PostgreSQL Store
Production-grade PostgreSQL store using grove ORM with pgdriver.
The PostgreSQL store uses grove ORM with the pgdriver backend and includes Go-based migrations.
Usage
import (
"github.com/xraph/grove"
"github.com/xraph/grove/drivers/pgdriver"
"github.com/xraph/warden/store/postgres"
)
db, err := grove.Open(pgdriver.New(
pgdriver.WithDSN("postgres://user:pass@localhost:5432/warden"),
))
if err != nil {
log.Fatal(err)
}
pgStore := postgres.New(db)
defer pgStore.Close()
// Run migrations (creates tables if they don't exist)
if err := pgStore.Migrate(ctx); err != nil {
log.Fatal(err)
}Migrations
The store includes Go-based migrations that create:
| Table | Purpose |
|---|---|
warden_roles | Roles with hierarchy |
warden_permissions | Permissions (resource + action) |
warden_role_permissions | Role-permission attachments |
warden_assignments | Role assignments to subjects |
warden_relations | ReBAC relation tuples |
warden_policies | ABAC policies (JSONB conditions) |
warden_resource_types | Resource type definitions |
warden_check_logs | Authorization check audit trail |
All tables include:
tenant_idcolumn for multi-tenant isolation- Appropriate indexes for query performance
- Unique constraints to prevent duplicates
JSONB Fields
Complex fields are stored as JSONB:
warden_policies.subjects—[]stringwarden_policies.actions—[]stringwarden_policies.resources—[]stringwarden_policies.conditions—[]Conditionwarden_policies.metadata—map[string]anywarden_resource_types.relations—[]RelationDefwarden_resource_types.permissions—[]PermissionDef
When to Use
- Production deployments
- Multi-instance services (shared database)
- When you need ACID transactions and durability