gatekeep 0.3.0

Code-first authorization engine for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

//! Code-first authorization primitives for deterministic Rust policy evaluation.
//!
//! The crate provides the pure gatekeep core: stable fact identities, reified
//! policy values, synchronous evaluation, partial evaluation for query lowering,
//! and adapter traits for application-owned IO boundaries.

#![forbid(unsafe_code)]

mod adapters;
#[cfg(any(test, feature = "test"))]
mod audit_memory;
mod decision;
mod evaluate;
mod facts;
mod identity;
mod partial;
mod policy_model;

/// Condition builder helpers.
pub mod condition;
/// Policy builder helpers.
pub mod policy;

pub use adapters::{
    AuditEntry, AuditSink, Context, DecisionSummary, EffectKind, FactResolver,
    IdentityReasonCatalog, LowerError, Lowered, NoopAuditSink, NoopPolicyObserver, PolicyAnchor,
    PolicyObserver, QueryLowering, ReasonCatalog, ResolveError,
};
#[cfg(any(test, feature = "test"))]
pub use audit_memory::{InMemoryAuditError, InMemoryAuditSink};
pub use decision::{
    Decision, DecisionTrace, DecisiveClause, DenialReason, DenyShape, Effect, ReasonValue, Trace,
    TraceClause, TraceError,
};
pub use evaluate::{evaluate, evaluate_residual, required_facts, required_residual_facts};
pub use facts::{KnownFacts, PartialFacts, Presence, TraceValue};
pub use identity::{
    ClauseLabel, Fact, FactId, GatekeepError, GatekeepResult, Locale, ObligationId, ObligationSpec,
    ParamKey, PolicyHash, PolicyId, ReasonCode, RequestId, StaticClauseLabel, StaticFactId,
    StaticObligationId, StaticParamKey, StaticReasonCode, StaticRequestId, StaticSubjectSlot,
    StaticTenantId, SubjectRef, SubjectSlot, TenantId,
};
pub use partial::{Residual, complete_residual, partial_evaluate};
pub use policy_model::{
    Condition, Lattice, Policy, ResidualPolicy, ResidualPolicyBranch, ResidualPolicyNode,
};