Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type APILookup ¶
type APILookup map[string]apiLookupEndpoint
APILookup is a map that can be used for quick lookup of the API endpoints that a secured using RBAC.
func LoadAPILookup ¶
LoadAPILookup loads our yaml based RBACApiMappings and transforms them into a quicker lookup map.
type EndpointEnforcer ¶
type EndpointEnforcer interface {
Enforce(username, method, path string, params map[string]string) error
}
EndpointEnforcer represents the interface for enforcing RBAC using the echo.Context.
type ErrPermissionDenied ¶
type ErrPermissionDenied struct {
// contains filtered or unexported fields
}
ErrPermissionDenied is for when the RBAC enforcement check fails.
func NewErrPermissionDenied ¶
func NewErrPermissionDenied(namespace string, action string, resource string) *ErrPermissionDenied
NewErrPermissionDenied creates a new ErrPermissionDenied.
func (*ErrPermissionDenied) Error ¶
func (e *ErrPermissionDenied) Error() string
type RoleRule ¶
type RoleRule struct {
Namespace string `json:"namespace"`
Action string `json:"action"`
Resource string `json:"resource"`
Effect string `json:"effect"`
}
RoleRule represents a Casbin role rule line in the format we expect.
type Service ¶
type Service interface {
EndpointEnforcer
AddRole(role string, roleRules []RoleRule) error
DeleteRole(role string) error
GetAllRoles() []string
GetUserAttachedRoles(username string) ([]string, error)
GetRoleAttachedUsers(role string) ([]string, error)
AttachRole(username string, role string) error
DetachRole(username string, role string) error
DeleteUser(username string) error
}
Service wraps the Casbin enforcer and performs all actions we require to manage and use RBAC functions.
func NewEnforcerSvc ¶
NewEnforcerSvc creates a new EnforcerService.
func NewNoOpService ¶
func NewNoOpService() Service
NewNoOpService is used to instantiated a noOpService for when rbac enabled=false.
Source Files