Module ast

This module contains the AST datatypes.

Modules

• context_creation_errors
  Error subtypes for ContextCreationError
• expression_construction_errors
  Error subtypes for ExpressionConstructionError
• restricted_expr_errors
  Error subtypes for RestrictedExpressionError

Structs

• Annotation
  Struct which holds the value of a particular annotation
• Annotations
  Struct which holds the annotations for a policy
• AnyId
  Like Id, except this specifically can contain Cedar reserved identifiers. (It still can’t contain, for instance, spaces or characters like ‘+’.)
• BorrowedLiteralPolicy
  A borrowed version of LiteralPolicy exclusively for serialization
• BorrowedRestrictedExpr
  While RestrictedExpr wraps an owned Expr, BorrowedRestrictedExpr wraps a borrowed Expr, with the same invariants.
• ContainsUnknown
  The PartialValue is a residual, i.e., contains an unknown
• Eid
  The Eid type represents the id of an Entity, without the typename. Together with the typename it comprises an EntityUID. For example, in User::"alice", the Eid is alice.
• Entity
  Entity datatype
• EntityAttrEvaluationError
  Error type for evaluation errors when evaluating an entity attribute or tag. Contains some extra contextual information and the underlying EvaluationError.
• EntityType
  Entity type names are just Names, but we have some operations on them specific to entity types.
• EntityUID
  Unique ID for an entity. These represent entities in the AST.
• Expr
  Internal AST for expressions used by the policy evaluator. This structure is a wrapper around an ExprKind, which is the expression variant this object contains. It also contains source information about where the expression was written in policy source code, and some generic data which is stored on each node of the AST. Cloning is O(1).
• ExprBuilder
  Builder for constructing Expr objects annotated with some data (possibly taking default value) and optionally a source_loc.
• ExprIterator
  This structure implements the iterator used to traverse subexpressions of an expression.
• ExprShapeOnly
  A new type wrapper around Expr that provides Eq and Hash implementations that ignore any source information or other generic data used to annotate the Expr.
• Extension
  Cedar extension.
• ExtensionFunction
  Extension function. These can be called by the given name in Ceder expressions.
• ExtensionValueWithArgs
  Object container for extension values, also stores the constructor-and-args that can reproduce the value (important for converting the value back to RestrictedExpr for instance)
• Id
  Identifiers. Anything in Id should be a valid identifier, this means it does not contain, for instance, spaces or characters like ‘+’; and also is not one of the Cedar reserved identifiers (at time of writing, true | false | if | then | else | in | is | like | has).
• Infallible
  Wrapper around std::convert::Infallible which also implements miette::Diagnostic
• InternalName
  Represents the name of an entity type, function, etc. The name may include namespaces. Clone is O(1).
• IntoIter
  Wraps the BTreeMap` into an opaque type so we can change it later if need be
• LiteralPolicy
  Represents either an static policy or a template linked policy This is the serializable version because it simply refers to the Template by its Id;
• Name
  A new type which indicates that the contained InternalName does not contain reserved __cedar, as specified by RFC 52. This represents names which are legal for end-users to define, while InternalName represents names which are legal for end-users to reference.
• PartialValueSerializedAsExpr
  PartialValue, but serialized as a RestrictedExpr.
• Pattern
  Represent a pattern literal (the RHS of the like operator) Also provides an implementation of the Display trait as well as a wildcard matching method.
• Policy
  A Policy that contains: a pointer to its template an link ID (unless it’s an static policy) the bound values for slots in the template
• PolicyID
  A unique identifier for a policy statement
• PolicySet
  Represents a set of Policys
• PrincipalConstraint
  Template constraint on principal scope variables
• Request
  Represents the request tuple <P, A, R, C> (see the Cedar design doc).
• RequestSchemaAllPass
  A RequestSchema that does no validation and always reports a passing result
• RequestType
  Represents the principal type, resource type, and action UID.
• ReservedNameError
  Error when a reserved name is used where it is not allowed
• ResourceConstraint
  Template constraint on resource scope variables
• RestrictedExpr
  A few places in Core use these “restricted expressions” (for lack of a better term) which are in some sense the minimal subset of Expr required to express all possible Values.
• RestrictedExprShapeOnly
  Like ExprShapeOnly, but for restricted expressions.
• Set
  Value’s internal representation of a Set
• Slot
  SlotId plus a source location
• SlotId
  Identifier for a slot Clone is O(1).
• StaticPolicy
  Static Policies are policy that do not come from templates. They have the same structure as a template definition, but cannot contain slots
• Template
  Top level structure for a policy template. Contains both the AST for template, and the list of open slots in the template.
• TemplateBody
  Policy datatype. This is used for both templates (in which case it contains slots) and static policies (in which case it contains zero slots).
• Unknown
  Representation of a partial-evaluation Unknown at the AST level
• UnreservedId
  An Id that is not equal to __cedar, as specified by RFC 52
• Value
  This describes all the values which could be the dynamic result of evaluating an Expr. Cloning is O(1).

Enums

• ActionConstraint
  Constraint for action scope variables. Action variables can be constrained to be in any variable in a list.
• BinaryOp
  Built-in operators with exactly two arguments
• CallStyle
  Which “style” is a function call
• Context
  Context field of a Request
• ContextCreationError
  Errors while trying to create a Context
• Effect
  the Effect of a policy
• EntityReference
  A reference to an EntityUID that may be a Slot
• EntityUIDEntry
  An entry in a request for a Entity UID. It may either be a concrete EUID or an unknown in the case of partial evaluation
• ExprKind
  The possible expression variants. This enum should be matched on by code recursively traversing the AST.
• ExpressionConstructionError
  Errors when constructing an expression
• ExtensionOutputValue
  The output of an extension call, either a value or an unknown
• LinkingError
  Errors linking templates
• Literal
  First-class values which may appear as literals in Expr::Lit.
• NotValue
  An error that can be thrown converting an expression to a value
• PartialValue
  Intermediate results of partial evaluation
• PartialValueToRestrictedExprError
  Errors when converting PartialValue to RestrictedExpr
• PartialValueToValueError
  Errors encountered when converting PartialValue to Value
• PatternElem
  Represent an element in a pattern literal (the RHS of the like operation)
• PolicySetError
  Potential errors when working with PolicySets.
• PolicySetGetLinksError
  Potential errors when working with PolicySets.
• PolicySetPolicyRemovalError
  Potential errors when removing policies from a PolicySet.
• PolicySetTemplateRemovalError
  Potential errors when removing templates from a PolicySet.
• PolicySetUnlinkError
  Potential errors when unlinking from a PolicySet.
• PrincipalOrResource
  Subset of AST variables that have the same constraint form
• PrincipalOrResourceConstraint
  Represents the constraints for principals and resources. Can either not constrain, or constrain via == or in for a single entity literal.
• ReificationError
  Errors that can happen during policy reification
• RestrictedExpressionError
  Error when constructing a restricted expression from unrestricted expression
• RestrictedExpressionParseError
  Errors possible from RestrictedExpr::from_str()
• SubstitutionError
  Enum for errors encountered during substitution
• Type
  This represents the runtime type of a Cedar value. Nominal types: two entity types are equal if they have the same Name.
• UnaryOp
  Built-in operators with exactly one argument
• UnexpectedSlotError
  Error for unexpected slots
• ValueKind
  This describes all the values which could be the dynamic result of evaluating an Expr. Cloning is O(1).
• Var
  AST variables

Statics

• ACTION_ENTITY_TYPE
  The entity type that Actions must have

Traits

• ExtensionValue
  Extension value.
• InternalExtensionValue
  Extensions provide a type implementing ExtensionValue, Eq, and Ord. We automatically implement InternalExtensionValue for that type (with the impl below). Internally, we use dyn InternalExtensionValue instead of dyn ExtensionValue.
• RequestSchema
  Trait for schemas capable of validating Requests
• StaticallyTyped
  Trait for everything in Cedar that has a type known statically.

Functions

• split
  Collect an iterator of either residuals or values into one of the following a) An iterator over values, if everything evaluated to values b) An iterator over residuals expressions, if anything only evaluated to a residual Order is preserved.

Type Aliases

• ExtensionFunctionObject
  Trait object that implements the extension function call.
• InputInteger
  The integer type we use when parsing input
• Integer
  The integer types we use (both internally and for parsing). By default this is i64, but you may change to some suitable Integer type. If you do change this, some tests for over/underflow will need to change as well. The integer type we use internally
• SlotEnv
  Map from Slot Ids to Entity UIDs which fill the slots