Skip to main content

AwsService

fakecloud_core::service

Trait AwsService 

Source 
pub trait AwsService: Send + Sync {
    // Required methods
    fn service_name(&self) -> &str;
    fn handle<'life0, 'async_trait>(
        &'life0 self,
        request: AwsRequest,
    ) -> Pin<Box<dyn Future<Output = Result<AwsResponse, AwsServiceError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn supported_actions(&self) -> &[&str];

    // Provided methods
    fn iam_enforceable(&self) -> bool { ... }
    fn iam_action_for(&self, _request: &AwsRequest) -> Option<IamAction> { ... }
}
Expand description

Trait that every AWS service implements.

Required Methods§

Source

fn service_name(&self) -> &str

The AWS service identifier (e.g., “sqs”, “sns”, “sts”, “events”, “ssm”).

Source

fn handle<'life0, 'async_trait>( &'life0 self, request: AwsRequest, ) -> Pin<Box<dyn Future<Output = Result<AwsResponse, AwsServiceError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Handle an incoming request.

Source

fn supported_actions(&self) -> &[&str]

List of actions this service supports (for introspection).

Provided Methods§

Source

fn iam_enforceable(&self) -> bool

Whether this service participates in opt-in IAM enforcement (FAKECLOUD_IAM=soft|strict).

Defaults to false: unless a service has a full iam_action_for implementation covering every operation it supports plus resource-ARN extractors, it’s silently skipped when IAM enforcement is on. The startup log enumerates which services are enforced and which are not so users always know the current enforcement surface.

Phase 1 contract: a service that returns true here MUST also provide a fully populated AwsService::iam_action_for implementation covering every action it advertises. Returning true without the action mapping is a programming bug.

Source

fn iam_action_for(&self, _request: &AwsRequest) -> Option<IamAction>

Derive the IAM action + resource ARN for an incoming request.

Only called when AwsService::iam_enforceable returns true and IAM enforcement is enabled. Services must map every action they implement; returning None for a covered action causes the evaluator to skip the request and flag it via the fakecloud::iam::audit tracing target so gaps are visible in soft mode.

The IamAction.resource is built from request.principal’s account id (not global config) so multi-account isolation (#381) works once per-account state partitioning lands.

Implementors§