Skip to content

casbin/hraft-dispatcher

Repository files navigation

hraft-dispatcher

Go Report Card Build Status Godoc Release Sourcegraph License

A dispatcher based on Hashicorp's Raft for Casbin.

Project Status

hraft-dispatcher is beta version.

Getting started

Installation

Go version 1.14+ and Casbin vervsion 2.24+ is required.

go get github.com/casbin/hraft-dispatcher

Prerequisite

You have to provide a completely new Casbin environment without Adapter, all the policies are handled by hraft-dispatcher. When the leader node starts for the first time, you can add the default policy to hraft-dispatcher.

Example

An example is provided here.

Security

We support enable TLS on HTTP service and Raft service. If you provide the TLS config is not nil, we will configure this to HTTP service and Raft service, and the HTTP upgrade HTTPS.

when TLS is enabled, a peer certificate must be provided. It is recommended to use cfssl to generate this certificate, our generate script is here.

Here is out configuration, you can find it in example:

tls.Config{
    RootCAs:      rootCAPool,
    ClientCAs:    rootCAPool,
    ClientAuth:   tls.RequireAndVerifyClientCert,
    Certificates: []tls.Certificate{cert},
}

Architecture

hraft-dispatcher is a dispatcher plug-in based on hashicorp/raft implementation.

hraft-dispatcher includes an HTTP service, and a Raft service:

  • HTTP service is used to forward data from follower node to follower node
  • Raft service is used to maintain the policy consistency of each node

If you set up a dispatcher in Casbin, it forwards the following request to dispatcher:

  • AddPolicy
  • RemovePolicy
  • AddPolicies
  • RemovePolicies
  • RemoveFilteredPolicy
  • UpdatePolicy
  • UpdatePolicies
  • ClearPolicy

In dispatcher, we are use Raft consensus protocol to maintain the policy, and use the bbolt to storage the policy of each node.

hraft-dispatcher overall architecture looks like this:

overall architecture

Limitations

  • Adapter: You cannot use Adapter in Casbin, hraft-dispatcher has its own Adapter, which uses the bbolt to storage the policy.
  • You cannot call the following methods, which will affect data consistency:
    • LoadPolicy - All policies are maintained by hraft-dispatcher
    • SavePolicy - All policies are maintained by hraft-dispatcher

Project reference

Much of the inspiration comes from the following projects:

Thanks for everyone's contribution.

Contribution

Thank you for your interest in contributing!

License

This project is under Apache 2.0 License. See the LICENSE file for the full license text.