https://github.com/authzed/gochugaru
Go client library for SpiceDB that strives to be as ergonomic as possible
https://github.com/authzed/gochugaru
acl database fine-grained-authorization golang golang-library grpc rbac spicedb spicedb-client zanzibar
Last synced: 8 months ago
JSON representation
Go client library for SpiceDB that strives to be as ergonomic as possible
- Host: GitHub
- URL: https://github.com/authzed/gochugaru
- Owner: authzed
- License: mit
- Created: 2024-01-10T06:12:43.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2025-06-04T18:12:37.000Z (10 months ago)
- Last Synced: 2025-06-22T00:57:11.147Z (9 months ago)
- Topics: acl, database, fine-grained-authorization, golang, golang-library, grpc, rbac, spicedb, spicedb-client, zanzibar
- Language: Go
- Homepage:
- Size: 91.8 KB
- Stars: 1
- Watchers: 6
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# gochugaru
[](https://godoc.org/github.com/authzed/gochugaru)
[](https://authzed.com/docs)
[](https://www.youtube.com/channel/UCFeSgZf0rPqQteiTQNGgTPg)
[](https://authzed.com/discord)
[](https://twitter.com/authzed)
A SpiceDB client library striving to be as ergonomic as possible.
This library builds upon the official [authzed-go library], but tries to expose an interface that guides folks towards optimal performance and correctness.
[authzed-go library]: https://github.com/authzed/authzed-go
## Roadmap
### UX
- ✅ Security-obvious client constructors
- ✅ Defaults to SpiceDB's best compression method
- ✅ Automatic back-off & retry logic
- ✅ Check One/Many/Any/All methods
- ✅ Checks use BulkChecks under the hood
- ✅ Interfaces for Relationships, Objects
- ✅ Flattened Relationship-type with Caveats
- ✅ Transaction-style API for Write
- ✅ Constructors for consistency arguments
- ✅ Callback-style API for Watch and ReadRelationships
- ✅ Atomic and non-atomic Relationship deletion
- 🔜 Keepalives for watch (if necessary)
### APIs
- ✅ Checks
- ✅ Schema Read/Write
- ✅ Relationship Read/Write/Delete
- 🚧 Import/Export Relationships
- ✅ Watch
- 🔜 Request Debugging
- 🔜 Lookup Resources/Subjects
- 🔜 Reflection APIs
## Examples
### Clients
```go
import "github.com/authzed/gochugaru/client"
...
// Various constructors to allocate clients for dev and production environments
// using the best practices.
authz, err := client.NewSystemTLS("spicedb.mycluster.local", presharedKey)
if err != nil {
...
}
```
### Checks
```go
import "github.com/authzed/gochugaru/client"
import "github.com/authzed/gochugaru/rel"
...
// Build up a set of relationships to be checked like any other slice.
var founders []Relationship
for _, founder := range []string{"jake", "joey", "jimmy"} {
// There are various constructors for the Relationship type that can
// trade-off allocations for legibility and understandability.
rel, err := rel.FromTriple("company:authzed", "founder", "user:"+founder)
if err != nil {
...
}
founders = append(founders, rel)
}
// Various Check methods can be used to simplify common assertions.
allAreFounders, err := authz.CheckAll(ctx, consistency.MinLatency(), founders...)
if err != nil {
...
} else if !allAreFounders {
...
}
```
### Writes
```go
import "github.com/authzed/gochugaru/client"
import "github.com/authzed/gochugaru/rel"
...
// Transactions are built up of preconditions that must or must not exist and
// the set of updates (creates, touches, or deletes) to be applied.
var txn rel.Txn
// The preconditions:
for _, rival := range []string{"joey", "jake"} {
txn.MustNotMatch(rel.MustFromTriple("module:gochugaru", "creator", "user:"+rival).Filter())
}
// The updates:
txn.Touch(rel.MustFromTriple("module:gochugaru", "creator", "user:jimmy"))
txn.Touch(rel.MustFromTriple("module:gochugaru", "maintainer", "sam").
WithCaveat("on_tuesday", map[string]any{"day": "wednesday"}))
writtenAt, err := authz.Write(ctx, txn)
...
```