Version: v1.8.7 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 3, 2021 License: Apache-2.0 Imports: 22 Imported by: 90




View Source
const (
	ConfigMapPolicyCSVKey     = "policy.csv"
	ConfigMapPolicyDefaultKey = "policy.default"
	ConfigMapScopesKey        = "scopes"


This section is empty.


func ValidatePolicy added in v0.11.0

func ValidatePolicy(policy string) error

ValidatePolicy verifies a policy string is acceptable to casbin


type ClaimsEnforcerFunc

type ClaimsEnforcerFunc func(claims jwt.Claims, rvals ...interface{}) bool

ClaimsEnforcerFunc is func template to enforce a JWT claims. The subject is replaced

type Enforcer

type Enforcer struct {
	// contains filtered or unexported fields

Enforcer is a wrapper around an Casbin enforcer that: * is backed by a kubernetes config map * has a predefined RBAC model * supports a built-in policy * supports a user-defined policy * supports a custom JWT claims enforce function

func NewEnforcer

func NewEnforcer(clientset kubernetes.Interface, namespace, configmap string, claimsEnforcer ClaimsEnforcerFunc) *Enforcer

func (*Enforcer) Enforce

func (e *Enforcer) Enforce(rvals ...interface{}) bool

Enforce is a wrapper around casbin.Enforce to additionally enforce a default role and a custom claims function

func (*Enforcer) EnforceErr added in v0.12.0

func (e *Enforcer) EnforceErr(rvals ...interface{}) error

EnforceErr is a convenience helper to wrap a failed enforcement with a detailed error about the request

func (*Enforcer) EnforceRuntimePolicy added in v0.11.0

func (e *Enforcer) EnforceRuntimePolicy(policy string, rvals ...interface{}) bool

EnforceRuntimePolicy enforces a policy defined at run-time which augments the built-in and user-defined policy. This allows any explicit denies of the built-in, and user-defined policies to override the run-time policy. Runs normal enforcement if run-time policy is empty.

func (*Enforcer) RunPolicyLoader

func (e *Enforcer) RunPolicyLoader(ctx context.Context, onUpdated func(cm *apiv1.ConfigMap) error) error

RunPolicyLoader runs the policy loader which watches policy updates from the configmap and reloads them

func (*Enforcer) SetBuiltinPolicy

func (e *Enforcer) SetBuiltinPolicy(policy string) error

SetBuiltinPolicy sets a built-in policy, which augments any user defined policies

func (*Enforcer) SetClaimsEnforcerFunc

func (e *Enforcer) SetClaimsEnforcerFunc(claimsEnforcer ClaimsEnforcerFunc)

SetClaimsEnforcerFunc sets a claims enforce function during enforcement. The claims enforce function can extract claims from JWT token and do the proper enforcement based on user, group or any information available in the input parameter list

func (*Enforcer) SetDefaultRole

func (e *Enforcer) SetDefaultRole(roleName string)

SetDefaultRole sets a default role to use during enforcement. Will fall back to this role if normal enforcement fails

func (*Enforcer) SetUserPolicy

func (e *Enforcer) SetUserPolicy(policy string) error

SetUserPolicy sets a user policy, augmenting the built-in policy

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL