surrealdb_core/iam/entities/
schema.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
use cedar_policy::Schema;
use std::sync::LazyLock;

pub static DEFAULT_CEDAR_SCHEMA: LazyLock<serde_json::Value> = LazyLock::new(|| {
	serde_json::json!(
		{
			"": {
				"commonTypes": {
					// Represents a Resource
					"Resource": {
						"type": "Record",
						"attributes": {
							"type": { "type": "String", "required": true },
							"level" : { "type": "Entity", "name": "Level", "required": true },
						}
					},
				},
				"entityTypes": {
					// Represents the Root, Namespace, Database and Record levels
					"Level": {
						"shape": {
							"type": "Record",
							"attributes": {
								"type": { "type": "String", "required": true },
								"ns": { "type": "String", "required": false },
								"db": { "type": "String", "required": false },
								"rid": { "type": "String", "required": false },
								"table": { "type": "String", "required": false },
								"level" : { "type": "Entity", "name": "Level", "required": true },
							}
						},
						"memberOfTypes": ["Level"],
					},

					// Base resource types
					"Any": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Namespace": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Database": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Record": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Table": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Document": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Option": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Function": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Analyzer": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Parameter": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Event": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Field": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Index": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
					"Access": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},

					// IAM resource types
					"Role": {},
					"Actor": {
						"shape": {
							"type": "Record",
							"attributes": {
								"type": { "type": "String", "required": true },
								"level" : { "type": "Entity", "name": "Level", "required": true },
								"roles": { "type": "Set", "element": { "type": "Entity", "name": "Role" }, "required": true},
							},
						},
						"memberOfTypes": ["Level"],
					},
				},
				"actions": {
					"View": {
						"appliesTo": {
							"principalTypes": [ "Actor" ],
							"resourceTypes": [ "Any", "Namespace", "Database", "Record", "Table", "Document", "Option", "Function", "Analyzer", "Parameter", "Event", "Field", "Index", "Access", "Actor" ],

						},
					},
					"Edit": {
						"appliesTo": {
							"principalTypes": [ "Actor" ],
							"resourceTypes": [ "Any", "Namespace", "Database", "Record", "Table", "Document", "Option", "Function", "Analyzer", "Parameter", "Event", "Field", "Index", "Access", "Actor" ],
						},
					},
				},
			}
		}
	)
});

pub fn default_schema() -> Schema {
	Schema::from_json_value(DEFAULT_CEDAR_SCHEMA.to_owned()).unwrap()
}

#[cfg(test)]
mod tests {
	use super::*;

	#[test]
	fn test_default_schema() {
		let schema = default_schema();
		assert_eq!(schema.action_entities().unwrap().iter().count(), 2);
	}
}