Expand description
A simplified Rust implementation of Google’s Zanzibar authorization system.
This library provides a policy DSL, an in-memory tuple store, and an evaluation engine that supports cross-namespace authorization checks including computed usersets, tuple-to-userset references, and set operations (union, intersection, exclusion).
§Examples
use simple_zanzibar::ZanzibarService;
use simple_zanzibar::model::{Object, Relation, RelationTuple, User};
let mut service = ZanzibarService::new();
service.add_dsl(r#"
namespace doc {
relation owner {}
relation viewer {
rewrite union(this, computed_userset(relation: "owner"))
}
}
"#).unwrap();
let doc = Object::new("doc", "readme");
let owner = Relation::new("owner");
let viewer = Relation::new("viewer");
let alice = User::user_id("alice");
service.write_tuple(RelationTuple::new(doc.clone(), owner, alice.clone())).unwrap();
assert!(service.check(&doc, &viewer, &alice).unwrap());Modules§
- error
- Defines custom error types for the Zanzibar authorization system.
- eval
- Core evaluation logic for
checkandexpandrequests. - model
- Core data structures for the Zanzibar authorization system.
- parser
- DSL parsing logic using
pest. - store
- Defines the storage abstraction for relation tuples.
Structs§
- Zanzibar
Service - The main service for handling Zanzibar authorization checks.