cf permissions service
Switch branches/tags
Nothing to show
Clone or download
Isobel Redelmeier
Isobel Redelmeier Update protobufs
Latest commit 8366d43 Sep 27, 2018


API Documentation

This Permissions service ("perm") provides authorization features for the Cloud Foundry Platform. It answers various question forms of what particular identities are allowed to do. It works out the answers to these questions based on the roles assigned to users and the roles assigned to the groups they are a member of.

Even though the service was originally created to add authorization features to Cloud Controller, other components in the system are looking to migrate to storing their authorization rules in Perm.


To fetch all source code, including the Go client library:

go get -u

To fetch and install the server's CLI:

go get -u

To fetch and install the monitor's CLI:

go get -u

Running the Tests

Assuming you have the Perm source code in your $GOPATH:

go install
ginkgo -r -race -p -randomizeAllSpecs -randomizeSuites

Running the Perm Server

First, make sure that you have the CLI installed:

go get -u
go install

To use an in-memory data store, e.g., for testing purposes:

perm serve --tls-cert <path> --tls-key <path> --db-driver in-memory

To use mysql:

perm migrate up --db-driver mysql --db-host <host> --db-port <port> --db-username <username> --db-password <password>
perm serve --tls-cert <path> --tls-key <path> --db-driver mysql --db-host <host> --db-port <port> --db-username <username> --db-password <password>

Running the Perm Monitor

The monitor is a small app that repeats the same basic workflow every interval, generating traffic and tracking some client-side metrics.

Make sure that you have the monitor's CLI:

go get -u
go install

Make sure that you have a statsd daemon, e.g., with docker:

docker run -d -p 8125:8125 --name statsd hopsoft/graphite-statsd

Then, start the monitor:

perm-monitor --perm-tls-ca <path>

In Popular Culture

This repository is complemented by 2 other repositories.

  • perm-release

    This is the BOSH release for deploying the perm service.

  • perm-rb

    This is the Ruby library for interacting with perm. It is used by Cloud Controller to perform administration and checking of permissions.

For more information, check out our page on Repository Structure.


Not yet, please.