typesec-rbac 0.6.0

RBAC policy engine for typesec — YAML → typed enforcement
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

//! # typesec-rbac
//!
//! Role-Based Access Control from YAML → typed policy enforcement.
//!
//! ## YAML → Types → Compile-time Safety
//!
//! The pipeline has two phases:
//!
//! 1. **Runtime**: Parse the YAML policy, build an [`RbacEngine`] that implements
//!    [`PolicyEngine`]. This handles *dynamic* role assignments and resource globs
//!    that can't be known at compile time.
//!
//! 2. **Codegen** (optional, via `typesec generate`): Emit Rust source code with
//!    concrete role structs and `Permission` impls. These let the compiler verify
//!    that your code uses permissions that actually exist in the policy file.
//!
//! ## YAML Schema
//!
//! ```yaml
//! roles:
//!   - name: analyst
//!     permissions: [read, read_sensitive]
//!     resources: ["reports/*", "metrics/*"]
//!   - name: admin
//!     inherits: [analyst]
//!     permissions: [write, delete, delegate]
//!     resources: ["*"]
//!
//! assignments:
//!   - subject: "agent:data-pipeline"
//!     roles: [analyst]
//! ```

#![forbid(unsafe_code)]
#![warn(missing_docs, clippy::all)]

pub mod codegen;
pub mod engine;
pub mod graph_policy;
pub mod model;

pub use engine::RbacEngine;
pub use graph_policy::GraphPolicyEngine;
pub use model::{Assignment, RbacPolicy, RoleDefinition};