Struct cedar_policy::Policy

source · 
pub struct Policy { /* private fields */ }
Expand description

Structure for a Policy. Includes both static policies and template-linked policies.

Implementations§

source§

impl Policy

source

pub fn template_id(&self) -> Option<&PolicyId>

Get the PolicyId of the Template this is linked to. If this is a static policy, this will return None.

source

pub fn effect(&self) -> Effect

Get the Effect (Permit or Forbid) for this instance

source

pub fn annotation(&self, key: impl AsRef<str>) -> Option<&str>

Get an annotation value of this template-linked or static policy

source

pub fn annotations(&self) -> impl Iterator<Item = (&str, &str)>

Iterate through annotation data of this template-linked or static policy

source

pub fn id(&self) -> &PolicyId

Get the PolicyId for this template-linked or static policy

source

pub fn new_id(&self, id: PolicyId) -> Self

Clone this Policy with a new PolicyId

source

pub fn is_static(&self) -> bool

Returns true if this is a static policy, false otherwise.

source

pub fn principal_constraint(&self) -> PrincipalConstraint

Get the head constraint on this policy’s principal

source

pub fn action_constraint(&self) -> ActionConstraint

Get the head constraint on this policy’s action

source

pub fn resource_constraint(&self) -> ResourceConstraint

Get the head constraint on this policy’s resource

source

pub fn parse( id: Option<String>, policy_src: impl AsRef<str>, ) -> Result<Self, ParseErrors>

Parse a single policy. If id is Some, the policy will be given that Policy Id. If id is None, then “policy0” will be used. The behavior around None may change in the future.

source

pub fn from_json( id: Option<PolicyId>, json: Value, ) -> Result<Self, EstToAstError>

Create a Policy from its JSON representation. If id is Some, the policy will be given that Policy Id. If id is None, then “JSON policy” will be used. The behavior around None may change in the future.

use cedar_policy::{Policy, PolicyId};
use std::str::FromStr;

let data : serde_json::Value = serde_json::json!(
       {
           "effect":"permit",
           "principal":{
           "op":"==",
           "entity":{
               "type":"User",
               "id":"bob"
           }
           },
           "action":{
           "op":"==",
           "entity":{
               "type":"Action",
               "id":"view"
           }
           },
           "resource":{
           "op":"==",
           "entity":{
               "type":"Album",
               "id":"trip"
           }
           },
           "conditions":[
           {
               "kind":"when",
               "body":{
                  ">":{
                       "left":{
                       ".":{
                           "left":{
                               "Var":"principal"
                           },
                           "attr":"age"
                       }
                       },
                       "right":{
                       "Value":18
                       }
                   }
               }
           }
           ]
       }
);
let policy = Policy::from_json(None, data).unwrap();
let src = r#"
  permit(
    principal == User::"bob",
    action == Action::"view",
    resource == Album::"trip"
  )
  when { principal.age > 18 };"#;
let expected_output = Policy::parse(None, src).unwrap();
assert_eq!(policy.to_string(), expected_output.to_string());
source

pub fn to_json(&self) -> Result<Value, impl Error>

Get the JSON representation of this Policy.

use cedar_policy::Policy;
let src = r#"
 permit(
   principal == User::"bob",
   action == Action::"view",
   resource == Album::"trip"
 )
 when { principal.age > 18 };"#;
let policy = Policy::parse(None, src).unwrap();
println!("{}", policy);
// convert the policy to JSON
let json = policy.to_json().unwrap();
println!("{}", json);
assert_eq!(policy.to_string(), Policy::from_json(None, json).unwrap().to_string());

Trait Implementations§

source§

impl Clone for Policy

source§

fn clone(&self) -> Policy

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for Policy

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Display for Policy

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl FromStr for Policy

source§

fn from_str(policy: &str) -> Result<Self, Self::Err>

Create a policy

Important note: Policies have ids, but this interface does not allow them to be set. It will use the default “policy0”, which may cause id conflicts if not handled. Use Policy::parse to set the id when parsing, or Policy::new_id to clone a policy with a new id.

source§

type Err = ParseErrors

The associated error which can be returned from parsing.
source§

impl PartialEq for Policy

source§

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Eq for Policy

Auto Trait Implementations§

§

impl Freeze for Policy

§

impl RefUnwindSafe for Policy

§

impl Send for Policy

§

impl Sync for Policy

§

impl Unpin for Policy

§

impl UnwindSafe for Policy

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T> ToSmolStr for T
where T: Display + ?Sized,

source§

fn to_smolstr(&self) -> SmolStr

source§

impl<T> ToString for T
where T: Display + ?Sized,

source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.