Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kevinmichaelchen/cedar-agent-go-sdk

Go SDK for Cedar Agent 🌲
https://github.com/kevinmichaelchen/cedar-agent-go-sdk

cedar

Last synced: about 2 months ago
JSON representation

Go SDK for Cedar Agent 🌲

Host: GitHub
URL: https://github.com/kevinmichaelchen/cedar-agent-go-sdk
Owner: kevinmichaelchen
License: mit
Created: 2023-09-01T16:42:10.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-01-06T20:02:51.000Z (about 1 year ago)
Last Synced: 2024-01-06T21:20:33.322Z (about 1 year ago)
Topics: cedar
Language: Go
Homepage: https://kevinmichaelchen.github.io/cedar-agent-go-sdk/
Size: 201 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # cedar-agent-go-sdk

[![GoReportCard example](https://goreportcard.com/badge/github.com/kevinmichaelchen/cedar-agent-go-sdk)](https://goreportcard.com/report/github.com/kevinmichaelchen/cedar-agent-go-sdk)

[![GoDoc reference example](https://img.shields.io/badge/godoc-reference-blue.svg)](https://godoc.org/github.com/kevinmichaelchen/cedar-agent-go-sdk)

[![version](https://img.shields.io/github/v/release/kevinmichaelchen/cedar-agent-go-sdk?include_prereleases&label=latest&logo=ferrari)](https://github.com/kevinmichaelchen/cedar-agent-go-sdk/releases/latest)

[![Code Climate maintainability](https://img.shields.io/codeclimate/maintainability/kevinmichaelchen/cedar-agent-go-sdk)](https://codeclimate.com/github/kevinmichaelchen/cedar-agent-go-sdk)

[Cedar Agent][cedar-agent] is an HTTP Server that runs the [Cedar][cedar] authorization engine.

It's the easiest way to get up and running with Cedar locally, offering a REST API for managing your entities and policies, as well as policy evaluation.

Cedar lets you answer the question: _Is this **user** (principal) allowed to perform this **action** on this **resource**?_

[cedar-agent]: https://github.com/permitio/cedar-agent

[cedar]: https://www.cedarpolicy.com

## Installation

```shell

go get -u github.com/kevinmichaelchen/cedar-agent-go-sdk

```

## Usage

### Creating a client

```go

package main

import (

	"github.com/kevinmichaelchen/cedar-agent-go-sdk/sdk"

	"net/http"

)

func initClient() *sdk.Client {

	c := &http.Client{}

	// The options are entirely ... optional 🙂

	return sdk.NewClient(c,

		sdk.WithBaseURL("http://localhost:8180"),

		sdk.WithParallelizationFactor(3),

	)

}

```

### Performing authorization checks

```go

package main

import (

	"context"

	"fmt"

	"github.com/kevinmichaelchen/cedar-agent-go-sdk/sdk"

	"net/http"

)

func main() {

	ctx := context.Background()

	client := initClient()

	allowed := isAuthorized(ctx, client,

		sdk.CheckRequest{

			Principal: `User::"42"`,

			Action: "viewFoobar",

			Resource: `Foobar::"101"`,

		},

	)

	fmt.Printf("allowed: %t", allowed)

}

func isAuthorized(ctx context.Context, client *sdk.Client, r sdk.CheckRequest) bool {

	res, err := client.Check(ctx, r)

	if err != nil {

		panic(err)

	}

	return res.Allowed

}

```

### Authorizing a batch

Sometimes you want to authorize a principal against multiple resources, 

potentially with multiple actions.

```go

package main

import (

	"context"

	"fmt"

	"github.com/kevinmichaelchen/cedar-agent-go-sdk/sdk"

	"net/http"

)

func main() {

	ctx := context.Background()

	client := initClient()

	principal := `User::"42"`

	requests := map[sdk.Action][]sdk.Resource{

		"viewFoo": {

			`Foo::"12"`,

			`Foo::"39"`,

			`Foo::"72"`,

		},

		"viewBar": {

			`Bar::"12"`,

		},

	}

	out, err := client.CheckBatch(ctx, principal, requests, 5)

	if err != nil {

		panic(err)

	}

	for req, decision := range out {

		fmt.Printf("request: %v, decision: %t", req, decision.Allowed)

	}

}

```