rbacutils

package
v0.3.9-5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2022 License: Apache-2.0 Imports: 12 Imported by: 48

Documentation

Index

Constants

View Source 
const (
	ActionList    = "list"
	ActionGet     = "get"
	ActionUpdate  = "update"
	ActionCreate  = "create"
	ActionDelete  = "delete"
	ActionPerform = "perform"

	ActionPatch = "patch"
)
View Source 
const (
	WILD_MATCH = "*"

	Allow = TRbacResult("allow")
	Deny  = TRbacResult("deny")

	AdminAllow = TRbacResult("admin") // deprecated
	OwnerAllow = TRbacResult("owner") // deprecated
	UserAllow  = TRbacResult("user")  // deprecated
	GuestAllow = TRbacResult("guest") // deprecated

	ScopeSystem  = TRbacScope("system")
	ScopeDomain  = TRbacScope("domain")
	ScopeProject = TRbacScope("project")
	// ScopeObject  = "object"
	ScopeUser = TRbacScope("user")
	ScopeNone = TRbacScope("none")
)
View Source 
const (
	DomainTagsKey  = "__domain_tags__"
	ProjectTagsKey = "__project_tags__"
	ObjectTagsKey  = "__object_tags__"
)
View Source 
const (
	FAKE_TOKEN = "fake_token"
)
View Source 
const (
	IP_PREFIX_SEP = ","
)

Variables

View Source 
var (
	AllActions = []string{
		ActionList,
		ActionGet,
		ActionUpdate,
		ActionCreate,
		ActionDelete,
		ActionPerform,
	}

	AllSortedActions = stringutils2.NewSortedStrings(AllActions)
)
View Source 
var (
	ErrEmptyPolicy = errors.New("empty policy")

	ErrUnsuportRuleData = errors.New("unsupport rule data")

	ErrConflict = errors.New("conflict?")

	ErrInvalidRules = errors.New("invalid rules")
)
View Source 
var (
	PolicyDeny = SPolicyResult{
		Result: Deny,
	}
	PolicyAllow = SPolicyResult{
		Result: Allow,
	}
)
View Source 
var (
	ShowMatchRuleDebug = false
)

Functions

func MatchIPStrings 

func MatchIPStrings(prefstr string, ipstr string) bool

Types

type IRbacIdentity 

type IRbacIdentity interface {
	GetProjectId() string
	GetRoleIds() []string
	GetLoginIp() string
	GetTokenString() string
}

func NewRbacIdentity 

func NewRbacIdentity(projectId string, roleIds []string, ip string) IRbacIdentity

type IRbacIdentity2 

type IRbacIdentity2 interface {
	GetProjectDomainId() string
	GetProjectName() string
	GetRoles() []string
	GetLoginIp() string
	GetTokenString() string
}

type SPolicy 

type SPolicy struct {
	// policy rules
	Rules TPolicy
	// tags for domains
	DomainTags tagutils.TTagSet
	// tags for projects
	ProjectTags tagutils.TTagSet
	// tags for resources
	ObjectTags tagutils.TTagSet
}

func DecodePolicy 

func DecodePolicy(policyJson jsonutils.JSONObject) (*SPolicy, error)

func DecodePolicyData 

func DecodePolicyData(domainTags, projectTags, objectTags tagutils.TTagSet, input jsonutils.JSONObject) (*SPolicy, error)

func (SPolicy) Contains 

func (policy1 SPolicy) Contains(policy2 SPolicy) bool

policy1 contains policy2 means

  1. any action allow in policy2 is allowed in policy1
  2. policy tags of policy1 contains of policy tags of policy2

func (SPolicy) Encode 

func (policy SPolicy) Encode() jsonutils.JSONObject

func (SPolicy) GetMatchRule 

func (policy SPolicy) GetMatchRule(service string, resource string, action string, extra ...string) *SPolicyMatch

type SPolicyMatch 

type SPolicyMatch struct {
	Rule        SRbacRule
	DomainTags  tagutils.TTagSet
	ProjectTags tagutils.TTagSet
	ObjectTags  tagutils.TTagSet
}

type SPolicyResult 

type SPolicyResult struct {
	Result      TRbacResult
	DomainTags  tagutils.TTagSetList
	ProjectTags tagutils.TTagSetList
	ObjectTags  tagutils.TTagSetList
}

func (SPolicyResult) Json 

func (result SPolicyResult) Json() jsonutils.JSONObject

func (SPolicyResult) String 

func (result SPolicyResult) String() string

type SRbacPolicy 

type SRbacPolicy struct {
	// condition, when the policy takes effects
	// Deprecated
	Condition string

	DomainId string

	IsPublic bool

	PublicScope TRbacScope

	SharedDomainIds []string

	Projects []string

	Roles []string

	Ips []netutils.IPV4Prefix

	Auth bool // whether needs authentication

	// scope, the scope of the policy, system/domain/project
	Scope TRbacScope
	// Deprecated
	// is_admin=true means scope=system, is_admin=false means scope=project
	IsAdmin bool

	Rules TPolicy
}

func (*SRbacPolicy) Decode 

func (policy *SRbacPolicy) Decode(policyJson jsonutils.JSONObject) error

Deprecated

func (*SRbacPolicy) Encode 

func (policy *SRbacPolicy) Encode() jsonutils.JSONObject

func (*SRbacPolicy) IsSystemWidePolicy 

func (policy *SRbacPolicy) IsSystemWidePolicy() bool

func (*SRbacPolicy) Match 

func (policy *SRbacPolicy) Match(userCred IRbacIdentity2) (bool, int)

check whether policy maches a userCred return value bool isMatched int match weight, the higher the value, the more exact the match the more exact match wins

func (*SRbacPolicy) MatchDomain 

func (policy *SRbacPolicy) MatchDomain(domainId string) bool

func (*SRbacPolicy) MatchProject 

func (policy *SRbacPolicy) MatchProject(projectName string) bool

func (*SRbacPolicy) MatchRoles 

func (policy *SRbacPolicy) MatchRoles(roleNames []string) bool

type SRbacRule 

type SRbacRule struct {
	Service  string
	Resource string
	Action   string
	Extra    []string
	Result   TRbacResult
}

func GetMatchRule 

func GetMatchRule(rules []SRbacRule, service string, resource string, action string, extra ...string) *SRbacRule

type TPolicy 

type TPolicy []SRbacRule

func DecodeRawPolicyData 

func DecodeRawPolicyData(input jsonutils.JSONObject) (TPolicy, error)

func (TPolicy) Contains 

func (policy1 TPolicy) Contains(policy2 TPolicy) bool

Contains of TPolicy 

TPolicy p1 contains p2 means any action allowed by p2 is also allowed by p1
and any action denied by p1 is also denied by p2

func (TPolicy) EncodeRawData 

func (policy TPolicy) EncodeRawData() jsonutils.JSONObject

func (TPolicy) Explain 

func (policy TPolicy) Explain(request [][]string) [][]string

func (TPolicy) GetMatchRule 

func (policy TPolicy) GetMatchRule(service string, resource string, action string, extra ...string) *SRbacRule

type TPolicyGroup 

type TPolicyGroup map[TRbacScope]TPolicySet

func DecodePolicyGroup 

func DecodePolicyGroup(json jsonutils.JSONObject) (TPolicyGroup, error)

func (TPolicyGroup) Encode 

func (sets TPolicyGroup) Encode() jsonutils.JSONObject

func (TPolicyGroup) HighestScope 

func (sets TPolicyGroup) HighestScope() TRbacScope

type TPolicyMatches 

type TPolicyMatches []SPolicyMatch

func (TPolicyMatches) GetResult 

func (matches TPolicyMatches) GetResult() SPolicyResult

type TPolicySet 

type TPolicySet []SPolicy

func DecodePolicySet 

func DecodePolicySet(jsonObj jsonutils.JSONObject) (TPolicySet, error)

func (TPolicySet) Contains 

func (policies1 TPolicySet) Contains(policies2 TPolicySet) bool

Contains of TPolicySet 

TPolicySet ps1 contains ps2 means any member of ps2 is contained by one of the members of ps1

func (TPolicySet) Encode 

func (policies TPolicySet) Encode() jsonutils.JSONObject

func (TPolicySet) GetMatchRules 

func (policies TPolicySet) GetMatchRules(service string, resource string, action string, extra ...string) []SPolicyMatch

type TRbacResult 

type TRbacResult string

func (TRbacResult) IsAllow 

func (r TRbacResult) IsAllow() bool

func (TRbacResult) IsDeny 

func (r TRbacResult) IsDeny() bool

func (TRbacResult) LooserThan 

func (r1 TRbacResult) LooserThan(r2 TRbacResult) bool

func (TRbacResult) StricterThan 

func (r1 TRbacResult) StricterThan(r2 TRbacResult) bool

func (TRbacResult) Strictness 

func (r TRbacResult) Strictness() int

type TRbacScope 

type TRbacScope string

func String2Scope 

func String2Scope(str string) TRbacScope

func String2ScopeDefault 

func String2ScopeDefault(str string, defScope TRbacScope) TRbacScope

func (TRbacScope) HigherEqual 

func (s1 TRbacScope) HigherEqual(s2 TRbacScope) bool

func (TRbacScope) HigherThan 

func (s1 TRbacScope) HigherThan(s2 TRbacScope) bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.