rbac

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 13, 2019 License: GPL-3.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GroupsFromToken

func GroupsFromToken(token *jwt.Token) (groups []string)

GroupsFromToken returns the groups claimed by the token

func Match

func Match(role string, user *User) bool

func MatchRequest

func MatchRequest(role string, req *http.Request) (authn, authz bool)

func SetDefaults

func SetDefaults(iface Interface, validationCrt []byte)

SetDefaults sets everything up for default matchers.

Types

type Config

type Config struct {
	// Roles every user has.
	Base []string

	// Rules to determine a user's roles.
	Rules []Rule
}

Config is a simple RBAC configuration.

func FromBytes

func FromBytes(ba []byte) (config *Config, err error)

func FromFile

func FromFile(path string) (config *Config, err error)

func (*Config) Match

func (c *Config) Match(role string, user *User) bool

func (*Config) MatchRequest

func (c *Config) MatchRequest(role string, req *http.Request, validationCrt []byte) (authn, authz bool)

func (*Config) RolesOf

func (c *Config) RolesOf(user *User) (roles []string)

type Interface

type Interface interface {
	Match(role string, user *User) bool
	MatchRequest(role string, req *http.Request, validationCrt []byte) (authn, authz bool)
}

Interface of an RBAC backend

var (
	// Default interface used for default matchers.
	Default Interface

	// DefaultValidationCertificate used for default matchers.
	DefaultValidationCertificate []byte
)

type Rule

type Rule struct {
	Role   string
	Users  []string
	Groups []string
}

Rule is a simple RBAC rule to match a role

func (Rule) Match

func (r Rule) Match(user *User) bool

type User

type User struct {
	Name   string
	Groups []string
}

User describes a user for the simple RBAC backend

func UserFromRequest

func UserFromRequest(req *http.Request, validationCrt []byte) (u *User)

UserFromRequest returns a User object from the given request or `nil` if the token is not found or invalid.

func UserFromToken

func UserFromToken(token *jwt.Token) (u *User)

UserFromToken returns a User object from the given token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL