Struct cedar_policy::Schema

pub struct Schema(/* private fields */);

Object containing schema information used by the validator.

Implementations

impl Schema

pub fn from_schema_fragments( fragments: impl IntoIterator<Item = SchemaFragment>, ) -> Result<Self, SchemaError>

Create a Schema from multiple SchemaFragment. The individual fragments may references entity types that are not declared in that fragment, but all referenced entity types must be declared in some fragment.

pub fn from_json_value(json: Value) -> Result<Self, SchemaError>

Create a Schema from a JSON value (which should be an object of the shape required for Cedar schemas).

pub fn from_file(file: impl Read) -> Result<Self, SchemaError>

👎Deprecated since 3.3.0: Use from_json_file() instead

Create a Schema directly from a file.

pub fn from_json_file(file: impl Read) -> Result<Self, SchemaError>

Create a Schema directly from a file.

pub fn from_file_natural( file: impl Read, ) -> Result<(Self, impl Iterator<Item = SchemaWarning>), HumanSchemaError>

👎Deprecated since 3.3.0: Use from_cedarschema_file() instead

Parse the schema from a reader

pub fn from_cedarschema_file( file: impl Read, ) -> Result<(Self, impl Iterator<Item = SchemaWarning>), HumanSchemaError>

Parse the schema from a reader

pub fn from_str_natural( src: &str, ) -> Result<(Self, impl Iterator<Item = SchemaWarning>), HumanSchemaError>

👎Deprecated since 3.3.0: Use from_cedarschema_str() instead

Parse the schema from a string

pub fn from_cedarschema_str( src: &str, ) -> Result<(Self, impl Iterator<Item = SchemaWarning>), HumanSchemaError>

Parse the schema from a string

pub fn action_entities(&self) -> Result<Entities, EntitiesError>

Extract from the schema an Entities containing the action entities declared in the schema.

pub fn principals(&self) -> impl Iterator<Item = &EntityTypeName>

Returns an iterator over every entity type that can be a principal for any action in this schema

Note: this iterator may contain duplicates.

Examples

Here’s an example of using a std::collections::HashSet to get a de-duplicated set of principals

use std::collections::HashSet;
use cedar_policy::Schema;
let schema : Schema = Schema::from_cedarschema_str(r#"
    entity User;
    entity Folder;
    action Access appliesTo {
        principal : User,
        resource : Folder,
    };
    action Delete appliesTo {
        principal : User,
        resource : Folder,
    };
"#).unwrap().0;
let principals = schema.principals().collect::<HashSet<_>>();
assert_eq!(principals, HashSet::from([&"User".parse().unwrap()]));

pub fn resources(&self) -> impl Iterator<Item = &EntityTypeName>

Returns an iterator over every entity type that can be a resource for any action in this schema

Note: this iterator may contain duplicates.

Examples

Here’s an example of using a std::collections::HashSet to get a de-duplicated set of resources

use std::collections::HashSet;
use cedar_policy::Schema;
let schema : Schema = Schema::from_cedarschema_str(r#"
    entity User;
    entity Folder;
    action Access appliesTo {
        principal : User,
        resource : Folder,
    };
    action Delete appliesTo {
        principal : User,
        resource : Folder,
    };
"#).unwrap().0;
let resources = schema.resources().collect::<HashSet<_>>();
assert_eq!(resources, HashSet::from([&"Folder".parse().unwrap()]));

pub fn principals_for_action( &self, action: &EntityUid, ) -> Option<impl Iterator<Item = &EntityTypeName>>

Returns an iterator over every entity type that can be a principal for action in this schema

Errors

Returns None if action is not found in the schema

pub fn resources_for_action( &self, action: &EntityUid, ) -> Option<impl Iterator<Item = &EntityTypeName>>

Returns an iterator over every entity type that can be a resource for action in this schema

Errors

Returns None if action is not found in the schema

pub fn ancestors<'a>( &'a self, ty: &'a EntityTypeName, ) -> Option<impl Iterator<Item = &EntityTypeName> + 'a>

Returns an iterator over all the entity types that can be an ancestor of ty

Errors

Returns None if the ty is not found in the schema

pub fn action_groups(&self) -> impl Iterator<Item = &EntityUid>

Returns an iterator over all the action groups defined in this schema

pub fn entity_types(&self) -> impl Iterator<Item = &EntityTypeName>

Returns an iterator over all entity types defined in this schema

pub fn actions(&self) -> impl Iterator<Item = &EntityUid>

Returns an iterator over all actions defined in this schema

Trait Implementations

impl Clone for Schema

fn clone(&self) -> Schema

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Schema

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl FromStr for Schema

fn from_str(schema_src: &str) -> Result<Self, Self::Err>

Construct a schema from a string containing a schema formatted in the Cedar schema format. This can fail if it is not possible to parse a schema from the strings, or if errors in values in the schema are uncovered after parsing. For instance, when an entity attribute name is found to not be a valid attribute name according to the Cedar grammar.

type Err = SchemaError

The associated error which can be returned from parsing.

impl RefCast for Schema

type From = ValidatorSchema

fn ref_cast(_from: &Self::From) -> &Self

fn ref_cast_mut(_from: &mut Self::From) -> &mut Self

impl TryInto<Schema> for SchemaFragment

fn try_into(self) -> Result<Schema, Self::Error>

Convert SchemaFragment into a Schema. To build the Schema we need to have all entity types defined, so an error will be returned if any undeclared entity types are referenced in the schema fragment.

type Error = SchemaError

The type returned in the event of a conversion error.