Integrate Casbin into KubeSphere about k8s-authz HOT 6 CLOSED

@ashish493 can we use this repo to do the authz task for KubeSphere ?

from k8s-authz.

@hsluoyz, yes we can use this repo to do the authz task in kubesphere, but since at present, our repo provides authz for only the operations for pods, I doubt whether it would be highly functional enough for them to integrate it. I will create issues related to it for the addition of features such as to extend the authz for clusters and namespaces of k8s. Let me know what do you think.

Updates related to previous work:-

• I have changed the logo to a transparent background as asked in my fork.
• I will be adding the tests in a day or two.

from k8s-authz.

@ashish493 sounds good! We aim to be a complete authz solution for k8s and its ecosystem. When it's ready, I will promote this project to kubesphere owners for adoption. You can also send small size PRs at times to this origin repo, so we can know its status better.

from k8s-authz.

Thanks @hsluoyz , I will try my best to complete it and make it a successful project.

from k8s-authz.

@hsluoyz , There are various resources in k8s such as pods, jobs, services, endpoints. These resources each have their own operations get,list,watch,create,patch,update,read and much more.
As of now, our authz supports only create,update,delete,connect and for only one resource which is for pods. I can easily extend its operations to all existing operations by changing a single line. These operations can be easily defined on the casbin policies like this :
p, role:reader, read
p, role:writer, write

But my doubt is that, how can I define those operations and roles for a different resource in casbin?
Likw do we have to create a separate policy file or something?

from k8s-authz.

Done at: https://github.com/casbin/kubesphere-authz

from k8s-authz.