crabka-authz 0.3.0

Shared Kafka-ACL authorization evaluator for the Crabka broker and gateway
Documentation

Shared Kafka-ACL authorization evaluator (broker + gateway).

Holds the [Authorizer] trait + ACL evaluator ([SimpleAclAuthorizer] / [AllowAllAuthorizer]) plus an [AclSource] abstraction so one evaluator serves both the broker (a MetadataImage snapshot) and the gateway (an [AclCache] over a Vec<AclEntry> fetched via DescribeAcls). The decision logic (super-user bypass, deny-wins, operation implication) lives here once so the two callers can never drift.

Authorizing a request

use std::net::SocketAddr;
use crabka_authz::{
    AllowAllAuthorizer, AuthorizationRequest, AuthorizationResult, Authorizer,
};
use crabka_metadata::{MetadataImage, AclOperation, ResourceType};
use crabka_security::{AuthMethod, Principal};
use uuid::Uuid;

let image = MetadataImage::new(Uuid::nil());
let principal = Principal {
    name: "alice".into(),
    auth_method: AuthMethod::SaslPlain,
    groups: vec![],
};
let host: SocketAddr = "127.0.0.1:9092".parse().unwrap();
let req = AuthorizationRequest {
    principal: &principal,
    host: &host,
    resource_type: ResourceType::Topic,
    resource_name: "orders",
    operation: AclOperation::Read,
};

assert_eq!(
    AllowAllAuthorizer.authorize(&image, &req),
    AuthorizationResult::Allow,
);