hackamore-models 0.1.0

Protocol and contract types for hackamore: Action, Verdict, Policy, audit and mint wire types
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

//! Generated protocol/contract types for hackamore (see `fluorite/*.fl`).
//!
//! Each module is generated from the like-named schema package. Hand-written
//! convenience constructors live here, never in the schemas.

#[allow(clippy::doc_markdown, clippy::too_many_arguments)]
pub mod action {
    include!(concat!(env!("OUT_DIR"), "/action/mod.rs"));
}

#[allow(clippy::doc_markdown, clippy::too_many_arguments)]
pub mod policy {
    include!(concat!(env!("OUT_DIR"), "/policy/mod.rs"));
}

#[allow(clippy::doc_markdown, clippy::too_many_arguments)]
pub mod verdict {
    include!(concat!(env!("OUT_DIR"), "/verdict/mod.rs"));
}

#[allow(clippy::doc_markdown, clippy::too_many_arguments)]
pub mod audit {
    include!(concat!(env!("OUT_DIR"), "/audit/mod.rs"));
}

#[allow(clippy::doc_markdown, clippy::too_many_arguments)]
pub mod control {
    include!(concat!(env!("OUT_DIR"), "/control/mod.rs"));
}

#[allow(clippy::doc_markdown, clippy::too_many_arguments)]
pub mod provision {
    include!(concat!(env!("OUT_DIR"), "/provision/mod.rs"));
}

/// An empty `fields` JSON object — the default when a request carries no query or body
/// attributes relevant to conditional rules.
pub fn empty_fields() -> serde_json::Value {
    serde_json::Value::Object(serde_json::Map::new())
}

impl action::Action {
    /// Ergonomic constructor with an empty `fields` object (the generated `new` requires
    /// every field, including `fields`, positionally). `target` is the service instance
    /// name.
    pub fn of(target: impl Into<String>, verb: action::Verb, resource: action::Resource) -> Self {
        Self {
            target: target.into(),
            verb,
            resource,
            fields: empty_fields(),
        }
    }

    /// Set the request `fields` (merged query + body) used by conditional rules.
    #[must_use]
    pub fn with_fields(mut self, fields: serde_json::Value) -> Self {
        self.fields = fields;
        self
    }
}

impl action::Verb {
    /// A coarse CRUD verb (RESTful method mapping).
    pub fn crud(kind: action::CrudKind) -> Self {
        action::Verb::Crud(action::CrudVerb { kind })
    }

    /// A named, service-defined action (e.g. "s3:PutObject").
    pub fn action(id: impl Into<String>) -> Self {
        action::Verb::Action(action::NamedVerb { id: id.into() })
    }

    /// Parse a compact verb shorthand: the case-insensitive CRUD words `read`/`create`/
    /// `update`/`delete` map to the closed [`action::CrudVerb`] arm; anything else is a
    /// named action verb. This is the terse spelling a policy-authoring layer expands into
    /// the verbose tagged-union JSON the wire format requires
    /// (`{"type":"Crud","value":{"kind":"Read"}}`), so operators and call sites can write
    /// `"read"` or `"ec2:DescribeInstances"` instead.
    pub fn parse(s: &str) -> Self {
        match s.to_ascii_lowercase().as_str() {
            "read" => Self::crud(action::CrudKind::Read),
            "create" => Self::crud(action::CrudKind::Create),
            "update" => Self::crud(action::CrudKind::Update),
            "delete" => Self::crud(action::CrudKind::Delete),
            _ => Self::action(s),
        }
    }
}

impl action::Resource {
    /// Ergonomic constructor accepting anything `Into<String>` (the generated `new`
    /// takes `String` positionally).
    pub fn of(path: impl Into<String>, kind: impl Into<String>) -> Self {
        Self {
            path: path.into(),
            kind: kind.into(),
        }
    }
}

impl verdict::Verdict {
    /// Whether this verdict permits the action.
    pub fn is_allow(&self) -> bool {
        matches!(self, verdict::Verdict::Allow(_))
    }

    /// Allow with explicit obligations. The data plane builds these from the matched
    /// service instance (inject its credential, or pass the consumer's through).
    pub fn allow(obligations: Vec<verdict::Obligation>) -> Self {
        verdict::Verdict::Allow(verdict::AllowVerdict { obligations })
    }

    /// An obligation to inject the named credential upstream.
    pub fn inject(id: impl Into<String>) -> verdict::Obligation {
        verdict::Obligation::InjectCredential(verdict::InjectCredentialObligation {
            credential: verdict::CredentialRef { id: id.into() },
        })
    }

    /// An obligation to forward the consumer's own credential unchanged.
    pub fn passthrough() -> verdict::Obligation {
        verdict::Obligation::Passthrough(verdict::PassthroughObligation {})
    }

    /// Deny with the given reason.
    pub fn deny(reason: verdict::DenyReason) -> Self {
        verdict::Verdict::Deny(verdict::DenyVerdict { reason })
    }
}

#[cfg(test)]
#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)]
mod tests {
    use super::action::{Action, CrudKind, Resource, Verb};
    use super::verdict::{DenyReason, Verdict};

    #[test]
    fn action_round_trips_through_json() {
        let action = Action::of(
            "github",
            Verb::crud(CrudKind::Create),
            Resource::of("repos/octocat/hello/pulls", "pull_request"),
        )
        .with_fields(serde_json::json!({ "base": "main" }));
        let json = serde_json::to_string(&action).unwrap();
        let back: Action = serde_json::from_str(&json).unwrap();
        assert_eq!(action, back);
    }

    #[test]
    fn verb_parse_shorthand_maps_crud_words_and_named_actions() {
        assert_eq!(Verb::parse("read"), Verb::crud(CrudKind::Read));
        assert_eq!(Verb::parse("DELETE"), Verb::crud(CrudKind::Delete));
        assert_eq!(
            Verb::parse("ec2:DescribeInstances"),
            Verb::action("ec2:DescribeInstances")
        );
    }

    #[test]
    fn verb_union_supports_crud_and_named_action() {
        let read = Verb::crud(CrudKind::Read);
        let terminate = Verb::action("ec2:TerminateInstances");
        assert_ne!(read, terminate);
        let json = serde_json::to_string(&terminate).unwrap();
        let back: Verb = serde_json::from_str(&json).unwrap();
        assert_eq!(terminate, back);
    }

    #[test]
    fn verdict_helpers_build_expected_variants() {
        let allow = Verdict::allow(vec![Verdict::inject("gh")]);
        assert!(allow.is_allow());

        let passthrough = Verdict::allow(vec![Verdict::passthrough()]);
        assert!(passthrough.is_allow());

        let deny = Verdict::deny(DenyReason::NotAllowed);
        assert!(!deny.is_allow());
    }
}