aranya_daemon/
policy.rs

1//! This code is @generated by `policy-ifgen`. DO NOT EDIT.
2#![cfg_attr(rustfmt, rustfmt::skip)]
3#![allow(clippy::duplicated_attributes)]
4#![allow(clippy::enum_variant_names)]
5#![allow(missing_docs)]
6#![allow(non_camel_case_types)]
7#![allow(non_snake_case)]
8#![allow(unused_imports)]
9extern crate alloc;
10use alloc::vec::Vec;
11use aranya_policy_ifgen::{
12    macros::{action, actions, effect, effects, value},
13    BaseId, ClientError, Value, Text,
14};
15#[derive(Debug)]
16pub enum Persistent {}
17#[derive(Debug)]
18pub enum Ephemeral {}
19/// PublicKeyBundle policy struct.
20#[value]
21pub struct PublicKeyBundle {
22    pub ident_key: Vec<u8>,
23    pub sign_key: Vec<u8>,
24    pub enc_key: Vec<u8>,
25}
26/// ChanOp policy enum.
27#[value]
28pub enum ChanOp {
29    RecvOnly,
30    SendOnly,
31    SendRecv,
32}
33/// RoleManagementPerm policy enum.
34#[value]
35pub enum RoleManagementPerm {
36    CanAssignRole,
37    CanRevokeRole,
38    CanChangeRolePerms,
39}
40/// SimplePerm policy enum.
41#[value]
42pub enum SimplePerm {
43    AddDevice,
44    RemoveDevice,
45    TerminateTeam,
46    CreateRole,
47    DeleteRole,
48    AssignRole,
49    RevokeRole,
50    ChangeRoleManagementPerms,
51    SetupDefaultRole,
52    ChangeRoleManagingRole,
53    CreateLabel,
54    DeleteLabel,
55    ChangeLabelManagingRole,
56    AssignLabel,
57    RevokeLabel,
58    CanUseAfc,
59    CreateAfcUniChannel,
60}
61/// Enum of policy effects that can occur in response to a policy action.
62#[effects]
63pub enum Effect {
64    AfcUniChannelCreated(AfcUniChannelCreated),
65    AfcUniChannelReceived(AfcUniChannelReceived),
66    AssignedLabelToDevice(AssignedLabelToDevice),
67    CheckValidAfcChannels(CheckValidAfcChannels),
68    DeviceAdded(DeviceAdded),
69    DeviceRemoved(DeviceRemoved),
70    LabelCreated(LabelCreated),
71    LabelDeleted(LabelDeleted),
72    LabelManagingRoleAdded(LabelManagingRoleAdded),
73    LabelManagingRoleRevoked(LabelManagingRoleRevoked),
74    LabelRevokedFromDevice(LabelRevokedFromDevice),
75    PermAddedToRole(PermAddedToRole),
76    PermRemovedFromRole(PermRemovedFromRole),
77    QueryAfcChannelIsValidResult(QueryAfcChannelIsValidResult),
78    QueryDeviceKeyBundleResult(QueryDeviceKeyBundleResult),
79    QueryDeviceRoleResult(QueryDeviceRoleResult),
80    QueryDevicesOnTeamResult(QueryDevicesOnTeamResult),
81    QueryLabelResult(QueryLabelResult),
82    QueryLabelsAssignedToDeviceResult(QueryLabelsAssignedToDeviceResult),
83    QueryLabelsResult(QueryLabelsResult),
84    QueryRoleOwnersResult(QueryRoleOwnersResult),
85    QueryTeamRolesResult(QueryTeamRolesResult),
86    RoleAssigned(RoleAssigned),
87    RoleChanged(RoleChanged),
88    RoleCreated(RoleCreated),
89    RoleDeleted(RoleDeleted),
90    RoleManagementPermAssigned(RoleManagementPermAssigned),
91    RoleManagementPermRevoked(RoleManagementPermRevoked),
92    RoleOwnerAdded(RoleOwnerAdded),
93    RoleOwnerRemoved(RoleOwnerRemoved),
94    RoleRevoked(RoleRevoked),
95    TeamCreated(TeamCreated),
96    TeamTerminated(TeamTerminated),
97}
98/// AfcUniChannelCreated policy effect.
99#[effect]
100pub struct AfcUniChannelCreated {
101    pub parent_cmd_id: BaseId,
102    pub receiver_id: BaseId,
103    pub author_enc_key_id: BaseId,
104    pub peer_enc_pk: Vec<u8>,
105    pub label_id: BaseId,
106    pub channel_key_id: BaseId,
107    pub encap: Vec<u8>,
108}
109/// AfcUniChannelReceived policy effect.
110#[effect]
111pub struct AfcUniChannelReceived {
112    pub parent_cmd_id: BaseId,
113    pub sender_id: BaseId,
114    pub author_enc_pk: Vec<u8>,
115    pub peer_enc_key_id: BaseId,
116    pub label_id: BaseId,
117    pub encap: Vec<u8>,
118}
119/// AssignedLabelToDevice policy effect.
120#[effect]
121pub struct AssignedLabelToDevice {
122    pub device: BaseId,
123    pub label_id: BaseId,
124    pub author_id: BaseId,
125}
126/// CheckValidAfcChannels policy effect.
127#[effect]
128pub struct CheckValidAfcChannels {}
129/// DeviceAdded policy effect.
130#[effect]
131pub struct DeviceAdded {
132    pub device_id: BaseId,
133    pub device_keys: PublicKeyBundle,
134}
135/// DeviceRemoved policy effect.
136#[effect]
137pub struct DeviceRemoved {
138    pub device_id: BaseId,
139    pub author_id: BaseId,
140}
141/// LabelCreated policy effect.
142#[effect]
143pub struct LabelCreated {
144    pub label_id: BaseId,
145    pub label_name: Text,
146    pub label_author_id: BaseId,
147    pub managing_role_id: BaseId,
148}
149/// LabelDeleted policy effect.
150#[effect]
151pub struct LabelDeleted {
152    pub label_name: Text,
153    pub label_author_id: BaseId,
154    pub label_id: BaseId,
155    pub author_id: BaseId,
156}
157/// LabelManagingRoleAdded policy effect.
158#[effect]
159pub struct LabelManagingRoleAdded {
160    pub label_id: BaseId,
161    pub managing_role_id: BaseId,
162    pub author_id: BaseId,
163}
164/// LabelManagingRoleRevoked policy effect.
165#[effect]
166pub struct LabelManagingRoleRevoked {
167    pub label_id: BaseId,
168    pub managing_role_id: BaseId,
169    pub author_id: BaseId,
170}
171/// LabelRevokedFromDevice policy effect.
172#[effect]
173pub struct LabelRevokedFromDevice {
174    pub device_id: BaseId,
175    pub label_id: BaseId,
176    pub label_name: Text,
177    pub label_author_id: BaseId,
178    pub author_id: BaseId,
179}
180/// PermAddedToRole policy effect.
181#[effect]
182pub struct PermAddedToRole {
183    pub role_id: BaseId,
184    pub perm: SimplePerm,
185    pub author_id: BaseId,
186}
187/// PermRemovedFromRole policy effect.
188#[effect]
189pub struct PermRemovedFromRole {
190    pub role_id: BaseId,
191    pub perm: SimplePerm,
192    pub author_id: BaseId,
193}
194/// QueryAfcChannelIsValidResult policy effect.
195#[effect]
196pub struct QueryAfcChannelIsValidResult {
197    pub sender_id: BaseId,
198    pub receiver_id: BaseId,
199    pub label_id: BaseId,
200    pub is_valid: bool,
201}
202/// QueryDeviceKeyBundleResult policy effect.
203#[effect]
204pub struct QueryDeviceKeyBundleResult {
205    pub device_keys: PublicKeyBundle,
206}
207/// QueryDeviceRoleResult policy effect.
208#[effect]
209pub struct QueryDeviceRoleResult {
210    pub role_id: BaseId,
211    pub name: Text,
212    pub author_id: BaseId,
213    pub default: bool,
214}
215/// QueryDevicesOnTeamResult policy effect.
216#[effect]
217pub struct QueryDevicesOnTeamResult {
218    pub device_id: BaseId,
219}
220/// QueryLabelResult policy effect.
221#[effect]
222pub struct QueryLabelResult {
223    pub label_id: BaseId,
224    pub label_name: Text,
225    pub label_author_id: BaseId,
226}
227/// QueryLabelsAssignedToDeviceResult policy effect.
228#[effect]
229pub struct QueryLabelsAssignedToDeviceResult {
230    pub device_id: BaseId,
231    pub label_id: BaseId,
232    pub label_name: Text,
233    pub label_author_id: BaseId,
234}
235/// QueryLabelsResult policy effect.
236#[effect]
237pub struct QueryLabelsResult {
238    pub label_id: BaseId,
239    pub label_name: Text,
240    pub label_author_id: BaseId,
241}
242/// QueryRoleOwnersResult policy effect.
243#[effect]
244pub struct QueryRoleOwnersResult {
245    pub role_id: BaseId,
246    pub name: Text,
247    pub author_id: BaseId,
248    pub default: bool,
249}
250/// QueryTeamRolesResult policy effect.
251#[effect]
252pub struct QueryTeamRolesResult {
253    pub role_id: BaseId,
254    pub name: Text,
255    pub author_id: BaseId,
256    pub default: bool,
257}
258/// RoleAssigned policy effect.
259#[effect]
260pub struct RoleAssigned {
261    pub device_id: BaseId,
262    pub role_id: BaseId,
263    pub author_id: BaseId,
264}
265/// RoleChanged policy effect.
266#[effect]
267pub struct RoleChanged {
268    pub device_id: BaseId,
269    pub old_role_id: BaseId,
270    pub new_role_id: BaseId,
271    pub author_id: BaseId,
272}
273/// RoleCreated policy effect.
274#[effect]
275pub struct RoleCreated {
276    pub role_id: BaseId,
277    pub name: Text,
278    pub author_id: BaseId,
279    pub owning_role_id: BaseId,
280    pub default: bool,
281}
282/// RoleDeleted policy effect.
283#[effect]
284pub struct RoleDeleted {
285    pub name: Text,
286    pub role_id: BaseId,
287}
288/// RoleManagementPermAssigned policy effect.
289#[effect]
290pub struct RoleManagementPermAssigned {
291    pub target_role_id: BaseId,
292    pub managing_role_id: BaseId,
293    pub perm: RoleManagementPerm,
294    pub author_id: BaseId,
295}
296/// RoleManagementPermRevoked policy effect.
297#[effect]
298pub struct RoleManagementPermRevoked {
299    pub target_role_id: BaseId,
300    pub managing_role_id: BaseId,
301    pub perm: RoleManagementPerm,
302    pub author_id: BaseId,
303}
304/// RoleOwnerAdded policy effect.
305#[effect]
306pub struct RoleOwnerAdded {
307    pub target_role_id: BaseId,
308    pub new_role_owner: BaseId,
309    pub author_id: BaseId,
310}
311/// RoleOwnerRemoved policy effect.
312#[effect]
313pub struct RoleOwnerRemoved {
314    pub target_role_id: BaseId,
315    pub owning_role_id: BaseId,
316    pub author_id: BaseId,
317}
318/// RoleRevoked policy effect.
319#[effect]
320pub struct RoleRevoked {
321    pub device_id: BaseId,
322    pub role_id: BaseId,
323    pub author_id: BaseId,
324}
325/// TeamCreated policy effect.
326#[effect]
327pub struct TeamCreated {
328    pub team_id: BaseId,
329    pub owner_id: BaseId,
330}
331/// TeamTerminated policy effect.
332#[effect]
333pub struct TeamTerminated {
334    pub team_id: BaseId,
335    pub owner_id: BaseId,
336}
337#[actions(interface = Persistent)]
338pub enum PersistentAction {
339    add_perm_to_role(add_perm_to_role),
340    remove_perm_from_role(remove_perm_from_role),
341    add_role_owner(add_role_owner),
342    remove_role_owner(remove_role_owner),
343    assign_role_management_perm(assign_role_management_perm),
344    revoke_role_management_perm(revoke_role_management_perm),
345    create_role(create_role),
346    setup_default_roles(setup_default_roles),
347    delete_role(delete_role),
348    assign_role(assign_role),
349    change_role(change_role),
350    revoke_role(revoke_role),
351    create_team(create_team),
352    terminate_team(terminate_team),
353    add_device(add_device),
354    remove_device(remove_device),
355    add_label_managing_role(add_label_managing_role),
356    revoke_label_managing_role(revoke_label_managing_role),
357    create_label(create_label),
358    delete_label(delete_label),
359    assign_label_to_device(assign_label_to_device),
360    revoke_label_from_device(revoke_label_from_device),
361}
362#[actions(interface = Ephemeral)]
363pub enum EphemeralAction {
364    query_devices_on_team(query_devices_on_team),
365    query_afc_channel_is_valid(query_afc_channel_is_valid),
366    query_device_role(query_device_role),
367    query_device_public_key_bundle(query_device_public_key_bundle),
368    query_team_roles(query_team_roles),
369    query_role_owners(query_role_owners),
370    query_label(query_label),
371    query_labels(query_labels),
372    query_labels_assigned_to_device(query_labels_assigned_to_device),
373    create_afc_uni_channel(create_afc_uni_channel),
374}
375/// query_devices_on_team policy action.
376#[action(interface = Ephemeral)]
377pub struct query_devices_on_team {}
378/// query_afc_channel_is_valid policy action.
379#[action(interface = Ephemeral)]
380pub struct query_afc_channel_is_valid {
381    pub sender_id: BaseId,
382    pub receiver_id: BaseId,
383    pub label_id: BaseId,
384}
385/// query_device_role policy action.
386#[action(interface = Ephemeral)]
387pub struct query_device_role {
388    pub device_id: BaseId,
389}
390/// query_device_public_key_bundle policy action.
391#[action(interface = Ephemeral)]
392pub struct query_device_public_key_bundle {
393    pub device_id: BaseId,
394}
395/// add_perm_to_role policy action.
396#[action(interface = Persistent)]
397pub struct add_perm_to_role {
398    pub role_id: BaseId,
399    pub perm: SimplePerm,
400}
401/// remove_perm_from_role policy action.
402#[action(interface = Persistent)]
403pub struct remove_perm_from_role {
404    pub role_id: BaseId,
405    pub perm: SimplePerm,
406}
407/// add_role_owner policy action.
408#[action(interface = Persistent)]
409pub struct add_role_owner {
410    pub target_role_id: BaseId,
411    pub new_owning_role: BaseId,
412}
413/// remove_role_owner policy action.
414#[action(interface = Persistent)]
415pub struct remove_role_owner {
416    pub target_role_id: BaseId,
417    pub owning_role_id: BaseId,
418}
419/// assign_role_management_perm policy action.
420#[action(interface = Persistent)]
421pub struct assign_role_management_perm {
422    pub target_role_id: BaseId,
423    pub managing_role_id: BaseId,
424    pub perm: RoleManagementPerm,
425}
426/// revoke_role_management_perm policy action.
427#[action(interface = Persistent)]
428pub struct revoke_role_management_perm {
429    pub target_role_id: BaseId,
430    pub managing_role_id: BaseId,
431    pub perm: RoleManagementPerm,
432}
433/// create_role policy action.
434#[action(interface = Persistent)]
435pub struct create_role {
436    pub role_name: Text,
437    pub owning_role_id: BaseId,
438}
439/// setup_default_roles policy action.
440#[action(interface = Persistent)]
441pub struct setup_default_roles {
442    pub owning_role_id: BaseId,
443}
444/// delete_role policy action.
445#[action(interface = Persistent)]
446pub struct delete_role {
447    pub role_id: BaseId,
448}
449/// assign_role policy action.
450#[action(interface = Persistent)]
451pub struct assign_role {
452    pub device_id: BaseId,
453    pub role_id: BaseId,
454}
455/// change_role policy action.
456#[action(interface = Persistent)]
457pub struct change_role {
458    pub device_id: BaseId,
459    pub old_role_id: BaseId,
460    pub new_role_id: BaseId,
461}
462/// revoke_role policy action.
463#[action(interface = Persistent)]
464pub struct revoke_role {
465    pub device_id: BaseId,
466    pub role_id: BaseId,
467}
468/// query_team_roles policy action.
469#[action(interface = Ephemeral)]
470pub struct query_team_roles {}
471/// query_role_owners policy action.
472#[action(interface = Ephemeral)]
473pub struct query_role_owners {
474    pub role_id: BaseId,
475}
476/// create_team policy action.
477#[action(interface = Persistent)]
478pub struct create_team {
479    pub owner_keys: PublicKeyBundle,
480    pub nonce: Vec<u8>,
481}
482/// terminate_team policy action.
483#[action(interface = Persistent)]
484pub struct terminate_team {
485    pub team_id: BaseId,
486}
487/// add_device policy action.
488#[action(interface = Persistent)]
489pub struct add_device {
490    pub device_keys: PublicKeyBundle,
491    pub initial_role_id: Option<BaseId>,
492}
493/// remove_device policy action.
494#[action(interface = Persistent)]
495pub struct remove_device {
496    pub device_id: BaseId,
497}
498/// add_label_managing_role policy action.
499#[action(interface = Persistent)]
500pub struct add_label_managing_role {
501    pub label_id: BaseId,
502    pub managing_role_id: BaseId,
503}
504/// revoke_label_managing_role policy action.
505#[action(interface = Persistent)]
506pub struct revoke_label_managing_role {
507    pub label_id: BaseId,
508    pub managing_role_id: BaseId,
509}
510/// create_label policy action.
511#[action(interface = Persistent)]
512pub struct create_label {
513    pub name: Text,
514    pub managing_role_id: BaseId,
515}
516/// delete_label policy action.
517#[action(interface = Persistent)]
518pub struct delete_label {
519    pub label_id: BaseId,
520}
521/// assign_label_to_device policy action.
522#[action(interface = Persistent)]
523pub struct assign_label_to_device {
524    pub device_id: BaseId,
525    pub label_id: BaseId,
526    pub op: ChanOp,
527}
528/// revoke_label_from_device policy action.
529#[action(interface = Persistent)]
530pub struct revoke_label_from_device {
531    pub device_id: BaseId,
532    pub label_id: BaseId,
533}
534/// query_label policy action.
535#[action(interface = Ephemeral)]
536pub struct query_label {
537    pub label_id: BaseId,
538}
539/// query_labels policy action.
540#[action(interface = Ephemeral)]
541pub struct query_labels {}
542/// query_labels_assigned_to_device policy action.
543#[action(interface = Ephemeral)]
544pub struct query_labels_assigned_to_device {
545    pub device_id: BaseId,
546}
547/// create_afc_uni_channel policy action.
548#[action(interface = Ephemeral)]
549pub struct create_afc_uni_channel {
550    pub receiver_id: BaseId,
551    pub label_id: BaseId,
552}
aranya_daemon/policy.rs

aranya_daemon/
policy.rs
