Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

A Erlang based RBAC server.

This branch is 18 commits ahead and 30 commits behind dev

Fetching latest commit…

Cannot retrieve the latest commit at this time

README.md

Snarl

Build status (master): Build Status

Build status (dev): Build Status

Snarl is a right management server build on top of riak_core. The permission architecture is as following:

Each permission consists of a list of values, where the values '…' and '_' (both Erlang atoms) have a special meaning.

  • '...' matches one, more or no values.
  • '_' matches exactly one value.
  • everything else just matches itself.

Examples

[some, cool, permission] matches:

  • [some, cool, permission]
  • [some, '_', permission]
  • ['_', '_', permission]
  • ['...', permission]
  • [some, '...', permission]
  • [some, '...']

Interface

Snarl publishes it's servers via mDNS as

_snarl._zmq._tcp.<domain>

The txt record of the announcements contains:

  • server: ip of the server
  • port: port of ZMQ

Message

Each message is passed as a BERT encoded Erlang terms.

User Functions

  • {user, list} -> [Name::binary()]
  • {user, get, User|Token} -> {ok, {user, Name::binary(), Password::binary(), Permissions, Groups}} | not_found
  • {user, add, User} -> ok | duplicate
  • {user, delete, User} -> ok | not_found
  • {user, grant, User, Permission} -> ok | not_found
  • {user, revoke, User, Permission} -> ok | not_found
  • {user, passwd, User, Pass} -> ok | not_found
  • {user, join, User, Group} -> ok | not_found
  • {user, leave, User, Group} -> ok | not_found
  • {user, auth, User, Pass} -> {ok, Token} | false
  • {user, allowed, User|Token, Permission} -> true | false

  • {user, set_resource, User, Resource, Value} -> ok | not_found

  • {user, get_resource, User, Resource} -> not_found | {ok, {resource, {Name :: binary(), Granted :: number(), claims :: [{resource_claim, ID :: binary(), Ammount :: number()}], reservations :: [{{resource_claim, ID :: binary(), Ammount :: number()}, Timeout :: integer()}]}
  • {user, claim_resource, User, Resource, Ammount} -> ID | not_found | limit_reached
  • {user, free_resource, User, Resource, ID} -> ok
  • {user, resource_stat, User} -> [{Name :: binary(), Granted :: integer(), Claimed :: integer(), Reserved :: integer()}]

Group Functions

  • {group, list} -> [Name::binary()]
  • {group, get, Group} -> {ok, {group, Name::binary(), Permissions}} | not_found
  • {group, add, Group} -> ok | duplicate
  • {group, delete, Group} -> ok | not_found
  • {group, grant, Group, Permission} -> ok | not_found
  • {group, revoke, Group, Permission} -> ok | not_found

Credits

If you want to learn something about riak_core I can recommend rzezeski's working blog the implementation is heavily build on top of the content provided there.

Something went wrong with that request. Please try again.