rbac

package
Version: v0.2.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 13, 2022 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LoadModel

func LoadModel() (model.Model, error)

LoadModel loads the rbac model string from the assethelper and parses it into a Casbin model.Model.

Types

type APILookup

type APILookup map[string]apiLookupEndpoint

APILookup is a map that can be used for quick lookup of the API endpoints that a secured using RBAC.

func LoadAPILookup

func LoadAPILookup() (APILookup, error)

LoadAPILookup loads our yaml based RBACApiMappings and transforms them into a quicker lookup map.

type EndpointEnforcer

type EndpointEnforcer interface {
	Enforce(username, method, path string, params map[string]string) error
}

EndpointEnforcer represents the interface for enforcing RBAC using the echo.Context.

type ErrPermissionDenied

type ErrPermissionDenied struct {
	// contains filtered or unexported fields
}

ErrPermissionDenied is for when the RBAC enforcement check fails.

func NewErrPermissionDenied

func NewErrPermissionDenied(namespace string, action string, resource string) *ErrPermissionDenied

NewErrPermissionDenied creates a new ErrPermissionDenied.

func (*ErrPermissionDenied) Error

func (e *ErrPermissionDenied) Error() string

type RoleRule

type RoleRule struct {
	Namespace string `json:"namespace"`
	Action    string `json:"action"`
	Resource  string `json:"resource"`
	Effect    string `json:"effect"`
}

RoleRule represents a Casbin role rule line in the format we expect.

type Service

type Service interface {
	EndpointEnforcer
	AddRole(role string, roleRules []RoleRule) error
	DeleteRole(role string) error
	GetAllRoles() []string
	GetUserAttachedRoles(username string) ([]string, error)
	GetRoleAttachedUsers(role string) ([]string, error)
	AttachRole(username string, role string) error
	DetachRole(username string, role string) error
	DeleteUser(username string) error
}

Service wraps the Casbin enforcer and performs all actions we require to manage and use RBAC functions.

func NewEnforcerSvc

func NewEnforcerSvc(enforcer casbin.IEnforcer, rbacAPILookup APILookup) Service

NewEnforcerSvc creates a new EnforcerService.

func NewNoOpService

func NewNoOpService() Service

NewNoOpService is used to instantiated a noOpService for when rbac enabled=false.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL