Casbin Adapter built on top of gocloud.dev.
go get github.com/bartventer/casbin-go-cloud-adapter
Configuration is slightly different for each provider as it needs to get different settings from environment. You can read more about URLs and configuration here: https://gocloud.dev/concepts/urls/.
Supported providers:
- Google Cloud Firestore
- Amazon DynamoDB
- Azure Cosmos DB
- MongoDB
- In-Memory Document Store (useful for local testing and single node installs)
You can view provider configuration examples here: https://github.com/google/go-cloud/tree/master/docstore.
Firestore URLs provide the project and collection, as well as the field that holds the document name (e.g. firestore://projects/my-project/databases/(default)/documents/my-collection?name_field=userID).
casbin-go-cloud-adapter will use Application Default Credentials; if you have authenticated via gcloud auth application-default login, it will use those credentials. See Application Default Credentials to learn about authentication alternatives, including using environment variables.
import (
"context"
cloudadapter "github.com/bartventer/casbin-go-cloud-adapter"
// Enable Firestore driver
_ "github.com/bartventer/casbin-go-cloud-adapter/drivers/gcpfirestore"
"github.com/casbin/casbin/v2"
)
func main() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
url := "firestore://projects/casbin-project/databases/(default)/documents/casbin_rule?name_field=id"
a, err := cloudadapter.New(ctx, url)
if err != nil {
panic(err)
}
e, err := casbin.NewEnforcer("model.conf", a)
if err != nil {
panic(err)
}
// Load the policy from DB.
e.LoadPolicy()
// Check the permission.
e.Enforce("alice", "data1", "read")
// Modify the policy.
// e.AddPolicy(...)
// e.RemovePolicy(...)
// Save the policy back to DB.
e.SavePolicy()
}DynamoDB URLs provide the table, partition key field and optionally the sort key field for the collection (e.g. dynamodb://my-table?partition_key=name).
casbin-go-cloud-adapter will create a default AWS Session with the SharedConfigEnable option enabled; if you have authenticated with the AWS CLI, it will use those credentials. See AWS Session to learn about authentication alternatives, including using environment variables.
import (
"context"
cloudadapter "github.com/bartventer/casbin-go-cloud-adapter"
// Enable DynamoDB driver
_ "github.com/bartventer/casbin-go-cloud-adapter/drivers/awsdynamodb"
"github.com/casbin/casbin/v2"
)
func main() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
url := "dynamodb://casbin_test?partition_key=id"
a, err := cloudadapter.New(ctx, url)
if err != nil {
panic(err)
}
e, err := casbin.NewEnforcer("model.conf", a)
if err != nil {
panic(err)
}
// Load the policy from DB.
e.LoadPolicy()
// Check the permission.
e.Enforce("alice", "data1", "read")
// Modify the policy.
// e.AddPolicy(...)
// e.RemovePolicy(...)
// Save the policy back to DB.
e.SavePolicy()
}Azure Cosmos DB is compatible with the MongoDB API. You can use the mongodocstore package to connect to Cosmos DB. You must create an Azure Cosmos account and get the MongoDB connection string.
When you use MongoDB URLs to connect to Cosmos DB, specify the Mongo server URL by setting the MONGO_SERVER_URL environment variable to the connection string. See the MongoDB section for more details and examples on how to use the package.
MongoDB URLs provide the database and collection, and optionally the field that holds the document ID (e.g. mongo://my-db/my-collection?id_field=userID). Specify the Mongo server URL by setting the MONGO_SERVER_URL environment variable.
import (
"context"
cloudadapter "github.com/bartventer/casbin-go-cloud-adapter"
// Enable MongoDB driver
_ "github.com/bartventer/casbin-go-cloud-adapter/drivers/mongodocstore"
"github.com/casbin/casbin/v2"
)
func main() {
// Set the MONGO_SERVER_URL environment variable to the MongoDB connection string.
os.Setenv("MONGO_SERVER_URL", "mongodb://localhost:27017")
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
url := "mongo://casbin_test/casbin_rule?id_field=id"
a, err := cloudadapter.New(ctx, url)
if err != nil {
panic(err)
}
e, err := casbin.NewEnforcer("model.conf", a)
if err != nil {
panic(err)
}
// Load the policy from DB.
e.LoadPolicy()
// Check the permission.
e.Enforce("alice", "data1", "read")
// Modify the policy.
// e.AddPolicy(...)
// e.RemovePolicy(...)
// Save the policy back to DB.
e.SavePolicy()
}URLs for the in-memory store have a mem: scheme. The URL host is used as the the collection name, and the URL path is used as the name of the document field to use as a primary key (e.g. mem://collection/keyField).
import (
"context"
cloudadapter "github.com/bartventer/casbin-go-cloud-adapter"
// Enable in-memory driver
_ "github.com/bartventer/casbin-go-cloud-adapter/drivers/memdocstore"
"github.com/casbin/casbin/v2"
)
func main() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
url := "mem://casbin_rule/id"
a, err := cloudadapter.New(ctx, url)
if err != nil {
panic(err)
}
e, err := casbin.NewEnforcer("model.conf", a)
if err != nil {
panic(err)
}
// Load the policy from DB.
e.LoadPolicy()
// Check the permission.
e.Enforce("alice", "data1", "read")
// Modify the policy.
// e.AddPolicy(...)
// e.RemovePolicy(...)
// Save the policy back to DB.
e.SavePolicy()
}Portable Cloud APIs in Go. Strives to implement these APIs for the leading Cloud providers: AWS, GCP and Azure, as well as provide a local (on-prem) implementation such as MongoDB, In-Memory, etc.
Using the Go CDK you can write your application code once using these idiomatic APIs, test locally using the local versions, and then deploy to a cloud provider with only minimal setup-time changes.
- Go CDK: For more information on the Go CDK
- Go CDK Docstore: For more information on the Go CDK Docstore package
This project is licensed under the MIT License - see the LICENSE file for details.
