cedar_policy_core::ast

Struct RestrictedExpr

Source 
pub struct RestrictedExpr(/* private fields */);
Expand description

A few places in Core use these “restricted expressions” (for lack of a better term) which are in some sense the minimal subset of Expr required to express all possible Values.

Specifically, “restricted” expressions are defined as expressions containing only the following:

  • bool, int, and string literals
  • literal EntityUIDs such as User::“alice”
  • extension function calls, where the arguments must be other things on this list
  • set and record literals, where the values must be other things on this list

That means the following are not allowed in “restricted” expressions:

  • principal, action, resource, context
  • builtin operators and functions, including ., in, has, like, .contains()
  • if-then-else expressions

These restrictions represent the expressions that are allowed to appear as attribute values in Slice and Context.

Implementations§

Source§

impl RestrictedExpr

Source

pub fn new(expr: Expr) -> Result<Self, RestrictedExpressionError>

Create a new RestrictedExpr from an Expr.

This function is “safe” in the sense that it will verify that the provided expr does indeed qualify as a “restricted” expression, returning an error if not.

Note this check requires recursively walking the AST. For a version of this function that doesn’t perform this check, see new_unchecked() below.

Source

pub fn new_unchecked(expr: Expr) -> Self

Create a new RestrictedExpr from an Expr, where the caller is responsible for ensuring that the Expr is a valid “restricted expression”. If it is not, internal invariants will be violated, which may lead to other errors later, panics, or even incorrect results.

For a “safer” version of this function that returns an error for invalid inputs, see new() above.

Source

pub fn with_maybe_source_loc(self, source_loc: Option<Loc>) -> Self

Return the RestrictedExpr, but with the new source_loc (or None).

Source

pub fn val(v: impl Into<Literal>) -> Self

Create a RestrictedExpr that’s just a single Literal.

Note that you can pass this a Literal, an Integer, a String, etc.

Source

pub fn unknown(u: Unknown) -> Self

Create a RestrictedExpr that’s just a single Unknown.

Source

pub fn set(exprs: impl IntoIterator<Item = RestrictedExpr>) -> Self

Create a RestrictedExpr which evaluates to a Set of the given RestrictedExprs

Source

pub fn record( pairs: impl IntoIterator<Item = (SmolStr, RestrictedExpr)>, ) -> Result<Self, ExpressionConstructionError>

Create a RestrictedExpr which evaluates to a Record with the given (key, value) pairs.

Throws an error if any key occurs two or more times.

Source

pub fn call_extension_fn( function_name: Name, args: impl IntoIterator<Item = RestrictedExpr>, ) -> Self

Create a RestrictedExpr which calls the given extension function

Source

pub fn to_natural_json(&self) -> Result<Value, JsonSerializationError>

Write a RestrictedExpr in “natural JSON” format.

Used to output the context as a map from Strings to JSON Values

Source

pub fn as_bool(&self) -> Option<bool>

Get the bool value of this RestrictedExpr if it’s a boolean, or None if it is not a boolean

Source

pub fn as_long(&self) -> Option<i64>

Get the i64 value of this RestrictedExpr if it’s a long, or None if it is not a long

Source

pub fn as_string(&self) -> Option<&SmolStr>

Get the SmolStr value of this RestrictedExpr if it’s a string, or None if it is not a string

Source

pub fn as_euid(&self) -> Option<&EntityUID>

Get the EntityUID value of this RestrictedExpr if it’s an entity reference, or None if it is not an entity reference

Source

pub fn as_unknown(&self) -> Option<&Unknown>

Get Unknown value of this RestrictedExpr if it’s an Unknown, or None if it is not an Unknown

Source

pub fn as_set_elements( &self, ) -> Option<impl Iterator<Item = BorrowedRestrictedExpr<'_>>>

Iterate over the elements of the set if this RestrictedExpr is a set, or None if it is not a set

Source

pub fn as_record_pairs( &self, ) -> Option<impl Iterator<Item = (&SmolStr, BorrowedRestrictedExpr<'_>)>>

Iterate over the (key, value) pairs of the record if this RestrictedExpr is a record, or None if it is not a record

Source

pub fn as_extn_fn_call( &self, ) -> Option<(&Name, impl Iterator<Item = BorrowedRestrictedExpr<'_>>)>

Get the name and args of the called extension function if this RestrictedExpr is an extension function call, or None if it is not an extension function call

Source§

impl RestrictedExpr

Source

pub fn as_borrowed(&self) -> BorrowedRestrictedExpr<'_>

Turn an &RestrictedExpr into a BorrowedRestrictedExpr

Methods from Deref<Target = Expr>§

Source

pub fn expr_kind(&self) -> &ExprKind<T>

Access the inner ExprKind for this Expr. The ExprKind is the enum which specifies the expression variant, so it must be accessed by any code matching and recursing on an expression.

Source

pub fn data(&self) -> &T

Access the data stored on the Expr.

Source

pub fn source_loc(&self) -> Option<&Loc>

Access the Loc stored on the Expr.

Source

pub fn is_ref(&self) -> bool

Check whether this expression is an entity reference

This is used for policy scopes, where some syntax is required to be an entity reference.

Source

pub fn is_slot(&self) -> bool

Check whether this expression is a slot.

Source

pub fn is_ref_set(&self) -> bool

Check whether this expression is a set of entity references

This is used for policy scopes, where some syntax is required to be an entity reference set.

Source

pub fn subexpressions(&self) -> impl Iterator<Item = &Self>

Iterate over all sub-expressions in this expression

Source

pub fn slots(&self) -> impl Iterator<Item = Slot> + '_

Iterate over all of the slots in this policy AST

Source

pub fn is_projectable(&self) -> bool

Determine if the expression is projectable under partial evaluation An expression is projectable if it’s guaranteed to never error on evaluation This is true if the expression is entirely composed of values or unknowns

Source

pub fn try_type_of(&self, extensions: &Extensions<'_>) -> Option<Type>

Try to compute the runtime type of this expression. This operation may fail (returning None), for example, when asked to get the type of any variables, any attributes of entities or records, or an unknown without an explicitly annotated type.

Also note that this is not typechecking the expression. It does not check that the expression actually evaluates to a value (as opposed to erroring).

Because of these limitations, this function should only be used to obtain a type for use in diagnostics such as error strings.

Source

pub fn contains_unknown(&self) -> bool

Check if an expression contains any symbolic unknowns

Source

pub fn unknowns(&self) -> impl Iterator<Item = &Unknown>

Get all unknowns in an expression

Source

pub fn substitute(&self, definitions: &HashMap<SmolStr, Value>) -> Expr

Substitute unknowns with concrete values.

Ignores unmapped unknowns. Ignores type annotations on unknowns.

Source

pub fn substitute_typed( &self, definitions: &HashMap<SmolStr, Value>, ) -> Result<Expr, SubstitutionError>

Substitute unknowns with concrete values.

Ignores unmapped unknowns. Errors if the substituted value does not match the type annotation on the unknown.

Source

pub fn eq_shape<U>(&self, other: &Expr<U>) -> bool

Return true if this expression (recursively) has the same expression kind as the argument expression. This accounts for the full recursive shape of the expression, but does not consider source information or any generic data annotated on expression. This should behave the same as the default implementation of Eq before source information and generic data were added.

Source

pub fn hash_shape<H>(&self, state: &mut H)
where H: Hasher,

Implementation of hashing corresponding to equality as implemented by eq_shape. Must satisfy the usual relationship between equality and hashing.

Trait Implementations§

Source§

impl AsRef<Expr> for RestrictedExpr

Source§

fn as_ref(&self) -> &Expr

Converts this type into a shared reference of the (usually inferred) input type.
Source§

impl Clone for RestrictedExpr

Source§

fn clone(&self) -> RestrictedExpr

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for RestrictedExpr

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for RestrictedExpr

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Display for RestrictedExpr

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<Context> for RestrictedExpr

Source§

fn from(value: Context) -> Self

Converts to this type from the input type.
Source§

impl From<RestrictedExpr> for Expr

Source§

fn from(r: RestrictedExpr) -> Expr

Converts to this type from the input type.
Source§

impl From<Value> for RestrictedExpr

Source§

fn from(value: Value) -> RestrictedExpr

Converts to this type from the input type.
Source§

impl From<ValueKind> for RestrictedExpr

Source§

fn from(value: ValueKind) -> RestrictedExpr

Converts to this type from the input type.
Source§

impl FromStr for RestrictedExpr

Source§

type Err = RestrictedExpressionParseError

The associated error which can be returned from parsing.
Source§

fn from_str(s: &str) -> Result<RestrictedExpr, Self::Err>

Parses a string s to return a value of this type. Read more
Source§

impl Hash for RestrictedExpr

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl PartialEq for RestrictedExpr

Source§

fn eq(&self, other: &RestrictedExpr) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for RestrictedExpr

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl TryFrom<PartialValue> for RestrictedExpr

Source§

type Error = PartialValueToRestrictedExprError

The type returned in the event of a conversion error.
Source§

fn try_from( pvalue: PartialValue, ) -> Result<RestrictedExpr, PartialValueToRestrictedExprError>

Performs the conversion.
Source§

impl Deref for RestrictedExpr

Source§

type Target = Expr

The resulting type after dereferencing.
Source§

fn deref(&self) -> &Expr

Dereferences the value.
Source§

impl Eq for RestrictedExpr

Source§

impl StructuralPartialEq for RestrictedExpr

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToSmolStr for T
where T: Display + ?Sized,

Source§

fn to_smolstr(&self) -> SmolStr

Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,