Skip to content

Commit 07ac54e

Browse files
jimmarinojimmarino
committed
feat: implement Postgres evaluator
1 parent 26a31f8 commit 07ac54e

15 files changed

Lines changed: 1554 additions & 296 deletions

File tree

Cargo.lock

Lines changed: 25 additions & 24 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

crates/facet-common/Cargo.toml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,13 @@ aws-credential-types = {workspace = true}
2828
aws-smithy-runtime-api = {workspace = true}
2929
regex = {workspace = true}
3030
url = "2.5"
31+
sqlx = {workspace = true}
32+
tokio = {workspace = true}
3133

3234
[dev-dependencies]
3335
aws-sdk-s3 = { workspace = true }
3436
aws-config = { workspace = true }
3537
testcontainers = { workspace = true }
38+
testcontainers-modules = { workspace = true }
3639
tokio = { workspace = true }
3740
reqwest = { workspace = true }

crates/facet-common/src/auth/mem.rs

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,9 @@ impl MemoryAuthorizationEvaluator {
2828
}
2929
}
3030

31+
#[async_trait::async_trait]
3132
impl AuthorizationEvaluator for MemoryAuthorizationEvaluator {
32-
fn evaluate(
33+
async fn evaluate(
3334
&self,
3435
participant_context: &ParticipantContext,
3536
operation: Operation,
@@ -55,8 +56,9 @@ impl AuthorizationEvaluator for MemoryAuthorizationEvaluator {
5556
}
5657
}
5758

59+
#[async_trait::async_trait]
5860
impl RuleStore for MemoryAuthorizationEvaluator {
59-
fn get_rules(&self, participant_context: &ParticipantContext) -> Result<Vec<Rule>, AuthorizationError> {
61+
async fn get_rules(&self, participant_context: &ParticipantContext) -> Result<Vec<Rule>, AuthorizationError> {
6062
let rules = self.rules.read().map_err(|e| AuthorizationError::StoreError(format!("Failed to acquire lock: {}", e)))?;
6163

6264
let Some(participant_rules) = rules.get(&participant_context.identifier) else {
@@ -71,7 +73,7 @@ impl RuleStore for MemoryAuthorizationEvaluator {
7173
Ok(all_rules)
7274
}
7375

74-
fn save_rule(&self, participant_context: &ParticipantContext, rule: Rule) -> Result<(), AuthorizationError> {
76+
async fn save_rule(&self, participant_context: &ParticipantContext, rule: Rule) -> Result<(), AuthorizationError> {
7577
let mut rules = self.rules.write().map_err(|e| AuthorizationError::StoreError(format!("Failed to acquire lock: {}", e)))?;
7678

7779
rules
@@ -84,7 +86,7 @@ impl RuleStore for MemoryAuthorizationEvaluator {
8486
Ok(())
8587
}
8688

87-
fn remove_rule(&self, participant_context: &ParticipantContext, rule: Rule) -> Result<(), AuthorizationError> {
89+
async fn remove_rule(&self, participant_context: &ParticipantContext, rule: Rule) -> Result<(), AuthorizationError> {
8890
let mut rules = self.rules.write().map_err(|e| AuthorizationError::StoreError(format!("Failed to acquire lock: {}", e)))?;
8991

9092
let Some(participant_rules) = rules.get_mut(&participant_context.identifier) else {

crates/facet-common/src/auth/mod.rs

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,14 @@
1414
mod tests;
1515

1616
mod mem;
17+
mod postgres;
1718

1819
use crate::context::ParticipantContext;
1920
use regex::Regex;
2021
use thiserror::Error;
2122

2223
pub use mem::MemoryAuthorizationEvaluator;
24+
pub use postgres::PostgresAuthorizationEvaluator;
2325

2426
/// Represents an operation with specific attributes that describe its scope, action, and resource.
2527
///
@@ -73,19 +75,21 @@ impl Rule {
7375
}
7476

7577
/// Evaluates whether an operation is authorized for a participant based on the configured rules.
78+
#[async_trait::async_trait]
7679
pub trait AuthorizationEvaluator: Sync + Send {
77-
fn evaluate(
80+
async fn evaluate(
7881
&self,
7982
participant_context: &ParticipantContext,
8083
operation: Operation,
8184
) -> Result<bool, AuthorizationError>;
8285
}
8386

8487
/// Stores rules for a participant.
88+
#[async_trait::async_trait]
8589
pub trait RuleStore: Send + Sync {
86-
fn get_rules(&self, participant_context: &ParticipantContext) -> Result<Vec<Rule>, AuthorizationError>;
87-
fn save_rule(&self, participant_context: &ParticipantContext, rule: Rule) -> Result<(), AuthorizationError>;
88-
fn remove_rule(&self, participant_context: &ParticipantContext, rule: Rule) -> Result<(), AuthorizationError>;
90+
async fn get_rules(&self, participant_context: &ParticipantContext) -> Result<Vec<Rule>, AuthorizationError>;
91+
async fn save_rule(&self, participant_context: &ParticipantContext, rule: Rule) -> Result<(), AuthorizationError>;
92+
async fn remove_rule(&self, participant_context: &ParticipantContext, rule: Rule) -> Result<(), AuthorizationError>;
8993
}
9094

9195
pub struct TrueAuthorizationEvaluator {}
@@ -96,8 +100,9 @@ impl TrueAuthorizationEvaluator {
96100
}
97101
}
98102

103+
#[async_trait::async_trait]
99104
impl AuthorizationEvaluator for TrueAuthorizationEvaluator {
100-
fn evaluate(&self, _: &ParticipantContext, _: Operation) -> Result<bool, AuthorizationError> {
105+
async fn evaluate(&self, _: &ParticipantContext, _: Operation) -> Result<bool, AuthorizationError> {
101106
Ok(true)
102107
}
103108
}

0 commit comments

Comments
 (0)