Crate oso

Oso policy engine for authorization

Overview

Oso is a policy engine for authorization that’s embedded in your application. It provides a declarative policy language for expressing authorization logic. You define this logic separately from the rest of your application code, but it executes inside the application and can call directly into it.

For more information, guides on using oso, writing policies and adding to your application, go to the oso documentation.

For specific information on using with Rust, see the Rust documentation.

Note

The Oso Rust library is still in early development relative to the other Oso libraries.

Example

To get started, create a new Oso instance, and load Polar policies from either a string or a file:

let mut oso = Oso::new();
oso.load_str(r#"allow(actor, _action, _resource) if actor.username = "alice";"#)?;

You can register classes with oso, which makes it possible to use them for type checking, as well as accessing attributes in policies. The PolarClass derive macro can handle some of this.

use oso::{Oso, PolarClass};

#[derive(Clone, PolarClass)]
struct User {
    #[polar(attribute)]
    pub username: String,
}

impl User {
    fn superuser() -> Vec<String> {
        return vec!["alice".to_string(), "charlie".to_string()]
    }
}

let mut oso = Oso::new();

oso.register_class(
   User::get_polar_class_builder()
        .add_class_method("superusers", User::superuser)
        .build()
)?;

oso.load_str(r#"allow(actor: User, _action, _resource) if
                    actor.username.ends_with("example.com");"#)?;

let user = User {
    username: "alice@example.com".to_owned(),
};

assert!(oso.is_allowed(user, "foo", "bar")?);

For more examples, see the Oso documentation.

Re-exports

• pub use errors::OsoError;
• pub use errors::Result;

Modules

• errors
• macros

Macros

• lazy_error

Structs

• Class
  Class that can be registered with Oso.
• ClassBuilder
  Builder for new Oso Class.
• Oso
  Oso is the main struct you interact with. It is an instance of the Oso authorization library and contains the polar language knowledge base and query engine.
• Query
• ResultSet

Enums

• Action
  Represents an action used in an allow rule.
• PolarValue
  An enum of the possible value types that can be sent to/from Polar.

Traits

• FromPolar
  Convert Polar types to Rust types.
• FromPolarList
• PolarClass
  Classes that can be used as types in Polar policies.
• ToPolar
  Convert Rust types to Polar types.
• ToPolarList
  Convert tuples to Polar types.