Git Product home page Git Product logo

cerbos-sdk-go's Introduction

Go Reference

Cerbos Client SDK for Go

go get github.com/cerbos/cerbos-sdk-go

The Go client SDK is an easy way to implement access controls in your own applications by communicating with the Cerbos PDP. Whether Cerbos runs as a microservice or a sidecar, the client SDK is able to communicate with the PDP using TCP or Unix domain sockets.

See Go docs for more information.

Check Access

c, err := cerbos.New("unix:/var/sock/cerbos", cerbos.WithTLSCACert("/path/to/ca.crt"))
if err != nil {
    log.Fatalf("Failed to create client: %v", err)
}

allowed, err := c.IsAllowed(
    context.TODO(),
    cerbos.NewPrincipal("sally").WithRoles("user"),
    cerbos.NewResource("album:object", "A001"),
    "view",
)
if err != nil {
    log.Fatalf("Failed to check permission: %v", err)
}

log.Printf("Is Sally allowed to view album A001: %t", allowed)

Migrating from github.com/cerbos/cerbos/client

This project supersedes the Cerbos Go client available at github.com/cerbos/cerbos/client. The new SDK has fewer dependencies and a release cycle that's not tied to the main Cerbos project. Going forward, new features and enhancements will only be added to this project.

Migrating most of the existing code should be just a matter of renaming the package imports.

  • Change import paths from github.com/cerbos/cerbos/client to github.com/cerbos/cerbos-sdk-go/cerbos. Optionally, alias the new import as client "github.com/cerbos/cerbos-sdk-go/cerbos to avoid having to change package references in code.
  • Deprecated RPCs (CheckResourceSet, CheckResourceBatch) have been removed from the new client implementation
  • The process for starting a Cerbos test server has changed in order to avoid pulling in dependencies of the Cerbos project. Use the NewCerbosServerLauncher function from github.com/cerbos/cerbos-sdk-go/testutil to create a launcher and call the Launch() method to start a Cerbos container. Refer to Go docs for details.

cerbos-sdk-go's People

Contributors

charithe avatar dependabot[bot] avatar oguzhand95 avatar renovate[bot] avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

charithe oguzhand95 matheuslc luis-pinto-fanduel

cerbos-sdk-go's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

  • chore(deps): update go deps (github.com/golangci/golangci-lint, github.com/rs/xid)

Detected dependencies

github-actions
.github/workflows/pr-test.yaml
  • actions/checkout v4
  • actions/setup-go v5
  • extractions/setup-just v2
  • actions/checkout v4
  • actions/setup-go v5
  • golangci/golangci-lint-action v6.1.0
.github/workflows/pr-title.yaml
  • amannn/action-semantic-pull-request v5.5.3
gomod
go.mod
  • go 1.23.0
  • github.com/bufbuild/protovalidate-go v0.6.4
  • github.com/cenkalti/backoff/v4 v4.3.0
  • github.com/cerbos/cerbos/api/genpb v0.38.1
  • github.com/ghodss/yaml v1.0.0
  • github.com/google/go-cmp v0.6.0
  • github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0
  • github.com/jdxcode/netrc v1.0.0
  • github.com/lestrrat-go/jwx/v2 v2.1.1
  • github.com/ory/dockertest/v3 v3.11.0
  • github.com/rs/xid v1.5.0
  • github.com/stretchr/testify v1.9.0
  • go.uber.org/multierr v1.11.0
  • google.golang.org/grpc v1.65.0
  • google.golang.org/protobuf v1.34.2
tools/go.mod
  • go 1.23.0
  • github.com/golangci/golangci-lint v1.60.1
  • gotest.tools/gotestsum v1.12.0
  • Check this box to trigger a request for Renovate to run again on this repository

Changing RequestId is not possible

Right now I cannot set the requestId myself. But for tracability it would be nice if I could set the requestId to a specific value that I use for this request throughout the system.

The current code looks like this and it can be seen that a new requestId is generated per request without the possibilty to configure oneself

func (c *GRPCClient) IsAllowed(ctx context.Context, principal *Principal, resource *Resource, action string) (bool, error) {
	// ...
	reqID := xid.New()
	req := &requestv1.CheckResourcesRequest{
		RequestId: reqID.String(),
		// ....
	}
        // ....
}

A possibility without changing the signature and actually something that other libraries do as well could be something like this

func (c *GRPCClient) IsAllowed(ctx context.Context, principal *Principal, resource *Resource, action string) (bool, error) {
	// ...
        requestId := ctx.Value(c.RequestIdContextKey)
	if requestId == nil {
             requestId := xid.New().String()
        }
	req := &requestv1.CheckResourcesRequest{
		RequestId: requestId,
		// ....
	}
        // ....
}

while c.RequestIdContextKey is something that I can configure while creating the client.

Then I could easily use the method with the same signature but the requestId of the current request would be used. This would allow tracing and finding logs throughout a microservice architecture that belong together.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.