Watchers

Watchers keep policy in sync across multiple enforcer instances. When one enforcer updates policy, it notifies others (via a message bus such as etcd, Redis, or Kafka), and they reload or update their in-memory policy. That lets you run many enforcers behind load balancers without stale permissions.

Watchers are implemented in separate packages, like adapters. The list below covers supported backends. To add a new one, open an issue or PR.

Watcher	Type	Author	Description
PostgreSQL WatcherEx	Database	@IguteChung	WatcherEx for PostgreSQL
Redis WatcherEx	KV store	Casbin	WatcherEx for Redis
Redis Watcher	KV store	@billcobbler	Watcher for Redis
Etcd Watcher	KV store	Casbin	Watcher for etcd
TiKV Watcher	KV store	Casbin	Watcher for TiKV
Kafka Watcher	Messaging system	@wgarunap	Watcher for Apache Kafka
NATS Watcher	Messaging system	Soluto	Watcher for NATS
ZooKeeper Watcher	Messaging system	Grepsr	Watcher for Apache ZooKeeper
NATS, RabbitMQ, GCP Pub/Sub, AWS SNS & SQS, Kafka, InMemory	Messaging System	@rusenask	Watcher based on Go Cloud Dev Kit that works with leading cloud providers and self-hosted infrastructure
NATS, RabbitMQ, GCP Pub/Sub, AWS SNS & SQS, Kafka, InMemory	Messaging System	@bartventer	WatcherEx based on Go Cloud Dev Kit that works with leading cloud providers and self-hosted infrastructure
RocketMQ Watcher	Messaging system	@fmyxyz	Watcher for Apache RocketMQ

Watcher	Type	Author	Description
Etcd Adapter	KV store	@mapleafgo	Watcher for etcd
Redis Watcher	KV store	Casbin	Watcher for Redis
Redis WatcherEx	KV store	Casbin	WatcherEx for Redis
Lettuce-Based Redis Watcher	KV store	Casbin	Watcher for Redis based on Lettuce)
PostgreSQL Watcher	Database	Casbin	Watcher for PostgreSQL
Kafka Watcher	Messaging system	Casbin	Watcher for Apache Kafka
ZooKeeper Watcher	Messaging system	Casbin	Watcher for Apache ZooKeeper
RabbitMQ Watcher	Messaging system	Casbin	Watcher for RabbitMQ

Watcher	Type	Author	Description
Etcd Watcher	KV store	Casbin	Watcher for etcd
Redis Watcher	KV store	Casbin	Watcher for Redis
Pub/Sub Watcher	Messaging system	Casbin	Watcher for Google Cloud Pub/Sub
MongoDB Change Streams Watcher	Database	Casbin	Watcher for MongoDB Change Streams
Postgres Watcher	Database	@mcollina	Watcher for PostgreSQL

Watcher	Type	Author	Description
Etcd Watcher	KV store	Casbin	Watcher for etcd
Redis Watcher	KV store	Casbin	Watcher for Redis
Redis Watcher	KV store	ScienceLogic	Watcher for Redis
Redis Async Watcher	KV store	@kevinkelin	Watcher for Redis
PostgreSQL Watcher	Database	Casbin	Watcher for PostgreSQL
RabbitMQ Watcher	Messaging system	Casbin	Watcher for RabbitMQ
MongoDB Watcher	Database	@sanguinedab	Watcher for MongoDB

Watcher	Type	Author	Description
Redis Watcher	KV store	@Sbou	Watcher for Redis

Watcher	Type	Author	Description
Redis Watcher	KV store	CasbinRuby	Watcher for Redis
RabbitMQ Watcher	Messaging system	CasbinRuby	Watcher for RabbitMQ

Watcher	Type	Author	Description
Redis Watcher	KV store	@Tinywan	Watcher for Redis

Watcher	Type	Author	Description
Redis Watcher	KV store	Casbin	Watcher for Redis

WatcherEx

To support incremental synchronization between multiple instances, we provide the WatcherEx interface. This interface can notify other instances when policies change, though there is currently no implementation of WatcherEx. We recommend using a dispatcher to achieve this functionality.

Compared to the Watcher interface, WatcherEx can distinguish the type of update action received, such as AddPolicy versus RemovePolicy.

WatcherEx APIs:

API	Description
SetUpdateCallback(func(string)) error	SetUpdateCallback configures the callback function that the watcher calls when the policy in the database has been changed by other instances. A classic callback is Enforcer.LoadPolicy().
Update() error	Update calls the update callback of other instances to synchronize their policies. It is usually called after changing the policy in the database, such as after Enforcer.SavePolicy(), Enforcer.AddPolicy(), Enforcer.RemovePolicy(), etc.
Close()	Close stops and releases the watcher. The callback function will no longer be invoked after this.
UpdateForAddPolicy(sec, ptype string, params ...string) error	UpdateForAddPolicy calls the update callback of other instances to synchronize their policies. It is called after a policy is added via Enforcer.AddPolicy(), Enforcer.AddNamedPolicy(), Enforcer.AddGroupingPolicy() and Enforcer.AddNamedGroupingPolicy().
UpdateForRemovePolicy(sec, ptype string, params ...string) error	UpdateForRemovePolicy calls the update callback of other instances to synchronize their policies. It is called after a policy is removed by Enforcer.RemovePolicy(), Enforcer.RemoveNamedPolicy(), Enforcer.RemoveGroupingPolicy() and Enforcer.RemoveNamedGroupingPolicy().
UpdateForRemoveFilteredPolicy(sec, ptype string, fieldIndex int, fieldValues ...string) error	UpdateForRemoveFilteredPolicy calls the update callback of other instances to synchronize their policies. It is called after Enforcer.RemoveFilteredPolicy(), Enforcer.RemoveFilteredNamedPolicy(), Enforcer.RemoveFilteredGroupingPolicy() and Enforcer.RemoveFilteredNamedGroupingPolicy().
UpdateForSavePolicy(model model.Model) error	UpdateForSavePolicy calls the update callback of other instances to synchronize their policies. It is called after Enforcer.SavePolicy().
UpdateForAddPolicies(sec string, ptype string, rules ...[]string) error	UpdateForAddPolicies calls the update callback of other instances to synchronize their policies. It is called after Enforcer.AddPolicies(), Enforcer.AddNamedPolicies(), Enforcer.AddGroupingPolicies() and Enforcer.AddNamedGroupingPolicies().
UpdateForRemovePolicies(sec string, ptype string, rules ...[]string) error	UpdateForRemovePolicies calls the update callback of other instances to synchronize their policies. It is called after Enforcer.RemovePolicies(), Enforcer.RemoveNamedPolicies(), Enforcer.RemoveGroupingPolicies() and Enforcer.RemoveNamedGroupingPolicies().