Skip to content

databus23/goslo.policy

Repository files navigation

Build Status

A go implementation of OpenStack's oslo.policy

This repository provides a reimplementation of the original oslo.policy library written in python. It is meant to provide the same RBAC semantics for OpenStack enabled applications written in go.

You can view the API docs here: https://pkg.go.dev/github.com/databus23/goslo.policy

Usage

package main

import (
	"log"

	policy "github.com/databus23/goslo.policy"
)

func main() {
	rules := map[string]string{
		"admin_required": "role:admin",
		"cloud_admin":    "rule:admin_required and domain_id:default",
		"owner":          "user_id:%(user_id)s",
	}
	//Load and parse policy
	enforcer, err := policy.NewEnforcer(rules)
	if err != nil {
		log.Fatal("Failed to parse policy ", err)
	}
	//Context provides the current token & request information needed for enforcement
	ctx := policy.Context{
		Auth: map[string]string{
			"user_id":   "u-1",
			"domain_id": "default",
		},
		Roles: []string{"admin"},
		Request: map[string]string{
			"user_id": "u-1",
		},
	}

	if enforcer.Enforce("cloud_admin", ctx) {
		log.Println("user is a cloud admin")
	}
	if enforcer.Enforce("owner", ctx) {
		log.Println("user is owner")
	}
}

The package includes optional debug logging that can be enabled per context:

if os.Getenv("DEBUG") == "1" {
    ctx.Logger = log.Printf //or any other function with the same signature
}

About

A go implementation of OpenStack's oslo.policy library

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published