MongoDB Store

The store/mongo package implements Warden's store.Store interface using the grove ORM with the MongoDB driver. It stores roles, permissions, assignments, relations, policies, resource types, and check logs as documents, making it a natural fit for deployments that already run MongoDB.

Usage

import (
    "github.com/xraph/grove"
    "github.com/xraph/grove/drivers/mongodriver"
    "github.com/xraph/warden/store/mongo"
)

db, err := grove.Open(mongodriver.Open("mongodb://localhost:27017", "warden"))
if err != nil {
    log.Fatal(err)
}

s := mongo.New(db)
if err := s.Migrate(ctx); err != nil {
    log.Fatal(err)
}

Internals

Interface Compliance

The MongoDB store implements all 7 subsystem store interfaces:

var _ store.Store = (*mongo.Store)(nil) // Compile-time check

This includes:

• role.Store — Role CRUD + hierarchy
• permission.Store — Permission CRUD + role attachment
• assignment.Store — Assignment CRUD + subject lookup
• relation.Store — Relation tuple CRUD + graph queries
• policy.Store — Policy CRUD + active policy lookup
• resourcetype.Store — Resource type CRUD
• checklog.Store — Check log append + query

Grove Migrations

The store exports a Migrations group for use with Grove's migration orchestrator. This enables tracked, versioned migrations across all stores in your application:

import mongostore "github.com/xraph/warden/store/mongo"

// mongostore.Migrations is a migrate.Group for the warden mongo store.
// Register it with the grove migration orchestrator for coordinated migrations.

When to Use

• Document-oriented workloads where MongoDB is the primary data store.
• Horizontally-scaled environments requiring sharding.
• Teams already running MongoDB in their infrastructure.