Skip to content
/ zed Public
forked from authzed/zed

Command-line tool for managing Authzed & SpiceDB

License

Apache-2.0 license
0 stars 26 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vedantr/zed

BranchesTags
 
 

Repository files navigation

zed

Container Image License Build Status Mailing List Discord Server Twitter

A command-line client for managing SpiceDB and Authzed.

zed features include:

  • Unix-friendly interface for the v1 Authzed API
  • Context switching that stores credentials securely in your OS keychain
  • An experimental OPA REPL with additional builtins for checking permissions

See CONTRIBUTING.md for instructions on how to contribute and perform common tasks like building the project and running tests.

Getting Started

Follow the Guide

We highly recommend following the Protecting Your First App guide to learn the latest best practice to integrate an application with Authzed.

Installation

zed is currently packaged by Homebrew for both macOS and Linux. Individual releases are also available on the releases page.

brew install authzed/tap/zed

Creating a context

In order to do anything useful, zed first needs a context: a named pair of the endpoint and its accompanying credential.

The zed context subcommand has operations for setting the current, creating, listing, deleting contexts.

zed context set prod grpc.authzed.com:443 tc_zed_my_laptop_deadbeefdeadbeefdeadbeefdeadbeef
zed context set dev localhost:80 testpresharedkey
zed context list

At any point in time, the ZED_ENDPOINT and ZED_TOKEN environment variables can be used to override their respective values in the current context.

Viewing & modifying data

For each type of noun used in SpiceDB, there is a zed subcommand:

  • zed schema
  • zed relationship
  • zed permission

For example, you can read a schema, check permissions, and create or delete relationships:

zed schema read
zed permission check document:firstdoc writer user:emilia
zed relationship create document:firstdoc reader user:beatrice
zed relationship delete document:firstdoc reader user:beatrice

Open Policy Agent (OPA)

Experimentally, zed embeds an instance of OPA that supports additional builtin functions for accessing SpiceDB.

The following functions have been added:

authzed.check("resource:id", "permission", "subject:id", "zedtoken")

It can be found under the zed experiment opa command:

$ zed experiment opa eval 'authzed.check("document:firstdoc", "reader", "user:emilia", "")'
{
  "result": [
    {
      "expressions": [
        {
          "value": true,
          "text": "authzed.check(\"document:firstdoc\", \"reader\", \"user:emilia\", \"\")",
          "location": {
            "row": 1,
            "col": 1
          }
        }
      ]
    }
  ]
}

If you are interested in OPA, please feel free to reach out to provide feedback.

About

Command-line tool for managing Authzed & SpiceDB

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

10 tags

Packages

No packages published

Languages

  • Go 99.5%
  • Dockerfile 0.5%