hodei-authz
| Crates.io | hodei-authz |
| lib.rs | hodei-authz |
| version | 0.1.0 |
| created_at | 2025-10-17 20:57:44.415375+00 |
| updated_at | 2025-10-17 20:57:44.415375+00 |
| description | Core authorization traits and types for Hodei framework with Cedar Policy |
| homepage | https://github.com/Rubentxu/hodei-policies |
| repository | https://github.com/Rubentxu/hodei-policies |
| max_upload_size | |
| id | 1888420 |
| size | 71,942 |
Ruben Dario (Rubentxu)
documentation
https://docs.rs/hodei-authz
README
hodei-authz-sdk-authz
Core traits and logic for the Hodei authorization framework.
Overview
hodei-authz-sdk-authz provides the fundamental traits and abstractions for building authorization systems with Cedar Policy. It defines interfaces for policy storage, cache invalidation, and entity/action mapping.
Features
- PolicyStore Trait: Abstract interface for policy storage backends
- CacheInvalidation Trait: Abstract interface for cache invalidation
- Entity/Action Traits: Map domain entities to Cedar Policy
- Error Types: Typed errors for better error handling
- Schema Discovery: Automatic Cedar schema generation via inventory
Installation
[dependencies]
hodei-authz-sdk-authz = "0.1"
Usage
Implementing PolicyStore
use async_trait::async_trait;
use hodei_authz::{PolicyStore, PolicyStoreError};
use cedar_policy::PolicySet;
struct MyPolicyStore {
// Your storage implementation
}
#[async_trait]
impl PolicyStore for MyPolicyStore {
async fn create_policy(&self, content: String) -> Result<String, PolicyStoreError> {
// Implementation
}
async fn get_policy(&self, id: &str) -> Result<Option<String>, PolicyStoreError> {
// Implementation
}
async fn load_all_policies(&self) -> Result<PolicySet, PolicyStoreError> {
// Implementation
}
// ... other methods
}
Implementing CacheInvalidation
use async_trait::async_trait;
use hodei_authz::{CacheInvalidation, CacheError};
struct MyCacheInvalidation {
// Your cache implementation
}
#[async_trait]
impl CacheInvalidation for MyCacheInvalidation {
async fn invalidate_policies(&self) -> Result<(), CacheError> {
// Publish invalidation event
}
async fn subscribe_to_invalidations<F>(&self, callback: F) -> Result<(), CacheError>
where
F: Fn() + Send + Sync + 'static,
{
// Subscribe to invalidation events
}
}
Using Derive Macros
use hodei_derive::{HodeiEntity, HodeiAction};
use hodei_hrn::Hrn;
use serde::{Serialize, Deserialize};
#[derive(HodeiEntity, Serialize, Deserialize, Clone)]
#[hodei-authz-sdk(entity_type = "MyApp::User")]
struct User {
id: Hrn,
email: String,
role: String,
}
#[derive(HodeiAction)]
#[hodei-authz-sdk(namespace = "MyApp")]
enum UserCommand {
#[hodei-authz-sdk(principal = "User", resource = "User")]
Read { id: Hrn },
#[hodei-authz-sdk(principal = "User", resource = "User")]
Update { id: Hrn },
}
Traits
PolicyStore
Abstraction for policy storage backends (PostgreSQL, file system, etc.):
create_policy- Create a new policyget_policy- Retrieve a policy by IDlist_policies- List all policiesupdate_policy- Update an existing policydelete_policy- Delete a policyload_all_policies- Load all policies as a PolicySet
CacheInvalidation
Abstraction for distributed cache invalidation:
invalidate_policies- Publish invalidation eventsubscribe_to_invalidations- Subscribe to invalidation events
Error Types
PolicyStoreError- Errors from policy storage operationsCacheError- Errors from cache operations
Dependencies
cedar-policy- Cedar Policy enginehodei-authz-sdk-hrn- Core types (HRN)hodei-authz-sdk-derive- Derive macros
License
MIT OR Apache-2.0