Valtuutus

A Google Zanzibar inspired authorization library in .NET

The implementation is based on the permify and other ReBac open source projects.

Functionality

The library is designed to be simple and easy to use. Each subset of functionality is divided in engines. The engines are:

• DataEngine: The engine that handles the write and deletion of relation tuples and attributes.
  • Read here about how the relational data is stored.
• CheckEngine: The engine that handles the answering of two questions:
  • Can entity U perform action Y in resource Z? For that, use the Check function.
  • What permissions entity U have in resource Z? For that, use the SubjectPermission function.
• LookupSubjectEngine: The engine that can answer: Which subjects of type T have permission Y on entity:X? For that, use the Lookup function.
• LookupEntityEngine: The engine that can answer: Which resources of type T can entity:X have permission Y? For that, use the LookupEntity function.

Usage

Install the package from NuGet:

If using Postgres:

dotnet add package Valtuutus.Data.Postgres

If using SqlServer:

dotnet add package Valtuutus.Data.SqlServer

Adding to DI:

builder.Services.AddValtuutusCore(c =>
        ... 

See examples of how to define your schema here.

If using Postgres:

builder.Services.AddValtuutusDatabase(() => new NpgsqlConnection(builder.Configuration.GetConnectionString("PostgresDb")!), a => a.AddPostgres());

If using SqlServer:

builder.Services.AddValtuutusDatabase(() => new SqlConnection(builder.Configuration.GetConnectionString("SqlServerDb")!), a => a.AddSqlServer());

Telemetry

The library uses OpenTelemetry to provide telemetry data. To enable it, just add a source with the name "Valtuutus":

builder.Services
    .AddOpenTelemetry()
    .WithTracing(telemetry =>
    {
        telemetry
            .AddSource("Valtuutus")
            ...