Implement authorization middleware to enable access control across the RPCs #383
Description
Admins need the ability to specify the authorizations for the RPCs so that they can control who can do certain actions.
To make this possible, we are looking to implement Casbin, an authorization library which can utilize flat files to make authorization decisions. This is chosen to make use of the simple method calls e.Enforce(subject_or_entity, resource, action) and implement an MVP solution.
Service maintainer consideration
Service maintainers should have the ability to register their service with the RPCs and behaviors which the service performs. By requiring service maintainers to describe the behavior, we will be able to expand our authorization service without undue complexity.
Example
func RegisterService() ServiceRegistration {
return ServiceRegistration {
//...
AuthZ:
}
}Acceptance Criteria
- implement Casbin
- add authorization support in the yaml file
- default authorization to no-access
- enhance service registration