use super::*;
impl BucketWarden {
pub fn allow(
&mut self,
principal: impl Into<String>,
action: impl Into<String>,
resource: impl Into<String>,
) {
self.policy
.add(Statement::allow(principal, action, resource));
}
pub fn deny(
&mut self,
principal: impl Into<String>,
action: impl Into<String>,
resource: impl Into<String>,
) {
self.policy
.add(Statement::deny(principal, action, resource));
}
pub fn policy_explanation(
&self,
principal: &str,
action: &str,
resource: &str,
) -> PolicyExplanation {
self.policy.explain(principal, action, resource)
}
pub fn simulate_policy(&self, request: PolicySimulationRequest) -> PolicySimulationResult {
self.policy.simulate(request)
}
pub fn analyze_policy(&self) -> Vec<PolicyFinding> {
self.policy.analyze()
}
pub fn tenant_metrics(&self, tenant_id: &str) -> TenantRuntimeMetrics {
let buckets = self
.buckets
.values()
.filter(|bucket| bucket.tenant_id == tenant_id)
.collect::<Vec<_>>();
let object_version_count = buckets
.iter()
.flat_map(|bucket| bucket.objects.values())
.map(|object| object.versions.len())
.sum();
let policy_count = buckets
.iter()
.filter(|bucket| bucket.policy.is_some())
.count();
TenantRuntimeMetrics {
tenant_id: tenant_id.to_string(),
bucket_count: buckets.len(),
object_version_count,
credential_count: self.auth.credential_count_for_tenant(tenant_id),
policy_count,
}
}
}