rbac

package
v0.0.0-...-1d39891 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 12, 2020 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddRoleForUser

func AddRoleForUser(user, role string) bool

AddRoleForUser registers a role for a user

func Enforce

func Enforce(sub, obj, act string) bool

Enforce decides whether a "subject" can access an "object" with the operation "action"

func GetUserRoles

func GetUserRoles(user string) []string

GetUserRoles returns the roles of a user

func Init

func Init(model model.Model, kapi etcd.KeysAPI, loadPolicy func(model.Model) error) error

Init loads the model from the configuration file then the policies. 3 policies are applied, in that order : - the policy uploaded in etcd and shared by all analyzers - a policy bundled into the binary - a policy specified in the configuration file

func NewEtcdWatcher

func NewEtcdWatcher(kapi etcd.KeysAPI) persist.Watcher

NewEtcdWatcher returns new etcd change watcher

Types

type EtcdAdapter

type EtcdAdapter struct {
	// contains filtered or unexported fields
}

EtcdAdapter represents the etcd adapter for policy persistence, can load policy from etcd or save policy to etcd.

func NewEtcdAdapter

func NewEtcdAdapter(kapi etcd.KeysAPI) (*EtcdAdapter, error)

NewEtcdAdapter is the constructor for EtcdAdapter.

func (*EtcdAdapter) AddPolicy

func (a *EtcdAdapter) AddPolicy(sec string, ptype string, rule []string) error

AddPolicy adds a policy rule to the storage.

func (*EtcdAdapter) LoadPolicy

func (a *EtcdAdapter) LoadPolicy(model model.Model) error

LoadPolicy loads policy from etcd.

func (*EtcdAdapter) RemoveFilteredPolicy

func (a *EtcdAdapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) error

RemoveFilteredPolicy removes policy rules that match the filter from the storage.

func (*EtcdAdapter) RemovePolicy

func (a *EtcdAdapter) RemovePolicy(sec string, ptype string, rule []string) error

RemovePolicy removes a policy rule from the storage.

func (*EtcdAdapter) SavePolicy

func (a *EtcdAdapter) SavePolicy(model model.Model) error

SavePolicy saves policy to etcd.

type EtcdWatcher

type EtcdWatcher struct {
	// contains filtered or unexported fields
}

EtcdWatcher listens for etcd events

func (*EtcdWatcher) SetUpdateCallback

func (w *EtcdWatcher) SetUpdateCallback(callback func(string)) error

SetUpdateCallback sets the callback function that the watcher will call when the policy in DB has been changed by other instances. A classic callback is Enforcer.LoadPolicy().

func (*EtcdWatcher) Update

func (w *EtcdWatcher) Update() error

Update calls the update callback of other instances to synchronize their policy. It is usually called after changing the policy in DB, like Enforcer.SavePolicy(), Enforcer.AddPolicy(), Enforcer.RemovePolicy(), etc.

type Permission

type Permission struct {
	Object  string
	Action  string
	Allowed bool
}

Permission defines a permission

func GetPermissionsForUser

func GetPermissionsForUser(user string) []Permission

GetPermissionsForUser returns all the allow and deny permissions for a user

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL