#protobuf #run-time #iam #access #tower-service #authorization #grpc

iam-runtime-rs

Generated protobufs for integrating with and implementing iam-runtime services

4 releases (2 breaking)

0.5.0 Sep 24, 2024
0.4.1 Jun 20, 2024
0.4.0 Jun 20, 2024
0.3.0 Jun 21, 2024

#229 in Authentication

Download history 130/week @ 2024-08-17 87/week @ 2024-08-24 17/week @ 2024-08-31 17/week @ 2024-09-07 83/week @ 2024-09-14 175/week @ 2024-09-21 107/week @ 2024-09-28 58/week @ 2024-10-05 59/week @ 2024-10-12 18/week @ 2024-10-19 149/week @ 2024-10-26 42/week @ 2024-11-02 23/week @ 2024-11-09 53/week @ 2024-11-16 41/week @ 2024-11-23 81/week @ 2024-11-30

206 downloads per month

Apache-2.0

52KB
990 lines

iam-runtime-rs

Crate containing generated protobufs from iam-runtime protos.

Example:

use anyhow::{Error, Result};
use tokio::net::UnixStream;
use tonic::transport::{Endpoint, Uri};
use tower::service_fn;

use iam_runtime_rs::iam_runtime::{
    authentication_client::AuthenticationClient, authorization_client::AuthorizationClient,
    AccessRequestAction, CheckAccessRequest, ValidateCredentialRequest,
};

async fn do_auth(token: String) -> Result<(), Error> {
    let channel = Endpoint::try_from(format!("http://[::]:50051/{}", "/tmp/iam_runtime.sock"))?
        .connect_with_connector(service_fn(|u: Uri| {
            UnixStream::connect(String::from(u.path()))
        }))
        .await?;

    let mut authn_client = AuthenticationClient::new(channel.clone());
    let mut authz_client = AuthorizationClient::new(channel);

    let request = tonic::Request::new(ValidateCredentialRequest {
        credential: token.clone(),
    });

    let resp = authn_client
        .validate_credential(request)
        .await?
        .into_inner();

    if resp.result == 1 {
        return Err(Error::msg("invalid token"));
    };

    let action = AccessRequestAction {
        action: String::from("some-action"),
        resource_id: String::from("some-resource"),
    };

    let request = tonic::Request::new(CheckAccessRequest {
        credential: token,
        actions: vec![action],
    });

    let resp = authz_client.check_access(request).await?.into_inner();
    if resp.result == 1 {
        return Err(Error::msg("access denied"));
    }

    Ok(())
}

Dependencies

~5–11MB
~115K SLoC