Documentation
¶
Index ¶
- Constants
- func Init(conf rbacconf.Config, policyPath string, authNconf config.Authentication) (*casbin.SyncedCachedEnforcer, error)
- func WeaviateMatcher(key1 string, key2 string) bool
- func WeaviateMatcherFunc(args ...interface{}) (interface{}, error)
- type Manager
- func (m *Manager) AddRolesForUser(user string, roles []string) error
- func (m *Manager) Authorize(ctx context.Context, principal *models.Principal, verb string, ...) error
- func (m *Manager) AuthorizeSilent(ctx context.Context, principal *models.Principal, verb string, ...) error
- func (m *Manager) CreateRolesPermissions(roles map[string][]authorization.Policy) error
- func (m *Manager) DeleteRoles(roles ...string) error
- func (m *Manager) FilterAuthorizedResources(ctx context.Context, principal *models.Principal, verb string, ...) ([]string, error)
- func (m *Manager) GetRoles(names ...string) (map[string][]authorization.Policy, error)
- func (m *Manager) GetRolesForUser(userName string, userType models.UserTypeInput) (map[string][]authorization.Policy, error)
- func (m *Manager) GetUsersForRole(roleName string, userType models.UserTypeInput) ([]string, error)
- func (m *Manager) HasPermission(roleName string, permission *authorization.Policy) (bool, error)
- func (m *Manager) RemovePermissions(roleName string, permissions []*authorization.Policy) error
- func (m *Manager) Restore(b []byte) error
- func (m *Manager) RevokeRolesForUser(userName string, roles ...string) error
- func (m *Manager) Snapshot() ([]byte, error)
- func (m *Manager) UpdateRolesPermissions(roles map[string][]authorization.Policy) error
Constants ¶
View Source
const ( SnapshotVersionV0 = iota SnapshotVersionLatest )
View Source
const AuditLogVersion = 2
View Source
const DEFAULT_POLICY_VERSION = "1.29.0"
View Source
const ( // MODEL is the used model for casbin to store roles, permissions, users and comparisons patterns // docs: https://casbin.org/docs/syntax-for-models MODEL = `` /* 265-byte string literal not displayed */ )
Variables ¶
This section is empty.
Functions ¶
func Init ¶
func Init(conf rbacconf.Config, policyPath string, authNconf config.Authentication) (*casbin.SyncedCachedEnforcer, error)
func WeaviateMatcher ¶ added in v1.28.6
func WeaviateMatcherFunc ¶ added in v1.28.6
func WeaviateMatcherFunc(args ...interface{}) (interface{}, error)
Types ¶
type Manager ¶ added in v1.30.9
type Manager struct {
// contains filtered or unexported fields
}
func New ¶
func New(rbacStoragePath string, rbacConf rbacconf.Config, authNconf config.Authentication, logger logrus.FieldLogger) (*Manager, error)
func (*Manager) AddRolesForUser ¶ added in v1.30.9
AddRolesFroUser NOTE: user has to be prefixed by user:, group:, key: etc. see func PrefixUserName(user) it will prefix username and nop-op if already prefixed
func (*Manager) Authorize ¶ added in v1.30.9
func (m *Manager) Authorize(ctx context.Context, principal *models.Principal, verb string, resources ...string) error
Authorize verify if the user has access to a resource to do specific action
func (*Manager) AuthorizeSilent ¶ added in v1.30.9
func (m *Manager) AuthorizeSilent(ctx context.Context, principal *models.Principal, verb string, resources ...string) error
AuthorizeSilent verify if the user has access to a resource to do specific action without audit logs to be used internally
func (*Manager) CreateRolesPermissions ¶ added in v1.30.9
func (m *Manager) CreateRolesPermissions(roles map[string][]authorization.Policy) error
func (*Manager) DeleteRoles ¶ added in v1.30.9
func (*Manager) FilterAuthorizedResources ¶ added in v1.30.9
func (m *Manager) FilterAuthorizedResources(ctx context.Context, principal *models.Principal, verb string, resources ...string) ([]string, error)
FilterAuthorizedResources authorize the passed resources with best effort approach, it will return list of allowed resources, if none, it will return an empty slice
func (*Manager) GetRolesForUser ¶ added in v1.30.9
func (m *Manager) GetRolesForUser(userName string, userType models.UserTypeInput) (map[string][]authorization.Policy, error)
func (*Manager) GetUsersForRole ¶ added in v1.30.9
func (*Manager) HasPermission ¶ added in v1.30.9
func (*Manager) RemovePermissions ¶ added in v1.30.9
func (m *Manager) RemovePermissions(roleName string, permissions []*authorization.Policy) error
func (*Manager) RevokeRolesForUser ¶ added in v1.30.9
func (*Manager) UpdateRolesPermissions ¶ added in v1.30.9
func (m *Manager) UpdateRolesPermissions(roles map[string][]authorization.Policy) error
there is no different between UpdateRolesPermissions and CreateRolesPermissions, purely to satisfy an interface
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.