Expand description
This module contains the AST datatypes.
Structs§
- Borrowed
Literal Policy - A borrowed version of LiteralPolicy exclusively for serialization
- Borrowed
Restricted Expr - While
RestrictedExprwraps an ownedExpr,BorrowedRestrictedExprwraps a borrowedExpr, with the same invariants. - Context
Contextfield of aRequest- Eid
- EID type is just a SmolStr for now
- Entity
- Entity datatype
- EntityUID
- Unique ID for an entity. These represent entities in the AST.
- Expr
- Internal AST for expressions used by the policy evaluator.
This structure is a wrapper around an
ExprKind, which is the expression variant this object contains. It also contains source information about where the expression was written in policy source code, and some generic data which is stored on each node of the AST. Cloning is O(1). - Expr
Builder - Builder for constructing
Exprobjects annotated with somedata(possibly taking default value) and optional somesource_info. - Expr
Iterator - This structure implements the iterator used to traverse subexpressions of an expression.
- Expr
Shape Only - A new type wrapper around
Exprthat providesEqandHashimplementations that ignore any source information or other generic data used to annotate theExpr. - Extension
- Cedar extension.
- Extension
Function - Extension function. These can be called by the given
namein Ceder expressions. - Extension
Function Op - Extension functions Clone is O(1).
- Extension
Value With Args - Object container for extension values, also stores the fully reduced AST for the arguments
- Id
- Identifiers. Anything in
Idshould be a valid identifier (and not contain, for instance, spaces or characters like ‘+’). - Literal
Policy - Represents either an static policy or a template linked policy This is the serializable version because it simply refers to the Template by its Id;
- Name
- This is the
Nametype used to name types, functions, etc. The name can include namespaces. Clone is O(1). - Pattern
- Represent a pattern literal (the RHS of the like operator) Also provides an implementation of the Display trait as well as a wildcard matching method.
- Policy
- A Policy that contains: a pointer to its template an link ID (unless it’s an static policy) the bound values for slots in the template
- PolicyID
- A unique identifier for a policy statement
- Policy
Set - Represents a set of
Policys - Principal
Constraint - Template constraint on principal head variables
- Request
- Represents the request tuple <P, A, R, C> (see the Cedar design doc).
- Resource
Constraint - Template constraint on resource head variables
- Restricted
Expr - A few places in Core use these “restricted expressions” (for lack of a
better term) which are in some sense the minimal subset of
Exprrequired to express all possibleValues. - Restricted
Expr Shape Only - Like
ExprShapeOnly, but for restricted expressions. - Set
Value’s internal representation of aSet- SlotId
- Identifier for a slot Clone is O(1).
- Static
Policy - Static Policies are policy that do not come from templates. They have the same structure as a template definition, but cannot contain slots
- Template
- Top level structure for a policy template. Contains both the AST for template, and the list of open slots in the template.
- Template
Body - Policy datatype.
Enums§
- Action
Constraint - Constraint for action head variables. Action variables can be constrained to be in any variable in a list.
- Binary
Op - Built-in operators with exactly two arguments
- Call
Style - Which “style” is a function call
- Contains
Slot - Error for unexpected slots
- Effect
- the Effect of a policy
- Entity
Reference - A reference to an EntityUID that may be a Slot
- Entity
Type - We support two types of entities. The first is a nominal type (e.g., User, Action) and the second is an unspecified type, which is used (internally) to represent cases where the input request does not provide a principal, action, and/or resource.
- EntityUID
Entry - An entry in a request for a Entity UID. It may either be a concrete EUID or an unknown in the case of partial evaluation
- Expr
Kind - The possible expression variants. This enum should be matched on by code recursively traversing the AST.
- Extension
Output Value - The output of an extension call, either a value or an unknown
- Linking
Error - Errors instantiating templates
- Literal
- First-class values which may appear as literals in
Expr::Lit. - NotValue
- An error that can be thrown converting an expression to a value
- Partial
Value - Intermediate results of partial evaluation
- Pattern
Elem - Represent an element in a pattern literal (the RHS of the like operation)
- Policy
SetError - Potential errors when working with
PolicySets. - Principal
OrResource - Subset of AST variables that have the same constraint form
- Principal
OrResource Constraint - Represents the constraints for principals and resources.
Can either not constrain, or constrain via
==orinfor a single entity literal. - Reification
Error - Errors that can happen during policy reification
- Restricted
Expression Error - Errors generated in the restricted_expr module
- Substitution
Error - Enum for errors encountered during substitution
- Type
- This represents the runtime type of a Cedar value. Nominal types: two entity types are equal if they have the same Name.
- UnaryOp
- Built-in operators with exactly one argument
- Value
- This describes all the values which could be the dynamic result of evaluating an
Expr. Cloning is O(1). - Var
- AST variables
Traits§
- Extension
Value - Extension value.
- Internal
Extension Value - Extensions provide a type implementing
ExtensionValue,Eq, andOrd. We automatically implementInternalExtensionValuefor that type (with the impl below). Internally, we usedyn InternalExtensionValueinstead ofdyn ExtensionValue. - Statically
Typed - Trait for everything in Cedar that has a type known statically.
Functions§
- split
- Collect an iterator of either residuals or values into one of the following a) An iterator over values, if everything evaluated to values b) An iterator over residuals expressions, if anything only evaluated to a residual Order is preserved.
Type Aliases§
- Extension
Function Object - Trait object that implements the extension function call.
- SlotEnv
- Map from Slot Ids to Entity UIDs which fill the slots