{"id":27135590,"url":"https://github.com/mehmettopcu/goslo.policy.server","last_synced_at":"2025-11-01T08:04:41.830Z","repository":{"id":285891046,"uuid":"959249087","full_name":"mehmettopcu/goslo.policy.server","owner":"mehmettopcu","description":"OpenStack Oslo Policy Server - A centralized policy enforcement service for OpenStack services with dynamic policy updates and REST API support.","archived":false,"fork":false,"pushed_at":"2025-04-03T07:10:53.000Z","size":35,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-03T08:24:01.744Z","etag":null,"topics":["authorization","golang","microservices","openstack","policy","rbac","rest-api","security","yaml-configuration"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mehmettopcu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-04-02T13:41:26.000Z","updated_at":"2025-04-03T07:10:57.000Z","dependencies_parsed_at":"2025-04-03T08:34:16.070Z","dependency_job_id":null,"html_url":"https://github.com/mehmettopcu/goslo.policy.server","commit_stats":null,"previous_names":["mehmettopcu/goslo.policy.server"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mehmettopcu%2Fgoslo.policy.server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mehmettopcu%2Fgoslo.policy.server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mehmettopcu%2Fgoslo.policy.server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mehmettopcu%2Fgoslo.policy.server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mehmettopcu","download_url":"https://codeload.github.com/mehmettopcu/goslo.policy.server/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247761028,"owners_count":20991533,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","golang","microservices","openstack","policy","rbac","rest-api","security","yaml-configuration"],"created_at":"2025-04-08T01:48:47.281Z","updated_at":"2025-11-01T08:04:41.800Z","avatar_url":"https://github.com/mehmettopcu.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenStack Oslo Policy Server\n\n[![Build Status](https://github.com/mehmettopcu/goslo.policy.server/actions/workflows/docker.yml/badge.svg?branch=main)](https://github.com/mehmettopcu/goslo.policy.server/actions/)\n\n\u003e **⚠️ Development Status**: This project is currently under active development. The API and features are subject to change. Please use with caution in production environments.\n\nThis project implements a centralized policy server for OpenStack Oslo policy rules. It provides a REST API for policy enforcement and supports dynamic policy updates through YAML configuration files.\n\n\u003e **Note**: This project is built on top of [goslo.policy](https://github.com/databus23/goslo.policy), a Go implementation of OpenStack's oslo.policy library.\n\u003e **Integration**: This server is designed to work seamlessly with [oslo.policy.remote](https://github.com/mehmettopcu/oslo.policy.remote), which provides a Python client for remote policy enforcement. Together, they enable distributed policy enforcement across your OpenStack services.\n\n## Features\n\n- HTTP-based policy enforcement API\n- YAML-based policy configuration\n- Dynamic policy updates (no server restart required)\n- Service-based policy management\n- Token-based authentication support\n- High-performance policy evaluation\n- Graceful shutdown support\n- Context-based server management\n- Modern Go practices and optimizations\n\n## Requirements\n\n- Go 1.22 or later\n\n## Installation\n\n```bash\ngo get github.com/mehmettopcu/goslo.policy.server\n```\n\n## Usage\n\n1.Create a policy directory and add your policy files:\n\n```bash\n  mkdir -p policy-files\n```\n\n2.Add policy files for each service (e.g., `policy-files/nova.yaml`):\n\n  ```yaml\n  \"context_is_admin\": \"role:admin\"\n  \"admin_or_owner\": \"is_admin:True or project_id:%(project_id)s\"\n  \"admin_api\": \"is_admin:True\"\n  \"project_member_api\": \"role:member and project_id:%(project_id)s\"\n  \"project_reader_api\": \"role:reader and project_id:%(project_id)s\"\n  \"project_member_or_admin\": \"rule:project_member_api or rule:context_is_admin\"\n  \"project_reader_or_admin\": \"rule:project_reader_api or rule:context_is_admin\"\n  \"os_compute_api:os-admin-actions:reset_state\": \"rule:context_is_admin\"\n  \"os_compute_api:os-admin-actions:inject_network_info\": \"rule:context_is_admin\"\n  ```\n\n3.Start the policy server:\n\n```bash\ngo run main.go -policy-dir policy-files -addr :8082\n```\n\nThe server will start and listen for policy enforcement requests. It supports graceful shutdown through SIGINT and SIGTERM signals.\n\n4.Make policy enforcement requests:\n\n```bash\ncurl -s -X POST http://policy-server:8082/enforce \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"service\": \"nova\",\n    \"rule\": \"os_compute_api:servers:detail\",\n    \"credentials\": {\n        \"user_id\": \"123456\",\n        \"project_id\": \"7890\",\n        \"roles\": [\"admin\"]\n    },\n    \"target\": {\n      \"project_id\": \"7890\"\n    }\n  }'\n```\n\n## Benchmark Test\n\n```bash\n# Make the script executable\nchmod +x benchmark.sh\n\n# Run with default settings\n./benchmark.sh\n\n# Run with custom parameters\n./benchmark.sh -d 30 -p 20 -h http://policy-server:8082 -i 0.1\n\n\nStarting benchmark...\nDuration: 60 seconds\nParallel requests: 20\nHost: http://localhost:8082\nInterval: 0.1 seconds\n\nCalculating statistics...\nStatistics:\n===========\nSample count: 7760\n  - Total number of requests completed during the test\nAverage latency: 0.00394145 seconds\n  - Mean response time across all requests\nMin latency: 0.000374 seconds\n  - Fastest response time observed\nMax latency: 0.023808 seconds\n  - Slowest response time observed\nP50 latency: 0.003324 seconds\n  - Median response time (50% of requests were faster)\nP90 latency: 0.007749 seconds\n  - 90th percentile (90% of requests were faster)\nP95 latency: 0.009224 seconds\n  - 95th percentile (95% of requests were faster)\nP99 latency: 0.013159 seconds\n  - 99th percentile (99% of requests were faster)\n\nRequests per second: 129.333\n  - Throughput: Number of requests processed per second\n```\n\n## API Reference\n\n### POST /enforce\n\nEnforces a policy rule for a given service and action.\n\n#### Request Body\n\n```json\n{\n  \"service\": \"string\",  // Service name (e.g., \"nova\")\n  \"rule\": \"string\",   // Action to enforce (e.g., \"compute:start_instance\")\n  \"credentials\": {           // Token information\n    \"user\": {\n      \"id\": \"string\",\n      \"name\": \"string\",\n      \"roles\": [\"string\"],\n      \"domain\": \"string\"\n    },\n    \"project\": {\n      \"id\": \"string\",\n      \"name\": \"string\"\n    }\n  },\n  \"target\": {         // Request-specific information\n    \"project_id\": \"string\"\n  }\n}\n```\n\n#### Response\n\n```json\n{\n  \"allowed\": true|false,\n  \"error\": \"string\"    // Optional error message\n}\n```\n\n## Policy File Format\n\nEach service should have its own YAML policy file in the policy directory. The file should be named `{service}.yaml`.\n\n### Policy Rule Format\n\n\u003chttps://docs.openstack.org/oslo.policy/latest/admin/policy-yaml-file.html\u003e\n\n## License\n\nThis project is licensed under the Apache License, Version 2.0 - see the [LICENSE](LICENSE) file for details.\n\nThe Apache License 2.0 is a permissive free software license written by the Apache Software Foundation (ASF). It allows users to:\n\n- Use the software for any purpose\n- Distribute the software\n- Modify the software\n- Distribute modified versions of the software\n\nFor more information about the Apache License 2.0, please visit:\n\n- [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0)\n- [Apache License FAQ](https://www.apache.org/foundation/license-faq.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmehmettopcu%2Fgoslo.policy.server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmehmettopcu%2Fgoslo.policy.server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmehmettopcu%2Fgoslo.policy.server/lists"}