Skip to main content

Principal

api_bones::audit

Struct Principal 

Source 
pub struct Principal {
    pub id: PrincipalId,
    pub kind: PrincipalKind,
    pub org_path: Vec<OrgId>,
}
Expand description

Canonical actor identity. Carries id, kind, and org-tree position.

Thread the same Principal through every downstream audit-emitting service instead of forking local newtypes.

org_path is root-to-self inclusive. Platform-internal actors outside any org tree use org_path: vec![].

§Construction

§Semantics

Identity-only. Principal carries no authorization semantics: it names an actor, nothing more. JWT/OIDC parsing, scope checks, and permission resolution all belong in caller layers.

Principals are not secretsDebug is not redacted, to preserve visibility in audit logs and tracing output.

§Examples

use api_bones::Principal;
use uuid::Uuid;

// Human principal — UUID only, no emails or display names
let id = Uuid::new_v4();
let alice = Principal::human(id);
assert_eq!(alice.as_str(), id.to_string().as_str());

// System principal
let rotation = Principal::system("billing.rotation-engine");
assert_eq!(rotation.as_str(), "billing.rotation-engine");

Fields§

§id: PrincipalId

The opaque principal identifier.

§kind: PrincipalKind

The kind of actor this principal represents.

§org_path: Vec<OrgId>

Org path from root to the acting org (inclusive). Empty = platform scope. Only present when the uuid feature is enabled.

Implementations§

Source§

impl Principal

Source

pub fn human(uuid: Uuid) -> Self

Construct a principal for a human actor from a uuid::Uuid.

This is the correct constructor for end-user / operator identities. By requiring a Uuid the API prevents callers from accidentally passing emails, display names, or other PII that would propagate into audit logs and OTEL spans (see issue #204).

§Examples
use api_bones::Principal;
use uuid::Uuid;

let id = Uuid::new_v4();
let p = Principal::human(id);
assert_eq!(p.as_str(), id.to_string().as_str());
Source

pub fn try_parse(s: &str) -> Result<Self, PrincipalParseError>

Parse a UUID string into a Principal.

Accepts any UUID text form that uuid::Uuid::parse_str recognises (hyphenated, simple, URN, braced). Returns PrincipalParseError for anything else, including emails and empty strings.

§Errors

Returns PrincipalParseError when s is not a valid UUID string.

§Examples
use api_bones::Principal;

let p = Principal::try_parse("550e8400-e29b-41d4-a716-446655440000").unwrap();
assert_eq!(p.as_str(), "550e8400-e29b-41d4-a716-446655440000");

assert!(Principal::try_parse("alice@example.com").is_err());
Source

pub fn system(id: &'static str) -> Self

Construct a system principal from a &'static string.

Infallible but no longer const since org_path is a Vec.

§Examples
use api_bones::Principal;

let bootstrap = Principal::system("orders.bootstrap");
assert_eq!(bootstrap.as_str(), "orders.bootstrap");
Source

pub fn as_str(&self) -> &str

Borrow the principal as a &str.

§Examples
use api_bones::Principal;

assert_eq!(Principal::system("bob").as_str(), "bob");
Source

pub fn with_org_path(self, org_path: Vec<OrgId>) -> Self

Set the org path on this principal (builder-style).

§Examples
use api_bones::{Principal, OrgId};
use uuid::Uuid;

let p = Principal::human(Uuid::nil())
    .with_org_path(vec![OrgId::generate()]);
assert!(!p.org_path.is_empty());
Source

pub fn org_path_display(&self) -> String

Returns the org ancestry path as a comma-separated UUID string.

Produces "" for platform-internal actors with no org affiliation, and "<uuid1>,<uuid2>,..." (root-to-self) for org-scoped actors. Intended for use as an OTEL span attribute value (enduser.org_path).

use api_bones::Principal;

let p = Principal::system("svc");
assert_eq!(p.org_path_display(), "");

Trait Implementations§

Source§

impl Clone for Principal

Source§

fn clone(&self) -> Principal

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Principal

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for Principal

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Display for Principal

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<Principal> for ResolvedPrincipal

Source§

fn from(id: Principal) -> Self

Converts to this type from the input type.
Source§

impl Hash for Principal

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl PartialEq for Principal

Source§

fn eq(&self, other: &Principal) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for Principal

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Eq for Principal

Source§

impl StructuralPartialEq for Principal

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> ValidateIp for T
where T: ToString,

Source§

fn validate_ipv4(&self) -> bool

Validates whether the given string is an IP V4
Source§

fn validate_ipv6(&self) -> bool

Validates whether the given string is an IP V6
Source§

fn validate_ip(&self) -> bool

Validates whether the given string is an IP
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,