ockam_abac 0.80.0

Attribute based authorization control
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

use crate::{Action, Expr, ResourceName, ResourcePolicy};
use ockam_core::async_trait;
use ockam_core::compat::boxed::Box;
use ockam_core::compat::vec::Vec;
use ockam_core::Result;
#[cfg(feature = "std")]
use ockam_node::database::AutoRetry;
#[cfg(feature = "std")]
use ockam_node::retry;

/// This repository stores policies for resources.
/// A policy is an expression which can be evaluated against an environment (a list of attribute
/// names and values) in order to determine if a given action can be performed on a given resource.
#[async_trait]
pub trait ResourcePoliciesRepository: Send + Sync + 'static {
    /// Store a policy for a given resource and action
    async fn store_policy(
        &self,
        resource_name: &ResourceName,
        action: &Action,
        expression: &Expr,
    ) -> Result<()>;

    /// Return the policy associated to a given resource and action
    async fn get_policy(
        &self,
        resource_name: &ResourceName,
        action: &Action,
    ) -> Result<Option<ResourcePolicy>>;

    /// Return the list of all the resource policies
    async fn get_policies(&self) -> Result<Vec<ResourcePolicy>>;

    /// Return the list of all the policies associated to a given resource name
    async fn get_policies_by_resource_name(
        &self,
        resource_name: &ResourceName,
    ) -> Result<Vec<ResourcePolicy>>;

    /// Delete the policy associated to a given resource name and action
    async fn delete_policy(&self, resource_name: &ResourceName, action: &Action) -> Result<()>;
}

#[cfg(feature = "std")]
#[async_trait]
impl<T: ResourcePoliciesRepository> ResourcePoliciesRepository for AutoRetry<T> {
    async fn store_policy(
        &self,
        resource_name: &ResourceName,
        action: &Action,
        expression: &Expr,
    ) -> Result<()> {
        retry!(self.wrapped.store_policy(resource_name, action, expression))
    }

    async fn get_policy(
        &self,
        resource_name: &ResourceName,
        action: &Action,
    ) -> Result<Option<ResourcePolicy>> {
        retry!(self.wrapped.get_policy(resource_name, action))
    }

    async fn get_policies(&self) -> Result<Vec<ResourcePolicy>> {
        retry!(self.wrapped.get_policies())
    }

    async fn get_policies_by_resource_name(
        &self,
        resource_name: &ResourceName,
    ) -> Result<Vec<ResourcePolicy>> {
        retry!(self.wrapped.get_policies_by_resource_name(resource_name))
    }

    async fn delete_policy(&self, resource_name: &ResourceName, action: &Action) -> Result<()> {
        retry!(self.wrapped.delete_policy(resource_name, action))
    }
}