A dispatcher based on Hashicorp's Raft for Casbin.
hraft-dispatcher is beta version.
Go version 1.14+ and Casbin vervsion 2.24+ is required.
go get github.com/casbin/hraft-dispatcher
You have to provide a completely new Casbin environment without Adapter, all the policies are handled by hraft-dispatcher. When the leader node starts for the first time, you can add the default policy to hraft-dispatcher.
An example is provided here.
We support enable TLS on HTTP service and Raft service. If you provide the TLS config is not nil, we will configure this to HTTP service and Raft service, and the HTTP upgrade HTTPS.
when TLS is enabled, a peer certificate must be provided. It is recommended to use cfssl to generate this certificate, our generate script is here.
Here is out configuration, you can find it in example:
tls.Config{
RootCAs: rootCAPool,
ClientCAs: rootCAPool,
ClientAuth: tls.RequireAndVerifyClientCert,
Certificates: []tls.Certificate{cert},
}
hraft-dispatcher is a dispatcher plug-in based on hashicorp/raft implementation.
hraft-dispatcher includes an HTTP service, and a Raft service:
- HTTP service is used to forward data from follower node to follower node
- Raft service is used to maintain the policy consistency of each node
If you set up a dispatcher in Casbin, it forwards the following request to dispatcher:
- AddPolicy
- RemovePolicy
- AddPolicies
- RemovePolicies
- RemoveFilteredPolicy
- UpdatePolicy
- UpdatePolicies
- ClearPolicy
In dispatcher, we are use Raft consensus protocol to maintain the policy, and use the bbolt to storage the policy of each node.
hraft-dispatcher overall architecture looks like this:
- Adapter: You cannot use Adapter in Casbin, hraft-dispatcher has its own Adapter, which uses the bbolt to storage the policy.
- You cannot call the following methods, which will affect data consistency:
- LoadPolicy - All policies are maintained by hraft-dispatcher
- SavePolicy - All policies are maintained by hraft-dispatcher
Much of the inspiration comes from the following projects:
Thanks for everyone's contribution.
Thank you for your interest in contributing!
This project is under Apache 2.0 License. See the LICENSE file for the full license text.