crabka-authz 0.3.2

Shared Kafka-ACL authorization evaluator for the Crabka broker and gateway
Documentation

crabka-authz

Crates.io Docs.rs CI

Shared Kafka-ACL authorization evaluator for the Crabka broker and gateway.

This crate is part of Crabka, a Rust implementation of Kafka-compatible infrastructure and clients.

Install

crabka-authz = "0.3.2"

For workspace development, use the path dependency from this repository instead.

Usage example

Authorize a topic operation against an ACL source:

use std::net::SocketAddr;
use crabka_authz::{AllowAllAuthorizer, AuthorizationRequest, Authorizer};
use crabka_metadata::{AclOperation, MetadataImage, ResourceType};
use crabka_security::{AuthMethod, Principal};
use uuid::Uuid;

let image = MetadataImage::new(Uuid::nil());
let host: SocketAddr = "127.0.0.1:9092".parse().unwrap();
let principal = Principal {
    name: "alice".into(),
    auth_method: AuthMethod::SaslPlain,
    groups: vec![],
};

let request = AuthorizationRequest {
    principal: &principal,
    host: &host,
    resource_type: ResourceType::Topic,
    resource_name: "orders",
    operation: AclOperation::Read,
};

let decision = AllowAllAuthorizer.authorize(&image, &request);
println!("authorization decision: {decision:?}");

Documentation

API documentation is published on docs.rs/crabka-authz. The repository README contains project-wide setup, development, and release notes.

License

Apache-2.0. See the repository LICENSE and NOTICE files for details.