#protobuf #run-time #iam #access #tower-service #authorization #grpc

iam-runtime-rs

Generated protobufs for integrating with and implementing iam-runtime services

4 releases (2 breaking)

0.5.0 Sep 24, 2024
0.4.1 Jun 20, 2024
0.4.0 Jun 20, 2024
0.3.0 Jun 21, 2024

#209 in Authentication

Download history 43/week @ 2024-07-14 117/week @ 2024-07-21 279/week @ 2024-07-28 47/week @ 2024-08-04 75/week @ 2024-08-11 135/week @ 2024-08-18 83/week @ 2024-08-25 17/week @ 2024-09-01 19/week @ 2024-09-08 80/week @ 2024-09-15 190/week @ 2024-09-22 99/week @ 2024-09-29 53/week @ 2024-10-06 63/week @ 2024-10-13 12/week @ 2024-10-20 151/week @ 2024-10-27

286 downloads per month

Apache-2.0

52KB
990 lines

iam-runtime-rs

Crate containing generated protobufs from iam-runtime protos.

Example:

use anyhow::{Error, Result};
use tokio::net::UnixStream;
use tonic::transport::{Endpoint, Uri};
use tower::service_fn;

use iam_runtime_rs::iam_runtime::{
    authentication_client::AuthenticationClient, authorization_client::AuthorizationClient,
    AccessRequestAction, CheckAccessRequest, ValidateCredentialRequest,
};

async fn do_auth(token: String) -> Result<(), Error> {
    let channel = Endpoint::try_from(format!("http://[::]:50051/{}", "/tmp/iam_runtime.sock"))?
        .connect_with_connector(service_fn(|u: Uri| {
            UnixStream::connect(String::from(u.path()))
        }))
        .await?;

    let mut authn_client = AuthenticationClient::new(channel.clone());
    let mut authz_client = AuthorizationClient::new(channel);

    let request = tonic::Request::new(ValidateCredentialRequest {
        credential: token.clone(),
    });

    let resp = authn_client
        .validate_credential(request)
        .await?
        .into_inner();

    if resp.result == 1 {
        return Err(Error::msg("invalid token"));
    };

    let action = AccessRequestAction {
        action: String::from("some-action"),
        resource_id: String::from("some-resource"),
    };

    let request = tonic::Request::new(CheckAccessRequest {
        credential: token,
        actions: vec![action],
    });

    let resp = authz_client.check_access(request).await?.into_inner();
    if resp.result == 1 {
        return Err(Error::msg("access denied"));
    }

    Ok(())
}

Dependencies

~5–11MB
~114K SLoC