Struct scratchstack_aspen::PolicySet
source · pub struct PolicySet { /* private fields */ }
Expand description
A set of policies being evaluated to determine the permissions in effect.
Implementations§
source§impl PolicySet
impl PolicySet
sourcepub fn add_policy(&mut self, source: PolicySource, policy: Policy)
pub fn add_policy(&mut self, source: PolicySource, policy: Policy)
Add a policy to the set from the given source.
Example
let policy = Policy::from_str(r#"{"Statement": {"Effect": "Allow", "Action": "*", "Resource": "*"}}"#).unwrap();
let source = PolicySource::new_entity_inline("arn:aws:iam::123456789012:user/username", "AIDAEXAMPLEUSERID00", "PolicyName");
let mut policy_set = PolicySet::new();
policy_set.add_policy(source, policy);
assert_eq!(policy_set.policies().len(), 1);
sourcepub fn policies(&self) -> &Vec<(PolicySource, Policy)> ⓘ
pub fn policies(&self) -> &Vec<(PolicySource, Policy)> ⓘ
Return the policies in the policy set.
sourcepub fn evaluate<'a>(
&'a self,
context: &Context
) -> Result<(Decision, Vec<&'a PolicySource>), AspenError>
pub fn evaluate<'a>(
&'a self,
context: &Context
) -> Result<(Decision, Vec<&'a PolicySource>), AspenError>
Evaluate the policy set. If a denial is found, return a Deny and the source immediately. Otherwise, if one or more approvals are found, return Allow and the relevant sources. Otherwise, return a DefaultDeny with no sources.
sourcepub fn evaluate_all<'a>(
&'a self,
context: &Context
) -> Result<(Decision, Vec<&'a PolicySource>), AspenError>
pub fn evaluate_all<'a>(
&'a self,
context: &Context
) -> Result<(Decision, Vec<&'a PolicySource>), AspenError>
Evaluate all policies in the policy set. If one or more denials are found, return a Deny and the relevant sources. Otherwise, if one or more approvals are found, return Allow and the relevant sources. Otherwise, return a DefaultDeny with no sources.