GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → odpf → shield

odpf / shield

Licence: Apache-2.0 license
Shield is a role-based cloud-native user management system, identity & access proxy, and authorization server for your applications and API endpoints.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

authenticationreverse-proxyauthorizationdataopscasbin

Projects that are alternatives of or similar to shield

Mongodb Adapter
MongoDB adapter for Casbin
Stars: ✭ 194 (+22.78%)
Mutual labels:  authorization, casbin
Chi Authz
chi-authz is an authorization middleware for Chi
Stars: ✭ 248 (+56.96%)
Mutual labels:  authorization, casbin
Casbin Authz Plugin
Docker Authorization Plugin based on Casbin
Stars: ✭ 204 (+29.11%)
Mutual labels:  authorization, casbin
Redis Adapter
Redis adapter for Casbin
Stars: ✭ 167 (+5.7%)
Mutual labels:  authorization, casbin
authentik
The authentication glue you need.
Stars: ✭ 2,941 (+1761.39%)
Mutual labels:  reverse-proxy, authorization
Casbin Server
Casbin as a Service (CaaS)
Stars: ✭ 171 (+8.23%)
Mutual labels:  authorization, casbin
Caddy Authz
Caddy-authz is a middleware for Caddy that blocks or allows requests based on access control policies.
Stars: ✭ 221 (+39.87%)
Mutual labels:  authorization, casbin
Laravel Authz
An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel.
Stars: ✭ 136 (-13.92%)
Mutual labels:  authorization, casbin
casbin-knex-adapter
Knex adapter for Casbin
Stars: ✭ 16 (-89.87%)
Mutual labels:  authorization, casbin
express-authz
express-authz is an authorization middleware for Express.js based on Casbin
Stars: ✭ 60 (-62.03%)
Mutual labels:  authorization, casbin
Etcd Watcher
Etcd watcher for Casbin
Stars: ✭ 157 (-0.63%)
Mutual labels:  authorization, casbin
lua-casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Lua (OpenResty)
Stars: ✭ 43 (-72.78%)
Mutual labels:  authorization, casbin
Think Authz
An authorization library that supports access control models like ACL, RBAC, ABAC in ThinkPHP 6.0 .
Stars: ✭ 155 (-1.9%)
Mutual labels:  authorization, casbin
Protobuf Adapter
Google Protocol Buffers adapter for Casbin
Stars: ✭ 185 (+17.09%)
Mutual labels:  authorization, casbin
Negroni Authz
negroni-authz is an authorization middleware for Negroni
Stars: ✭ 152 (-3.8%)
Mutual labels:  authorization, casbin
Beego Authz
Beego's RBAC & ABAC Authorization middleware based on Casbin
Stars: ✭ 208 (+31.65%)
Mutual labels:  authorization, casbin
Casbin Cpp
An authorization library that supports access control models like ACL, RBAC, ABAC in C/C++
Stars: ✭ 113 (-28.48%)
Mutual labels:  authorization, casbin
Node Casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Node.js and Browser
Stars: ✭ 1,757 (+1012.03%)
Mutual labels:  authorization, casbin
Annon.api
Configurable API gateway that acts as a reverse proxy with a plugin system.
Stars: ✭ 306 (+93.67%)
Mutual labels:  reverse-proxy, authorization
deflek
index and API RBAC for Elasticsearch and Kibana via reverse proxy. DEPRECATED
Stars: ✭ 13 (-91.77%)
Mutual labels:  reverse-proxy, authorization
View All Similar Projects ➔

Shield

build workflow package workflow License Version

Shield is a cloud native role-based authorization aware reverse-proxy service. With Shield, you can assign roles to users or groups of users to configure policies that determine whether a particular user has the ability to perform a certain action on a given resource.

Key Features

Discover why users choose Shield as their authorization proxy

  • Policy Management: Policies help you assign various roles to users/groups that determine their access to various resources
  • Group Management: Group is nothing but another word for team. Shield provides APIs to add/remove users to/from a group, fetch list of users in a group along with their roles in the group, and fetch list of groups a user is part of.
  • Activity Logs: Shield has APIs that store and retrieve all the access related logs. You can see who added/removed a user to/from group in these logs.
  • Reverse Proxy: In addition to configuring access management, you can also use Shield as a reverse proxy to directly protect your endpoints by configuring appropriate permissions for them.
  • Google IAP: Shield also utilizes Google IAP as an authentication mechanism. So if your services are behind a Google IAP, Shield will seemlessly integrate with it.
  • Runtime: Shield can run inside containers or VMs in a fully managed runtime environment like Kubernetes. Shield also depends on a Postgres server to store data.

How can I get started?

  • Guides provide guidance on how to use Shield and configure it to your needs
  • Concepts descibe the primary concepts and architecture behind Shield
  • Reference contains the list of all the APIs that Shield exposes
  • Contributing contains resources for anyone who wants to contribute to Shield

Installation

Install Shield on macOS, Windows, Linux, OpenBSD, FreeBSD, and on any machine.

Binary (Cross-platform)

Download the appropriate version for your platform from releases page. Once downloaded, the binary can be run from anywhere. You don’t need to install it into a global location. This works well for shared hosts and other systems where you don’t have a privileged account. Ideally, you should install it somewhere in your PATH for easy use. /usr/local/bin is the most probable location.

Homebrew

# Install shield (requires homebrew installed)
$ brew install odpf/taps/shield

# Upgrade shield (requires homebrew installed)
$ brew upgrade shield

# Check for installed shield version
$ shield version

Usage

Shield CLI is fully featured but simple to use, even for those who have very limited experience working from the command line. Run shield --help to see list of all available commands and instructions to use.

$ shield --help
Identiy made simple.

USAGE
  shield <command> <subcommand> [flags]

CORE COMMANDS
  migrate     Run database migrations
  serve       Run shield server

ADDITIONAL COMMANDS
  completion  generate the autocompletion script for the specified shell
  config      Manage client configuration settings
  help        Help about any command
  version     Print version information

FLAGS
  --help   Show help for command

ENVIRONMENT VARIABLES
  See 'shield help environment' for the list of supported environment variables.

LEARN MORE
  Use 'shield <command> <subcommand> --help' for more information about a command.
  Read the manual at https://odpf.github.io/shield/

FEEDBACK
  Open an issue here https://github.com/odpf/shield/issues

Running locally

Dependencies: 
- Git
- Go 1.17 or above
- PostgreSQL 13.2 or above

# Clone the repo
$ git clone [email protected]:odpf/shield.git

# Install all the golang dependencies
$ make install

# Check all build comamnds available
$ make help

# Build meteor binary file
$ make build

# Init config
$ cp app/config.yaml config.yaml
$ ./shield config init

# Run database migrations
$ ./shield migrate

# Start shield server
$ ./shield serve

Running tests

# Running all unit tests
$ make test

# Print code coverage
$ make coverage

Contribute

Development of Shield happens in the open on GitHub, and we are grateful to the community for contributing bugfixes and improvements. Read below to learn how you can take part in improving Shield.

Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to Shield.

To help you get your feet wet and get you familiar with our contribution process, we have a list of good first issues that contain bugs which have a relatively limited scope. This is a great place to get started.

This project exists thanks to all the contributors.

License

Shield is Apache 2.0 licensed.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].