surrealdb_core/iam/entities/
schema.rs

1use cedar_policy::Schema;
2use std::sync::LazyLock;
3
4pub static DEFAULT_CEDAR_SCHEMA: LazyLock<serde_json::Value> = LazyLock::new(|| {
5	serde_json::json!(
6		{
7			"": {
8				"commonTypes": {
9					// Represents a Resource
10					"Resource": {
11						"type": "Record",
12						"attributes": {
13							"type": { "type": "String", "required": true },
14							"level" : { "type": "Entity", "name": "Level", "required": true },
15						}
16					},
17				},
18				"entityTypes": {
19					// Represents the Root, Namespace, Database and Record levels
20					"Level": {
21						"shape": {
22							"type": "Record",
23							"attributes": {
24								"type": { "type": "String", "required": true },
25								"ns": { "type": "String", "required": false },
26								"db": { "type": "String", "required": false },
27								"rid": { "type": "String", "required": false },
28								"table": { "type": "String", "required": false },
29								"level" : { "type": "Entity", "name": "Level", "required": true },
30							}
31						},
32						"memberOfTypes": ["Level"],
33					},
34
35					// Base resource types
36					"Any": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
37					"Namespace": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
38					"Database": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
39					"Record": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
40					"Table": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
41					"Document": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
42					"Option": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
43					"Function": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
44					"Analyzer": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
45					"Parameter": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
46					"Event": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
47					"Field": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
48					"Index": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
49					"Access": {"shape": {"type": "Resource"}, "memberOfTypes": ["Level"]},
50
51					// IAM resource types
52					"Role": {},
53					"Actor": {
54						"shape": {
55							"type": "Record",
56							"attributes": {
57								"type": { "type": "String", "required": true },
58								"level" : { "type": "Entity", "name": "Level", "required": true },
59								"roles": { "type": "Set", "element": { "type": "Entity", "name": "Role" }, "required": true},
60							},
61						},
62						"memberOfTypes": ["Level"],
63					},
64				},
65				"actions": {
66					"View": {
67						"appliesTo": {
68							"principalTypes": [ "Actor" ],
69							"resourceTypes": [ "Any", "Namespace", "Database", "Record", "Table", "Document", "Option", "Function", "Analyzer", "Parameter", "Event", "Field", "Index", "Access", "Actor" ],
70
71						},
72					},
73					"Edit": {
74						"appliesTo": {
75							"principalTypes": [ "Actor" ],
76							"resourceTypes": [ "Any", "Namespace", "Database", "Record", "Table", "Document", "Option", "Function", "Analyzer", "Parameter", "Event", "Field", "Index", "Access", "Actor" ],
77						},
78					},
79				},
80			}
81		}
82	)
83});
84
85pub fn default_schema() -> Schema {
86	Schema::from_json_value(DEFAULT_CEDAR_SCHEMA.to_owned()).unwrap()
87}
88
89#[cfg(test)]
90mod tests {
91	use super::*;
92
93	#[test]
94	fn test_default_schema() {
95		let schema = default_schema();
96		assert_eq!(schema.action_entities().unwrap().iter().count(), 2);
97	}
98}
surrealdb_core/iam/entities/schema.rs

surrealdb_core/iam/entities/
schema.rs
