README
¶
hraft-dispatcher
A dispatcher based on Hashicorp's Raft for Casbin.
Project Status
hraft-dispatcher is beta version.
Getting started
Installation
Go version 1.14+ and Casbin vervsion 2.24+ is required.
go get github.com/casbin/hraft-dispatcher
Prerequisite
You have to provide a completely new Casbin environment without Adapter, all the policies are handled by hraft-dispatcher. When the leader node starts for the first time, you can add the default policy to hraft-dispatcher.
Example
An example is provided here.
Security
We support enable TLS on HTTP service and Raft service. If you provide the TLS config is not nil, we will configure this to HTTP service and Raft service, and the HTTP upgrade HTTPS.
when TLS is enabled, a peer certificate must be provided. It is recommended to use cfssl to generate this certificate, our generate script is here.
Here is out configuration, you can find it in example:
tls.Config{
RootCAs: rootCAPool,
ClientCAs: rootCAPool,
ClientAuth: tls.RequireAndVerifyClientCert,
Certificates: []tls.Certificate{cert},
}
Architecture
hraft-dispatcher is a dispatcher plug-in based on hashicorp/raft implementation.
hraft-dispatcher includes an HTTP service, and a Raft service:
- HTTP service is used to forward data from follower node to follower node
- Raft service is used to maintain the policy consistency of each node
If you set up a dispatcher in Casbin, it forwards the following request to dispatcher:
- AddPolicy
- RemovePolicy
- AddPolicies
- RemovePolicies
- RemoveFilteredPolicy
- UpdatePolicy
- UpdatePolicies
- ClearPolicy
In dispatcher, we are use Raft consensus protocol to maintain the policy, and use the bbolt to storage the policy of each node.
hraft-dispatcher overall architecture looks like this:
Limitations
- Adapter: You cannot use Adapter in Casbin, hraft-dispatcher has its own Adapter, which uses the bbolt to storage the policy.
- You cannot call the following methods, which will affect data consistency:
- LoadPolicy - All policies are maintained by hraft-dispatcher
- SavePolicy - All policies are maintained by hraft-dispatcher
Project reference
Much of the inspiration comes from the following projects:
Thanks for everyone's contribution.
Contribution
Thank you for your interest in contributing!
License
This project is under Apache 2.0 License. See the LICENSE file for the full license text.
Documentation
¶
Index ¶
- type Config
- type HRaftDispatcher
- func (h *HRaftDispatcher) AddPolicies(sec string, pType string, rules [][]string) error
- func (h *HRaftDispatcher) ClearPolicy() error
- func (h *HRaftDispatcher) JoinNode(serverID, serverAddress string) error
- func (h *HRaftDispatcher) RemoveFilteredPolicy(sec string, pType string, fieldIndex int, fieldValues ...string) error
- func (h *HRaftDispatcher) RemoveNode(serverID string) error
- func (h *HRaftDispatcher) RemovePolicies(sec string, pType string, rules [][]string) error
- func (h *HRaftDispatcher) Shutdown() error
- func (h *HRaftDispatcher) Stats() (map[string]interface{}, error)
- func (h *HRaftDispatcher) UpdatePolicies(sec string, pType string, oldRules, newRules [][]string) error
- func (h *HRaftDispatcher) UpdatePolicy(sec string, pType string, oldRule, newRule []string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Enforcer is a enforcer of casbin.
Enforcer casbin.IDistributedEnforcer
// ServerID is a unique string identifying this server for all time.
ServerID string
// JoinAddress is used to tells the current node to join an existing cluster.
JoinAddress string
// DataDir holds raft data.
DataDir string
// ListenAddress is a network address for raft server and HTTP(S) server,
// the address is a specified address, such as 10.1.1.19:6780.
ListenAddress string
// TLSConfig is used to configure a TLS server and client.
// If TLSConfig is not nil, we will set TLSConfig to the raft server and the HTTPS server,
// otherwise we will start a server without any security.
//
// Note:
// You have to provide a peer certificate when TLSConfig is not nil,
// we recommend using cfssl tool to create this certificates.
TLSConfig *tls.Config
// RaftConfig provides any necessary configuration for the Raft server.
RaftConfig *raft.Config
}
Config holds dispatcher config.
type HRaftDispatcher ¶
type HRaftDispatcher struct {
// contains filtered or unexported fields
}
HRaftDispatcher implements the persist.Dispatcher interface.
func NewHRaftDispatcher ¶
func NewHRaftDispatcher(config *Config) (*HRaftDispatcher, error)
NewHRaftDispatcher returns a HRaftDispatcher.
func NewHRaftDispatcherWithLogger ¶ added in v0.0.12
func NewHRaftDispatcherWithLogger(config *Config, logger *zap.Logger) (*HRaftDispatcher, error)
NewHRaftDispatcher returns a HRaftDispatcher.
func (*HRaftDispatcher) AddPolicies ¶
func (h *HRaftDispatcher) AddPolicies(sec string, pType string, rules [][]string) error
AddPolicies implements the persist.Dispatcher interface.
func (*HRaftDispatcher) ClearPolicy ¶
func (h *HRaftDispatcher) ClearPolicy() error
ClearPolicy implements the persist.Dispatcher interface.
func (*HRaftDispatcher) JoinNode ¶
func (h *HRaftDispatcher) JoinNode(serverID, serverAddress string) error
JoinNode joins a node to the current cluster.
func (*HRaftDispatcher) RemoveFilteredPolicy ¶
func (h *HRaftDispatcher) RemoveFilteredPolicy(sec string, pType string, fieldIndex int, fieldValues ...string) error
RemoveFilteredPolicy implements the persist.Dispatcher interface.
func (*HRaftDispatcher) RemoveNode ¶
func (h *HRaftDispatcher) RemoveNode(serverID string) error
JoinNode joins a node from the current cluster.
func (*HRaftDispatcher) RemovePolicies ¶
func (h *HRaftDispatcher) RemovePolicies(sec string, pType string, rules [][]string) error
RemovePolicies implements the persist.Dispatcher interface.
func (*HRaftDispatcher) Shutdown ¶
func (h *HRaftDispatcher) Shutdown() error
Shutdown is used to close the http and raft service.
func (*HRaftDispatcher) Stats ¶ added in v0.0.6
func (h *HRaftDispatcher) Stats() (map[string]interface{}, error)
Stats is used to get stats of currently service.
func (*HRaftDispatcher) UpdatePolicies ¶
func (h *HRaftDispatcher) UpdatePolicies(sec string, pType string, oldRules, newRules [][]string) error
UpdatePolicies implements the persist.Dispatcher interface.
func (*HRaftDispatcher) UpdatePolicy ¶
func (h *HRaftDispatcher) UpdatePolicy(sec string, pType string, oldRule, newRule []string) error
UpdatePolicy implements the persist.Dispatcher interface.
Source Files
Directories