Skip to content

Instantly share code, notes, and snippets.

@x893675

x893675/main.go

Created November 26, 2020 02:10
Show Gist options
  • Save x893675/ad33190b51c2b0e0ffc153a4e57cc32d to your computer and use it in GitHub Desktop.
Save x893675/ad33190b51c2b0e0ffc153a4e57cc32d to your computer and use it in GitHub Desktop.
Download ZIP
casbin,watcher,adapter
Raw
main.go
package main
import (
"bufio"
"fmt"
"github.com/billcobbler/casbin-redis-watcher/v2"
"github.com/casbin/casbin/v2"
gormadapter "github.com/casbin/gorm-adapter/v3"
"github.com/x893675/kubecaas/pkg/client/database"
"os"
"strings"
"time"
)
var (
enforce *casbin.SyncedEnforcer
)
func init() {
opt := &database.Options{
WHosts: []string{"192.168.234.137:5432"},
RHosts: []string{"192.168.234.137:5432"},
Username: "postgres",
Password: "thinkbig1",
DBName: "core",
Type: "postgres",
Debug: false,
TablePrefix: "g_",
MaxIdleConnections: 100,
MaxOpenConnections: 100,
MaxConnectionLifeTime: time.Duration(10) * time.Second,
}
db := database.NewDatabaseClientOrDie(opt, nil)
a, err := gormadapter.NewAdapterByDB(db.DB())
if err != nil {
panic(err)
}
enforce, err = casbin.NewSyncedEnforcer("/Users/hanamichi/work/github/kubecaas/config/model.conf", a)
if err != nil {
panic(err)
}
w, err := rediswatcher.NewWatcher("192.168.234.137:6379")
if err != nil {
panic(err)
}
if err = enforce.SetWatcher(w); err != nil {
panic(err)
}
enforce.EnableAutoBuildRoleLinks(true)
enforce.EnableAutoSave(true)
enforce.EnableLog(false)
//enforce.StartAutoLoadPolicy(5 * time.Second)
err = enforce.LoadPolicy()
if err != nil {
panic(err)
}
}
func main() {
//_, err = e.AddPermissionForUser("r:role1", "domain1", "/api/iam/v1/menus", "GET")
//if err != nil {
// panic(err)
//}
//_, err = e.AddRoleForUserInDomain("u:user1", "r:role1", "domain1")
//if err != nil {
// panic(err)
//}
//result, err := e.Enforce("u:user1", "domain1", "/api/iam/v1/menus", "GET")
//if err != nil {
// panic(err)
//}
//fmt.Println(result)
scanner := bufio.NewScanner(os.Stdin)
for scanner.Scan() {
line := scanner.Text()
if line == "exit" {
os.Exit(0)
}
cmd := strings.Split(line, " ")
if cmd[len(cmd)-1] == "" {
cmd = cmd[:len(cmd)-1]
}
switch cmd[0] {
case "ar":
//add role policy
if len(cmd) < 5 {
fmt.Fprintln(os.Stderr, "add role policy cmd must be (ar rolename domain api method)")
break
}
result, err := enforce.AddPermissionForUser("r:"+cmd[1], cmd[2], cmd[3], cmd[4])
fmt.Printf("add role policy result is %t, err is %v\n", result, err)
case "au":
//add user policy
if len(cmd) < 4 {
fmt.Fprintln(os.Stderr, "add role policy cmd must be (au rolename username domain)")
break
}
result, err := enforce.AddRoleForUserInDomain("u:"+cmd[1], "r:"+cmd[2], cmd[3])
fmt.Printf("add user policy result is %t, err is %v\n", result, err)
case "dr":
case "dup":
//enforce.DeleteRoleForUserInDomain()
case "en":
//verify user policy
if len(cmd) < 5 {
fmt.Fprintln(os.Stderr, "verify user policy cmd must be (en username domain api method)")
break
}
result, err := enforce.Enforce("u:"+cmd[1], cmd[2], cmd[3], cmd[4])
fmt.Printf("add user policy result is %t, err is %v\n", result, err)
default:
fmt.Fprintln(os.Stderr, "unsupported cmd")
}
fmt.Println("=====================================")
}
if err := scanner.Err(); err != nil {
fmt.Fprintln(os.Stderr, "reading standard input:", err)
}
}
Raw
model.conf
[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act
[role_definition]
g = _, _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub, r.dom) == true \
&& keyMatch(r.dom, p.dom) == true \
&& keyMatch2(r.obj, p.obj) == true \
&& regexMatch(r.act, p.act) == true \
|| r.sub == "Cluster-Admin"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment