Expand description
A simplified Rust implementation of Google’s Zanzibar authorization system.
use simple_zanzibar::model::{
ExpandedUserset, LookupResourcesRequest, LookupSubjectsRequest, Object, Relation,
RelationTuple, User,
};
use simple_zanzibar::revision::Consistency;
use simple_zanzibar::ZanzibarEngine;
let service = ZanzibarEngine::builder().build();
service.add_dsl(
r"
namespace doc {
relation viewer {}
}
",
)?;
let doc = Object {
namespace: "doc".to_string(),
id: "readme".to_string(),
};
let viewer = Relation("viewer".to_string());
let alice = User::UserId("alice".to_string());
let token = service.write_tuple_with_token(&RelationTuple {
object: doc.clone(),
relation: viewer.clone(),
user: alice.clone(),
})?;
assert!(service.check_relation(&doc, &viewer, &alice)?);
assert!(service.check_with_consistency(&doc, &viewer, &alice, Consistency::Exact(token))?);
assert!(matches!(
service.expand_relation(&doc, &viewer)?,
ExpandedUserset::Union(_)
));
assert_eq!(
service
.lookup_resources(&LookupResourcesRequest {
subject: alice.clone(),
permission: viewer.clone(),
resource_type: "doc".to_string(),
})?
.resources,
vec![doc.clone()],
);
assert_eq!(
service
.lookup_subjects(&LookupSubjectsRequest {
resource: doc,
permission: viewer,
subject_type: "user".to_string(),
})?
.subjects,
vec![alice],
);Re-exports§
pub use crate::api::EngineError;pub use crate::api::TenantId;pub use crate::api::ZanzibarEngine;pub use crate::api::ZanzibarEngineBuilder;pub use crate::api::ZanzibarTenantShards;pub use crate::policy::PolicyIoError;pub use crate::policy::PolicyText;pub use crate::policy::PolicyTextFile;pub use crate::snapshot::IndexProfile;pub use crate::snapshot::SnapshotCompression;pub use crate::snapshot::SnapshotIntegrityMode;pub use crate::snapshot::SnapshotIoError;pub use crate::snapshot::SnapshotLoadOptions;pub use crate::snapshot::SnapshotLoadProfile;pub use crate::snapshot::SnapshotSaveOptions;pub use crate::snapshot::SnapshotValidationMode;
Modules§
- api
- Public request/response engine API.
- domain
- Validated domain primitives for the local Zanzibar engine.
- error
- Defines custom error types for the application.
- eval
- Core evaluation logic for
checkandexpandrequests. - model
- Core data structures for the Zanzibar authorization system.
- parser
- DSL parsing logic using
pest. - policy
- Policy text import/export helpers.
- relationship
- Indexed in-memory relationship store and mutation semantics.
- revision
- Revision, consistency token, and published snapshot types.
- schema
- Typed schema IR, resolver, compiler, and validator.
- snapshot
- Versioned compact snapshot artifact save/load support.
- store
- Defines the storage abstraction for relation tuples.