An implementation of a distributed access-control server that is based on Google Zanzibar - "Google's Consistent, Global Authorization System".
An instance of an access-controller
is similar to the aclserver
implementation called out in the paper. A cluster of access-controllers implement the functional equivalent of the Zanzibar aclserver
cluster.
If you want to setup an instance of the Authorizer platform as a whole, browse the API References, or just brush up on the concepts and design of the platform, take a look at the official platform documentation. If you're only interested in running the access-controller then continue on.
An access-controller server supports single node or multi-node (clustered) topologies. Instructions for running the server with these topologies are outlined below.
To gain the benefits of the distributed query model that the access-controller implements, it is recommend to run a large cluster. Doing so will help distribute query load across more nodes within the cluster. The underlying cluster membership list is based on Hashicorp's memberlist
a library that manages cluster membership and member failure detection using a gossip based protocol.
A cluster should be able to suport hundreds of nodes. If you find otherwise, please submit an issue.
docker-compose.yml
provides an example of how to setup a multi-node cluster using Docker and is a great way to get started quickly.
$ docker compose -f docker/docker-compose.yml up
Take a look at our official Helm chart.
Download the latest release and extract it.
To run an access-controller you must have a running CockroachDB database. Take a look at setting up CockroachDB with Docker.
$ ./bin/access-controller
Start a multi-node cluster by starting multiple independent servers and use the -join
flag
to join the node to an existing cluster.
$ ./bin/access-controller -node-port 7946 -grpc-port 50052
$ ./bin/access-controller -node-port 7947 -grpc-port 50053 -join 127.0.0.1:7946
$ ./bin/access-controller -node-port 7948 -grpc-port 50054 -join 127.0.0.1:7947
Take a look at the examples of how to:
Don't hesitate to browse the official Documentation, API Reference and Examples.
The access-controller is an open-source project and we value and welcome new contributors and members of the community. Here are ways to get in touch with the community:
- Slack: #authorizer-tech
- Issue Tracker: GitHub Issues