Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/uatuko/ruek
π Lightning fast, global scale authorization service without the overhead of a yet another DSL.
https://github.com/uatuko/ruek
abac access-control authorization cmake cpp20 fga fine-grained-authorization grpc least-privilege rbac rebac zanzibar zero-trust
Last synced: 5 days ago
JSON representation
π Lightning fast, global scale authorization service without the overhead of a yet another DSL.
- Host: GitHub
- URL: https://github.com/uatuko/ruek
- Owner: uatuko
- License: apache-2.0
- Created: 2023-03-12T21:58:23.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-20T17:00:05.000Z (3 months ago)
- Last Synced: 2024-10-20T20:23:22.826Z (3 months ago)
- Topics: abac, access-control, authorization, cmake, cpp20, fga, fine-grained-authorization, grpc, least-privilege, rbac, rebac, zanzibar, zero-trust
- Language: C++
- Homepage:
- Size: 980 KB
- Stars: 94
- Watchers: 3
- Forks: 6
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Changelog: changelog.md
- License: LICENSE
Awesome Lists containing this project
README
# π Ruek
[](https://raw.githubusercontent.com/uatuko/ruek/main/LICENSE)
[](https://codecov.io/gh/uatuko/ruek)
[](https://github.com/uatuko/ruek/discussions)
[](https://github.com/uatuko/ruek/releases)
Lightning fast, global scale authorization service without the overhead of a yet another DSL[^1].
## What is Ruek?
Ruek is an authorization service for securing your applications and services using zero trust[^2]
fine-grained authorization (FGA).
We designed Ruek to be as powerful and scalable as [Zanzibar β Googleβs Consistent, Global Authorization System](https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/)
yet simple enough to start using without the overhead of having to learn a new DSL to define authorization models or policies.
### Why Ruek?
There are other open-source (and commercial) authorization services, some are inspired by Google Zanzibar
while others tend to offer policy-as-code solutions. But almost all of these solutions require learning
a new DSL to create authorization models or define policies, which adds unnecessary complexities.
Using an authorization service shouldn't come with a requirement to be an expert in building and maintaining
authorization models or policies. It should be as easy as using an API.
Ruek lean on well known API design principals to provide an authorization service that's easy to
integrate, quick to master and flexible enough to handle complex requirements.
## π₯ Features
* ABAC, RBAC & ReBAC
* Schema-less fine-grained authorization (FGA)
* Zero-trust, least privilege architecture (ZTA)
* Predictable constant time authorization checks (**O(1)**)[^3]
* Strongly consistent with no cache
* Cloud native at global scale[^4]
* Multi-tenancy support, if you need it
* Not just authorization checks, list users, entities a user can access and users with access to an entity
* First class treatment for listing endpoints with pagination and limits to handle large datasets
* Built using the fastest gRPC server implementation[^5]
## π Documentation
You can find a bit more detailed documentation in [docs/](docs/README.md).
## π Quickstart (with `docker`)
### Create a docker network
```sh
docker network create ruek-net
```
### Run PostgreSQL
```sh
docker run --net=ruek-net --name=pg -e POSTGRES_PASSWORD=postgres -d postgres:16-alpine
```
### Setup PostgreSQL user and database for Ruek
```sh
echo "create user ruek with password 'ruek'; create database ruek owner ruek;" | docker run --rm -i --network=ruek-net -e PGPASSWORD=postgres postgres:16-alpine psql --host=pg --username=postgres
```
```sh
curl -sL https://raw.githubusercontent.com/uatuko/ruek/refs/heads/main/db/schema.sql | docker run --rm -i --network=ruek-net -e PGPASSWORD=ruek postgres:16-alpine psql --host=pg --username=ruek --dbname=ruek
```
### Run Ruek
```sh
docker run --network=ruek-net --name=ruek -e PGHOST=pg -e PGUSER=ruek -e PGPASSWORD=ruek -p 8080:8080 -d uatuko/ruek:latest
```
## Built with
* [fmt](https://github.com/fmtlib/fmt) - For string formatting.
* [googletest](https://github.com/google/googletest) - For tests.
* [benchmark](https://github.com/google/benchmark) - For benchmarks.
* [grpcxx](https://github.com/uatuko/grpcxx) - For the gRPC server.
* [libpqxx](https://github.com/jtv/libpqxx) - For PostgreSQL connections.
* [libxid](https://github.com/uatuko/libxid) - For globally unique IDs.
[^1]: [Domain-Specific Language](https://en.wikipedia.org/wiki/Domain-specific_language)
[^2]: [Zero trust architecture (ZTA)](https://en.wikipedia.org/wiki/Zero_trust_security_model)
[^3]: Authorization check using ReBAC `set` (**O(1+n+m)**) and `graph` (**O(1+v+e)**) strategies are not constant time.
[^4]: Scalability depends on underlying PostgreSQL protocol compatible database scalability.
[^5]: [gRPCxx](https://github.com/uatuko/grpcxx) is benchmarked to be the fastest in February 2024.