scratchstack-aspen 0.3.1

AWS IAM policy language (Aspen) parser and internal representation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

use {
    super::variant::Variant,
    crate::{serutil::StringLikeList, AspenError, Context, PolicyVersion},
    scratchstack_aws_principal::SessionValue,
};

/// Binary operation names.
pub(super) const BINARY_DISPLAY_NAMES: [&str; 2] = ["BinaryEquals", "BinaryEqualsIfExists"];

pub(super) fn binary_match(
    _context: &Context,
    _pv: PolicyVersion,
    allowed: &StringLikeList<String>,
    value: &SessionValue,
    variant: Variant,
) -> Result<bool, AspenError> {
    match value {
        SessionValue::Null => Ok(variant.if_exists()),
        SessionValue::Binary(value) => {
            for el in allowed.iter() {
                if let Ok(el) = base64::decode(el) {
                    // Note: negated is not a valid variant here, so no need to check for !=.
                    if el == *value {
                        return Ok(true);
                    }
                }
            }

            Ok(false)
        }
        SessionValue::String(value) => {
            for el in allowed.iter() {
                if let Ok(el) = base64::decode(el) {
                    if el == value.as_bytes() {
                        return Ok(true);
                    }
                }
            }

            Ok(false)
        }
        _ => Ok(false),
    }
}