#access-control #authorization #security #sdk #open #applications #permissions

bin+lib cerbos

Rust SDK for working with Cerbos: an open core, language-agnostic, scalable authorization solution

7 unstable releases

0.4.7 Oct 14, 2024
0.4.5 Apr 15, 2024
0.4.2 Nov 27, 2023
0.4.1 Jul 10, 2023
0.1.0 May 2, 2022

#402 in Network programming

Download history 8/week @ 2024-07-22 8/week @ 2024-07-29 9/week @ 2024-08-19 28/week @ 2024-08-26 22/week @ 2024-09-09 96/week @ 2024-09-16 124/week @ 2024-09-23 31/week @ 2024-09-30 10/week @ 2024-10-07 200/week @ 2024-10-14

377 downloads per month

Apache-2.0

465KB
7K SLoC

Cerbos Rust SDK

Rust client library for Cerbos: the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

Usage

cargo add cerbos

The client can be used either asynchronously or synchronously by instantiating CerbosAsyncClient or CerbosSyncClient respectively.

use cerbos::sdk::attr::attr;
use cerbos::sdk::model::{Principal, Resource};
use cerbos::sdk::{CerbosAsyncClient, CerbosClientOptions, CerbosEndpoint, Result};

#[tokio::main]
async fn main() -> Result<()> {
    let opt = CerbosClientOptions::new(CerbosEndpoint::HostPort("localhost", 3593));
    let mut client = CerbosAsyncClient::new(opt).await?;

    let principal = Principal::new("alice", ["employee"])
        .with_policy_version("20210210")
        .with_attributes([
            attr("department", "marketing"),
            attr("geography", "GB"),
            attr("team", "design"),
        ]);

    let resource = Resource::new("XX125", "leave_request")
        .with_policy_version("20210210")
        .with_attributes([
            attr("department", "marketing"),
            attr("geography", "GB"),
            attr("team", "design"),
            attr("owner", "alice"),
            attr("approved", true),
            attr("id", "XX125"),
        ]);

    let resp = client
        .is_allowed("view:public", principal, resource, None)
        .await?;

    println!("Allowed={:?}", resp);

    Ok(())
}

Development

Running tests

cerbos run --set=storage.disk.directory=resources/store -- cargo test

Dependencies

~25–39MB
~723K SLoC