The Cedarling is a performant local authorization service that runs the Rust Cedar Engine. Cedar policies and schema are loaded at startup from a locally cached "Policy Store". In simple terms, the Cedarling returns the answer: should the application allow this action on this resource given these JWT tokens. "Fit for purpose" policies help developers build a better user experience. For example, why display form fields that a user is not authorized to see? The Cedarling is a more productive and flexible way to handle authorization.
Cedarling is written in the Rust programming language (folder cedarling). And you can import it into your project as a dependency.
You can install Rust toolchain by following the official rust installation guide.
Rust examples of using Cedarling contains in the folder cedarling/examples.
File with example is log_init.rs.
We support 4 types of loggers according to the bootstrap properties.
To run example you need execute next command according to the logger:
off- This log type is do nothing. It means that all logs will be ignored.
cargo run -p cedarling --example log_init -- offstdout- This log type writes all logs tostdout. Without storing or additional handling log messages. Standart streams.
cargo run -p cedarling --example log_init -- stdoutmemory- This log type holds all logs in database (in memory) with eviction policy.
cargo run -p cedarling --example log_init -- memory 6060 - ttl (time to live log entry) in seconds. But actually the example execute very fast, so we no need to wait.
lock- This log type will send logs to the server (corporate feature). (in development)
cargo run -p cedarling --example log_init -- lockTo evaluate authorization without validating JWT tokens, use the following command:
cargo run -p cedarling --example authorize_without_jwt_validationTo include JWT validation in the authorization evaluation, use this command:
cargo run -p cedarling --example authorize_with_jwt_validationTo run all unit tests in the project you need execute next commands:
cargo test --workspaceWe use cargo-llvm-cov for code coverage.
To install run:
cargo install cargo-llvm-cov Get coverage report in console with:
cargo llvm-covGet coverage report in html format with:
cargo llvm-cov --html --openGetting coverage report in lcov.info:
cargo llvm-cov --workspace --lcov --output-path lcov.infoUsing lcov.info you can configure your IDE to display line-by-line code coverage.
To generate autogenerated docs run:
cargo doc -p cedarling --no-deps --openThe python bindings for Cedarling is located in the bindings/cedarling_python folder.
Or you can find readme by clicking here.
Benchmarks have been written with the help of the criterion crate.
You can run the benchmarks using:
cargo bench -p cedarling