Crates.io | cerbos |
lib.rs | cerbos |
version | 0.4.7 |
source | src |
created_at | 2022-05-02 08:32:23.934753 |
updated_at | 2024-10-14 13:02:55.405429 |
description | Rust SDK for working with Cerbos: an open core, language-agnostic, scalable authorization solution |
homepage | https://cerbos.dev |
repository | https://github.com/cerbos/cerbos-sdk-rust |
max_upload_size | |
id | 578944 |
size | 896,072 |
Rust client library for Cerbos: the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
cargo add cerbos
The client can be used either asynchronously or synchronously by instantiating CerbosAsyncClient
or CerbosSyncClient
respectively.
use cerbos::sdk::attr::attr;
use cerbos::sdk::model::{Principal, Resource};
use cerbos::sdk::{CerbosAsyncClient, CerbosClientOptions, CerbosEndpoint, Result};
#[tokio::main]
async fn main() -> Result<()> {
let opt = CerbosClientOptions::new(CerbosEndpoint::HostPort("localhost", 3593));
let mut client = CerbosAsyncClient::new(opt).await?;
let principal = Principal::new("alice", ["employee"])
.with_policy_version("20210210")
.with_attributes([
attr("department", "marketing"),
attr("geography", "GB"),
attr("team", "design"),
]);
let resource = Resource::new("XX125", "leave_request")
.with_policy_version("20210210")
.with_attributes([
attr("department", "marketing"),
attr("geography", "GB"),
attr("team", "design"),
attr("owner", "alice"),
attr("approved", true),
attr("id", "XX125"),
]);
let resp = client
.is_allowed("view:public", principal, resource, None)
.await?;
println!("Allowed={:?}", resp);
Ok(())
}
Running tests
cerbos run --set=storage.disk.directory=resources/store -- cargo test