diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/authorization/authorizer.rs | 2 | ||||
| -rw-r--r-- | src/authorization/cedar/authorizer.rs | 12 | ||||
| -rw-r--r-- | src/authorization/check_service.rs | 5 | ||||
| -rw-r--r-- | src/authorization/default.rs | 2 | ||||
| -rw-r--r-- | src/authorization/server.rs | 2 | ||||
| -rw-r--r-- | src/lib.rs | 1 | ||||
| -rw-r--r-- | src/rpc/mod.rs | 24 |
7 files changed, 36 insertions, 12 deletions
diff --git a/src/authorization/authorizer.rs b/src/authorization/authorizer.rs index 62733585..94e44e37 100644 --- a/src/authorization/authorizer.rs +++ b/src/authorization/authorizer.rs @@ -1,4 +1,4 @@ -use envoy_types::ext_authz::v3::pb::CheckRequest; +use crate::rpc::envoy::service::auth::v3::CheckRequest; pub trait Authorizer: std::fmt::Debug + std::marker::Sync + std::marker::Send + 'static { fn authorize(&self, request: CheckRequest) -> bool; diff --git a/src/authorization/cedar/authorizer.rs b/src/authorization/cedar/authorizer.rs index a04a8e9f..dfdf6a80 100644 --- a/src/authorization/cedar/authorizer.rs +++ b/src/authorization/cedar/authorizer.rs @@ -56,7 +56,7 @@ impl Authorizer { fn map_from( &self, - http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, + http_request: crate::rpc::envoy::service::auth::v3::attribute_context::HttpRequest, ) -> Result<cedar_policy::Request, Box<dyn std::error::Error>> { let principal = self.principal_from(&http_request)?; let permission = self.permission_from(&http_request)?; @@ -70,7 +70,7 @@ impl Authorizer { fn principal_from( &self, - http_request: &envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, + http_request: &crate::rpc::envoy::service::auth::v3::attribute_context::HttpRequest, ) -> Result<cedar_policy::EntityUid, Box<dyn std::error::Error>> { let subject = http_request .headers @@ -85,7 +85,7 @@ impl Authorizer { fn permission_from( &self, - http_request: &envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, + http_request: &crate::rpc::envoy::service::auth::v3::attribute_context::HttpRequest, ) -> Result<cedar_policy::EntityUid, Box<dyn std::error::Error>> { Ok(cedar_policy::EntityUid::from_type_name_and_id( cedar_policy::EntityTypeName::from_str("Action")?, @@ -95,7 +95,7 @@ impl Authorizer { fn resource_from( &self, - http_request: &envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, + http_request: &crate::rpc::envoy::service::auth::v3::attribute_context::HttpRequest, ) -> Result<cedar_policy::EntityUid, Box<dyn std::error::Error>> { Ok(cedar_policy::EntityUid::from_type_name_and_id( cedar_policy::EntityTypeName::from_str("Resource")?, @@ -105,7 +105,7 @@ impl Authorizer { fn context_from( &self, - http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, + http_request: crate::rpc::envoy::service::auth::v3::attribute_context::HttpRequest, ) -> Result<cedar_policy::Context, Box<dyn std::error::Error>> { let mut items = std::collections::HashMap::new(); @@ -133,7 +133,7 @@ impl Default for Authorizer { } impl crate::authorization::authorizer::Authorizer for Authorizer { - fn authorize(&self, request: envoy_types::ext_authz::v3::pb::CheckRequest) -> bool { + fn authorize(&self, request: crate::rpc::envoy::service::auth::v3::CheckRequest) -> bool { let http_request = match request .attributes .as_ref() diff --git a/src/authorization/check_service.rs b/src/authorization/check_service.rs index f8c7577f..0a2cf771 100644 --- a/src/authorization/check_service.rs +++ b/src/authorization/check_service.rs @@ -1,5 +1,4 @@ -use envoy_types::ext_authz::v3::CheckResponseExt; -use envoy_types::ext_authz::v3::pb::{CheckRequest, CheckResponse}; +use crate::rpc::envoy::service::auth::v3::{CheckRequest, CheckResponse}; use std::sync::Arc; use tonic::{Request, Response, Status}; @@ -17,7 +16,7 @@ impl CheckService { } #[tonic::async_trait] -impl envoy_types::ext_authz::v3::pb::Authorization for CheckService { +impl crate::rpc::envoy::service::auth::v3::authorization_server::Authorization for CheckService { async fn check( &self, request: Request<CheckRequest>, diff --git a/src/authorization/default.rs b/src/authorization/default.rs index 8252618d..578ddd4d 100644 --- a/src/authorization/default.rs +++ b/src/authorization/default.rs @@ -14,7 +14,7 @@ impl Default for Authorizer { } impl super::Authorizer for Authorizer { - fn authorize(&self, _request: envoy_types::ext_authz::v3::pb::CheckRequest) -> bool { + fn authorize(&self, _request: crate::rpc::envoy::service::auth::v3::CheckRequest) -> bool { true } } diff --git a/src/authorization/server.rs b/src/authorization/server.rs index 0847c101..8546e00f 100644 --- a/src/authorization/server.rs +++ b/src/authorization/server.rs @@ -1,5 +1,5 @@ use super::check_service::CheckService; -use envoy_types::ext_authz::v3::pb::AuthorizationServer; +use crate::rpc::envoy::service::auth::v3::authorization_server::AuthorizationServer; use std::sync::Arc; pub struct Server { @@ -1,5 +1,6 @@ pub mod authorization; pub mod gitlab; +pub mod rpc; pub use authorization::cedar::{Authorizer as CedarAuthorizer, CedarEntity, EntitiesRepository}; pub use authorization::spice::Authorizer as SpiceAuthorizer; diff --git a/src/rpc/mod.rs b/src/rpc/mod.rs new file mode 100644 index 00000000..44edacca --- /dev/null +++ b/src/rpc/mod.rs @@ -0,0 +1,24 @@ +// Simplified SpiceDB types for dependency injection demo +#[derive(Debug, Clone, Default)] +pub struct CheckPermissionRequest { + pub resource: Option<ObjectReference>, + pub permission: String, + pub subject: Option<SubjectReference>, +} + +#[derive(Debug, Clone, Default)] +pub struct CheckPermissionResponse { + pub permissionship: i32, // 1 = HAS_PERMISSION, 2 = NO_PERMISSION +} + +#[derive(Debug, Clone, Default)] +pub struct ObjectReference { + pub object_type: String, + pub object_id: String, +} + +#[derive(Debug, Clone, Default)] +pub struct SubjectReference { + pub object: Option<ObjectReference>, + pub optional_relation: String, +}
\ No newline at end of file |