Crate cedar_policy 

Public Rust interface for Cedar

Modules

extensions

This module contains all of the standard Cedar extensions.

frontend

Frontend utilities, see comments in the module itself

Structs

Authorizer

Authorizer object, which provides responses to authorization queries

Context

the Context object for an authorization request

Diagnostics

Diagnostics providing more information on how a Decision was reached

Entities

Represents an entity hierarchy, and allows looking up Entity objects by Uid.

Entity

Entity datatype

EntityId

unique identifier portion of the EntityUid type

EntityNamespace

Represents a namespace

EntityTypeName

Represents a concatenation of Namespaces and TypeName

EntityUid

Unique Id for an entity, such as User::"alice"

Expression

Expressions to be evaluated

ParseErrors

if you wrap a Vec<ParseError> in this struct, it gains a Display impl that displays each parse error on its own line, indented.

Policy

Structure for a Policy. Includes both static policies and template-linked policies.

PolicyId

Unique Ids assigned to policies and templates

PolicySet

Represents a set of Policys

Record

A record of Cedar values

Request

Represents the request tuple <P, A, R, C> (see the Cedar design doc).

Response

Authorization response returned from the Authorizer

RestrictedExpression

“Restricted” expressions are used for attribute values and context.

Schema

Object containing schema information used by the validator.

SchemaFragment

Contains all the type information used to construct a Schema that can be used to validate a policy.

Set

Sets of Cedar values

SlotId

Identifier for a Template slot

SourceLocation

Represents a location in Cedar policy source.

Template

Policy template datatype

ValidationError

An error generated by the validator when it finds a potential problem in a policy. The error contains a enumeration that specifies the kind of problem, and provides details specific to that kind of problem. The error also records where the problem was encountered.

ValidationResult

Contains the result of policy validation. The result includes the list of of issues found by the validation and whether validation succeeds or fails. Validation succeeds if there are no fatal errors. There are currently no non-fatal warnings, so any issues found will cause validation to fail.

ValidationWarning

Warnings found in Cedar policies

Validator

Validator object, which provides policy validation and typechecking.

Enums

ActionConstraint

Head constraint on policy actions.

ContextJsonError

Error type for parsing Context from JSON

Decision

Decision returned from the Authorizer

Effect

the Effect of a policy

EntitiesError

Error type for errors raised in entities.rs.

EvalResult

Result of Evaluation

EvaluationError

Errors encountered while evaluating policies or expressions, or making authorization decisions.

PolicySetError

Potential errors when adding to a PolicySet.

PolicyToJsonError

Errors that can happen when getting the JSON representation of a policy

PrincipalConstraint

Head constraint on policy principals.

ResourceConstraint

Head constraint on policy resources.

SchemaError

Errors encountered during construction of a Validation Schema

TemplatePrincipalConstraint

Head constraint on policy principals for templates.

TemplateResourceConstraint

Head constraint on policy resources for templates.

TypeErrorKind

Represents the different kinds of type errors and contains information specific to that type error kind.

ValidationErrorKind

Enumeration of the possible diagnostic error that could be found by the verification steps.

ValidationMode

Used to select how a policy will be validated.

ValidationWarningKind

Functions

confusable_string_checker

Scan a set of policies for potentially confusing/obfuscating text.

eval_expression

Evaluate If evaluation results in an error (e.g., attempting to access a non-existent Entity or Record, passing the wrong number of arguments to a function etc.), that error is returned as a String