Crate cedar_policy_validator

Validator for Cedar policies

Modules

cedar_schema

The Cedar syntax for schemas

json_schema

Structures defining the JSON syntax for Cedar schemas

request_validation_errors

Errors related to validation

schema_errors

Error subtypes for SchemaError

typecheck

Implements typechecking for Cedar policies. Typechecking is done using the Typechecker struct by calling the typecheck_policy method given a policy.

types

Defines the type structure for typechecking and various utilities for constructing and manipulating types.

validation_errors

Defines errors returned by the validator.

validation_warnings

Defines warnings returned by the validator.

Structs

AllDefs

Holds the sets of all entity type, common type, and action definitions (fully-qualified names) in all fragments.

CedarSchemaParseError

Error parsing a Cedar-syntax schema

ConditionalName

A name which may refer to many possible different fully-qualified names, depending on which of them are declared (in any schema fragment)

ContextSchema

Struct which carries enough information that it can impl Core’s ContextSchema.

CoreSchema

Struct which carries enough information that it can (efficiently) impl Core’s Schema

EntityTypeDescription

Struct which carries enough information that it can impl Core’s EntityTypeDescription

RawName

A newtype which indicates that the contained InternalName may not yet be fully-qualified.

ValidationResult

Contains the result of policy validation. The result includes the list of issues found by validation and whether validation succeeds or fails. Validation succeeds if there are no fatal errors. There may still be non-fatal warnings present when validation passes.

Validator

Structure containing the context needed for policy validation. This is currently only the EntityTypes and ActionTypes from a single schema.

ValidatorActionId

Contains information about actions used by the validator. The contents of the struct are the same as the schema entity type structure, but the member_of relation is reversed to instead be descendants.

ValidatorEntityType

Contains entity type information for use by the validator. The contents of the struct are the same as the schema entity type structure, but the member_of relation is reversed to instead be descendants.

ValidatorNamespaceDef

A single namespace definition from the schema JSON or Cedar syntax, processed into a form which is closer to that used by the validator. The processing includes detection of some errors, for example, parse errors in entity/common type names or entity/common types which are declared multiple times.

ValidatorSchema

Internal representation of the schema for use by the validator.

ValidatorSchemaFragment

A ValidatorSchemaFragment consists of any number (even 0) of ValidatorNamespaceDefs.

ValidatorType

Main Type struct that includes source location if available in the extended-schema

Enums

ActionBehavior

Configurable validator behaviors regarding actions

CedarSchemaError

Error creating a schema from the Cedar syntax

ReferenceType

Describes whether a reference can resolve to a common-type name, an entity-type name, or both

RequestValidationError

Error when the request does not conform to the schema.

SchemaError

Error when constructing a schema

ValidationError

An error generated by the validator when it finds a potential problem in a policy. The error contains a enumeration that specifies the kind of problem, and provides details specific to that kind of problem. The error also records where the problem was encountered.

ValidationMode

Used to select how a policy will be validated.

ValidationWarning

Represents the different kinds of validation warnings and information specific to that warning.

ValidatorEntityTypeKind

The kind of validator entity types.

Functions

confusable_string_checks

Perform identifier and string safety checks.

context_schema_for_action

Since different Actions have different schemas for Context, you must specify the Action in order to get a ContextSchema.

Type Aliases

Result

Convenience alias