4 releases (2 breaking)
0.5.0 | Sep 24, 2024 |
---|---|
0.4.1 | Jun 20, 2024 |
0.4.0 | Jun 20, 2024 |
0.3.0 | Jun 21, 2024 |
#229 in Authentication
206 downloads per month
52KB
990 lines
iam-runtime-rs
Crate containing generated protobufs from iam-runtime
protos.
Example:
use anyhow::{Error, Result};
use tokio::net::UnixStream;
use tonic::transport::{Endpoint, Uri};
use tower::service_fn;
use iam_runtime_rs::iam_runtime::{
authentication_client::AuthenticationClient, authorization_client::AuthorizationClient,
AccessRequestAction, CheckAccessRequest, ValidateCredentialRequest,
};
async fn do_auth(token: String) -> Result<(), Error> {
let channel = Endpoint::try_from(format!("http://[::]:50051/{}", "/tmp/iam_runtime.sock"))?
.connect_with_connector(service_fn(|u: Uri| {
UnixStream::connect(String::from(u.path()))
}))
.await?;
let mut authn_client = AuthenticationClient::new(channel.clone());
let mut authz_client = AuthorizationClient::new(channel);
let request = tonic::Request::new(ValidateCredentialRequest {
credential: token.clone(),
});
let resp = authn_client
.validate_credential(request)
.await?
.into_inner();
if resp.result == 1 {
return Err(Error::msg("invalid token"));
};
let action = AccessRequestAction {
action: String::from("some-action"),
resource_id: String::from("some-resource"),
};
let request = tonic::Request::new(CheckAccessRequest {
credential: token,
actions: vec![action],
});
let resp = authz_client.check_access(request).await?.into_inner();
if resp.result == 1 {
return Err(Error::msg("access denied"));
}
Ok(())
}
Dependencies
~5–11MB
~115K SLoC