README
¶
Casbin
casbin - enables Casbin to be used as a CoreDNS firewall policy engine.
Syntax
opa ENGINE-NAME {
model /path/to/model
policy /path/to/policy
}
-
ENGINE-NAME is the name of the policy engine, used by the firewall plugin to uniquely identify the instance. Each instance of opa in the Corefile must have a unique ENGINE-NAME.
-
model & policy are concepts in casbin. More details, please refer to casbin
Firewall Policy Engine
This plugin is not a standalone plugin. It must be used in conjunction with the firewall plugin to function. For this plugin to be active, the firewall plugin must reference it in a rule. See the "Policy Engine Plugins" section of the firewall plugin README for more information.
Examples
Point to a local OPA instance using a rule named action in the dns
package.
. {
casbin myengine {
model ./examples/model.conf
policy ./examples/policy.csv
}
firewall query {
casbin myengine
}
}
model:
[request_definition]
r = client_ip, name
[policy_definition]
p = client_ip, name, action
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.client_ip == p.client_ip && r.name == p.name
policy:
p, 10.240.0.1, example.org., allow
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.