cf-authz-resolver-sdk 0.3.3

SDK for authz_resolver module: evaluation API, constraints, PEP compiler
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

//! Public API trait for the `AuthZ` resolver.

use async_trait::async_trait;

use crate::error::AuthZResolverError;
use crate::models::{EvaluationRequest, EvaluationResponse};

/// Public API trait for the `AuthZ` resolver gateway.
///
/// This trait is registered in `ClientHub` by the module and
/// can be consumed by other modules acting as PEPs:
///
/// ```ignore
/// let authz = hub.get::<dyn AuthZResolverClient>()?;
///
/// let response = authz.evaluate(request).await?;
/// ```
#[async_trait]
pub trait AuthZResolverClient: Send + Sync {
    /// Evaluate an authorization request.
    ///
    /// Returns a decision (allow/deny) with optional row-level constraints.
    ///
    /// # Errors
    ///
    /// - `Denied` if the PDP explicitly denies access
    /// - `NoPluginAvailable` if no `AuthZ` plugin is registered
    /// - `ServiceUnavailable` if the plugin is not ready
    /// - `Internal` for unexpected errors
    async fn evaluate(
        &self,
        request: EvaluationRequest,
    ) -> Result<EvaluationResponse, AuthZResolverError>;
}