Struct scratchstack_aspen::PolicySet

pub struct PolicySet { /* private fields */ }

A set of policies being evaluated to determine the permissions in effect.

Implementations

impl PolicySet

pub fn new() -> Self

Create a new, empty policy set.

pub fn add_policy(&mut self, source: PolicySource, policy: Policy)

Add a policy to the set from the given source.

Example

let policy = Policy::from_str(r#"{"Statement": {"Effect": "Allow", "Action": "*", "Resource": "*"}}"#).unwrap();
let source = PolicySource::new_entity_inline("arn:aws:iam::123456789012:user/username", "AIDAEXAMPLEUSERID00", "PolicyName");
let mut policy_set = PolicySet::new();
policy_set.add_policy(source, policy);

assert_eq!(policy_set.policies().len(), 1);

pub fn policies(&self) -> &Vec<(PolicySource, Policy)>

Return the policies in the policy set.

pub fn evaluate<'a>(
    &'a self,
    context: &Context
) -> Result<(Decision, Vec<&'a PolicySource>), AspenError>

Evaluate the policy set. If a denial is found, return a Deny and the source immediately. Otherwise, if one or more approvals are found, return Allow and the relevant sources. Otherwise, return a DefaultDeny with no sources.

pub fn evaluate_all<'a>(
    &'a self,
    context: &Context
) -> Result<(Decision, Vec<&'a PolicySource>), AspenError>

Evaluate all policies in the policy set. If one or more denials are found, return a Deny and the relevant sources. Otherwise, if one or more approvals are found, return Allow and the relevant sources. Otherwise, return a DefaultDeny with no sources.

Trait Implementations

impl Clone for PolicySet

fn clone(&self) -> PolicySet

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for PolicySet

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for PolicySet

fn default() -> Self

Returns the “default value” for a type.

impl From<Vec<(PolicySource, Policy), Global>> for PolicySet

fn from(policies: Vec<(PolicySource, Policy)>) -> Self

Converts to this type from the input type.

impl PartialEq<PolicySet> for PolicySet

fn eq(&self, other: &PolicySet) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for PolicySet

impl StructuralEq for PolicySet

impl StructuralPartialEq for PolicySet