aboutsummaryrefslogtreecommitdiff
path: root/crates/iam/src
diff options
context:
space:
mode:
authorbenj <benj@rse8.com>2022-12-30 15:57:36 -0800
committerbenj <benj@rse8.com>2022-12-30 15:57:36 -0800
commit8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3 (patch)
tree1ff85fd9fbd94a5559f9dbac755973fd58b31f28 /crates/iam/src
parentf0ea9ecd17b03605d747044874a26e1bd52c0ee1 (diff)
downloadsecdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar
secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.gz
secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.bz2
secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.lz
secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.xz
secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.zst
secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.zip
impl authZ write and check (depends on spicedb for now)
Diffstat (limited to '')
-rw-r--r--crates/iam/src/main.rs53
1 files changed, 45 insertions, 8 deletions
diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs
index ce72072..c2ab5a3 100644
--- a/crates/iam/src/main.rs
+++ b/crates/iam/src/main.rs
@@ -4,14 +4,13 @@ mod util;
use anyhow::bail;
use api::{
- AdminAction, AdminObject, Args, CliError, Command, CreateObject, DevObject, GetObject,
- LinkObject, ListObject, Validation,
+ AdminAction, Args, CliError, Command, CreateObject, DevObject, GetObject, LinkObject,
+ ListObject,
};
use clap::Parser;
use command::dev_oauth2_listen;
use env_logger::Env;
-use secd::{Secd, SecdError, ENV_AUTH_STORE_CONN_STRING};
-use std::str::FromStr;
+use secd::{auth::z, Secd, ENV_AUTH_STORE_CONN_STRING, ENV_SPICE_SECRET, ENV_SPICE_SERVER};
use util::{error_detail, Result};
use uuid::Uuid;
@@ -53,12 +52,50 @@ async fn exec() -> Result<Option<String>> {
// let cfg = util::read_config(args.profile).map_err(|_| CliError::InvalidProfile)?;
std::env::set_var(
ENV_AUTH_STORE_CONN_STRING,
- "sqlite:///tmp/store.db?mode=rwc",
- // "postgresql://secduser:p4ssw0rd@localhost:5412/secd",
+ "postgresql://secduser:p4ssw0rd@localhost:5412/secd",
);
- let secd = Secd::init()
+ std::env::set_var(ENV_SPICE_SECRET, "sup3rs3cr3tk3y");
+ std::env::set_var(ENV_SPICE_SERVER, "http://[::1]:50051");
+
+ let secd = Secd::init(Some(
+ "definition user {}\ndefinition organization {\n relation member: user \n }\n",
+ ))
+ .await
+ .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?;
+
+ secd.write(&vec![z::Relationship {
+ subject: z::Subject::User((
+ "user".into(),
+ Uuid::parse_str("cd1e74de-6107-4191-a7b2-a142c549a9af").unwrap(),
+ )),
+ object: (
+ "organization".into(),
+ Uuid::parse_str("862f38b5-7f88-4b55-800f-af8da059e3a7").unwrap(),
+ ),
+ relation: "member".into(),
+ }])
+ .await
+ .unwrap();
+
+ let y = match secd
+ .check(&z::Relationship {
+ subject: z::Subject::User((
+ "user".into(),
+ Uuid::parse_str("cd1e74de-6107-4191-a7b2-a142c549a9af").unwrap(),
+ )),
+ object: (
+ "organization".into(),
+ Uuid::parse_str("862f38b5-7f88-4b55-800f-af8da059e3a7").unwrap(),
+ ),
+ relation: "memb".into(),
+ })
.await
- .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?;
+ {
+ Ok(v) => v,
+ Err(e) => panic!("fooooooooooooooooooooooooooooooooooooooooooooooo"),
+ };
+
+ println!("DID I HAZ IT? {:#?}", y);
match rest {
Command::Admin { action } => admin(&secd, action).await?,
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-06 11:03:30 +0000