Struct cedar_policy::Authorizer

source ·
pub struct Authorizer(/* private fields */);
Expand description

Authorizer object, which provides responses to authorization queries

Implementations§

source§

impl Authorizer

source

pub fn new() -> Self

Create a new Authorizer

The authorizer uses the stacker crate to manage stack size and tries to use a sane default. If the default is not right for you, you can try wrapping the authorizer or individual calls to is_authorized in stacker::grow.

let authorizer = Authorizer::new();
let r = authorizer.is_authorized(&request, &policy, &entities);
source

pub fn is_authorized( &self, r: &Request, p: &PolicySet, e: &Entities, ) -> Response

Returns an authorization response for r with respect to the given PolicySet and Entities.

The language spec and Dafny model give a precise definition of how this is computed.

use cedar_policy::{Authorizer,Context,Entities,EntityId,EntityTypeName,
EntityUid, Request,PolicySet};
use std::str::FromStr;

// create a request
let p_eid = EntityId::from_str("alice").unwrap();
let p_name: EntityTypeName = EntityTypeName::from_str("User").unwrap();
let p = EntityUid::from_type_name_and_id(p_name, p_eid);

let a_eid = EntityId::from_str("view").unwrap();
let a_name: EntityTypeName = EntityTypeName::from_str("Action").unwrap();
let a = EntityUid::from_type_name_and_id(a_name, a_eid);

let r_eid = EntityId::from_str("trip").unwrap();
let r_name: EntityTypeName = EntityTypeName::from_str("Album").unwrap();
let r = EntityUid::from_type_name_and_id(r_name, r_eid);

let c = Context::empty();

let request: Request = Request::new(Some(p), Some(a), Some(r), c);

// create a policy
let s = r#"
permit (
  principal == User::"alice",
  action == Action::"view",
  resource == Album::"trip"
)
when { principal.ip_addr.isIpv4() };
"#;
let policy = PolicySet::from_str(s).expect("policy error");
// create entities
let e = r#"[
    {
        "uid": {"type":"User","id":"alice"},
        "attrs": {
            "age":19,
            "ip_addr":{"__extn":{"fn":"ip", "arg":"10.0.1.101"}}
        },
        "parents": []
    }
]"#;
let entities = Entities::from_json_str(e, None).expect("entity error");

let authorizer = Authorizer::new();
let r = authorizer.is_authorized(&request, &policy, &entities);
println!("{:?}", r);

Trait Implementations§

source§

impl Debug for Authorizer

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for Authorizer

source§

fn default() -> Self

Returns the “default value” for a type. Read more
source§

impl RefCast for Authorizer

source§

type From = Authorizer

source§

fn ref_cast(_from: &Self::From) -> &Self

source§

fn ref_cast_mut(_from: &mut Self::From) -> &mut Self

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.