rbac

package
v1.4.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2021 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MaxAttempts = 2

	BlockInterval = 1 * time.Hour
)
View Source 
const (
	RootName     = "root"
	InitPassword = "SC_INIT_ROOT_PASSWORD"
	PubFilePath  = "rbac_rsa_public_key_file"
)
View Source 
const (
	ResourceAccount = "account"
)

Variables

View Source 
var (
	ErrEmptyCurrentPassword = errors.New("current password should not be empty")
	ErrNoPermChangeAccount  = errors.New("can not change other account password")
	ErrWrongPassword        = errors.New("current pwd is wrong")
	ErrSamePassword         = errors.New("the password can not be same as old one")
	ErrEmptyPassword        = errors.New("empty password")
)
View Source 
var BanTime = 1 * time.Hour
View Source 
var ErrUnauthorized = errors.New("wrong user name or password")

Functions

func Allow 

func Allow(ctx context.Context, role, project, resource, verbs string) (bool, error)

func ChangePassword 

func ChangePassword(ctx context.Context, changerRole, changerName string, a *rbacframe.Account) error

func CountFailure 

func CountFailure(key string)

CountFailure can cause a client banned it use time/rate to allow certainty failure, but will ban client if rate limiter can not accept failures

func Enabled 

func Enabled() bool

func GetPrivateKey 

func GetPrivateKey() (*rsa.PrivateKey, error)

GetPrivateKey return rsa key instance

func Init 

func Init()

Init decide whether enable rbac function and save root account to db if db has root account, abort creating.

func IsBanned 

func IsBanned(key string) bool

IsBanned check if a client is banned, and if client ban time expire, it will release the client from banned status

func PublicKey 

func PublicKey() string

PublicKey get public key to verify a token

Types

type Client 

type Client struct {
	Key       string
	Banned    bool
	ReleaseAt time.Time //at this time client can be allow to attempt to do something
	// contains filtered or unexported fields
}

func BannedList 

func BannedList() []*Client

type EmbeddedAuthenticator 

type EmbeddedAuthenticator struct {
}

EmbeddedAuthenticator is sc default auth plugin, RBAC data is persisted in etcd

func (*EmbeddedAuthenticator) Authenticate 

func (a *EmbeddedAuthenticator) Authenticate(ctx context.Context, tokenStr string) (interface{}, error)

func (*EmbeddedAuthenticator) Login 

func (a *EmbeddedAuthenticator) Login(ctx context.Context, user string, password string, opts ...authr.LoginOption) (string, error)

Login check db user and password,will verify and return token for valid account

Source Files

View all Source files

Directories

Path Synopsis
Package rbac is dao layer API to help service center manage account, policy and role info
 Package rbac is dao layer API to help service center manage account, policy and role info

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.