casbin

package
v0.0.0-...-19fb9ea Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 21, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ResourceCluster           = "cluster"
	ResourceGlobalEnvironment = "global-environment"
	ResourceEnvironment       = "environment"
	ResourceGit               = "git"
	ResourceDocker            = "docker"
	ResourceMigrate           = "migrate"
	ResourceUser              = "user"
	ResourceNotification      = "notification"
	ResourceTemplate          = "template"
	ResourceTerminal          = "terminal"

	ResourceProjects     = "projects"
	ResourceApplications = "applications"
	ResourceDockerAuto   = "docker-auto"
	ResourceGitAuto      = "git-auto"

	ResourceAutocomplete = "autocomplete"
	ResourceChartGroup   = "chart-group"

	ResourceTeam    = "team"
	ResourceAdmin   = "admin"
	ResourceGlobal  = "global-resource"
	ResourceHelmApp = "helm-app"
	ActionGet       = "get"
	ActionCreate    = "create"
	ActionUpdate    = "update"
	ActionDelete    = "delete"
	ActionSync      = "sync"
	ActionTrigger   = "trigger"
	ActionNotify    = "notify"
	ActionExec      = "exec"

	EnforcerBatchDefaultSize       = 1
	EnforcerCacheDefaultExpiration = time.Minute * 60
)

Variables

This section is empty.

Functions

func Create 

func Create() *casbin.Enforcer

func DeleteRoleForUser 

func DeleteRoleForUser(user string, role string) bool

func EnforceByEmailInBatchSync 

func EnforceByEmailInBatchSync(e *EnforcerImpl, wg *sync.WaitGroup, mutex *sync.RWMutex, result map[string]bool, metrics map[int]int64, index int, emailId string, resource string, action string, vals []string)

func GetAllSubjects 

func GetAllSubjects() []string

func GetRolesForUser 

func GetRolesForUser(user string) ([]string, error)

func GetUserByRole 

func GetUserByRole(role string) ([]string, error)

func LoadPolicy 

func LoadPolicy()

func MatchKeyByPart 

func MatchKeyByPart(key1 string, key2 string) bool

MatchKeyByPart checks whether values in key1 matches all values of key2(values are obtained by splitting key by "/") For example - key1 = "a/b/c" matches key2 = "a/*/c" but not matches for key2 = "a/*/d"

func MatchKeyByPartFunc 

func MatchKeyByPartFunc(args ...interface{}) (interface{}, error)

MatchKeyByPartFunc is the wrapper of our own customised MatchKeyByPart Func

func RemovePoliciesByRoles 

func RemovePoliciesByRoles(roles string) bool

Types

type Action 

type Action string

type Enforcer 

type Enforcer interface {
	Enforce(rvals ...interface{}) bool
	EnforceErr(rvals ...interface{}) error
	EnforceByEmail(rvals ...interface{}) bool
	EnforceByEmailInBatch(emailId string, resource string, action string, vals []string) map[string]bool
	InvalidateCache(emailId string) bool
	InvalidateCompleteCache()
}

type EnforcerImpl 

type EnforcerImpl struct {
	*cache.Cache
	*casbin.Enforcer
	*middleware.SessionManager
	// contains filtered or unexported fields
}

Enforcer is a wrapper around an Casbin enforcer that: * is backed by a kubernetes config map * has a predefined RBAC model * supports a built-in policy * supports a user-defined bolicy * supports a custom JWT claims enforce function

func NewEnforcerImpl 

func NewEnforcerImpl(
	enforcer *casbin.Enforcer,
	sessionManager *middleware.SessionManager,
	logger *zap.SugaredLogger) *EnforcerImpl

func (*EnforcerImpl) Enforce 

func (e *EnforcerImpl) Enforce(rvals ...interface{}) bool

Enforce is a wrapper around casbin.Enforce to additionally enforce a default role and a custom claims function

func (*EnforcerImpl) EnforceByEmail 

func (e *EnforcerImpl) EnforceByEmail(rvals ...interface{}) bool

func (*EnforcerImpl) EnforceByEmailInBatch 

func (e *EnforcerImpl) EnforceByEmailInBatch(emailId string, resource string, action string, vals []string) map[string]bool

func (*EnforcerImpl) EnforceErr 

func (e *EnforcerImpl) EnforceErr(rvals ...interface{}) error

EnforceErr is a convenience helper to wrap a failed enforcement with a detailed error about the request

func (*EnforcerImpl) InvalidateCache 

func (e *EnforcerImpl) InvalidateCache(emailId string) bool

func (*EnforcerImpl) InvalidateCompleteCache 

func (e *EnforcerImpl) InvalidateCompleteCache()

type Object 

type Object string

type Policy 

type Policy struct {
	Type PolicyType `json:"type"`
	Sub  Subject    `json:"sub"`
	Res  Resource   `json:"res"`
	Act  Action     `json:"act"`
	Obj  Object     `json:"obj"`
}

func AddPolicy 

func AddPolicy(policies []Policy) []Policy

func RemovePolicy 

func RemovePolicy(policies []Policy) []Policy

type PolicyType 

type PolicyType string

type Resource 

type Resource string

type Subject 

type Subject string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.