README
¶
Athenz is a set of services and libraries supporting role-based authorization (RBAC) for provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases. Athenz authorization system utilizes two types of tokens: Principal Tokens (N-Tokens) and RoleTokens (Z-Tokens). The name "Athenz" is derived from "Auth" and the 'N' and 'Z' tokens.
Main features
Athenz provides both the functionality of a centralized system and a certificate and IP-based distributed system to handle on-box enforcement.
You get the following advantages using Athenz:
- Service-based security profile: Security definitions that automatically trickle down to hosts within the service.
- Dynamic provisioning: Scale fast or move workloads around without manual intervention (IP-less configuration).
- Single source of truth: Consolidated service profile serving various downstream security implementations, including support for non-user entities.
- Self-Service: Real-time configuration and enforcement of resource-based access control (dynamic manageability).
More importantly, we want engineers to use Athenz and not build their own role-based access control systems that have no central store and often rely on network ACLs and manual updating.
Documentation
- Getting Started
- Development Environment
- Local/Development Environment Setup
- Production Environment Setup
- Architecture
- Features
- Developer Guide
- Customizing Athenz
- User Guide
Contact
- Athenz-Dev for development discussions
- Athenz-Users for users questions
License
Copyright 2016 Yahoo Inc.
Licensed under the Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
Directories
¶
| Path | Synopsis |
|---|---|
|
clients
|
|
|
go/zms
Package zms contains a client library to talk to Athenz ZMS.
|
Package zms contains a client library to talk to Athenz ZMS. |
|
go/zms/examples/get-access
Get-access is a demo program to query if the current principal has "Access" to a specified resource, in a given domain.
|
Get-access is a demo program to query if the current principal has "Access" to a specified resource, in a given domain. |
|
go/zts
Package zts contains a client library to talk to Athenz ZTS.
|
Package zts contains a client library to talk to Athenz ZTS. |
|
go/zts/examples/get-role-token
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token.
|
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token. |
|
examples
|
|
|
go/centralized-use-case/server
Server is a program to demonstrate the use of ZMS Go client to implement Athenz centralized authorization support in a server.
|
Server is a program to demonstrate the use of ZMS Go client to implement Athenz centralized authorization support in a server. |
|
libs
|
|
|
go/zmscli
Package zmscli is ZMS Client application library to manage an Athenz domain in ZMS Server.
|
Package zmscli is ZMS Client application library to manage an Athenz domain in ZMS Server. |
|
go/zmssvctoken
Package zmssvctoken generates/validates Athenz NTokens given private/public keys.
|
Package zmssvctoken generates/validates Athenz NTokens given private/public keys. |
|
go/ztsroletoken
Package ztsroletoken generates roletokens.
|
Package ztsroletoken generates roletokens. |
|
rdl
|
|
|
utils
|
|
|
athenz-conf
Athenz-conf is a program to generate an athenz.conf file based on service details stored in ZMS Server.
|
Athenz-conf is a program to generate an athenz.conf file based on service details stored in ZMS Server. |
|
zms-cli
Zms-cli is a program to manage your Athenz domain in ZMS Server.
|
Zms-cli is a program to manage your Athenz domain in ZMS Server. |
|
zms-svctoken
Zms-svctoken is a program to generate service tokens based on given private key and service details
|
Zms-svctoken is a program to generate service tokens based on given private key and service details |
|
zpe-updater
Package zpu is a utility library to update ZPE Policy.
|
Package zpu is a utility library to update ZPE Policy. |
|
zpe-updater/cmd/tools
Tools is a program that runs zpu.PolicyUpdater.
|
Tools is a program that runs zpu.PolicyUpdater. |
|
zpe-updater/devel
Package devel provides utility functions for testing (StartMockServer and CreateFile).
|
Package devel provides utility functions for testing (StartMockServer and CreateFile). |
|
zpe-updater/test_data
Package test_data contains test data packed as Go files.
|
Package test_data contains test data packed as Go files. |
|
zpe-updater/util
Package util provides utility types and functions for zpe-updater.
|
Package util provides utility types and functions for zpe-updater. |
|
zts-rolecert
Zts-rolecert is a program to use Athenz Service Identity certificate to request a X509 Certificate for the requested role from ZTS Server.
|
Zts-rolecert is a program to use Athenz Service Identity certificate to request a X509 Certificate for the requested role from ZTS Server. |
|
zts-roletoken
Zts-roletoken is a program to request a role token from ZTS Server for the given identity to access a role in a provider domain.
|
Zts-roletoken is a program to request a role token from ZTS Server for the given identity to access a role in a provider domain. |
|
zts-svccert
Zts-svccert is a program to generate service token, generate a CSR and request a X509 Certificate for that service token from ZTS Server.
|
Zts-svccert is a program to generate service token, generate a CSR and request a X509 Certificate for that service token from ZTS Server. |
Click to show internal directories.
Click to hide internal directories.