Skip to main content

Crate simple_zanzibar

Crate simple_zanzibar 

Source
Expand description

A simplified Rust implementation of Google’s Zanzibar authorization system.

use simple_zanzibar::model::{
    ExpandedUserset, LookupResourcesRequest, LookupSubjectsRequest, Object, Relation,
    RelationTuple, User,
};
use simple_zanzibar::revision::Consistency;
use simple_zanzibar::ZanzibarEngine;

let service = ZanzibarEngine::builder().build();
service.add_dsl(
    r"
    namespace doc {
        relation viewer {}
    }
    ",
)?;

let doc = Object {
    namespace: "doc".to_string(),
    id: "readme".to_string(),
};
let viewer = Relation("viewer".to_string());
let alice = User::UserId("alice".to_string());
let token = service.write_tuple_with_token(&RelationTuple {
    object: doc.clone(),
    relation: viewer.clone(),
    user: alice.clone(),
})?;

assert!(service.check_relation(&doc, &viewer, &alice)?);
assert!(service.check_with_consistency(&doc, &viewer, &alice, Consistency::Exact(token))?);
assert!(matches!(
    service.expand_relation(&doc, &viewer)?,
    ExpandedUserset::Union(_)
));
assert_eq!(
    service
        .lookup_resources(&LookupResourcesRequest {
            subject: alice.clone(),
            permission: viewer.clone(),
            resource_type: "doc".to_string(),
        })?
        .resources,
    vec![doc.clone()],
);
assert_eq!(
    service
        .lookup_subjects(&LookupSubjectsRequest {
            resource: doc,
            permission: viewer,
            subject_type: "user".to_string(),
        })?
        .subjects,
    vec![alice],
);

Re-exports§

pub use crate::api::EngineError;
pub use crate::api::TenantId;
pub use crate::api::ZanzibarEngine;
pub use crate::api::ZanzibarEngineBuilder;
pub use crate::api::ZanzibarTenantShards;
pub use crate::policy::PolicyIoError;
pub use crate::policy::PolicyText;
pub use crate::policy::PolicyTextFile;
pub use crate::snapshot::IndexProfile;
pub use crate::snapshot::SnapshotCompression;
pub use crate::snapshot::SnapshotIntegrityMode;
pub use crate::snapshot::SnapshotIoError;
pub use crate::snapshot::SnapshotLoadOptions;
pub use crate::snapshot::SnapshotLoadProfile;
pub use crate::snapshot::SnapshotSaveOptions;
pub use crate::snapshot::SnapshotValidationMode;

Modules§

api
Public request/response engine API.
domain
Validated domain primitives for the local Zanzibar engine.
error
Defines custom error types for the application.
eval
Core evaluation logic for check and expand requests.
model
Core data structures for the Zanzibar authorization system.
parser
DSL parsing logic using pest.
policy
Policy text import/export helpers.
relationship
Indexed in-memory relationship store and mutation semantics.
revision
Revision, consistency token, and published snapshot types.
schema
Typed schema IR, resolver, compiler, and validator.
snapshot
Versioned compact snapshot artifact save/load support.
store
Defines the storage abstraction for relation tuples.