blob: c536fbcb5b985d4a5a27ac7d87aad833aaca8da8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
# authzd - Authorization Daemon
## Overview
The system processes authorization requests from user agents and updates access control lists (ACLs) in response to identity changes.
It integrates with an identity provider (IdP) and uses message queues to stay in sync with membership data.
## Architecture
```plaintext
-------------
| user-agent |
-------------
|
V
----|:443|-------------------------------------------------------------
|
| ----------------------------------------
| | ______________________ |
|-->(:443)| envoy ->(:80)| /var/run/sparkled | |
| | --|------------------- |
| -----------------|----------------------
| |
| ------------------|
| |
| | -------------------
| | | IdP /IAM |---- publish membership change ---|
| | ------------------- |
| | (nats.io)
| | |
| | |---- sub membership change ------------------
|<-------| |
| V (update acls)
V -------------------------------------
| | ___________________ |
|-->(:443)| envoy ->(:80)| /var/run/authzd | |
| ------------------| |
-------------------------------------
|
|----> cron reconciliation process >---->------|
A |
|--- audit, validate list, notify, remediate --|
```
## Getting Started
### Prerequisites
- [mise](https://mise.jdx.dev/)
- [make](https://www.gnu.org/software/make/)
1. Install tools:
```sh
$ mise install
$ make install-tools
```
1. Start servers:
```sh
$ mage servers
```
## Questions
See the [FAQ][9]
## References
* [go tool][5]
* [gRPC][6]
* [protocol buffers][7]
* [twirp][8]
[1]: https://github.com/twitchtv/twirp
[5]: https://tip.golang.org/doc/modules/managing-dependencies#tools
[6]: https://grpc.io/docs/
[7]: https://protobuf.dev/programming-guides/proto3/
[8]: https://github.com/arthurnn/twirp-ruby/wiki/Code-Generation
|
