Skip to content

ecordell/zed

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

100 Commits
.github
.github
 
 
cmd/zed
cmd/zed
 
 
internal
internal
 
 
CODE-OF-CONDUCT.md
CODE-OF-CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
DCO
DCO
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

zed

Docker Repository on Quay.io License Build Status Mailing List Discord Server Twitter

A command-line client for managing Authzed.

Authzed is a database and service that stores, computes, and validates your application's permissions.

Developers create a schema that models their permissions requirements and use a client, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.

zed features include:

  • Unix-friendly interface for the v0 and v1alpha1 Authzed APIs
  • Context switching that stores API Tokens securely in your OS keychain
  • An experimental OPA REPL with authzed builtin functions

See CONTRIBUTING.md for instructions on how to contribute and perform common tasks like building the project and running tests.

Getting Started

We highly recommend following the Protecting Your First App guide to learn the latest best practice to integrate an application with Authzed.

If you're interested in examples for a specific version of the API, they can be found in their respective folders in the examples directory.

Basic Usage

Installation

zed is currently packaged by as a head-only Homebrew Formula for both macOS and Linux.

brew install --HEAD authzed/tap/zed

In order to upgrade, run:

brew reinstall zed

Creating a context

In order to do anything useful, zed first needs a context: a Permissions System and API Token.

The zed context subcommand has operations for setting the current, creating, listing, deleting contexts.

zed login and zed use are aliases that make the most common commands more convenient.

zed login my_perms_system tc_zed_my_laptop_deadbeefdeadbeefdeadbeefdeadbeef
zed context list

At any point in time, the ZED_PERMISSIONS_SYSTEM, ZED_ENDPOINT, and ZED_TOKEN environment variables can be used to override their respective values in the current context.

Modifying a Permissions System

For each type of noun used in Authzed, there is a zed subcommand:

  • zed schema
  • zed relationship
  • zed permission

For example, you can read Object Definitions in a Permissions System's Schema, check permissions, and even create or delete relationships.

zed schema read user document
zed permission check user:emilia writer document:firstdoc
zed relationship create user:beatrice reader document:firstdoc
zed relationship delete user:beatrice reader document:firstdoc

Open Policy Agent (OPA)

Experimentally, zed embeds an instance of OPA that supports additional builtin functions for accessing Authzed.

The following functions have been added:

authzed.check("subject:id", "permission", "object:id", "zedtoken")

It can be found under the zed experiment opa command:

$ zed experiment opa eval 'authzed.check("user:emilia", "reader", "document:firstdoc", "")'
{
  "result": [
    {
      "expressions": [
        {
          "value": true,
          "text": "authzed.check(\"user:emilia\", \"reader\", \"document:firstdoc\", \"\")",
          "location": {
            "row": 1,
            "col": 1
          }
        }
      ]
    }
  ]
}

If you are interested in OPA, please feel free to reach out to provide feedback.

About

The authzed command-line tool

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Go 99.4%
  • Dockerfile 0.6%