ibmcloud-iam-rs

一套用于与IBM Cloud IAM（身份和访问管理）交互的Rust模块

当前功能

• 通过智能且线程安全的缓存机制（TokenManager）请求IAM访问令牌
• 验证IAM访问令牌并检查其中的声明
• 通过向PDP IAM服务发送Subject、Action、Resource请求来授权用户操作

用法

使用TokenManager检索访问令牌

use ibmcloud_iam::token::{TokenManager, DEFAULT_IAM_ENDPOINT};

// grab an API key from environment variables to use for token getting purposes
let api_key = std::env::var("IBMCLOUD_API_KEY").unwrap();
let tm = TokenManager::new(&api_key, DEFAULT_IAM_ENDPOINT);

// now whenever an access token is needed, call `tm.token()`
// this will return a cached non-expired Token if possible,
// otherwise it will request a new token from IAM, cache it, and return it

// gets a new Token, since none has been retrieved yet
let tok1 = tm.token().unwrap();

// returns the same Token as above, since it is cached and not expired
let tok2 = tm.token().unwrap();

assert_eq!(tok1, tok2);

// the Bearer token is available on the Token struct as 'access_token'
let bearer_token = format!("Bearer {}", tok1.access_token);

解析和验证令牌

use ibmcloud_iam::token::TokenManager;
use ibmcloud_iam::jwt::validate_token;

// lazy way of getting a TokenManager with the
// API key from 'IBMCLOUD_API_KEY' in your environment vars
let tm = TokenManager::default();
let token = tm.token().unwrap();

// base url of the IAM endpoint you'll be using to validate tokens
let endpoint = "https://iam.cloud.ibm.com";

// validate the token signature, expiration, issuer, and issued_at claims, and return all the claims
let claims = validate_token(&token, &endpoint).unwrap();

println!("{:#?}", claims);

通过PDP授权用户操作

请参阅examples中的pdp_auth.rs，了解如何与PDP交互的示例