rustberg 0.0.2

A production-grade, cross-platform, single-binary Apache Iceberg REST Catalog
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

//! Authentication and Authorization module.
//!
//! This module provides a comprehensive auth system including:
//! - Multiple authentication methods (API keys, bearer tokens)
//! - Role-based access control (RBAC)
//! - Policy-based access control using AWS Cedar
//! - Tenant isolation
//! - Rate limiting (per-IP, per-tenant, auth failure tracking)
//! - Audit logging for security events
//! - Middleware for protecting routes
//! - Auth introspection endpoints for clients

pub mod audit;
mod authn;
mod authz;
pub mod cedar_authz;
mod error;
mod jwt_authn;
mod middleware;
mod principal;
mod rate_limit;
pub mod routes;
mod store;

// Re-export authenticators
pub use authn::{
    AllowAllAuthenticator, ApiKeyAuthenticator, Authenticator, ChainAuthenticator,
    DenyAllAuthenticator, API_KEY_HEADER, AUTHORIZATION_HEADER,
};

// Re-export JWT/OIDC authentication
pub use jwt_authn::{JwtAuthenticator, JwtConfig};

// Re-export authorization
pub use authz::{
    Action, AllowAllAuthorizer, Authorizer, AuthzContext, AuthzDecision, ChainAuthorizer,
    DenyAllAuthorizer, RbacAuthorizer, Resource, ResourceType, TenantIsolationAuthorizer,
};

// Re-export Cedar policy-based authorization
pub use cedar_authz::{
    AddPolicyRequest, CedarAuthorizer, PolicyListResponse, PolicyResponse, PolicyStore,
};

// Re-export audit logging
pub use audit::{
    log_auth_failure, log_auth_success, log_authz_denied, log_namespace_operation, log_rate_limit,
    log_table_operation, AuditAction, AuditCategory, AuditEvent, AuditOutcome, AuditSeverity,
};

// Re-export errors
pub use error::{AuthError, AuthErrorBody, AuthErrorResponse, Result as AuthResult};

// Re-export middleware
pub use middleware::{
    auth_middleware, require_auth_middleware, AuthState, AuthenticatedPrincipal, OptionalPrincipal,
};

// Re-export principal types
pub use principal::{AuthMethod, Principal, PrincipalBuilder, PrincipalType};

// Re-export rate limiting
pub use rate_limit::{
    LimitType, RateLimitConfig, RateLimitConfigBuilder, RateLimitErrorBody, RateLimitErrorResponse,
    RateLimitExceeded, RateLimitInfo, RateLimiter,
};

// Re-export store types
pub use store::{
    extract_key_prefix, hash_api_key, verify_api_key, ApiKey, ApiKeyBuilder, ApiKeyStore,
    InMemoryApiKeyStore,
};