1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
use thiserror::Error;
use crate::{PolicyDefinition, Statement};
pub trait PolicyValidator {
type Error;
fn validate(&self, definition: &PolicyDefinition) -> Result<(), Self::Error>;
}
#[derive(Debug)]
pub struct DefaultValidator;
impl PolicyValidator for DefaultValidator {
type Error = ValidatorError;
fn validate(&self, definition: &PolicyDefinition) -> Result<(), Self::Error> {
let errors = definition
.statements()
.iter()
.flat_map(|statement| visit_statement(statement))
.collect::<Vec<_>>();
if !errors.is_empty() {
return Err(ValidatorError::ValidationSummary(errors));
}
Ok(())
}
}
fn visit_statement(statement: &Statement) -> Vec<String> {
let mut result = vec![];
if statement.identities().is_empty() {
result.push("Identities list must not be empty".into());
}
if statement.operations().is_empty() {
result.push("Operations list must not be empty".into());
}
result
}
#[derive(Debug, Error)]
pub enum ValidatorError {
#[error("An error occurred validating policy definition: {0:?}.")]
ValidationSummary(Vec<String>),
}