auth

package

v0.10.1 Latest Latest Go to latest Published: Oct 29, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/adobe/aquarium-fish

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth responsible for authentification and authorization of users

Index ¶

Constants
func GetRolePermissions() map[string][]typesv2.Permission
func IsEcludedFromAuth(service, method string) bool
func IsEcludedFromRBAC(service, method string) bool
func SetEnforcer(e *Enforcer)
type Enforcer
- func GetEnforcer() *Enforcer
- func NewEnforcer() (*Enforcer, error)
type MemoryAdapter
- func NewMemoryAdapter() *MemoryAdapter

Constants ¶

View Source

const (
	// ApplicationService service constants
	ApplicationService                = "ApplicationService"
	ApplicationServiceCreate          = "Create"
	ApplicationServiceCreateTask      = "CreateTask"
	ApplicationServiceCreateTaskAll   = "CreateTaskAll"
	ApplicationServiceDeallocate      = "Deallocate"
	ApplicationServiceDeallocateAll   = "DeallocateAll"
	ApplicationServiceGet             = "Get"
	ApplicationServiceGetAll          = "GetAll"
	ApplicationServiceGetResource     = "GetResource"
	ApplicationServiceGetResourceAll  = "GetResourceAll"
	ApplicationServiceGetState        = "GetState"
	ApplicationServiceGetStateAll     = "GetStateAll"
	ApplicationServiceGetTask         = "GetTask"
	ApplicationServiceGetTaskAll      = "GetTaskAll"
	ApplicationServiceList            = "List"
	ApplicationServiceListAll         = "ListAll"
	ApplicationServiceListResource    = "ListResource"
	ApplicationServiceListResourceAll = "ListResourceAll"
	ApplicationServiceListState       = "ListState"
	ApplicationServiceListStateAll    = "ListStateAll"
	ApplicationServiceListTask        = "ListTask"
	ApplicationServiceListTaskAll     = "ListTaskAll"

	// AuthService service constants
	AuthService               = "AuthService"
	AuthServiceLogin          = "Login"
	AuthServiceValidateToken  = "ValidateToken"
	AuthServiceGetPermissions = "GetPermissions"
	AuthServiceRefreshToken   = "RefreshToken"

	// GateProxySSHService service constants
	GateProxySSHService                     = "GateProxySSHService"
	GateProxySSHServiceGetResourceAccess    = "GetResourceAccess"
	GateProxySSHServiceGetResourceAccessAll = "GetResourceAccessAll"

	// LabelService service constants
	LabelService          = "LabelService"
	LabelServiceCreate    = "Create"
	LabelServiceCreateAll = "CreateAll"
	LabelServiceGet       = "Get"
	LabelServiceGetAll    = "GetAll"
	LabelServiceList      = "List"
	LabelServiceListAll   = "ListAll"
	LabelServiceRemove    = "Remove"
	LabelServiceRemoveAll = "RemoveAll"
	LabelServiceUpdate    = "Update"
	LabelServiceUpdateAll = "UpdateAll"

	// NodeService service constants
	NodeService               = "NodeService"
	NodeServiceGet            = "Get"
	NodeServiceGetThis        = "GetThis"
	NodeServiceList           = "List"
	NodeServiceSetMaintenance = "SetMaintenance"

	// RoleService service constants
	RoleService       = "RoleService"
	RoleServiceCreate = "Create"
	RoleServiceGet    = "Get"
	RoleServiceList   = "List"
	RoleServiceRemove = "Remove"
	RoleServiceUpdate = "Update"

	// StreamingService service constants
	StreamingService          = "StreamingService"
	StreamingServiceConnect   = "Connect"
	StreamingServiceSubscribe = "Subscribe"

	// UserService service constants
	UserService               = "UserService"
	UserServiceGetMe          = "GetMe"
	UserServiceCreate         = "Create"
	UserServiceCreateGroup    = "CreateGroup"
	UserServiceGet            = "Get"
	UserServiceGetGroup       = "GetGroup"
	UserServiceList           = "List"
	UserServiceListGroup      = "ListGroup"
	UserServiceRemove         = "Remove"
	UserServiceRemoveGroup    = "RemoveGroup"
	UserServiceUpdate         = "Update"
	UserServiceUpdateAll      = "UpdateAll"
	UserServiceUpdateGroup    = "UpdateGroup"
	UserServiceUpdatePassword = "UpdatePassword"
	UserServiceUpdateRoles    = "UpdateRoles"
)

Service and Method constants

View Source

const (
	AdminRoleName = "Administrator"
)

Variables ¶

This section is empty.

Functions ¶

func GetRolePermissions ¶

func GetRolePermissions() map[string][]typesv2.Permission

GetRolePermissions returns a map of all possible permissions for all known roles

func IsEcludedFromAuth ¶

func IsEcludedFromAuth(service, method string) bool

IsEcludedFromAuth helps connectrpc to exclude methods from Auth validation

func IsEcludedFromRBAC ¶

func IsEcludedFromRBAC(service, method string) bool

IsEcludedFromRBAC helps connectrpc to exclude methods from RBAC validation

func SetEnforcer ¶

func SetEnforcer(e *Enforcer)

SetEnforcer sets the global enforcer instance

Types ¶

type Enforcer ¶

type Enforcer struct {
	// contains filtered or unexported fields
}

Enforcer wraps Casbin enforcer with additional functionality

func GetEnforcer ¶

func GetEnforcer() *Enforcer

GetEnforcer returns the global enforcer instance

func NewEnforcer ¶

func NewEnforcer() (*Enforcer, error)

NewEnforcer creates a new Casbin enforcer with the embedded model and memory adapter

func (*Enforcer) AddPolicy ¶

func (e *Enforcer) AddPolicy(sub, obj, act string) error

AddPolicy adds a new policy rule

func (*Enforcer) AddResourceForUser ¶

func (e *Enforcer) AddResourceForUser(user, resource string) error

AddResourceForUser adds a resource ownership for a user

func (*Enforcer) AddRoleForUser ¶

func (e *Enforcer) AddRoleForUser(user, role string) error

AddRoleForUser adds a role for a user

func (*Enforcer) CheckPermission ¶

func (e *Enforcer) CheckPermission(roles []string, obj, act string) bool

CheckPermission checks if the roles has permission to perform the action on the object

func (*Enforcer) GetResourcesForUser ¶

func (e *Enforcer) GetResourcesForUser(user string) ([]string, error)

GetResourcesForUser gets resources owned by a user

func (*Enforcer) GetRolesForUser ¶

func (e *Enforcer) GetRolesForUser(user string) ([]string, error)

GetRolesForUser gets roles for a user

func (*Enforcer) GetUsersForRole ¶

func (e *Enforcer) GetUsersForRole(role string) ([]string, error)

GetUsersForRole gets users that have a role

func (*Enforcer) RemovePolicy ¶

func (e *Enforcer) RemovePolicy(sub, obj, act string) error

RemovePolicy removes a policy rule

func (*Enforcer) SetUpdateChannel ¶

func (e *Enforcer) SetUpdateChannel(ch chan database.RoleSubscriptionEvent)

func (*Enforcer) Shutdown ¶

func (e *Enforcer) Shutdown()

Shutdown stops enforcer background processes

type MemoryAdapter ¶

type MemoryAdapter struct {
	// contains filtered or unexported fields
}

MemoryAdapter implements Casbin's persist.Adapter interface using in-memory storage

func NewMemoryAdapter ¶

func NewMemoryAdapter() *MemoryAdapter

NewMemoryAdapter creates a new adapter instance

func (*MemoryAdapter) AddPolicy ¶

func (a *MemoryAdapter) AddPolicy(sec string, ptype string, rule []string) error

AddPolicy adds a policy rule to memory

func (*MemoryAdapter) LoadPolicy ¶

func (a *MemoryAdapter) LoadPolicy(m model.Model) error

LoadPolicy loads policy rules from memory

func (*MemoryAdapter) RemoveFilteredPolicy ¶

func (a *MemoryAdapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) error

RemoveFilteredPolicy removes policy rules that match the filter from memory

func (*MemoryAdapter) RemovePolicy ¶

func (a *MemoryAdapter) RemovePolicy(sec string, ptype string, rule []string) error

RemovePolicy removes a policy rule from memory

func (*MemoryAdapter) SavePolicy ¶

func (a *MemoryAdapter) SavePolicy(m model.Model) error

SavePolicy saves policy rules to memory

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL