Skip to main content

Template

cedar_policy::pst

Struct Template 

Source 
pub struct Template {
    pub id: PolicyID,
    pub effect: Effect,
    pub principal: PrincipalConstraint,
    pub action: ActionConstraint,
    pub resource: ResourceConstraint,
    pub annotations: BTreeMap<String, SmolStr>,
    /* private fields */
}
Expand description

A Cedar policy template.

Represents a complete Cedar policy template including its scope constraints, condition clauses, and annotations. If there are no slots used, this is effectively a policy.

For example:

@id("policy0")
permit (
  principal == User::"alice",
  action == Action::"view",
  resource in Album::"vacation"
)
when { resource.public == true }
unless { context.is_blocked };

Is the following Template:

let user_alice = EntityUID {
    ty: EntityType::from_name(Name::unqualified("User").unwrap()),
    eid: SmolStr::from("alice"),
};
let action_view = EntityUID {
    ty: EntityType::from_name(Name::unqualified("Action").unwrap()),
    eid: SmolStr::from("view"),
};
let album_vacation = EntityUID {
    ty: EntityType::from_name(Name::unqualified("Album").unwrap()),
    eid: SmolStr::from("vacation"),
};
let template = Template::new(
    PolicyID(SmolStr::from("policy0")),
    Effect::Permit,
    PrincipalConstraint::Eq(EntityOrSlot::Entity(user_alice)),
    ActionConstraint::Eq(action_view),
    ResourceConstraint::In(EntityOrSlot::Entity(album_vacation)),
)
.try_with_clauses(vec![
    Clause::When(Arc::new(Expr::BinaryOp {
        op: BinaryOp::Eq,
        left: Arc::new(Expr::GetAttr {
            expr: Arc::new(Expr::Var(Var::Resource)),
            attr: SmolStr::from("public"),
        }),
        right: Arc::new(Expr::Literal(Literal::Bool(true))),
    })),
    Clause::Unless(Arc::new(Expr::GetAttr {
        expr: Arc::new(Expr::Var(Var::Context)),
        attr: SmolStr::from("is_blocked"),
    })),
])
.unwrap()
.with_annotations(BTreeMap::from([
    ("id".to_string(), SmolStr::from("policy0")),
]));

Fields§

§id: PolicyID

Template ID

§effect: Effect

Permit or forbid

§principal: PrincipalConstraint

Principal constraint

§action: ActionConstraint

Action constraint

§resource: ResourceConstraint

Resource constraint

§annotations: BTreeMap<String, SmolStr>

Annotations (empty string for no value)

Implementations§

Source§

impl Template

Source

pub fn new( id: impl Into<PolicyID>, effect: Effect, principal: PrincipalConstraint, action: ActionConstraint, resource: ResourceConstraint, ) -> Template

Create a new policy with the given id, effect and scope. Constraints need to be added with try_with_clauses (or try_add_clause)

Source

pub fn clauses(&self) -> &Vec<Clause>

Get a reference to the clauses of the policy

Source

pub fn into_clauses(self) -> Vec<Clause>

Get the clauses of the policy

Source

pub fn try_with_clauses( self, clauses: impl IntoIterator<Item = Clause>, ) -> Result<Template, PstConstructionError>

Replace all clauses on this template. Fails if any clause contains a slot or unknown.

Source

pub fn try_add_clause( &mut self, clause: Clause, ) -> Result<(), PstConstructionError>

Append a single clause to this template. Fails if the clause contains a slot or unknown.

Source

pub fn with_annotations( self, annotations: BTreeMap<String, SmolStr>, ) -> Template

Set the annotations on this template, replacing any existing annotations.

Source

pub fn with_id(self, id: PolicyID) -> Template

Return a copy of this template with a new id.

Fill in any slots in this policy using the values in vals. Performing the link operation should result in a StaticPolicy. If there are unfilled slots, this results in an Error.

Source

pub fn slots(&self) -> HashSet<SlotId>

Get the slots used by the template

Source

pub fn is_static(&self) -> bool

Check if the template has any slots

Trait Implementations§

Source§

impl Clone for Template

Source§

fn clone(&self) -> Template

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Template

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Display for Template

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl PartialEq for Template

Source§

fn eq(&self, other: &Template) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl TryFrom<Template> for StaticPolicy

Source§

type Error = ContainsSlotError

The type returned in the event of a conversion error.
Source§

fn try_from( body: Template, ) -> Result<StaticPolicy, <StaticPolicy as TryFrom<Template>>::Error>

Performs the conversion.
Source§

impl Eq for Template

Source§

impl StructuralPartialEq for Template

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToSmolStr for T
where T: Display + ?Sized,

Source§

fn to_smolstr(&self) -> SmolStr

Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.