Skip to main content

PolicyStore

aa_core::storage

Trait PolicyStore 

Source 
pub trait PolicyStore: Send + Sync {
    // Required methods
    fn get_policy<'life0, 'life1, 'async_trait>(
        &'life0 self,
        agent_id: &'life1 AgentId,
    ) -> Pin<Box<dyn Future<Output = Result<PolicyDocument>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn invalidate<'life0, 'life1, 'async_trait>(
        &'life0 self,
        agent_id: &'life1 AgentId,
    ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
}
Expand description

Fetches and invalidates the effective PolicyDocument for an agent.

The runtime calls get_policy on the hot path before evaluating an action, so backends are expected to serve from a fast store (or a cache wrapper layered on top — see Epic C). When a policy changes, invalidate drops any cached copy so the next read reloads from the source of truth.

§Example

use aa_core::storage::{AgentId, PolicyDocument, PolicyStore, Result, StorageError};
use async_trait::async_trait;

/// A backend that has no policy for any agent.
struct EmptyPolicyStore;

#[async_trait]
impl PolicyStore for EmptyPolicyStore {
    async fn get_policy(&self, agent_id: &AgentId) -> Result<PolicyDocument> {
        Err(StorageError::NotFound(format!("{:?}", agent_id.as_bytes())))
    }

    async fn invalidate(&self, _agent_id: &AgentId) -> Result<()> {
        Ok(())
    }
}

Required Methods§

Source

fn get_policy<'life0, 'life1, 'async_trait>( &'life0 self, agent_id: &'life1 AgentId, ) -> Pin<Box<dyn Future<Output = Result<PolicyDocument>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Return the effective policy for agent_id.

Returns StorageError::NotFound when the agent has no policy on record.

Source

fn invalidate<'life0, 'life1, 'async_trait>( &'life0 self, agent_id: &'life1 AgentId, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Drop any cached policy for agent_id so the next read reloads it.

Idempotent: invalidating an agent with no cached entry succeeds.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§