Skip to main content

authz_resolver_sdk/
api.rs

1//! Public API trait for the `AuthZ` resolver.
2
3use async_trait::async_trait;
4
5use crate::error::AuthZResolverError;
6use crate::models::{EvaluationRequest, EvaluationResponse};
7
8/// Public API trait for the `AuthZ` resolver gateway.
9///
10/// This trait is registered in `ClientHub` by the module and
11/// can be consumed by other modules acting as PEPs:
12///
13/// ```ignore
14/// let authz = hub.get::<dyn AuthZResolverClient>()?;
15///
16/// let response = authz.evaluate(request).await?;
17/// ```
18#[async_trait]
19pub trait AuthZResolverClient: Send + Sync {
20    /// Evaluate an authorization request.
21    ///
22    /// Returns a decision (allow/deny) with optional row-level constraints.
23    ///
24    /// # Errors
25    ///
26    /// - `Denied` if the PDP explicitly denies access
27    /// - `NoPluginAvailable` if no `AuthZ` plugin is registered
28    /// - `ServiceUnavailable` if the plugin is not ready
29    /// - `Internal` for unexpected errors
30    async fn evaluate(
31        &self,
32        request: EvaluationRequest,
33    ) -> Result<EvaluationResponse, AuthZResolverError>;
34}