rbac

package
v1.0.1306 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2026 License: Apache-2.0 Imports: 22 Imported by: 11

Documentation

Index

Constants

View Source 
const MaxSubjectAccessReviewSubjects = 500

Variables

View Source 
var DefaultModel string

Functions

func AddCustomFunctions added in v1.0.840 

func AddCustomFunctions(enforcer addableEnforcer)

func AddRoleForUser 

func AddRoleForUser(user string, role ...string) error

func Check 

func Check(ctx context.Context, subject, object, action string) bool

func CheckContext added in v1.0.841 

func CheckContext(ctx context.Context, object, action string) bool

func DeleteAllRolesForUser 

func DeleteAllRolesForUser(user string) error

func DeleteRole 

func DeleteRole(role string) (bool, error)

func DeleteRoleForUser 

func DeleteRoleForUser(user string, role string) error

func Enforcer 

func Enforcer() *casbin.SyncedCachedEnforcer

func GetActionFromHttpMethod 

func GetActionFromHttpMethod(method string) string

func GetObjectByTable 

func GetObjectByTable(resource string) string

func HasPermission added in v1.0.841 

func HasPermission(ctx context.Context, subject string, attr *models.ABACAttribute, action string) bool

func Init 

func Init(ctx context.Context, superUserIDs []string, adapters ...Adapter) error

func PermsForUser 

func PermsForUser(user string) ([]policy.Permission, error)

func ReloadPolicy 

func ReloadPolicy() error

func RolesForUser 

func RolesForUser(user string) ([]string, error)

func Stop 

func Stop()

Types

type Adapter added in v1.0.840 

type Adapter func(ctx context.Context, main *gormadapter.Adapter) persist.Adapter

type NamespacedNameIDSelector added in v1.0.1074 

type NamespacedNameIDSelector struct {
	ID        string `json:"id,omitempty"`
	Namespace string `json:"namespace,omitempty"`
	Name      string `json:"name,omitempty"`
}

type Selectors added in v1.0.840 

type Selectors struct {
	Playbooks   []types.ResourceSelector `json:"playbooks,omitempty"`
	Connections []types.ResourceSelector `json:"connections,omitempty"`
	Configs     []types.ResourceSelector `json:"configs,omitempty"`
	Components  []types.ResourceSelector `json:"components,omitempty"`
	Views       []ViewRef                `json:"views,omitempty"`
}

Selectors represents the object_selector from a permission and specifies resource selectors for multiple resource types used in ABAC authorization.

For authorization to succeed, all specified resource type selectors must match the corresponding resources in the ABACAttribute. If a selector is specified for a resource type but the attribute lacks that resource, authorization fails. If an attribute provides a resource but no selector exists for that type, the permission is considered non-restrictive for that resource (authorized).

type SubjectAccessReviewRequest added in v1.0.1305 

type SubjectAccessReviewRequest struct {
	Resource SubjectAccessReviewResource `json:"resource"`
	Action   string                      `json:"action"`

	// Supports ["*"], in which case we iterate over all permission subjects in the database.
	Subjects []string `json:"subjects"`
}

func (SubjectAccessReviewRequest) Validate added in v1.0.1305 

func (req SubjectAccessReviewRequest) Validate(ctx context.Context) error

type SubjectAccessReviewResource added in v1.0.1305 

type SubjectAccessReviewResource struct {
	Playbook   string `json:"playbook,omitempty"`
	Config     string `json:"config,omitempty"`
	Check      string `json:"check,omitempty"`
	View       string `json:"view,omitempty"`
	Connection string `json:"connection,omitempty"`
	Global     string `json:"global,omitempty"`
}

type SubjectAccessReviewResult added in v1.0.1305 

type SubjectAccessReviewResult struct {
	Subject string `json:"subject"`
	Allowed bool   `json:"allowed"`
	Error   string `json:"error,omitempty"`
}

func RunSubjectAccessReview added in v1.0.1305 

func RunSubjectAccessReview(ctx context.Context, req SubjectAccessReviewRequest) ([]SubjectAccessReviewResult, error)

type SubjectAccessSearchRequest added in v1.0.1305 

type SubjectAccessSearchRequest struct {
	Subject       string   `json:"subject"`
	Action        string   `json:"action"`
	ResourceTypes []string `json:"resource_types,omitempty"`
}

func (*SubjectAccessSearchRequest) Validate added in v1.0.1305 

func (req *SubjectAccessSearchRequest) Validate() error

type SubjectAccessSearchResponse added in v1.0.1305 

type SubjectAccessSearchResponse struct {
	Subject       string                      `json:"subject"`
	Action        string                      `json:"action"`
	ResourceTypes []string                    `json:"resource_types"`
	Total         int                         `json:"total"`
	Results       []SubjectAccessSearchResult `json:"results"`
}

func RunSubjectAccessSearch added in v1.0.1305 

func RunSubjectAccessSearch(ctx context.Context, req SubjectAccessSearchRequest) (SubjectAccessSearchResponse, error)

type SubjectAccessSearchResult added in v1.0.1305 

type SubjectAccessSearchResult struct {
	ResourceType string `json:"resource_type"`
	ID           string `json:"id"`
}

type ViewRef added in v1.0.1074 

type ViewRef NamespacedNameIDSelector

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.