Expand description
This module contains the AST datatypes.
Modules§
- context_
creation_ errors - Error subtypes for
ContextCreationError - expression_
construction_ errors - Error subtypes for
ExpressionConstructionError - restricted_
expr_ errors - Error subtypes for
RestrictedExpressionError
Structs§
- Annotation
- Struct which holds the value of a particular annotation
- Annotations
- Struct which holds the annotations for a policy
- AnyId
- Like
Id, except this specifically can contain Cedar reserved identifiers. (It still can’t contain, for instance, spaces or characters like ‘+’.) - Borrowed
Restricted Expr - While
RestrictedExprwraps an ownedExpr,BorrowedRestrictedExprwraps a borrowedExpr, with the same invariants. - Contains
Unknown - The
PartialValueis a residual, i.e., contains an unknown - Entity
- Entity datatype
- Entity
Attr Evaluation Error - Error type for evaluation errors when evaluating an entity attribute or tag.
Contains some extra contextual information and the underlying
EvaluationError. - EntityUID
Impl - Unique ID for an entity. These represent entities in the AST.
- Expr
- Internal AST for expressions used by the policy evaluator.
This structure is a wrapper around an
ExprKind, which is the expression variant this object contains. It also contains source information about where the expression was written in policy source code, and some generic data which is stored on each node of the AST. Cloning is O(1). - Expr
Builder - Builder for constructing
Exprobjects annotated with somedata(possibly taking default value) and optionally asource_loc. - Expr
Iterator - This structure implements the iterator used to traverse subexpressions of an expression.
- Expr
Shape Only - A new type wrapper around
Exprthat providesEqandHashimplementations that ignore any source information or other generic data used to annotate theExpr. - Extension
- Cedar extension.
- Extension
Function - Extension function. These can be called by the given
namein Ceder expressions. - Id
- Identifiers. Anything in
Idshould be a valid identifier, this means it does not contain, for instance, spaces or characters like ‘+’; and also is not one of the Cedar reserved identifiers (at time of writing,true | false | if | then | else | in | is | like | has). - Infallible
- Wrapper around
std::convert::Infalliblewhich also implementsmiette::Diagnostic - Internal
Name - Represents the name of an entity type, function, etc. The name may include namespaces. Clone is O(1).
- Into
Iter - Wraps the
BTreeMapinto an opaque type so we can change it later if need be - Literal
Policy - Represents either a static policy or a template linked policy.
- Literal
Policy Set - A Policy Set that contains less rich information than
PolicySet. - Name
- A new type which indicates that the contained
InternalNamedoes not contain reserved__cedar, as specified by RFC 52. This represents names which are legal for end-users to define, whileInternalNamerepresents names which are legal for end-users to reference. - Pattern
- Represent a pattern literal (the RHS of the like operator) Also provides an implementation of the Display trait as well as a wildcard matching method.
- Policy
- A Policy that contains:
- PolicyID
- A unique identifier for a policy statement
- Policy
Set - Represents a set of
Policys - Principal
Constraint - Template constraint on principal scope variables
- Representable
Extension Value - Object container for extension values
An extension value must be representable by a
RestrictedExprSpecifically, it will be a function callfunconargsNote thatfuncmay not be the constructor. A counterexample is that adatetimeis represented by anoffsetmethod call. Nevertheless, an invariant is thateval(<func>(<args>)) == value - Request
- Represents the request tuple <P, A, R, C> (see the Cedar design doc).
- Request
Schema AllPass - A
RequestSchemathat does no validation and always reports a passing result - Request
Type - Represents the principal type, resource type, and action UID.
- Reserved
Name Error - Error when a reserved name is used where it is not allowed
- Resource
Constraint - Template constraint on resource scope variables
- Restricted
Expr - A few places in Core use these “restricted expressions” (for lack of a
better term) which are in some sense the minimal subset of
Exprrequired to express all possibleValues. - Restricted
Expr Shape Only - Like
ExprShapeOnly, but for restricted expressions. - Set
Value’s internal representation of aSet- Slot
SlotIdplus a source location- SlotId
- Identifier for a slot Clone is O(1).
- Static
Policy - Static Policies are policy that do not come from templates. They have the same structure as a template definition, but cannot contain slots
- Template
- Top level structure for a policy template. Contains both the AST for template, and the list of open slots in the template.
- Template
Body Impl - Policy datatype. This is used for both templates (in which case it contains slots) and static policies (in which case it contains zero slots).
- Unknown
- Representation of a partial-evaluation Unknown at the AST level
- Unreserved
Id - An
Idthat is not equal to__cedar, as specified by RFC 52 - Value
- This describes all the values which could be the dynamic result of evaluating an
Expr. Cloning is O(1).
Enums§
- Action
Constraint - Constraint for action scope variables. Action variables can be constrained to be in any variable in a list.
- Binary
Op - Built-in operators with exactly two arguments
- Call
Style - Which “style” is a function call
- Context
Contextfield of aRequest- Context
Creation Error - Errors while trying to create a
Context - Effect
- the Effect of a policy
- Eid
- The
Eidtype represents the id of anEntity, without the typename. Together with the typename it comprises anEntityUID. For example, inUser::"alice", theEidisalice. - Entity
Reference - A reference to an EntityUID that may be a Slot
- Entity
Type - Entity type - can be an error type when ‘tolerant-ast’ feature is enabled
- EntityUID
- Unique ID for an entity. These represent entities in the AST.
- EntityUID
Entry - An entry in a request for a Entity UID. It may either be a concrete EUID or an unknown in the case of partial evaluation
- Expr
Kind - The possible expression variants. This enum should be matched on by code recursively traversing the AST.
- Expression
Construction Error - Errors when constructing an expression
- Extension
Output Value - The output of an extension call, either a value or an unknown
- Linking
Error - Errors linking templates
- Literal
- First-class values which may appear as literals in
Expr::Lit. - NotValue
- An error that can be thrown converting an expression to a value
- Partial
Value - Intermediate results of partial evaluation
- Partial
Value ToRestricted Expr Error - Errors when converting
PartialValuetoRestrictedExpr - Partial
Value ToValue Error - Errors encountered when converting
PartialValuetoValue - Pattern
Elem - Represent an element in a pattern literal (the RHS of the like operation)
- Policy
SetError - Potential errors when working with
PolicySets. - Policy
SetGet Links Error - Potential errors when working with
PolicySets. - Policy
SetPolicy Removal Error - Potential errors when removing policies from a
PolicySet. - Policy
SetTemplate Removal Error - Potential errors when removing templates from a
PolicySet. - Policy
SetUnlink Error - Potential errors when unlinking from a
PolicySet. - Principal
OrResource - Subset of AST variables that have the same constraint form
- Principal
OrResource Constraint - Represents the constraints for principals and resources.
Can either not constrain, or constrain via
==orinfor a single entity literal. - Reification
Error - Errors that can happen during policy reification
- Restricted
Expression Error - Error when constructing a restricted expression from unrestricted expression
- Restricted
Expression Parse Error - Errors possible from
RestrictedExpr::from_str() - Substitution
Error - Enum for errors encountered during substitution
- Template
Body - Policy datatype. This is used for both templates (in which case it contains slots) and static policies (in which case it contains zero slots).
- Type
- This represents the runtime type of a Cedar value. Nominal types: two entity types are equal if they have the same Name.
- UnaryOp
- Built-in operators with exactly one argument
- Unexpected
Slot Error - Error for unexpected slots
- Value
Kind - This describes all the values which could be the dynamic result of evaluating an
Expr. Cloning is O(1). - Var
- AST variables
Statics§
- ACTION_
ENTITY_ TYPE - The entity type that Actions must have
Traits§
- Bounded
Display - Like
Display, but optionally truncates embedded sets/records tonelements/pairs, including recursively. - Bounded
ToString - Like
ToString, but optionally truncates embedded sets/records tonelements/pairs, including recursively. - Expr
Visitor - A visitor trait for traversing Cedar Policy Abstract Syntax Trees (ASTs).
- Extension
Value - Extension value.
- Internal
Extension Value - Extensions provide a type implementing
ExtensionValue,Eq, andOrd. We automatically implementInternalExtensionValuefor that type (with the impl below). Internally, we usedyn InternalExtensionValueinstead ofdyn ExtensionValue. - Request
Schema - Trait for schemas capable of validating
Requests - Statically
Typed - Trait for everything in Cedar that has a type known statically.
Functions§
- split
- Collect an iterator of either residuals or values into one of the following a) An iterator over values, if everything evaluated to values b) An iterator over residuals expressions, if anything only evaluated to a residual Order is preserved.
Type Aliases§
- Binary
Extension Function Object - Trait object that implements the extension function call accepting exactly 2 arguments
- Extension
Function Object - Trait object that implements the extension function call accepting any number of arguments.
- Input
Integer - The integer type we use when parsing input
- Integer
- The integer type we use internally
- Nullary
Extension Function Object - Trait object that implements the extension function call accepting exactly 0 arguments
- SlotEnv
- Map from Slot Ids to Entity UIDs which fill the slots
- Ternary
Extension Function Object - Trait object that implements the extension function call accepting exactly 3 arguments
- Unary
Extension Function Object - Trait object that implements the extension function call accepting exactly 1 arguments
- Variadic
Extension Function Object - Trait object that implements the extension function call that takes one argument, followed by a variadic number of arguments.