Skip to main content

RequestContext

fakecloud_iam::evaluator

Type Alias RequestContext 

Source 
pub type RequestContext = ConditionContext;
Expand description

Request-time context keys used when evaluating Condition blocks.

This is a re-export of ConditionContext to keep the evaluator’s public API stable while centralizing the context definition in the crate::condition module.

Aliased Type§

pub struct RequestContext {
Show 14 fields
    pub aws_username: Option<String>,
    pub aws_userid: Option<String>,
    pub aws_principal_arn: Option<String>,
    pub aws_principal_account: Option<String>,
    pub aws_principal_type: Option<String>,
    pub aws_source_ip: Option<IpAddr>,
    pub aws_current_time: Option<DateTime<Utc>>,
    pub aws_epoch_time: Option<i64>,
    pub aws_secure_transport: Option<bool>,
    pub aws_requested_region: Option<String>,
    pub service_keys: BTreeMap<String, Vec<String>>,
    pub resource_tags: Option<HashMap<String, String>>,
    pub request_tags: Option<HashMap<String, String>>,
    pub principal_tags: Option<HashMap<String, String>>,

}

Fields§

§aws_username: Option<String>

aws:username — username segment of an IAM user ARN, or None for assumed roles / federated users where AWS does not set the key.

§aws_userid: Option<String>

aws:userid — the unique AIDA.../AROA... identifier.

§aws_principal_arn: Option<String>

aws:PrincipalArn — full principal ARN.

§aws_principal_account: Option<String>

aws:PrincipalAccount — 12-digit account ID sourced from the credential, not global config (#381 multi-account alignment).

§aws_principal_type: Option<String>

aws:PrincipalType"User", "AssumedRole", etc.

§aws_source_ip: Option<IpAddr>

aws:SourceIp — remote address of the HTTP connection.

§aws_current_time: Option<DateTime<Utc>>

aws:CurrentTime — evaluation timestamp (UTC).

§aws_epoch_time: Option<i64>

aws:EpochTime — same moment as aws_current_time in seconds since the Unix epoch.

§aws_secure_transport: Option<bool>

aws:SecureTransporttrue iff the request came in over TLS.

§aws_requested_region: Option<String>

aws:RequestedRegion — region extracted from SigV4 / config.

§service_keys: BTreeMap<String, Vec<String>>

Service-specific keys (s3:prefix, sqs:MessageAttribute, …).

§resource_tags: Option<HashMap<String, String>>

aws:ResourceTag/<key> — tags on the target resource. Populated by crate::service::AwsService::resource_tags_for. None means the service doesn’t expose resource tags for ABAC.

§request_tags: Option<HashMap<String, String>>

aws:RequestTag/<key> — tags sent in the request body/headers. Populated by crate::service::AwsService::request_tags_from. Also drives aws:TagKeys (the list of request tag keys).

§principal_tags: Option<HashMap<String, String>>

aws:PrincipalTag/<key> — tags on the calling IAM user or role. Populated from Principal::tags at dispatch time.