Struct cedar_policy :: Policy Copy item path

impl Policy

pub fn template_id(&self) -> Option<&PolicyId>

Get the PolicyId of the Template this is linked to. If this is a static policy, this will return None.

pub fn template_links(&self) -> Option<HashMap<SlotId, EntityUid>>

Get the values this Template is linked to, expressed as a map from SlotId to EntityUid. If this is a static policy, this will return None.

pub fn effect(&self) -> Effect

Get the Effect (Permit or Forbid) for this instance

pub fn annotation(&self, key: impl AsRef<str>) -> Option<&str>

Get an annotation value of this template-linked or static policy

pub fn annotations(&self) -> impl Iterator<Item = (&str, &str)>

Iterate through annotation data of this template-linked or static policy

pub fn id(&self) -> &PolicyId

Get the PolicyId for this template-linked or static policy

pub fn new_id(&self, id: PolicyId) -> Self

Clone this Policy with a new PolicyId

pub fn is_static(&self) -> bool

Returns true if this is a static policy, false otherwise.

pub fn principal_constraint(&self) -> PrincipalConstraint

Get the scope constraint on this policy’s principal

pub fn action_constraint(&self) -> ActionConstraint

Get the scope constraint on this policy’s action

pub fn resource_constraint(&self) -> ResourceConstraint

Get the scope constraint on this policy’s resource

pub fn parse( id: Option<String>, policy_src: impl AsRef<str> ) -> Result<Self, ParseErrors>

Parse a single policy. If id is Some, the policy will be given that Policy Id. If id is None, then “policy0” will be used. The behavior around None may change in the future.

This can fail if the policy fails to parse. It can also fail if a template was passed in, as this function only accepts static policies

pub fn from_json( id: Option<PolicyId>, json: Value ) -> Result<Self, FromJsonError>

Create a Policy from its JSON representation. If id is Some, the policy will be given that Policy Id. If id is None, then “JSON policy” will be used. The behavior around None may change in the future.


let json: serde_json::Value = serde_json::json!(
       {
           "effect":"permit",
           "principal":{
           "op":"==",
           "entity":{
               "type":"User",
               "id":"bob"
           }
           },
           "action":{
           "op":"==",
           "entity":{
               "type":"Action",
               "id":"view"
           }
           },
           "resource":{
           "op":"==",
           "entity":{
               "type":"Album",
               "id":"trip"
           }
           },
           "conditions":[
           {
               "kind":"when",
               "body":{
                  ">":{
                       "left":{
                       ".":{
                           "left":{
                               "Var":"principal"
                           },
                           "attr":"age"
                       }
                       },
                       "right":{
                       "Value":18
                       }
                   }
               }
           }
           ]
       }
);
let json_policy = Policy::from_json(None, json).unwrap();
let src = r#"
  permit(
    principal == User::"bob",
    action == Action::"view",
    resource == Album::"trip"
  )
  when { principal.age > 18 };"#;
let text_policy = Policy::parse(None, src).unwrap();
assert_eq!(json_policy.to_json().unwrap(), text_policy.to_json().unwrap());

pub fn to_json(&self) -> Result<Value, impl Diagnostic>

Get the JSON representation of this Policy.

let src = r#"
 permit(
   principal == User::"bob",
   action == Action::"view",
   resource == Album::"trip"
 )
 when { principal.age > 18 };"#;

let policy = Policy::parse(None, src).unwrap();
println!("{}", policy);
// convert the policy to JSON
let json = policy.to_json().unwrap();
println!("{}", json);
assert_eq!(json, Policy::from_json(None, json.clone()).unwrap().to_json().unwrap());

pub fn unknown_entities(&self) -> HashSet<EntityUid>

Available on crate feature partial-eval only.

Get all the unknown entities from the policy

This feature is experimental. For more information see https://github.com/cedar-policy/rfcs/blob/main/README.md#experimental-features

Trait Implementations§

impl Clone for Policy

fn clone(&self) -> Policy

Returns a copy of the value. Read more

1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for Policy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Display for Policy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl FromStr for Policy

fn from_str(policy: &str) -> Result<Self, Self::Err>

Create a policy

Important note: Policies have ids, but this interface does not allow them to be set. It will use the default “policy0”, which may cause id conflicts if not handled. Use Policy::parse to set the id when parsing, or Policy::new_id to clone a policy with a new id.

type Err = ParseErrors

The associated error which can be returned from parsing.

impl PartialEq for Policy

fn eq(&self, other: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.

1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for Policy

Auto Trait Implementations§

impl UnwindSafe for Policy

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> IntoEither for T

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T> ToSmolStr for T
where T: Display + ?Sized,

fn to_smolstr(&self) -> SmolStr

impl<T> ToString for T
where T: Display + ?Sized,

default fn to_string(&self) -> String

Converts the given value to a String. Read more

impl<T, U> TryFrom for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom>::Error>

Performs the conversion.

impl<T, U> TryInto for T
where U: TryFrom<T>,

type Error = >::Error

The type returned in the event of a conversion error.