rbac

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 7, 2025 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Package rbac provides RBAC middleware utilies for the Everest API server.

Index

Constants

View Source
const (
	ResourceBackupStorages             = "backup-storages"
	ResourceDatabaseClusters           = "database-clusters"
	ResourceDatabaseClusterBackups     = "database-cluster-backups"
	ResourceDatabaseClusterCredentials = "database-cluster-credentials"
	ResourceDatabaseClusterRestores    = "database-cluster-restores"
	ResourceDatabaseEngines            = "database-engines"
	ResourceMonitoringInstances        = "monitoring-instances"
	ResourceNamespaces                 = "namespaces"
)

Everest API resource names.

View Source
const (
	ActionCreate = "create"
	ActionRead   = "read"
	ActionUpdate = "update"
	ActionDelete = "delete"
)

RBAC actions.

Variables

This section is empty.

Functions

func Can

func Can(ctx context.Context, filePath string, k *kubernetes.Kubernetes, req ...string) (bool, error)

Can checks if a user is allowed to perform an action on a resource. Input request should be of the form [user action resource object].

func GetUser

func GetUser(c echo.Context) (string, error)

GetUser extracts the user from the JWT token in the context.

func IsEnabled added in v1.2.0

func IsEnabled(cm *corev1.ConfigMap) bool

IsEnabled returns true if enabled == 'true' in the given ConfigMap.

func NewEnforceHandler

func NewEnforceHandler(l *zap.SugaredLogger, basePath string, enforcer *casbin.Enforcer) func(c echo.Context, user string) (bool, error)

NewEnforceHandler returns a function that checks if a user is allowed to access a resource.

func NewEnforcer

func NewEnforcer(ctx context.Context, kubeClient *kubernetes.Kubernetes, l *zap.SugaredLogger) (*casbin.Enforcer, error)

NewEnforcer creates a new Casbin enforcer with the RBAC model and ConfigMap adapter.

func NewEnforcerFromFilePath

func NewEnforcerFromFilePath(filePath string) (*casbin.Enforcer, error)

NewEnforcerFromFilePath creates a new Casbin enforcer with the policy stored at the given filePath.

func NewSkipper

func NewSkipper(basePath string) (func(echo.Context) bool, error)

NewSkipper returns a new function that checks if a given request should be skipped from RBAC checks.

func ObjectName added in v1.2.0

func ObjectName(args ...string) string

ObjectName returns the a string that represents the name of an object in RBAC format.

func ValidatePolicy

func ValidatePolicy(
	ctx context.Context,
	k *kubernetes.Kubernetes,
	filepath string,
) error

ValidatePolicy validates a policy from either Kubernetes or local file.

Types

This section is empty.

Directories

Path Synopsis
Package configmapadapter provides a Casbin adapter that uses a Kubernetes ConfigMap as the storage.
Package configmapadapter provides a Casbin adapter that uses a Kubernetes ConfigMap as the storage.
Package fileadapter provides a file adapter for Casbin.
Package fileadapter provides a file adapter for Casbin.
Package utils contains utility functions for RBAC.
Package utils contains utility functions for RBAC.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL