typesec-macro

Procedural macros for the typesec ecosystem.

#[derive(TypesecRole)]

Derive the [Role][typesec_core::role::Role] trait for a struct, pulling permissions and resource patterns from the #[role(...)] attribute:

use typesec_macro::TypesecRole;

#[derive(TypesecRole)]
#[role(permissions = "read,write", resources = "code/*,infra/*")]
pub struct Engineer;

Expands to:

impl typesec_core::role::Role for Engineer {
    fn name() -> &'static str { "Engineer" }
    fn permission_names() -> &'static [&'static str] { &["read", "write"] }
    fn resource_patterns() -> &'static [&'static str] { &["code/*", "infra/*"] }
}

policy! macro

Inline role definitions without a YAML file:

use typesec_macro::policy;

policy! {
    role Analyst {
        can [read, read_sensitive] on ["reports/*", "metrics/*"];
    }
}