Crate cedar_policy_validator

Crate cedar_policy_validator 

Source
Expand description

Validator for Cedar policies

Modules§

typecheck
Implements typechecking for Cedar policies. Typechecking is done using the Typechecker struct by calling the typecheck_policy method given a policy.
types
Defines the type structure for typechecking and various utilities for constructing and manipulating types.

Structs§

ActionEntityUID
ActionType
An action type describes a specific action entity. It also describes what kinds of entities it can be used on.
ActionsDef
Action declarations held in a ValidatorNamespaceDef. Entity types referenced here do not need to be declared in the schema.
ApplySpec
The apply spec specifies what principals and resources an action can be used with. This specification can either be done through containing to entity types. The fields of this record are optional so that they can be omitted to declare that the apply spec for the principal or resource is undefined, meaning that the action can be applied to any principal or resource. This is different than providing an empty list because the empty list is interpreted as specifying that there are no principals or resources that an action applies to.
AttributesOrContext
EntityType
Entity types describe the relationships in the entity store, including what entities can be members of groups of what types, and what attributes can/should be included on entities of each type.
EntityTypesDef
Entity type declarations held in a ValidatorNamespaceDef. Entity type children and attributes may reference undeclared entity types.
FunctionArgumentValidationError
Structure containing details about a function argument validation error.
IncompatibleTypes
Structure containing details about an incompatible type error.
InvalidActionApplication
Structure containing details about an invalid action application error.
MissingAttribute
Structure containing details about a missing attribute error.
MultiplyDefinedFunction
Structure containing details about a multiply defined function error.
SchemaFragment
A SchemaFragment describe the types for a given instance of Cedar. SchemaFragments are composed of Entity Types and Action Types. The schema fragment is split into multiple namespace definitions, eac including a namespace name which is applied to all entity types (and the implicit Action entity type for all actions) in the schema.
SourceLocation
Represents a location in Cedar policy source.
TypeDefs
Holds a map from Names of common type definitions to their corresponding Type.
TypeError
The structure for type errors. A type errors knows the expression that triggered the type error, as well as additional information for specific kinds of type errors.
TypeOfAttribute
Used to describe the type of a record or entity attribute. It contains a the type of the attribute and whether the attribute is required. The type is flattened for serialization, so, in JSON format, this appears as a regular type with one extra property required.
TypesMustMatch
Structure containing details about types must match error.
UndefinedFunction
Structure containing details about an undefined function error.
UnexpectedType
Structure containing details about an unexpected type error.
UnrecognizedActionId
Structure containing details about an unrecognized action id error.
UnrecognizedEntityType
Structure containing details about an unrecognized entity type error.
UnsafeOptionalAttributeAccess
Structure containing details about an unsafe optional attribute error.
UnspecifiedEntity
Structure containing details about an unspecified entity error.
ValidationError
An error generated by the validator when it finds a potential problem in a policy. The error contains a enumeration that specifies the kind of problem, and provides details specific to that kind of problem. The error also records where the problem was encountered.
ValidationResult
Contains the result of policy validation. The result includes the list of of issues found by the validation and whether validation succeeds or fails. Validation succeeds if there are no fatal errors. There are currently no non-fatal warnings, so any issues found will cause validation to fail.
ValidationWarning
Validator
Structure containing the context needed for policy validation. This is currently only the EntityTypes and ActionTypes from a single schema.
ValidatorActionId
Contains information about actions used by the validator. The contents of the struct are the same as the schema entity type structure, but the member_of relation is reversed to instead be descendants.
ValidatorEntityType
Contains entity type information for use by the validator. The contents of the struct are the same as the schema entity type structure, but the member_of relation is reversed to instead be descendants.
ValidatorNamespaceDef
A single namespace definition from the schema json processed into a form which is closer to that used by the validator. The processing includes detection of some errors, for example, parse errors in entity type names or entity type which are declared multiple times. This does not detect references to undeclared entity types because any entity type may be declared in a different fragment that will only be known about when building the complete ValidatorSchema.
ValidatorSchema
ValidatorSchemaFragment
WrongCallStyle
Structure containing details about a wrong call style error.
WrongNumberArguments
Structure containing details about a wrong number of arguments error.

Enums§

ActionBehavior
SchemaError
SchemaType
A restricted version of the Type enum containing only the types which are exposed to users.
SchemaTypeVariant
TypeErrorKind
Represents the different kinds of type errors and contains information specific to that type error kind.
UnsupportedFeature
ValidationErrorKind
Enumeration of the possible diagnostic error that could be found by the verification steps.
ValidationMode
Used to select how a policy will be validated.
ValidationWarningKind
WithUnresolvedTypeDefs
Represent a type that might be defined in terms of some type definitions which are not necessarily available in the current namespace.

Functions§

confusable_string_checks
Perform identifier and string safety checks.

Type Aliases§

Result