eko / authz Goto Github PK
View Code? Open in Web Editor NEW๐ก๏ธ Authorization backend that comes with a UI for RBAC and ABAC permissions
Home Page: https://authz.fr
License: MIT License
๐ก๏ธ Authorization backend that comes with a UI for RBAC and ABAC permissions
Home Page: https://authz.fr
License: MIT License
env:
go version
go version go1.19.4 darwin/amd64
~env | grep GO
GOBIN=/Users/ltagliamonte/go/bin
GOPATH=/Users/ltagliamonte/go
Following the instructions at this link i get an import error:
go get github.com/eko/authz/sdk@latest
go: github.com/eko/authz/[email protected]: reading github.com/eko/authz/backend/go.mod at revision backend/v0.0.0: unknown revision backend/v0.0.0
no luck also trying also:
go get -u github.com/eko/authz/sdk
go: downloading github.com/eko/authz/sdk v0.0.0-20230430134208-23688ec53c7c
go: downloading github.com/eko/authz v0.8.1
go: github.com/eko/authz/[email protected]: reading github.com/eko/authz/backend/go.mod at revision backend/v0.0.0: unknown revision backend/v0.0.0
The creation of a Policy auto creates the associated Resource.
In terms of user experience it sort of hides the required connection between a Policy and a Resource object.
How to replicate:
docker run --rm \
-e database_driver=sqlite \
-e database_name=:memory: \
-p 8080:8080 \
-p 8081:8081 \
-p 3000:80 \
ekofr/authz:v0.8.3-standalone
login to http://localhost:3000/ with default username/pwd.
Navigate to: Policies -> Create New Policy
Fill the Form and Submit:
Name: deploy
Association: deploy.*
Actions: get
Navigate to Resources and the Resource deploy
got automatically created.
Title :)
Hello @eko,
I am working with Authz for managing authorizations across several applications, and I've encountered an issue related to restricted admin access and custom field checks.
I have several administrators for multiple applications, including Authz. I wish to allow these admins to access Authz, but with the restriction that they can only add new principals and assign them roles specific to their application. To implement this, I've added a custom field (e.g., application1=true) in the principal entity.
For role assignment, I've created roles with policies that check for the existence of this new field in the principal and restrict all access except for the principal list. However, when logging in with this new admin user, I expected to see the principal list but instead received an "access denied" error.
Questions/Requests:
Usecase Feasibility: Is my use case possible with Authz's current capabilities? Specifically, can I restrict admin users to only add new principals and assign roles based on a custom field in the principal?
Custom Field Checks: In addition to checking for equality, is there a way to implement a "contains" check for custom fields in Authz? This feature would be particularly useful for scenarios where a principal might belong to multiple applications.
Steps to Reproduce:
Expected Behavior:
The admin user should be able to see and manage the principal list based on the custom field's condition.
Actual Behavior:
Received an "access denied" error when attempting to access the principal list.
I appreciate any guidance or suggestions you can provide to resolve these issues or implement these features.
Hello @eko I was wondering if you have thought about making a contrib GoFiber middleware for authz
?
Currently it is possible to delete the admin user, effectively making an installation useless.
Would be nice to have a check to prevent the admin user to be deleted.
Steps to reproduce:
Bin
icon next to admin userOk
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.