https://github.com/databus23/goslo.policy
A go implementation of OpenStack's oslo.policy library
https://github.com/databus23/goslo.policy
Last synced: about 1 year ago
JSON representation
A go implementation of OpenStack's oslo.policy library
- Host: GitHub
- URL: https://github.com/databus23/goslo.policy
- Owner: databus23
- License: apache-2.0
- Created: 2015-10-30T12:48:14.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2025-03-26T13:49:18.000Z (over 1 year ago)
- Last Synced: 2025-04-11T17:15:43.919Z (about 1 year ago)
- Language: Go
- Size: 38.1 KB
- Stars: 6
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://github.com/databus23/goslo.policy/actions/)
A go implementation of OpenStack's oslo.policy
==============================================
This repository provides a reimplementation of the original [oslo.policy](https://github.com/openstack/oslo.policy) library written in python. It is meant to provide the same RBAC semantics for OpenStack enabled applications written in go.
You can view the API docs here:
https://pkg.go.dev/github.com/databus23/goslo.policy
Usage
-----
```go
package main
import (
"log"
policy "github.com/databus23/goslo.policy"
)
func main() {
rules := map[string]string{
"admin_required": "role:admin",
"cloud_admin": "rule:admin_required and domain_id:default",
"owner": "user_id:%(user_id)s",
}
//Load and parse policy
enforcer, err := policy.NewEnforcer(rules)
if err != nil {
log.Fatal("Failed to parse policy ", err)
}
//Context provides the current token & request information needed for enforcement
ctx := policy.Context{
Auth: map[string]string{
"user_id": "u-1",
"domain_id": "default",
},
Roles: []string{"admin"},
Request: map[string]string{
"user_id": "u-1",
},
}
if enforcer.Enforce("cloud_admin", ctx) {
log.Println("user is a cloud admin")
}
if enforcer.Enforce("owner", ctx) {
log.Println("user is owner")
}
}
```
The package includes optional debug logging that can be enabled per context:
```go
if os.Getenv("DEBUG") == "1" {
ctx.Logger = log.Printf //or any other function with the same signature
}
```