Graph Role-Based Access Control by Animeshon

Related tags

grbac
Overview

gRBAC - Graph Role-Based Access Control

Go Reference

gRBAC logo

A cloud-native graph implementation of the Role-Based Access Control (RBAC) authorization architecture powered by dgraph.

NOTE: This project is developed and maintained by Animeshon where it is running in production.

Build with Golang

go build -o bin/grbac ./cmd

Build with Docker

docker build -t grbac/grbac:latest .

Run examples (gRPC only)

Run gRPC docker-compose:

docker-compose -f examples/grpc/docker-compose.yaml up

Run integration tests:

export INTEGRATION_TEST_DGRAPH_ENDPOINT=127.0.0.1:9060
go test -tag=integration ./...

Visit https://play.dgraph.io/?latest and connect to the endpoint http://127.0.0.1:8060.

Run the following generic DQL query:

{
  query(func:type(Resource)){
    expand(_all_) {
      expand(_all_) {
        expand(_all_) {
          expand(_all_) {
            expand(_all_) {
              expand(_all_)
            }
          }
        }
      }
    }
  }
}

The following image is an example of the expected output:

gRBAC Example Graph

Play with gRBAC

After succesfully running the gRPC docker-compose as described in the previous paragraph, build gRBAC locally and execute a random CLI command:

go build -o bin/grbac ./cmd
./bin/grbac accesscontrol create-permission \
    --address "127.0.0.1:9070" --insecure \
    --permission.name="permissions/grbac.test.permission"

Keep experimenting with other commands or through a gRPC client!

Resources

Known Issues

  • etags are not implemented
  • atomic group changes (AddGroupMember and RemoveGroupMemeber) are not implemented
  • resource parent transfer (TransferResource) is not implemented
  • limits and quotas are not implemented
  • there is no maximum distance set for shortest queries
  • groups can currently include other groups - this behavior should be discussed
  • partial updates will return partial resources - complete resources should be returned instead

Roadmap

  • resolve known issues
  • remove Animeshon internal business logic
  • move protobuf definitions to this organization
  • generate missing grpc clients (e.g. Java, Python, C#, ...)
  • publish docker image to Docker Hub
  • build the project through Bazel instead of the Go toolchain
  • add unit tests on top of integration tests
  • add monitoring and tracing

Off-topic: gRBAC meaning

The name gRBAC comes from g + RBAC where g stands for:

  • graph as it is implemented on top of a graph database and leverages graph's properties
  • gRPC as its implementation is completely gRPC native
  • google as this implementation aims at mirroring the Google Cloud IAM architecture

and RBAC stands for Role-Based Access Control.

Issues
Releases(v1.1.0)
Owner
gRBAC
Graph Role-Based Access Control by Animeshon
gRBAC
Awesome-go list with stars. Automatically updated

About This repository is a clone of Awesome Go but with stars. All repositories are still sorted alphabetically. Why? Some of the viewers might be aga

Amanbolat Balabekov 148 Sep 22, 2021
Lookup or replace AWS account IDs with their names and vice versa

awsacc A trusty helper for working with AWS account IDs. Working with AWS account IDs often involves more manual effort than necessary. Often account

Christian Bargmann 3 Aug 19, 2021
Assume AWS IAM roles from GitHub Actions workflows with no stored secrets

AWS IAM roles for GitHub Actions workflows Background and rationale GitHub Actions are a pretty nice solution for CI/CD. Where they fall short is inte

Glass Echidna 170 Sep 20, 2021
Cloud governance reports from native services in a clear and readable digest

cloudig, or Cloudigest, is a simple CLI tool for creating reports from various cloud sources with user-provided comments. It is written in Go and curr

Optum 15 Sep 16, 2021
A Facebook Graph API SDK For Go.

A Facebook Graph API SDK In Golang This is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API.

Huan Du 1k Sep 23, 2021
Assumes roles in AWS that have useful role session tags

ghaoidc Assumes roles in AWS that have useful role session tags GitHub Actions has (almost) launched OpenID Connect federation. This means you can ass

Glass Echidna 4 Sep 16, 2021
Confluent Golang SDK

Confluent Platform Client Maintainer: Quan Phuong [email protected] Provide Go client for Confluent platform, reference Confluent API document and C

Wayarmy 4 Aug 29, 2021
AWS SDK for the Go programming language.

AWS SDK for Go aws-sdk-go is the official AWS SDK for the Go programming language. Checkout our release notes for information about the latest bug fix

Amazon Web Services 7.1k Sep 23, 2021
actionlint is a static checker for GitHub Actions workflow files.

actionlint actionlint is a static checker for GitHub Actions workflow files. Features: Syntax check for workflow files to check unexpected or missing

Linda_pp 422 Sep 23, 2021
Delete CloudFormation stacks respecting stack dependencies

CFN Teardown Cleanup CloudFormation stacks respecting the order of dependencies. Features Stack name pattern matching for deletion. Finds out dependen

Nirdosh Gautam 8 Sep 23, 2021
rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.

rpCheckup - Catch AWS resource policy backdoors like Endgame rpCheckup is an AWS resource policy security checkup tool that identifies public, externa

Gold Fig Labs Inc. 133 Sep 17, 2021
ZoomEye-go 是一款基于 ZoomEye API 开发的 Golang 库

ZoomEye 是一款网络空间搜索引擎,用户可以使用浏览器方式 搜索网络设备。 ZoomEye-go 是一款基于 ZoomEye API 开发的 Golang 库,提供了 ZoomEye 命令行模式,同时也可以作为 SDK 集成到其他工具中。

gyyyy(宫音) 25 Aug 26, 2021
Minimal go library for Notion's v1 API

go-notion (beta) go-notion is a minimal Go client library for Notion's v1 API. Check the usage or examples to see how to access Notion's v1 API. NB: N

Ayomide Oyekanmi 12 Jul 22, 2021
Go library for accessing the MyAnimeList API: http://myanimelist.net/modules.php?go=api

go-myanimelist go-myanimelist is a Go client library for accessing the MyAnimeList API. Project Status The MyAnimeList API has been stable for years a

Stratos Neiros 23 Sep 8, 2021
efsu is for accessing AWS EFS from your machine without a VPN

efsu: VPN-less access to AWS EFS efsu is for accessing AWS EFS from your machine without a VPN. It achieves this by deploying a Lambda function and sh

Glass Echidna 39 Aug 3, 2021
Go Twitter REST and Streaming API v1.1

go-twitter go-twitter is a Go client library for the Twitter API. Check the usage section or try the examples to see how to access the Twitter API. Fe

Dalton Hubble 1.3k Sep 26, 2021
⚡️ SharePoint authentication, HTTP client & fluent API wrapper for Go (Golang)

Gosip - SharePoint authentication, HTTP client & fluent API wrapper for Go (Golang) Main features Unattended authentication using different strategies

Andrew Koltyakov 64 Sep 15, 2021
A Golang SDK for Medium's OAuth2 API

Medium SDK for Go This repository contains the open source SDK for integrating Medium's OAuth2 API into your Go app. Install go get github.com/Medium/

Medium 131 Sep 3, 2021
Serverless SOAR (Security Orchestration, Automation and Response) framework for automatic inspection and evaluation of security alert

DeepAlert DeepAlert is a serverless framework for automatic response of security alert. Overview DeepAlert receives a security alert that is event of

null 25 Sep 13, 2021