Guardian
Guardian is a on-demand access management tool. It manages resources from various data providers along with the users’ access. Users required to raise an appeal in order to gain access to a particular resource. The appeal will go through several approvals before it is getting approved and granted the access to the user.
Key Features
- Provider management: Support various providers (currently only BigQuery, more coming up!) and multiple instances for each provider type
- Resource management: Resources from a provider are managed in Guardian's database. There is also an API to update resource's metadata to add additional information.
- Appeal-based access: Users are expected to create an appeal for accessing data from registered providers. The appeal will get reviewed by the configured approvers before it gives the access to the user.
- Configurable approval flow: Approval flow configures what are needed for an appeal to get approved and who are eligible to approve/reject. It can be configured and linked to a provider so that every appeal created to their resources will follow the procedure in order to get approved.
- External identity managers: This gives the flexibility to use any third-party identity manager. User properties.
Documentation
Explore the following resoruces to get started with Guardian:
- Guides provides guidance on usage.
- Concepts describes all important Guardian concepts including system architecture.
- Reference contains details about configurations and other aspects of Guardian.
- Contribute contains resources for anyone who wants to contribute to Guardian.
Installation
Install Guardian on macOS, Windows, Linux, OpenBSD, FreeBSD, and on any machine.
Refer this for installations and configurations
Download the appropriate version for your platform from releases page. Once downloaded, the binary can be run from anywhere.
You don’t need to install it into a global location. This works well for shared hosts and other systems where you don’t have a privileged account.
Ideally, you should install it somewhere in your PATH for easy use. /usr/local/bin
is the most probable location.
macOS
guardian
is available via a Homebrew Tap, and as downloadable binary from the releases page:
brew install goto/tap/guardian
To upgrade to the latest version:
brew upgrade guardian
Check for installed guardian version
guardian version
Linux
guardian
is available as downloadable binaries from the releases page. Download the .deb
or .rpm
from the releases page and install with sudo dpkg -i
and sudo rpm -i
respectively.
Windows
guardian
is available via scoop, and as a downloadable binary from the releases page:
scoop bucket add guardian https://github.com/goto/scoop-bucket.git
To upgrade to the latest version:
scoop update guardian
Docker
We provide ready to use Docker container images. To pull the latest image:
docker pull gotocompany/guardian:latest
To pull a specific version:
docker pull gotocompany/guardian:v0.3.2
Usage
Guardian is purely API-driven. It is very easy to get started with Guardian. It provides CLI, HTTP and GRPC APIs for simpler developer experience.
CLI
Guardian CLI is fully featured and simple to use, even for those who have very limited experience working from the command line. Run guardian --help
to see list of all available commands and instructions to use.
List of commands
guardian --help
Print command reference
guardian reference
API
Guardian provides a fully-featured GRPC and HTTP API to interact with Guardian server. Both APIs adheres to a set of standards that are rigidly followed. Please refer to proton for GRPC API definitions.
Running locally
Dependencies:
- Git
- Go 1.21 or above
- PostgreSQL 13.2 or above
Clone the repo
git clone git@github.com:goto/guardian.git
Install all the golang dependencies
make setup
Build guardian binary file
make build
Init server config. Customise with your local configurations.
make config
Run database migrations
./guardian server migrate -c config.yaml
Start guardian server
./guardian server start -c config.yaml
Initialise client configurations
./guardian config init
Running tests
Running all unit tests
make test
Print code coverage
make coverage
Contribute
Development of Guardian happens in the open on GitHub, and we are grateful to the community for contributing bugfixes and
improvements. Read below to learn how you can take part in improving Guardian.
Read our contributing guide to learn about our development process, how to propose
bugfixes and improvements, and how to build and test your changes to Guardian.
To help you get your feet wet and get you familiar with our contribution process, we have a list of
good first issues that contain bugs which have a relatively
limited scope. This is a great place to get started.
This project exists thanks to all the contributors.
License
Guardian is Apache 2.0 licensed.