spicedb

module
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 8, 2022 License: Apache-2.0

README

SpiceDB

Container Image Docs Build Status CII Best Practices Discord Server Twitter

SpiceDB is an open source database system for managing security-critical application permissions inspired by Google's Zanzibar paper.

Developers create a schema that models their permissions requirements and use a client library to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.

Features that distinguish SpiceDB from other systems include:

Have questions? Join our Discord.

Looking to contribute? See CONTRIBUTING.md.

You can find issues by priority: Urgent, High, Medium, Low, Maybe. There are also good first issues.

Why SpiceDB?

Verifiable Correctness

The data used to calculate permissions have the most critical correctness requirements in the entirety a software system. Despite that, developers continue to build their own ad-hoc solutions coupled to the internal code of each new project. By developing a SpiceDB schema, you can iterate far more quickly and exhaustively test designs before altering any application code. This becomes especially important as you introduce backwards-compatible changes to the schema and want to ensure that the system remains secure.

Optimal Flexibility

The SpiceDB schema language is built on top of the concept of a graph of relationships between objects. This ReBAC design is capable of efficiently supporting all popular access control models (such as RBAC and ABAC) and custom models that contain hybrid behavior.

Modern solutions to developing permission systems all have a similar goal: to decouple policy from the application. Using a dedicated database like SpiceDB not only accomplishes this, but takes this idea a step further by also decoupling the data that policies operate on. SpiceDB is designed to share a single unified view of permissions across as many applications as your organization has. This has strategy has become an industry best-practice and is being used to great success at companies large (Google, GitHub, Airbnb) and small (Carta, Authzed).

Getting Started

Installing SpiceDB
Developing your own schema
Integrating with your application

Directories

Path Synopsis
cmd
e2e module
internal
datastore/options
Code generated by github.com/ecordell/optgen.
Code generated by github.com/ecordell/optgen.
dispatch/combined
Package combined implements a dispatcher that combines caching, redispatching and optional cluster dispatching.
Package combined implements a dispatcher that combines caching, redispatching and optional cluster dispatching.
gateway
Package gateway implements an HTTP server that forwards JSON requests to an upstream SpiceDB gRPC server.
Package gateway implements an HTTP server that forwards JSON requests to an upstream SpiceDB gRPC server.
logging
Package logging is a copy of https://github.com/grpc-ecosystem/go-grpc-middleware/tree/v2/providers/zerolog with race conditions removed
Package logging is a copy of https://github.com/grpc-ecosystem/go-grpc-middleware/tree/v2/providers/zerolog with race conditions removed
telemetry
Package telemetry implements a client for reporting telemetry data used to prioritize development of SpiceDB.
Package telemetry implements a client for reporting telemetry data used to prioritize development of SpiceDB.
pkg
cmd
cmd/datastore
Code generated by github.com/ecordell/optgen.
Code generated by github.com/ecordell/optgen.
cmd/server
Code generated by github.com/ecordell/optgen.
Code generated by github.com/ecordell/optgen.
cmd/testserver
Code generated by github.com/ecordell/optgen.
Code generated by github.com/ecordell/optgen.
schemadsl/dslshape
Package dslshape defines the types representing the structure of schema DSL.
Package dslshape defines the types representing the structure of schema DSL.
schemadsl/parser
parser package defines the parser for the Authzed Schema DSL.
parser package defines the parser for the Authzed Schema DSL.
testutil
Package testutil implements various utilities to reduce boilerplate in unit tests a la testify.
Package testutil implements various utilities to reduce boilerplate in unit tests a la testify.
zedtoken
Package zedtoken converts decimal.Decimal to zedtoken and vice versa
Package zedtoken converts decimal.Decimal to zedtoken and vice versa
tools
analyzers Module

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL