PartialResponse

cedar_policy

Struct PartialResponse 

Source 
pub struct PartialResponse(/* private fields */);
Available on crate feature partial-eval only.
Expand description

A partially evaluated authorization response.

Splits the results into several categories: satisfied, false, and residual for each policy effect. Also tracks all the errors that were encountered during evaluation.

This feature is experimental. For more information see https://github.com/cedar-policy/rfcs/blob/main/README.md#experimental-features

Implementations§

Source§

impl PartialResponse

Source

pub fn decision(&self) -> Option<Decision>

Attempt to reach a partial decision; the presence of residuals may result in returning None, indicating that a decision could not be reached given the unknowns

Source

pub fn concretize(self) -> Response

Convert this response into a concrete evaluation response. All residuals are treated as errors

Source

pub fn definitely_satisfied(&self) -> impl Iterator<Item = Policy> + '_

Returns the set of Policys that were definitely satisfied. This will be the set of policies (both permit and forbid) that evaluated to true

Source

pub fn definitely_errored(&self) -> impl Iterator<Item = &PolicyId>

Returns the set of PolicyIds that encountered errors

Source

pub fn may_be_determining(&self) -> impl Iterator<Item = Policy> + '_

Returns an over-approximation of the set of determining policies

This is all policies that may be determining for any substitution of the unknowns. Policies not in this set will not affect the final decision, regardless of any substitutions.

For more information on what counts as “determining” see: https://docs.cedarpolicy.com/auth/authorization.html#request-authorization

Source

pub fn must_be_determining(&self) -> impl Iterator<Item = Policy> + '_

Returns an under-approximation of the set of determining policies

This is all policies that must be determining for all possible substitutions of the unknowns. This set will include policies that evaluated to true and are guaranteed to be contributing to the final authorization decision.

For more information on what counts as “determining” see: https://docs.cedarpolicy.com/auth/authorization.html#request-authorization

Source

pub fn nontrivial_residuals(&self) -> impl Iterator<Item = Policy> + '_

Returns the set of non-trivial (meaning more than just true or false) residuals expressions

Source

pub fn all_residuals(&self) -> impl Iterator<Item = Policy> + '_

Returns every policy as a residual expression

Source

pub fn unknown_entities(&self) -> HashSet<EntityUid>

Returns all unknown entities during the evaluation of the response

Source

pub fn get(&self, id: &PolicyId) -> Option<Policy>

Return the residual for a given PolicyId, if it exists in the response

Source

pub fn reauthorize( &self, mapping: HashMap<SmolStr, RestrictedExpression>, auth: &Authorizer, es: &Entities, ) -> Result<Self, ReauthorizationError>

👎Deprecated: use reauthorize_with_bindings

Attempt to re-authorize this response given a mapping from unknowns to values.

Source

pub fn reauthorize_with_bindings<'m>( &self, mapping: impl IntoIterator<Item = (&'m str, &'m RestrictedExpression)>, auth: &Authorizer, es: &Entities, ) -> Result<Self, ReauthorizationError>

Attempt to re-authorize this response given a mapping from unknowns to values, provided as an iterator. Exhausts the iterator, returning any evaluation errors in the restricted expressions, regardless whether there is a matching unknown.

Trait Implementations§

Source§

impl Clone for PartialResponse

Source§

fn clone(&self) -> PartialResponse

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PartialResponse

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<PartialResponse> for Response

Source§

fn from(partial_response: PartialResponse) -> Self

Converts to this type from the input type.
Source§

impl RefCast for PartialResponse

Source§

type From = PartialResponse

Source§

fn ref_cast(_from: &Self::From) -> &Self

Source§

fn ref_cast_mut(_from: &mut Self::From) -> &mut Self

Source§

impl TryFrom<PartialResponse> for ResidualResponse

Source§

type Error = Box<dyn Diagnostic + Send + Sync>

The type returned in the event of a conversion error.
Source§

fn try_from(partial_response: PartialResponse) -> Result<Self, Self::Error>

Performs the conversion.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.