rbac-example

Example Golang application with Role Based Access Control.

It is a HTTP Server, mimicking a string:string dictionary, with the following endpoints:

GET /v1/map/{key}
- Returns a string value with status 200 if found
- Returns NOT_FOUND with status 404 if not found
POST /v1/map/{key}
- The POST body is the value
- Returns the same string value with status 200 if set
- Returns UNAUTHORISED with status 403 if not allowed

How to Run and Test

In a separate terminal, start the server running on localhost:8080.

$ go run cmd/main.go

Try to get the value at key "notexist" with user "alice":

$ curl -H "User: alice" -X GET http://localhost:8080/v1/map/notexist

> NOT_FOUND

Try to set the value to "world" at key "hello" with user "alice":

$ curl -H "User: alice" -X POST http://localhost:8080/v1/map/hello -d "world"

> world

Try to get that value you just created at key "hello" with user "alice":

$ curl -H "User: alice" -X GET http://localhost:8080/v1/map/hello

> world

User "bob" only has the role of "writer", so they are not able to use the GET endpoint:

$ curl -H "User: bob" -X GET http://localhost:8080/v1/map/hello

> UNAUTHORISED

User "charli" only has the role of "reader", so they are not able to use the POST endpoint:

$ curl -H "User: charli" -X POST http://localhost:8080/v1/map/hello -d "world"

> UNAUTHORISED

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
cmd		cmd
pkg		pkg
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
go.mod		go.mod
go.sum		go.sum