Struct cedar_policy_core::ast::RestrictedExpr

pub struct RestrictedExpr(/* private fields */);

A few places in Core use these “restricted expressions” (for lack of a better term) which are in some sense the minimal subset of Expr required to express all possible Values.

Specifically, “restricted” expressions are defined as expressions containing only the following:

• bool, int, and string literals
• literal EntityUIDs such as User::“alice”
• extension function calls, where the arguments must be other things on this list
• set and record literals, where the values must be other things on this list

That means the following are not allowed in “restricted” expressions:

• principal, action, resource, context
• builtin operators and functions, including ., in, has, like, .contains()
• if-then-else expressions

These restrictions represent the expressions that are allowed to appear as attribute values in Slice and Context.

Implementations

impl RestrictedExpr

pub fn new(expr: Expr) -> Result<Self, RestrictedExpressionError>

Create a new RestrictedExpr from an Expr.

This function is “safe” in the sense that it will verify that the provided expr does indeed qualify as a “restricted” expression, returning an error if not.

Note this check requires recursively walking the AST. For a version of this function that doesn’t perform this check, see new_unchecked() below.

pub fn new_unchecked(expr: Expr) -> Self

Create a new RestrictedExpr from an Expr, where the caller is responsible for ensuring that the Expr is a valid “restricted expression”. If it is not, internal invariants will be violated, which may lead to other errors later, panics, or even incorrect results.

For a “safer” version of this function that returns an error for invalid inputs, see new() above.

pub fn val(v: impl Into<Literal>) -> Self

Create a RestrictedExpr that’s just a single Literal.

Note that you can pass this a Literal, an i64, a String, etc.

pub fn set(exprs: impl IntoIterator<Item = RestrictedExpr>) -> Self

Create a RestrictedExpr which evaluates to a Set of the given RestrictedExprs

pub fn record( pairs: impl IntoIterator<Item = (SmolStr, RestrictedExpr)>, ) -> Self

Create a RestrictedExpr which evaluates to a Record with the given (key, value) pairs.

pub fn call_extension_fn(function_name: Name, args: Vec<RestrictedExpr>) -> Self

Create a RestrictedExpr which calls the given extension function

impl RestrictedExpr

pub fn as_borrowed(&self) -> BorrowedRestrictedExpr<'_>

Turn an &RestrictedExpr into a BorrowedRestrictedExpr

Methods from Deref<Target = Expr>

pub fn expr_kind(&self) -> &ExprKind<T>

Access the inner ExprKind for this Expr. The ExprKind is the enum which specifies the expression variant, so it must be accessed by any code matching and recursing on an expression.

pub fn data(&self) -> &T

Access the data stored on the Expr.

pub fn source_info(&self) -> &Option<SourceInfo>

Access the data stored on the Expr.

pub fn is_ref(&self) -> bool

Check whether this expression is an entity reference

This is used for policy headers, where some syntax is required to be an entity reference.

pub fn is_slot(&self) -> bool

Check whether this expression is a slot.

pub fn is_ref_set(&self) -> bool

Check whether this expression is a set of entity references

This is used for policy headers, where some syntax is required to be an entity reference set.

pub fn subexpressions(&self) -> impl Iterator<Item = &Self>

Iterate over all sub-expressions in this expression

pub fn slots(&self) -> impl Iterator<Item = &SlotId>

Iterate over all of the slots in this policy AST

pub fn is_projectable(&self) -> bool

Determine if the expression is projectable under partial evaluation An expression is projectable if it’s guaranteed to never error on evaluation This is true if the expression is entirely composed of values or unknowns

pub fn is_unknown(&self) -> bool

Check if an expression contains any symbolic unknowns

pub fn unknowns(&self) -> impl Iterator<Item = &str>

Get all unknowns in an expression

pub fn substitute( &self, definitions: &HashMap<SmolStr, Value>, ) -> Result<Expr, SubstitutionError>

Substitute unknowns with values If a definition is missing, it will be left as an unknown, and can be filled in later.

pub fn eq_shape<U>(&self, other: &Expr<U>) -> bool

Return true if this expression (recursively) has the same expression kind as the argument expression. This accounts for the full recursive shape of the expression, but does not consider source information or any generic data annotated on expression. This should behave the same as the default implementation of Eq before source information and generic data were added.

pub fn hash_shape<H>(&self, state: &mut H)

where H: Hasher,

Implementation of hashing corresponding to equality as implemented by eq_shape. Must satisfy the usual relationship between equality and hashing.

Trait Implementations

impl AsRef<Expr> for RestrictedExpr

fn as_ref(&self) -> &Expr

Converts this type into a shared reference of the (usually inferred) input type.

impl AsRef<RestrictedExpr> for Context

fn as_ref(&self) -> &RestrictedExpr

Converts this type into a shared reference of the (usually inferred) input type.

impl Clone for RestrictedExpr

fn clone(&self) -> RestrictedExpr

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for RestrictedExpr

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for RestrictedExpr

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Display for RestrictedExpr

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl From<RestrictedExpr> for Expr

fn from(r: RestrictedExpr) -> Expr

Converts to this type from the input type.

impl FromStr for RestrictedExpr

type Err = ParseErrors

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<RestrictedExpr, Self::Err>

Parses a string s to return a value of this type.

impl Hash for RestrictedExpr

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq for RestrictedExpr

fn eq(&self, other: &RestrictedExpr) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for RestrictedExpr

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Deref for RestrictedExpr

type Target = Expr

The resulting type after dereferencing.

fn deref(&self) -> &Expr

Dereferences the value.

impl Eq for RestrictedExpr

impl StructuralPartialEq for RestrictedExpr