = "create" ActionUpdate = "update" ActionDelete = "delete" ActionSync = "sync" ActionTrigger = "trigger" ActionNotify = "notify" ActionExec = "exec" )
Variables ¶
This section is empty.
Functions ¶
func DeleteRoleForUser ¶
func GetAllSubjects ¶
func GetAllSubjects() []string
func GetRolesForUser ¶
func GetUserByRole ¶
func LoadPolicy ¶
func LoadPolicy()
func MatchKeyByPart ¶
MatchKeyByPart checks whether values in key1 matches all values of key2(values are obtained by splitting key by "/") For example - key1 = "a/b/c" matches key2 = "a/*/c" but not matches for key2 = "a/*/d"
func MatchKeyByPartFunc ¶
func MatchKeyByPartFunc(args ...interface{}) (interface{}, error)
MatchKeyByPartFunc is the wrapper of our own customised MatchKeyByPart Func
func RemovePoliciesByRoles ¶
Types ¶
type EnforcerImpl ¶
type EnforcerImpl struct {
*casbin.Enforcer
*middleware.SessionManager
// contains filtered or unexported fields
}
Enforcer is a wrapper around an Casbin enforcer that: * is backed by a kubernetes config map * has a predefined RBAC model * supports a built-in policy * supports a user-defined bolicy * supports a custom JWT claims enforce function
func NewEnforcerImpl ¶
func NewEnforcerImpl( enforcer *casbin.Enforcer, sessionManager *middleware.SessionManager, logger *zap.SugaredLogger) *EnforcerImpl
func (*EnforcerImpl) Enforce ¶
func (e *EnforcerImpl) Enforce(rvals ...interface{}) bool
Enforce is a wrapper around casbin.Enforce to additionally enforce a default role and a custom claims function
func (*EnforcerImpl) EnforceByEmail ¶
func (e *EnforcerImpl) EnforceByEmail(rvals ...interface{}) bool
func (*EnforcerImpl) EnforceErr ¶
func (e *EnforcerImpl) EnforceErr(rvals ...interface{}) error
EnforceErr is a convenience helper to wrap a failed enforcement with a detailed error about the request
type Policy ¶
type Policy struct {
Type PolicyType `json:"type"`
Sub Subject `json:"sub"`
Res Resource `json:"res"`
Act Action `json:"act"`
Obj Object `json:"obj"`
}
func RemovePolicy ¶
type PolicyType ¶
type PolicyType string
Source Files