Crate cedar_policy

source ·

Expand description

Public Rust interface for Cedar

Modules

extensions
This module contains all of the standard Cedar extensions.
frontend
Frontend utilities, see comments in the module itself

Structs

Authorizer
Authorizer object, which provides responses to authorization queries
Context
the Context object for an authorization request
Diagnostics
Diagnostics providing more information on how a Decision was reached
Entities
Represents an entity hierarchy, and allows looking up Entity objects by Uid.
Entity
Entity datatype
EntityId
unique identifier portion of the EntityUid type
EntityNamespace
Represents a namespace
EntityTypeName
Represents a concatenation of Namespaces and TypeName
EntityUid
Unique Id for an entity, such as User::"alice"
Expression
Expressions to be evaluated
ParseErrors
if you wrap a Vec<ParseError> in this struct, it gains a Display impl that displays each parse error on its own line, indented.
Policy
Structure for a Policy. Includes both static policies and template-linked policies.
PolicyId
Unique Ids assigned to policies and templates
PolicySet
Represents a set of Policys
Record
A record of Cedar values
Request
Represents the request tuple <P, A, R, C> (see the Cedar design doc).
ResidualResponse
A residual response obtained from is_authorized_partial.
Response
Authorization response returned from the Authorizer
RestrictedExpression
“Restricted” expressions are used for attribute values and context.
Schema
Object containing schema information used by the validator.
SchemaFragment
Contains all the type information used to construct a Schema that can be used to validate a policy.
Set
Sets of Cedar values
SlotId
Identifier for a Template slot
SourceLocation
Represents a location in Cedar policy source.
Template
Policy template datatype
ValidationError
An error generated by the validator when it finds a potential problem in a policy. The error contains a enumeration that specifies the kind of problem, and provides details specific to that kind of problem. The error also records where the problem was encountered.
ValidationResult
Contains the result of policy validation. The result includes the list of of issues found by the validation and whether validation succeeds or fails. Validation succeeds if there are no fatal errors. There are currently no non-fatal warnings, so any issues found will cause validation to fail.
ValidationWarning
Warnings found in Cedar policies
Validator
Validator object, which provides policy validation and typechecking.

Enums

ActionConstraint
Head constraint on policy actions.
ContextJsonError
Error type for parsing Context from JSON
Decision
Decision returned from the Authorizer
Effect
the Effect of a policy
EvalResult
Result of Evaluation
EvaluationError
Errors encountered while evaluating policies or expressions, or making authorization decisions.
PartialResponse
Authorization response returned from is_authorized_partial It can either be a full concrete response, or a residual response.
PolicySetError
Potential errors when adding to a PolicySet.
PrincipalConstraint
Head constraint on policy principals.
ResourceConstraint
Head constraint on policy resources.
SchemaError
Errors encountered during construction of a Validation Schema
TemplatePrincipalConstraint
Head constraint on policy principals for templates.
TemplateResourceConstraint
Head constraint on policy resources for templates.
TypeErrorKind
Represents the different kinds of type errors and contains information specific to that type error kind.
ValidationErrorKind
Enumeration of the possible diagnostic error that could be found by the verification steps.
ValidationMode
Used to select how a policy will be validated.
ValidationWarningKind

Functions

confusable_string_checker
Scan a set of policies for potentially confusing/obfuscating text.
eval_expression
Evaluate If evaluation results in an error (e.g., attempting to access a non-existent Entity or Record, passing the wrong number of arguments to a function etc.), that error is returned as a String