rbac

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Package rbac provides RBAC middleware utilies for the Everest API server.

Index

Constants

View Source 
const (
	ResourceBackupStorages             = "backup-storages"
	ResourceDatabaseClusters           = "database-clusters"
	ResourceDatabaseClusterBackups     = "database-cluster-backups"
	ResourceDatabaseClusterCredentials = "database-cluster-credentials"
	ResourceDatabaseClusterRestores    = "database-cluster-restores"
	ResourceDatabaseEngines            = "database-engines"
	ResourceMonitoringInstances        = "monitoring-instances"
	ResourceNamespaces                 = "namespaces"
)

Everest API resource names.

View Source 
const (
	ActionCreate = "create"
	ActionRead   = "read"
	ActionUpdate = "update"
	ActionDelete = "delete"
)

RBAC actions.

Variables

This section is empty.

Functions

func Can 

func Can(ctx context.Context, filePath string, k *kubernetes.Kubernetes, req ...string) (bool, error)

Can checks if a user is allowed to perform an action on a resource. Input request should be of the form [user action resource object].

func GetUser 

func GetUser(c echo.Context) (string, error)

GetUser extracts the user from the JWT token in the context.

func IsEnabled added in v1.2.0 

func IsEnabled(cm *corev1.ConfigMap) bool

IsEnabled returns true if enabled == 'true' in the given ConfigMap.

func NewEnforceHandler 

func NewEnforceHandler(l *zap.SugaredLogger, basePath string, enforcer *casbin.Enforcer) func(c echo.Context, user string) (bool, error)

NewEnforceHandler returns a function that checks if a user is allowed to access a resource.

func NewEnforcer 

func NewEnforcer(ctx context.Context, kubeClient *kubernetes.Kubernetes, l *zap.SugaredLogger) (*casbin.Enforcer, error)

NewEnforcer creates a new Casbin enforcer with the RBAC model and ConfigMap adapter.

func NewEnforcerFromFilePath 

func NewEnforcerFromFilePath(filePath string) (*casbin.Enforcer, error)

NewEnforcerFromFilePath creates a new Casbin enforcer with the policy stored at the given filePath.

func NewSkipper 

func NewSkipper(basePath string) (func(echo.Context) bool, error)

NewSkipper returns a new function that checks if a given request should be skipped from RBAC checks.

func ObjectName added in v1.2.0 

func ObjectName(args ...string) string

ObjectName returns the a string that represents the name of an object in RBAC format.

func ValidatePolicy 

func ValidatePolicy(
	ctx context.Context,
	k *kubernetes.Kubernetes,
	filepath string,
) error

ValidatePolicy validates a policy from either Kubernetes or local file.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
Package configmapadapter provides a Casbin adapter that uses a Kubernetes ConfigMap as the storage.
 Package configmapadapter provides a Casbin adapter that uses a Kubernetes ConfigMap as the storage.
Package fileadapter provides a file adapter for Casbin.
 Package fileadapter provides a file adapter for Casbin.
Package utils contains utility functions for RBAC.
 Package utils contains utility functions for RBAC.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.