util

package
v1.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 9, 2021 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 8 more Imports: 36 Imported by: 20

Documentation

Index

Constants

View Source 
const (
	DefaultDomain = "*"
	DefaultAll    = "*"

	// GRule represents user groups to which users belongs or the associated Policies
	GRule = "g"
	// PRule represents RBAC rules
	PRule = "p"

	// PRuleFieldNumber represents the maximum number of valid value fields in the Rule object: V0, V1, V2, V3, V4
	PRuleFieldNumber = 5
	// GRuleFieldNumber represents the maximum number of valid value fields in the Rule object: V0, V1, V2
	GRuleFieldNumber = 3
)
View Source 
const (
	PolicyTag   = "policy"
	PoliciesKey = "policies"

	PlatformPolicyPattern      = "pol-%s-platform"
	AdministratorPolicyPattern = "pol-%s-administrator"
)
View Source 
const GroupName = "auth.tkestack.io"

GroupName is the group name use in this package.

Variables

View Source 
var (
	DefaultAPISigningKey = "default-api-signing-key"
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}

SchemeGroupVersion is group version used to register these objects

Functions

func BcryptPassword 

func BcryptPassword(password string) (string, error)

BcryptPassword decodes base64 string and bcrypts password.

func BindGroupPolicies added in v1.3.1 

func BindGroupPolicies(ctx context.Context, authClient authinternalclient.AuthInterface, group *auth.LocalGroup, policies []string) error

func BindUserPolicies added in v1.3.1 

func BindUserPolicies(ctx context.Context, authClient authinternalclient.AuthInterface, localIdentity *auth.LocalIdentity, policies []string) error

func CaseInsensitiveContains 

func CaseInsensitiveContains(s, substr string) bool

CaseInsensitiveContains ignores case when check a string contains the sub string.

func ChartDeletePolicyID added in v1.4.0 

func ChartDeletePolicyID(tenantID string) string

func ChartFullPolicyID added in v1.4.0 

func ChartFullPolicyID(tenantID string) string

func ChartGroupFullPolicyID added in v1.4.0 

func ChartGroupFullPolicyID(tenantID string) string

func ChartGroupPolicyResources added in v1.4.0 

func ChartGroupPolicyResources(cg string) []string

func ChartGroupPullPolicyID added in v1.4.0 

func ChartGroupPullPolicyID(tenantID string) string

func ChartPolicyResources added in v1.4.0 

func ChartPolicyResources(registryNamespace string) []string

func ChartPullPolicyID added in v1.4.0 

func ChartPullPolicyID(tenantID string) string

func ChartPushPolicyID added in v1.4.0 

func ChartPushPolicyID(tenantID string) string

func CombineTenantAndName 

func CombineTenantAndName(tenantID, name string) string

func ConvertPolicyToRuleArray 

func ConvertPolicyToRuleArray(policy *auth.Policy) [][]string

func ConvertPolicyToRuleArrayUsingRuleName added in v1.4.0 

func ConvertPolicyToRuleArrayUsingRuleName(roleName string, policy *auth.Policy) [][]string

func ConvertRule 

func ConvertRule(ptype string, line []string) (rule authv1.Rule)

func FillGroupPolicies added in v1.3.1 

func FillGroupPolicies(ctx context.Context, authClient authinternalclient.AuthInterface, enforcer *casbin.SyncedEnforcer, groupList *auth.LocalGroupList)

func FillUserPolicies added in v1.3.1 

func FillUserPolicies(ctx context.Context, authClient authinternalclient.AuthInterface, enforcer *casbin.SyncedEnforcer,
	localidentityList *auth.LocalIdentityList)

func FilterAPIKey 

func FilterAPIKey(ctx context.Context, apiKey *auth.APIKey) error

FilterAPIKey is used to filter apiKey that do not belong to the tenant.

func FilterCustomPolicyBinding added in v1.4.0 

func FilterCustomPolicyBinding(ctx context.Context, binding *auth.CustomPolicyBinding) error

FilterCustomPolicyBinding is used to filter policy that do not belong to the tenant.

func FilterGroup 

func FilterGroup(ctx context.Context, group *auth.LocalGroup) error

FilterGroup is used to filter group that do not belong to the tenant.

func FilterLocalIdentity 

func FilterLocalIdentity(ctx context.Context, localIdentity *auth.LocalIdentity) error

FilterLocalIdentity is used to filter localIdentity that do not belong to the tenant.

func FilterPolicy 

func FilterPolicy(ctx context.Context, policy *auth.Policy) error

FilterPolicy is used to filter policy that do not belong to the tenant.

func FilterProjectPolicy added in v1.3.1 

func FilterProjectPolicy(ctx context.Context, binding *auth.ProjectPolicyBinding) error

FilterPolicy is used to filter policy that do not belong to the tenant.

func FilterRole 

func FilterRole(ctx context.Context, role *auth.Role) error

FilterRole is used to filter role that do not belong to the tenant.

func GetGroupsForUser 

func GetGroupsForUser(ctx context.Context, authClient authinternalclient.AuthInterface, userID string) (auth.LocalGroupList, error)

func GetLocalIdentity 

func GetLocalIdentity(ctx context.Context, authClient authinternalclient.AuthInterface, tenantID, username string) (auth.LocalIdentity, error)

func GetPoliciesFromGroupExtra added in v1.3.1 

func GetPoliciesFromGroupExtra(group *auth.LocalGroup) ([]string, bool)

func GetPoliciesFromUserExtra added in v1.3.1 

func GetPoliciesFromUserExtra(localIdentity *auth.LocalIdentity) ([]string, bool)

func GetUserByName added in v1.3.1 

func GetUserByName(ctx context.Context, authClient authinternalclient.AuthInterface, tenantID, username string) (auth.User, error)

func GroupKey 

func GroupKey(tenantID string, name string) string

func GroupPrefix 

func GroupPrefix(tenantID string) string

func GroupResource 

func GroupResource(resource string) schema.GroupResource

GroupResource is group resource useed to register these objects

func HandleGroupPoliciesUpdate added in v1.3.1 

func HandleGroupPoliciesUpdate(ctx context.Context, authClient authinternalclient.AuthInterface, enforcer *casbin.SyncedEnforcer, group *auth.LocalGroup) error

func HandleUserPoliciesUpdate added in v1.3.1 

func HandleUserPoliciesUpdate(ctx context.Context, authClient authinternalclient.AuthInterface, enforcer *casbin.SyncedEnforcer, localIdentity *auth.LocalIdentity) error

func InSubjects 

func InSubjects(subject auth.Subject, slice []auth.Subject) bool

func InSubjectsWithIDOrName added in v1.3.1 

func InSubjectsWithIDOrName(subject auth.Subject, slice []auth.Subject) bool

func InterceptParam added in v1.3.1 

func InterceptParam(options *metainternal.ListOptions, key string) string

func IsPlatformAdmin added in v1.6.0 

func IsPlatformAdmin(ctx context.Context, username string, tenantID string, authClient authinternalclient.AuthInterface,
	enforcer *casbin.SyncedEnforcer) (bool, error)

func IsPlatformAdministrator added in v1.3.1 

func IsPlatformAdministrator(user authv1.User) bool

func NewRoleManager added in v1.3.1 

func NewRoleManager(maxHierarchyLevel int) rbac.RoleManager

NewRoleManager is the constructor for creating an instance of the default RoleManager implementation.

func ParseQueryKeywordAndLimit 

func ParseQueryKeywordAndLimit(options *metainternal.ListOptions) (string, int)

func ParseTenantAndName 

func ParseTenantAndName(str string) (string, string)

func PredicateProjectIDListOptions added in v1.3.1 

func PredicateProjectIDListOptions(ctx context.Context, options *metainternal.ListOptions) *metainternal.ListOptions

PredicateProjectIDListOptions determines the query options according to the project attribute of the request user.

func PredicateProjectListOptions added in v1.3.1 

func PredicateProjectListOptions(ctx context.Context, options *metainternal.ListOptions) *metainternal.ListOptions

PredicateProjectListOptions determines the query options according to the project attribute of the request user.

func PredicateUserNameListOptions added in v1.2.5 

func PredicateUserNameListOptions(ctx context.Context, options *metainternal.ListOptions) *metainternal.ListOptions

PredicateUserNameListOptions determines the query options according to the username attribute of the request user.

func PredicateV1ListOptions added in v1.3.1 

func PredicateV1ListOptions(tenantID string, options *metainternal.ListOptions) *metav1.ListOptions

PredicateV1ListOptions determines the query options according to the tenant attribute of the request user.

func ProjectMemberPolicyID added in v1.3.1 

func ProjectMemberPolicyID(tenantID string) string

func ProjectOwnerPolicyID added in v1.3.1 

func ProjectOwnerPolicyID(tenantID string) string

func ProjectPolicyName added in v1.3.1 

func ProjectPolicyName(projectID string, policyID string) string

func ProjectViewerPolicyID added in v1.3.1 

func ProjectViewerPolicyID(tenantID string) string

func RemoveDuplicateSubjects 

func RemoveDuplicateSubjects(slice []auth.Subject) []auth.Subject

func RemoveDuplicateSubjectsByIDOrName added in v1.3.1 

func RemoveDuplicateSubjectsByIDOrName(slice []auth.Subject) []auth.Subject

func RoleKey added in v1.4.0 

func RoleKey(prefix string, name string) string

func RolePrefix added in v1.4.0 

func RolePrefix(prefix string) string

func SetAdministrator added in v1.3.1 

func SetAdministrator(enforcer *casbin.SyncedEnforcer, localIdentity *auth.LocalIdentity, idp *auth.IdentityProvider)

func UnBindGroupPolicies added in v1.3.1 

func UnBindGroupPolicies(ctx context.Context, authClient authinternalclient.AuthInterface, group *auth.LocalGroup, policies []string) error

func UnBindUserPolicies added in v1.3.1 

func UnBindUserPolicies(ctx context.Context, authClient authinternalclient.AuthInterface, localIdentity *auth.LocalIdentity, policies []string) error

func UserKey 

func UserKey(tenantID string, name string) string

func UserPrefix 

func UserPrefix(tenantID string) string

func VerifyDecodedPassword 

func VerifyDecodedPassword(decodedPasswd string, bcryptedPasswd string) error

VerifyDecodedPassword verifies password.

Types

type APIClaims 

type APIClaims struct {
	*jwt.StandardClaims
	*KeyData
}

APIClaims is the claims section of jwt token.

type KeyData 

type KeyData struct {
	UserName string `json:"usr,omitempty"`
	TenantID string `json:"ted,omitempty"`
}

KeyData contains the necessary info of api key validated.

type KeySigner 

type KeySigner interface {
	Generate(ctx context.Context, username string, tenantID string, expire time.Duration) (*auth.APIKey, error)
	Verify(ctx context.Context, apiKey string) (*APIClaims, error)
}

KeySigner is a interface used to generate api key for a user

func NewGenericKeySigner 

func NewGenericKeySigner(authclient authinternalclient.AuthInterface) KeySigner

NewGenericKeySigner creates a generic key signer instance.

type MatchingFunc added in v1.3.1 

type MatchingFunc func(arg1, arg2 string) bool

type RestAdapter 

type RestAdapter struct {
	// contains filtered or unexported fields
}

RestAdapter is the policy storage adapter for Casbin. With this library, Casbin can load policy from kubernetes rest storage and save policy to it. Rest adapter support the Auto-Save feature for Casbin policy. This means it can support adding a single policy rule to the storage, or removing a single policy rule from the storage.

func NewAdapter 

func NewAdapter(ruleClient authv1client.RuleInterface, ruleLister authv1lister.RuleLister) *RestAdapter

NewAdapter creates a new adaptor instance.

func (*RestAdapter) AddPolicy 

func (a *RestAdapter) AddPolicy(sec string, ptype string, line []string) error

AddPolicy adds a policy rule to the storage. Part of the Auto-Save feature.

func (*RestAdapter) LoadPolicy 

func (a *RestAdapter) LoadPolicy(model model.Model) error

LoadPolicy loads all of policys from backend

func (*RestAdapter) RemoveFilteredPolicy 

func (a *RestAdapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) error

RemoveFilteredPolicy removes policy rules that match the filter from the storage. Part of the Auto-Save feature.

func (*RestAdapter) RemovePolicy 

func (a *RestAdapter) RemovePolicy(sec string, ptype string, line []string) error

RemovePolicy removes a policy rule from the storage. Part of the Auto-Save feature.

func (*RestAdapter) SavePolicy 

func (a *RestAdapter) SavePolicy(model model.Model) error

SavePolicy will rewrite all of policies in ETCD with the current data in Casbin

type Role added in v1.3.1 

type Role struct {
	// contains filtered or unexported fields
}

Role represents the data structure for a role in RBAC.

type RoleManager added in v1.3.1 

type RoleManager struct {
	// contains filtered or unexported fields
}

RoleManager provides a default implementation for the RoleManager interface 

func (rm *RoleManager) AddLink(name1 string, name2 string, domain ...string) error

AddLink adds the inheritance link between role: name1 and role: name2. aka role: name1 inherits role: name2. domain is a prefix to the roles.

func (*RoleManager) AddMatchingFunc added in v1.3.1 

func (rm *RoleManager) AddMatchingFunc(matchingFunc MatchingFunc)

AddMatchingFunc - e.BuildRoleLinks must be called after AddMatchingFunc().

func (*RoleManager) Clear added in v1.3.1 

func (rm *RoleManager) Clear() error

Clear clears all stored data and resets the role manager to the initial state. 

func (rm *RoleManager) DeleteLink(name1 string, name2 string, domain ...string) error

DeleteLink deletes the inheritance link between role: name1 and role: name2. aka role: name1 does not inherit role: name2 any more. domain is a prefix to the roles.

func (*RoleManager) GetRoles added in v1.3.1 

func (rm *RoleManager) GetRoles(name string, domain ...string) ([]string, error)

GetRoles gets the roles that a subject inherits. domain is a prefix to the roles.

func (*RoleManager) GetUsers added in v1.3.1 

func (rm *RoleManager) GetUsers(name string, domain ...string) ([]string, error)

GetUsers gets the users that inherits a subject. domain is an unreferenced parameter here, may be used in other implementations. 

func (rm *RoleManager) HasLink(name1 string, name2 string, domain ...string) (bool, error)

HasLink determines whether role: name1 inherits role: name2. domain is a prefix to the roles.

func (*RoleManager) PrintRoles added in v1.3.1 

func (rm *RoleManager) PrintRoles() error

PrintRoles prints all the roles to log.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.