Crate oso

Source
Expand description

Oso policy engine for authorization

§Overview

Oso is a policy engine for authorization that’s embedded in your application. It provides a declarative policy language for expressing authorization logic. You define this logic separately from the rest of your application code, but it executes inside the application and can call directly into it.

For more information, guides on using oso, writing policies and adding to your application, go to the oso documentation.

For specific information on using with Rust, see the Rust documentation.

§Note

The Oso Rust library is still in early development relative to the other Oso libraries.

§Example

To get started, create a new Oso instance, and load Polar policies from either a string or a file:

let mut oso = Oso::new();
oso.load_str(r#"allow(actor, _action, _resource) if actor.username = "alice";"#)?;

You can register classes with oso, which makes it possible to use them for type checking, as well as accessing attributes in policies. The PolarClass derive macro can handle some of this.

use oso::{Oso, PolarClass};

#[derive(Clone, PolarClass)]
struct User {
    #[polar(attribute)]
    pub username: String,
}

impl User {
    fn superuser() -> Vec<String> {
        return vec!["alice".to_string(), "charlie".to_string()]
    }
}

let mut oso = Oso::new();

oso.register_class(
   User::get_polar_class_builder()
        .add_class_method("superusers", User::superuser)
        .build()
)?;

oso.load_str(r#"allow(actor: User, _action, _resource) if
                    actor.username.ends_with("example.com");"#)?;

let user = User {
    username: "alice@example.com".to_owned(),
};

assert!(oso.is_allowed(user, "foo", "bar")?);

For more examples, see the Oso documentation.

Re-exports§

pub use errors::OsoError;
pub use errors::Result;

Modules§

errors
macros

Macros§

lazy_error

Structs§

Class
Class that can be registered with Oso.
ClassBuilder
Builder for new Oso Class.
Oso
Oso is the main struct you interact with. It is an instance of the Oso authorization library and contains the polar language knowledge base and query engine.
Query
ResultSet

Enums§

Action
Represents an action used in an allow rule.
PolarValue
An enum of the possible value types that can be sent to/from Polar.

Traits§

FromPolar
Convert Polar types to Rust types.
FromPolarList
PolarClass
Classes that can be used as types in Polar policies.
ToPolar
Convert Rust types to Polar types.
ToPolarList
Convert tuples to Polar types.