README ¶
Casbin Go Cloud Development kit based Adapter
Casbin Adapter built on top of gocloud.dev.
Installation
go get github.com/bartventer/casbin-go-cloud-adapter
Usage
Configuration is slightly different for each provider as it needs to get different settings from environment. You can read more about URLs and configuration here: https://gocloud.dev/concepts/urls/.
Supported providers:
- Google Cloud Firestore
- Amazon DynamoDB
- Azure Cosmos DB
- MongoDB
- In-Memory Document Store (useful for local testing and single node installs)
You can view provider configuration examples here: https://github.com/google/go-cloud/tree/master/docstore.
Google Cloud Firestore
Firestore URLs provide the project and collection, as well as the field that holds the document name (e.g. firestore://projects/my-project/databases/(default)/documents/my-collection?name_field=userID
).
casbin-go-cloud-adapter
will use Application Default Credentials; if you have authenticated via gcloud auth application-default login, it will use those credentials. See Application Default Credentials to learn about authentication alternatives, including using environment variables.
import (
"context"
cloudadapter "github.com/bartventer/casbin-go-cloud-adapter"
// Enable Firestore driver
_ "github.com/bartventer/casbin-go-cloud-adapter/drivers/gcpfirestore"
"github.com/casbin/casbin/v2"
)
func main() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
url := "firestore://projects/casbin-project/databases/(default)/documents/casbin_rule?name_field=id"
a, err := cloudadapter.New(ctx, url)
if err != nil {
panic(err)
}
e, err := casbin.NewEnforcer("model.conf", a)
if err != nil {
panic(err)
}
// Load the policy from DB.
e.LoadPolicy()
// Check the permission.
e.Enforce("alice", "data1", "read")
// Modify the policy.
// e.AddPolicy(...)
// e.RemovePolicy(...)
// Save the policy back to DB.
e.SavePolicy()
}
Amazon DynamoDB
DynamoDB URLs provide the table, partition key field and optionally the sort key field for the collection (e.g. dynamodb://my-table?partition_key=name
).
casbin-go-cloud-adapter
will create a default AWS Session with the SharedConfigEnable option enabled; if you have authenticated with the AWS CLI, it will use those credentials. See AWS Session to learn about authentication alternatives, including using environment variables.
import (
"context"
cloudadapter "github.com/bartventer/casbin-go-cloud-adapter"
// Enable DynamoDB driver
_ "github.com/bartventer/casbin-go-cloud-adapter/drivers/awsdynamodb"
"github.com/casbin/casbin/v2"
)
func main() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
url := "dynamodb://casbin_test?partition_key=id"
a, err := cloudadapter.New(ctx, url)
if err != nil {
panic(err)
}
e, err := casbin.NewEnforcer("model.conf", a)
if err != nil {
panic(err)
}
// Load the policy from DB.
e.LoadPolicy()
// Check the permission.
e.Enforce("alice", "data1", "read")
// Modify the policy.
// e.AddPolicy(...)
// e.RemovePolicy(...)
// Save the policy back to DB.
e.SavePolicy()
}
Azure Cosmos DB
Azure Cosmos DB is compatible with the MongoDB API. You can use the mongodocstore
package to connect to Cosmos DB. You must create an Azure Cosmos account and get the MongoDB connection string.
When you use MongoDB URLs to connect to Cosmos DB, specify the Mongo server URL by setting the MONGO_SERVER_URL
environment variable to the connection string. See the MongoDB section for more details and examples on how to use the package.
MongoDB
MongoDB URLs provide the database and collection, and optionally the field that holds the document ID (e.g. mongo://my-db/my-collection?id_field=userID
). Specify the Mongo server URL by setting the MONGO_SERVER_URL
environment variable.
import (
"context"
cloudadapter "github.com/bartventer/casbin-go-cloud-adapter"
// Enable MongoDB driver
_ "github.com/bartventer/casbin-go-cloud-adapter/drivers/mongodocstore"
"github.com/casbin/casbin/v2"
)
func main() {
// Set the MONGO_SERVER_URL environment variable to the MongoDB connection string.
os.Setenv("MONGO_SERVER_URL", "mongodb://localhost:27017")
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
url := "mongo://casbin_test/casbin_rule?id_field=id"
a, err := cloudadapter.New(ctx, url)
if err != nil {
panic(err)
}
e, err := casbin.NewEnforcer("model.conf", a)
if err != nil {
panic(err)
}
// Load the policy from DB.
e.LoadPolicy()
// Check the permission.
e.Enforce("alice", "data1", "read")
// Modify the policy.
// e.AddPolicy(...)
// e.RemovePolicy(...)
// Save the policy back to DB.
e.SavePolicy()
}
In Memory
URLs for the in-memory store have a mem: scheme. The URL host is used as the the collection name, and the URL path is used as the name of the document field to use as a primary key (e.g. mem://collection/keyField
).
import (
"context"
cloudadapter "github.com/bartventer/casbin-go-cloud-adapter"
// Enable in-memory driver
_ "github.com/bartventer/casbin-go-cloud-adapter/drivers/memdocstore"
"github.com/casbin/casbin/v2"
)
func main() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
url := "mem://casbin_rule/id"
a, err := cloudadapter.New(ctx, url)
if err != nil {
panic(err)
}
e, err := casbin.NewEnforcer("model.conf", a)
if err != nil {
panic(err)
}
// Load the policy from DB.
e.LoadPolicy()
// Check the permission.
e.Enforce("alice", "data1", "read")
// Modify the policy.
// e.AddPolicy(...)
// e.RemovePolicy(...)
// Save the policy back to DB.
e.SavePolicy()
}
About Go Cloud Dev
Portable Cloud APIs in Go. Strives to implement these APIs for the leading Cloud providers: AWS, GCP and Azure, as well as provide a local (on-prem) implementation such as MongoDB, In-Memory, etc.
Using the Go CDK you can write your application code once using these idiomatic APIs, test locally using the local versions, and then deploy to a cloud provider with only minimal setup-time changes.
Further Reading
- Go CDK: For more information on the Go CDK
- Go CDK Docstore: For more information on the Go CDK Docstore package
License
This project is licensed under the MIT License - see the LICENSE file for details.
Documentation ¶
Overview ¶
Package adapter provides a Casbin adapter built on top of gocloud.dev. It supports multiple providers including Google Cloud Firestore, Amazon DynamoDB, Azure Cosmos DB, MongoDB, and an In-Memory Document Store.
The adapter allows you to write your application code once using idiomatic APIs, test locally using the local versions, and then deploy to a cloud provider with only minimal setup-time changes.
For more information on the Go CDK and the Go CDK Docstore package, visit: - Go CDK: https://gocloud.dev/ - Go CDK Docstore: https://gocloud.dev/howto/docstore/
Index ¶
Constants ¶
const ( // EqualOp is the operator for equality. EqualOp = driver.EqualOp )
Variables ¶
This section is empty.
Functions ¶
func NewFilteredAdapter ¶
NewFilteredAdapter is the constructor for FilteredAdapter. Casbin will not automatically call LoadPolicy() for a filtered adapter.
Types ¶
type Adapter ¶ added in v1.3.1
type Adapter interface { // BatchAdapter is the interface for Casbin adapters with multiple add and remove policy functions. persist.BatchAdapter // FilteredAdapter is the interface for Casbin adapters with policy filtering feature. persist.FilteredAdapter // UpdatableAdapter is the interface for Casbin adapters with auto-save feature. persist.UpdatableAdapter }
Adapter is the interface for Casbin adapters supporting batch, filtered and auto-save features.
type CasbinRule ¶
type CasbinRule struct { PType string `docstore:"ptype"` V0 string `docstore:"v0"` V1 string `docstore:"v1,omitempty"` V2 string `docstore:"v2,omitempty"` V3 string `docstore:"v3,omitempty"` V4 string `docstore:"v4,omitempty"` V5 string `docstore:"v5,omitempty"` ID string `docstore:"id"` }
CasbinRule represents a rule in Casbin.
Directories ¶
Path | Synopsis |
---|---|
drivers
|
|
awsdynamodb
Package awsdynamodb registers the [awsdynamodb] driver with the docstore package.
|
Package awsdynamodb registers the [awsdynamodb] driver with the docstore package. |
gcpfirestore
Package gcpfirestore registers the [gcpfirestore] driver with the docstore package.
|
Package gcpfirestore registers the [gcpfirestore] driver with the docstore package. |
memdocstore
Package memdocstore registers the [memdocstore] driver with the docstore package.
|
Package memdocstore registers the [memdocstore] driver with the docstore package. |
mongodocstore
Package mongodocstore registers the [mongodocstore] driver with the docstore package.
|
Package mongodocstore registers the [mongodocstore] driver with the docstore package. |