{"id":37227521,"url":"https://github.com/casbin/casbin-crd-adapter","last_synced_at":"2026-01-15T03:22:22.399Z","repository":{"id":331591483,"uuid":"1131062937","full_name":"casbin/casbin-crd-adapter","owner":"casbin","description":null,"archived":false,"fork":false,"pushed_at":"2026-01-10T17:53:47.000Z","size":57,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-11T02:15:32.826Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/casbin.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"casbin"}},"created_at":"2026-01-09T12:20:29.000Z","updated_at":"2026-01-10T17:53:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/casbin/casbin-crd-adapter","commit_stats":null,"previous_names":["casbin/casbin-crd-adapter"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/casbin/casbin-crd-adapter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casbin%2Fcasbin-crd-adapter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casbin%2Fcasbin-crd-adapter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casbin%2Fcasbin-crd-adapter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casbin%2Fcasbin-crd-adapter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/casbin","download_url":"https://codeload.github.com/casbin/casbin-crd-adapter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casbin%2Fcasbin-crd-adapter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28442268,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-15T00:55:22.719Z","status":"online","status_checked_at":"2026-01-15T02:00:08.019Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-15T03:22:21.630Z","updated_at":"2026-01-15T03:22:22.377Z","avatar_url":"https://github.com/casbin.png","language":"Go","funding_links":["https://github.com/sponsors/casbin"],"categories":[],"sub_categories":[],"readme":"# Casbin CRD Adapter\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/casbin/casbin-crd-adapter)](https://goreportcard.com/report/github.com/casbin/casbin-crd-adapter)\n[![CI](https://github.com/casbin/casbin-crd-adapter/workflows/CI/badge.svg)](https://github.com/casbin/casbin-crd-adapter/actions)\n[![Coverage Status](https://codecov.io/gh/casbin/casbin-crd-adapter/branch/master/graph/badge.svg)](https://codecov.io/gh/casbin/casbin-crd-adapter)\n[![GoDoc](https://godoc.org/github.com/casbin/casbin-crd-adapter?status.svg)](https://godoc.org/github.com/casbin/casbin-crd-adapter)\n[![Release](https://img.shields.io/github/release/casbin/casbin-crd-adapter.svg)](https://github.com/casbin/casbin-crd-adapter/releases/latest)\n[![Discord](https://img.shields.io/discord/1022748306096537660?logo=discord\u0026label=discord\u0026color=5865F2)](https://discord.gg/S5UjpzGZjN)\n\nA Kubernetes Custom Resource Definition (CRD) adapter for [Casbin](https://github.com/casbin/casbin). With this adapter, Casbin can load policy rules from Kubernetes Custom Resources instead of traditional databases.\n\n## Features\n\n- **Read-Only Adapter**: Designed to keep Kubernetes CRDs as the single source of truth for policies\n- **Namespace-Scoped and Cluster-Scoped**: Supports both namespace-scoped and cluster-scoped policy resources\n- **Duplicate Handling**: Automatically deduplicates policies when loading from multiple CRs\n- **Deterministic Ordering**: Ensures consistent policy loading order across multiple invocations\n- **RBAC Support**: Handles both permission rules (p) and role/group bindings (g)\n- **No Database Required**: Eliminates the need for external database dependencies at runtime\n\n## Installation\n\n```bash\ngo get github.com/casbin/casbin-crd-adapter\n```\n\n## CRD Schema\n\nThe adapter expects CasbinPolicy custom resources with the following structure:\n\n```yaml\napiVersion: casbin.org/v1alpha1\nkind: CasbinPolicy\nmetadata:\n  name: example-policy\n  namespace: default  # optional, omit for cluster-scoped\nspec:\n  policyType: p  # or \"g\" for grouping policies\n  rules:\n    - values: [\"alice\", \"data1\", \"read\"]\n    - values: [\"bob\", \"data2\", \"write\"]\n```\n\n### Policy Types\n\n- **p**: Permission policies (who can do what on which resource)\n- **g**: Grouping policies (role/group bindings)\n\n## Usage\n\n### Basic Usage (Namespace-Scoped)\n\n```go\npackage main\n\nimport (\n\t\"log\"\n\n\t\"github.com/casbin/casbin/v3\"\n\tcrdadapter \"github.com/casbin/casbin-crd-adapter\"\n)\n\nfunc main() {\n\t// Create adapter for namespace-scoped policies\n\tadapter, err := crdadapter.NewAdapter(\"default\")\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\n\t// Create enforcer with the adapter\n\te, err := casbin.NewEnforcer(\"model.conf\", adapter)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\n\t// Use the enforcer\n\tok, err := e.Enforce(\"alice\", \"data1\", \"read\")\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\tlog.Printf(\"Alice can read data1: %v\", ok)\n}\n```\n\n### Cluster-Scoped Usage\n\n```go\n// Create adapter for cluster-scoped policies\nadapter, err := crdadapter.NewAdapter(\"\")\nif err != nil {\n\tlog.Fatal(err)\n}\n```\n\n### Using with Fake Client (for Testing)\n\n```go\nimport (\n\t\"k8s.io/apimachinery/pkg/runtime\"\n\t\"k8s.io/client-go/dynamic/fake\"\n\tcrdadapter \"github.com/casbin/casbin-crd-adapter\"\n)\n\nfunc TestWithFakeClient() {\n\tscheme := runtime.NewScheme()\n\tclient := fake.NewSimpleDynamicClient(scheme)\n\t\n\tadapter := crdadapter.NewAdapterWithClient(client, \"default\")\n\t\n\te, err := casbin.NewEnforcer(\"model.conf\", adapter)\n\t// ...\n}\n```\n\n## Example CRD Definitions\n\n### Permission Policy\n\n```yaml\napiVersion: casbin.org/v1alpha1\nkind: CasbinPolicy\nmetadata:\n  name: user-permissions\n  namespace: default\nspec:\n  policyType: p\n  rules:\n    - values: [\"alice\", \"data1\", \"read\"]\n    - values: [\"alice\", \"data1\", \"write\"]\n    - values: [\"bob\", \"data2\", \"write\"]\n```\n\n### Role/Group Bindings\n\n```yaml\napiVersion: casbin.org/v1alpha1\nkind: CasbinPolicy\nmetadata:\n  name: role-bindings\n  namespace: default\nspec:\n  policyType: g\n  rules:\n    - values: [\"alice\", \"admin\"]\n    - values: [\"bob\", \"developer\"]\n```\n\n## RBAC Model Example\n\n```ini\n[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[role_definition]\ng = _, _\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nm = g(r.sub, p.sub) \u0026\u0026 r.obj == p.obj \u0026\u0026 r.act == p.act\n```\n\n## Write Operations\n\nThis adapter is **read-only** by design. All write operations (`SavePolicy`, `AddPolicy`, `RemovePolicy`, `RemoveFilteredPolicy`) will return `ErrWriteNotSupported`.\n\nTo modify policies, update the Kubernetes CRD resources directly using `kubectl` or the Kubernetes API:\n\n```bash\n# Apply a new policy\nkubectl apply -f policy.yaml\n\n# Update existing policy\nkubectl edit casbinpolicy example-policy -n default\n\n# Delete a policy\nkubectl delete casbinpolicy example-policy -n default\n```\n\n## How It Works\n\n1. The adapter connects to the Kubernetes API server (either in-cluster or via kubeconfig)\n2. It lists all CasbinPolicy custom resources (filtered by namespace if specified)\n3. Policies are sorted deterministically by namespace, name, and policy type\n4. Duplicate policies are automatically removed\n5. Policies are loaded into the Casbin enforcer\n\n## Testing\n\nRun the test suite:\n\n```bash\ngo test -v ./...\n```\n\nWith coverage:\n\n```bash\ngo test -v -race -coverprofile=coverage.txt -covermode=atomic ./...\n```\n\n## Development\n\n### Prerequisites\n\n- Go 1.23.0 or higher\n- Access to a Kubernetes cluster (for integration testing)\n\n### Building\n\n```bash\ngo build ./...\n```\n\n### Running Tests\n\n```bash\ngo test ./...\n```\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n## License\n\nThis project is licensed under the Apache 2.0 License - see the [LICENSE](LICENSE) file for details.\n\n## Related Projects\n\n- [Casbin](https://github.com/casbin/casbin) - An authorization library that supports access control models like ACL, RBAC, ABAC\n- [gorm-adapter](https://github.com/casbin/gorm-adapter) - GORM adapter for Casbin\n- [ent-adapter](https://github.com/casbin/ent-adapter) - Ent adapter for Casbin\n\n## Support\n\n- [Discord](https://discord.gg/S5UjpzGZjN)\n- [Forum](https://forum.casbin.org)\n- [GitHub Issues](https://github.com/casbin/casbin-crd-adapter/issues)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcasbin%2Fcasbin-crd-adapter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcasbin%2Fcasbin-crd-adapter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcasbin%2Fcasbin-crd-adapter/lists"}