iam-runtime-rs
| Crates.io | iam-runtime-rs |
| lib.rs | iam-runtime-rs |
| version | 0.5.0 |
| source | src |
| created_at | 2024-06-20 10:48:37.37855 |
| updated_at | 2024-09-24 19:39:46.648984 |
| description | Generated protobufs for integrating with and implementing iam-runtime services |
| homepage | |
| repository | https://github.com/metal-toolbox/iam-runtime-rs |
| max_upload_size | |
| id | 1277860 |
| size | 51,241 |
E Camden Fisher (fishnix)
documentation
README
iam-runtime-rs
Crate containing generated protobufs from iam-runtime protos.
Example:
use anyhow::{Error, Result};
use tokio::net::UnixStream;
use tonic::transport::{Endpoint, Uri};
use tower::service_fn;
use iam_runtime_rs::iam_runtime::{
authentication_client::AuthenticationClient, authorization_client::AuthorizationClient,
AccessRequestAction, CheckAccessRequest, ValidateCredentialRequest,
};
async fn do_auth(token: String) -> Result<(), Error> {
let channel = Endpoint::try_from(format!("http://[::]:50051/{}", "/tmp/iam_runtime.sock"))?
.connect_with_connector(service_fn(|u: Uri| {
UnixStream::connect(String::from(u.path()))
}))
.await?;
let mut authn_client = AuthenticationClient::new(channel.clone());
let mut authz_client = AuthorizationClient::new(channel);
let request = tonic::Request::new(ValidateCredentialRequest {
credential: token.clone(),
});
let resp = authn_client
.validate_credential(request)
.await?
.into_inner();
if resp.result == 1 {
return Err(Error::msg("invalid token"));
};
let action = AccessRequestAction {
action: String::from("some-action"),
resource_id: String::from("some-resource"),
};
let request = tonic::Request::new(CheckAccessRequest {
credential: token,
actions: vec![action],
});
let resp = authz_client.check_access(request).await?.into_inner();
if resp.result == 1 {
return Err(Error::msg("access denied"));
}
Ok(())
}